Corporate Integrity Agreements: Asking the Companies to Police Themselves, Please

I. Introduction

The use of a corporate integrity agreements (“CIA”) in resolving the prosecution of pharmaceutical and medical companies is commonplace. As part of a deferred prosecution agreement, the U.S. Department of Justice, or the U.S. Department of Health and Human Services, Office of Inspector General, will ask the defendant corporation to enter into a CIA to police its behavior and, in part, ensure compliance with the terms of the settlement.

II. Background on Corporate Integrity Agreements

Since the mid-1990s, CIAs have accompanied the federal government’s enforcement efforts in the field of health care regulations, and to recover funds lost to fraud and abuse. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) significantly enhanced the resources and capabilities of federal agencies involved in these efforts, including the OIG.

For example, the website of the HHS states: “The Office of Inspector General (OIG) often negotiates compliance obligations with health care providers and other entities as part of the settlement of Federal health care program investigations arising under a variety of civil false claims statutes. A provider or entity consents to these obligations as part of the civil settlement and in exchange for the OIG’s agreement not to seek an exclusion of that health care provider or entity from participation in Medicare, Medicaid and other Federal health care programs.” (FN 2)

In the years that followed the mid-1990s, OIG has entered into more than one thousand CIAs and similar agreements, including many with pharmaceutical and drug companies. (FN 3) CIAs were originally structured around the core elements of the Federal Sentencing Guidelines of 1995. After an early period of taking a rigid approach to the agreements, OIG began recognizing over time that there was a need for greater awareness about compliance and sanctions, as well to encourage self-regulation through the adoption of ongoing compliance programs. OIG also sought to create an atmosphere conducive to self-disclosure by offering concessions to those who came forward.

In 1997, OIG announced that in determining the level of sanctions, penalties and exclusions, it would take into account any reasonable efforts made by a company’s management to avoid and detect any misbehavior within their operations. In 1998, it published a detailed self-disclosure protocol. By 2000, seven segment-specific compliance program guidance documents were issued, providing suggestions on how providers could design internal controls to monitor adherence to applicable statutes, regulations and program requirements. OIG also began issuing fraud alerts, advisory opinions, advisory bulletins and work plans to make its concerns and expectations more transparent.

III. Structural Limits of the Corporate Integrity Agreements

A. Purposes of the CIA

The CIA details the duties of various compliance positions within the corporation; requires the adoption of certain written standards, including a code of conduct, and policies and procedures related to compliance topics; and implements a minimum number of hours of employee training in compliance. (FN 4) The company’s compliance officer might be assigned to uphold the CIA, or sales representatives are sometimes tasked with reporting violations.

However, too often the CIA assumes the corporation’s internal compliance officer, or sales representatives, who are assigned a role in the CIA, will prove as objective as a third-party might, or as effective as the law requires. The fines for violation of the CIA may pale in comparison to the business pressures to engage in a banned practice, and may not deter the corporation in the future from a repeat of the wrongdoing that initiated the CIA.

B. Pfizer CIA for Illegal Promotion of Drugs

A review of the Pfizer deferred prosecution is illustrative. On September 9, 2009, the U.S. Department of Justice announced that Pfizer, Inc., and a subsidiary, agreed to pay $2.3 billion to settle the largest health care fraud case in the history of the Department of Justice, to resolve criminal and civil liability arising from the illegal promotion of certain pharmaceutical drugs.

According to the press release, a Pfizer subsidiary pled guilty to a felony for its promotion of Bextra, and settled civil charges, as follows: “In addition, Pfizer has agreed to pay $1 billion to resolve allegations under the civil False Claims Act that the company illegally promoted four drugs – Bextra; Geodon, an anti-psychotic drug; Zyvox, an antibiotic; and Lyrica, an anti-epileptic drug – and caused false claims to be submitted to government health care programs for uses that were not medically accepted indications and therefore not covered by those programs. The civil settlement also resolves allegations that Pfizer paid kickbacks to health care providers to induce them to prescribe these, as well as other, drugs.” (FN 5)

The settlement implemented a CIA, and monitoring program to be run by the company’s internal compliance officer. The press release states: “As part of the settlement, Pfizer also has agreed to enter into an expansive corporate integrity agreement with the Office of Inspector General of the Department of Health and Human Services. That agreement provides for procedures and reviews to be put in place to avoid and promptly detect conduct similar to that which gave rise to this matter.” (FN 6)

Nowhere in Pfizer’s CIA, or any document accompanying the CIA, is disclosure made of the breadth and depth of the allegations surrounding Pfizer’s alleged marketing violations, notwithstanding that 11 drugs were encompassed by whistleblower complaints, including Geodon, which was allegedly marketed to children. Likewise, there was no complete disclosure to the medical community about what misrepresentations were made concerning the safety and efficacy of these drugs.

C. CIAs Rely on Internal Monitoring by the Company

An analysis of several CIAs reveals four obvious problems in their structure and allocation of responsibility. First, the agreements give credit for the company having a voluntary compliance program, designed to ensure compliance with the law. Second, the company appoints its own compliance officer and review committee. Third, as discussed, the agreements leave the corporate integrity obligations to the defendant company’s compliance officer, who reports to an internal compliance committee. Finally, the penalties set forth in the CIA are modest, typically $2,500 per day for a violation, but some violations are as low as $1,000.

