When conducting due diligence of an FDA-regulated company, there are several important questions that should be posed. These include questions relating to regulatory, compliance, and privacy matters. For example, questions about FDA, FTC, Anti-Kickback Statute, False Claims Act, CMP Law, Stark Law, Sunshine Act, HIPAA, GDPR, FTCA, state regulations, and more. Additionally, questions about the company’s compliance program should be asked. This includes questions about the company’s compliance policies and procedures, compliance officer and committee, auditing and monitoring reports, complaint handling process, and more.

When it comes to acquisitions, it is important to focus on the data room. This is where all the documents memorializing remunerative relationships with providers should be stored. These documents include physician consulting agreements, grant, royalty, and research agreements, physician ownership in the company, and joint marketing arrangements. Other documents commonly placed in the data room include customer agreements, GPO agreements, compliance and privacy policies and procedures, FDA quality-related materials, and more. It is important to note that attorney-client privileged materials, e.g., audit reports, should not be included in the data room.

BUYERS

When conducting due diligence of an FDA-regulated company, there are several important questions that should be posed. These include questions relating to regulatory, compliance, and privacy matters. For example, questions about FDA, FTC, Anti-Kickback Statute, False Claims Act, CMP Law, Stark Law, Sunshine Act, HIPAA, GDPR, FTCA, state regulations, and more. Additionally, questions about the company’s compliance program should be asked. This includes questions about the company’s compliance policies and procedures, compliance officer and committee, auditing and monitoring reports, complaint handling process, and more.

When it comes to acquisitions, it is important to focus on the data room. This is where all the documents memorializing remunerative relationships with providers should be stored. These documents include physician consulting agreements, grant, royalty, and research agreements, physician ownership in the company, and joint marketing arrangements. Other documents commonly placed in the data room include customer agreements, GPO agreements, compliance and privacy policies and procedures, FDA quality-related materials, and more. It is important to note that attorney-client privileged materials, e.g., audit reports, should not be included in the data room.

SELLERS

Preparation on the seller’s part is also important when it comes to acquisitions. This includes being prepared to talk about regulatory, compliance, and privacy issues. Of particular interest to buyers and underwriters are FDA quality issues, off-label promotion/use, reimbursement support, referral marketing practices, provider meal and expense policy, federal and state sunshine reporting, state licensures, the company’s compliance program, privacy compliance (HIPAA, GDPR, FTC), remunerative relationships with providers, and more.

TOP 20 QUESTIONS/REQUESTS

Below are our top twenty regulatory, compliance, and privacy questions/requests for buyers of FDA-regulated companies.

1. Describe your compliance program.
2. Have there been violations of your compliance policies?
3. How do you vet consultants/employees for exclusion/debarment?
4. Do you perform auditing and monitoring? If you answer “yes,” expect to be asked for the reports (discussed later).
5. Do you have a compliance hotline?
6. Do you have a compliance officer?
7. Do you have a compliance committee? Does it meet regularly?
8. What is the ratio of HCP consultants to customers?
9. Have you had any recalls, warning letters, MDRs, or other FDA issues?
10. Describe your privacy program, policies, and procedures.
11. What is your process for meeting federal, state, municipal sunshine requirements?
12. Do you have all necessary state and federal, clearances, licenses, and permits?
13. Describe your complaint handling process.
14. Has the company every been subjected to a government investigation, received a CID, or other inquires?
15. Apply the above to O-US activities.
16. Do you perform an annual needs assessment for consultants?
17. Describe the company’s sales and marketing practices and does the company provide discounts or rebates?
18. What sort of reimbursement support does the company provide and how does it work with payors?
19. Does the company sign business associate agreements (BAA)?
20. Describe company training practices for employees and consultants.

This is just a sample. There are many more questions/requests. Asking the right questions and being prepared are the keys to finding the “Goldilocks Zone” in acquisitions.

Finally, it is important for both buyers and sellers to carefully review what is being agreed to and editing contractual representations and warranties as necessary.