As shown in Table 1, below, the company compliance officer is placed in charge of CIA compliance, among other examples of internal monitoring, in each of the nine CIAs analyzed, dating from 2003 to 2010, specifically: (1) SmithKline, (2) Medtronic, (3) Aventis, (4) Merck & Co., (5) Eli Lilly, (6) Pfizer, (7) Biovail, (8) Boston Scientific, and (9) AstraZeneca.

IV. Conclusion

A review of CIAs indicate that they do not address the actual evidence uncovered during lengthy investigations of fraud. The following points are noteworthy:

  1. the CIAs do not address bonus plans which compensate sales representatives for off-label promotion;
  2. the CIAs do not categorically proscribe the role of marketing personnel in the selection of outside speakers;
  3. the CIAs do not require companies to disclose, for the period of alleged wrongdoing, alleged kickbacks paid to doctors or speakers at promotional conferences;
  4. the CIAs do not provide for an independent monitor to investigate the claims of whisteblowers;
  5. in some cases, CIAs actually allow for marketing personnel to play a role in compliance monitoring;
  6. the CIAs, in some cases, make ensuring compliance with the underlying settlement agreement the responsibility of the company’s internal compliance officer; and
  7. finally, the CIAs do not require release of information maintained at the FDA which would provide the medical community with the transparency of information needed to protect patient safety.

Table 1. Corporate Integrity Agreements with Selected Pharma / Medical Companies, 2003-2010: Compliance Responsibility Assigned to Company
Sorted by date…

# Date Company Requirements
1 2003 SmithKline 1. Gives credit for simply complying with the law. “Prior to the Effective Date, SKB voluntarily established a comprehensive Compliance Program.” CIA, Sect. I, at 1.2. SKB appoints its own compliance officer and review committee. CIA, Sect. III(A)(1), (2), at 5.3. Leaves corporate integrity obligations to SKB compliance officer. “The compliance officer is, and shall continue to be, responsible for overseeing the development of and coordinating the implementation of policies, procedures, practices designed to ensure compliance with the requirements set forth in this CIA and with federal health care program requirements for US pharma.” CIA, at 3.4. Penalty for non-compliance $2,500 per day. CIA, at 23.
2 7/4/06 Medtronic, Inc. 1. Gives credit for simply complying with the law. “Medtronic represented to the OIG that, prior to the effective date of this CIA, Medtronic established a voluntary compliance program.” CIA, Sect. I, at 1.2. Medtronic appoints its own compliance officer and review committee. CIA, Sect. III(A)(1), (2), at 3-6.3. Leaves corporate integrity obligations to Medtronic compliance officer. “To the extent not already accomplished, within 120 days after the Effective Date, the Medtronic Compliance Officer shall be responsible for developing and implementing policies, procedures, and practices designed to ensure compliance with the requirements set forth in this CIA.” CIA, Sect. III(A)(1)(a), at 4.4. Penalty for non-compliance $2,500 per day. CIA, Sect. X(A)(1)-(5); $1,000 – $5,000 per day penalties for other violations. CIA, Sect. X(A)(6)-(8), at 30-31.
3 8/30/07 Aventis, Inc. 1. Gives credit for simply complying with the law. “Prior to the Effective Date, API established a voluntary compliance program applicable to its United States operations.” CIA, Sect. I, at 1.2. Aventis appoints its own compliance officer and review committee. CIA, Sect. III(A)(1), (2), at 4.3. Leaves corporate integrity obligations to Aventis compliance officer. “The U.S. Corporate Compliance Officer shall be responsible for developing and implementing policies, procedures, and practices designed to ensure compliance with the requirements set forth in this CIA and with Federal health care program requirements.” CIA, Sect. III(A)(1), at 4.4. Penalty for non-compliance $2,500 per day. CIA, Sect. X(A)(2)-(4); $1,000 – $5,000 per day penalties for other violations. CIA, X(A)(5)-(7), at 28-29.
4 2/5/08 Merck & Co., Inc. 1. Gives credit for simply complying with the law. “Prior to the Effective Date, Merck voluntarily established a comprehensive Compliance Program.” CIA, Sect. I, at 1.2. Merck appoints its own compliance officer and review committee. CIA, Sect. III(A)(1), (2), at 5.3. Leaves corporate integrity obligations to Merck compliance officer. “The Compliance Officer is responsible and shall continue to be responsible for developing and implementing policies, procedures, and practices designed to ensure compliance with the requirements set forth in this CIA and with Federal health care program requirements.” CIA, Sect. III(A)(2), at 5.4. Penalty for non-compliance $2,500 per day. CIA, Sect. X(A)(1)-(4); $1,000 – $5,000 per day penalties for other violations. CIA, X(A)(5)-(7), at 28-30.
5 1/14/09 Eli Lilly 1. Gives credit for simply complying with the law. “Prior to the Effective Date of this CIA[], Lilly established a voluntary compliance program applicable to all Lilly employees.” CIA, Sect. I, at 1.2. Eli Lilly appoints its own compliance officer and review committee. CIA, Sect. III(A)(1), (2), at 5.3. Leaves corporate integrity obligations to Eli Lilly compliance officer. “The Chief Compliance Officer shall be responsible for developing and implementing policies, procedures, and practices designed to ensure compliance with the requirements set forth in this CIA and with Federal health care program requirements and FDA requirements.” CIA, Sect. III(A)(1), at 4.4. Penalty for non-compliance $2,500 per day. CIA, Sect. X(A)(1)-(4); $1,000 – $5,000 per day penalties for other violations. CIA, Sect. X(A)(5)-(7), at 40-42.
6 8/31/09 Pfizer, Inc. 1. Gives credit for simply complying with the law. “Prior to the Effective Date, Pfizer established a compliance program and initiated certain voluntary compliance measures.” CIA, Sect. I, at 1.2. Pfizer appoints its own compliance officer and review committee. CIA, Sect. III(A)(1), (2), at 4.3. Leaves corporate integrity obligations to Pfizer compliance officer. “The Chief Compliance Officer shall be responsible for developing and implementing policies, procedures, and practices designed to ensure compliance with the requirements set forth in this CIA and with Federal health care program requirements and FDA requirements.” CIA, Sect. III(A)(1), at 4.4. Penalty for non-compliance $2,500 per day. CIA, Sect. X(A)(1)-(4); $1,000 – $5,000 per day penalties for other violations. CIA, Sect. X(A)(5)-(7), at 52-53.
7 9/11/09 Biovail 1. Gives credit for simply complying with the law. “Prior to the Effective Date, Biovail initiated certain voluntary compliance measures and established a voluntary compliance program designed to address its U.S. operations and compliance with Federal health care program and FDA requirements.” CIA, Sect. I, at 1.2. Biovail appoints its own compliance officer and review committee. CIA, Sect. III(A)(1), (2), at 5.3. Leaves corporate integrity obligations to Biovail compliance officer. “The Chief Compliance Officer shall be primarily responsible for developing and implementing policies, procedures, and practices designed to ensure compliance with the requirements set forth in this CIA and with Federal health care program and FDA requirements.” CIA, Sect. III(A)(1), at 4.4. Penalty for non-compliance $2,500 per day. CIA, Sect. X(A)(1)-(4); $1,000 – $5,000 per day penalties for other violations. CIA, X(A)(5)-(7), at 28-29
8 12/22/09 Boston Scientific 1. Gives credit for simply complying with the law. “Prior to the effective date of this CIA Boston Scientific established a voluntary compliance program.” CIA, Sect. I, at 1.2. Boston Scientific appoints its own compliance officer and review committee. CIA, Sect. III(A)(1), (2), at 5.3. Leaves corporate integrity obligations to Boston Scientific compliance officer. “The Chief Compliance Officer shall be primarily responsible for developing and implementing policies, procedures, and practices designed to ensure compliance with the requirements set forth in this CIA and with Federal health care program requirements.” CIA, Sect. III(A)(1), at 5.4. Penalty for non-compliance $2,500 per day. CIA, Sect. X(A)(1)-(4); $1,000 – $5,000 per day penalties for other violations. CIA, X(A)(5)-(7), at 35-36.
9 4/27/10 AstraZeneca, L.P., and AstraZeneca Pharmaceuticals, L.P. 1. Gives credit for simply complying with the law. “Prior to the Effective Date, AstraZeneca initiated certain voluntary compliance measures and established a voluntary compliance program designed to address its U.S. operations and compliance with Federal health care program and FDA requirements.” CIA, Sect. I, at 1.2. AstraZeneca appoints its own compliance officer and review committee. CIA, Sect. III(A)(1), (2), at 5.3. Leaves corporate integrity obligations to AstraZeneca compliance officer. “The Compliance Officer shall be responsible for developing and implementing policies, procedures, and practices designed to ensure compliance with the requirements set forth in this CIA and with Federal health care program requirements.” CIA, Sect. III(A)(2), at 5.4. Penalty for non-compliance $2,500 per day. CIA, Sect. X(A)(1)-(4); $1,000 – $5,000 per day penalties for other violations. CIA, X(A)(5)-(7), at 52-53.

Footnotes:

1. Reuben A. Guttman is a founding partner at Guttman, Buschner and Brooks PLLC in Washington, DC.
2. Department of Health and Human Services, Office of Inspector General Web site (http://oig.hhs.gov/fraud/ cias.asp).
3. See, e.g., U.S. Dept. of Health and Human Services, Office of Inspector General, “Corporate Integrity Agreements Document List” (http://oig.hhs.gov/fraud/cia/cia_list.asp).
4. E. Basile et al., “Boston Scientific Corporate Integrity Agreement,” FDA and Life Sciences Client Alert, King & Spalding, Jan. 8, 2010, at 1.
5.  Press release, “Justice Department Announces Largest Health Care Fraud Settlement in Its History,” U.S. Dept. of Justice, Sept. 2, 2009.
6. Id.