Why Healthcare and Life Sciences Companies Need to Step Up Their Compliance Efforts in Advance of a U.S. Government Investigation

by Hogan Lovells

Hogan Lovells

In this hoganlovells.com interview, Hogan Lovells partner Gejaa Gobena discusses how the perception of compliance, remediation, and self-disclosure has evolved in the eyes of government prosecutors from how they factor at beginning of investigations, through charging decisions, and all the way through to post-resolution remedies. He also sheds light on whether to expect an increase or decrease in healthcare fraud investigations under the Trump Administration.

How has the view of compliance evolved in recent years?

Gobena: In the past, you would typically see the civil or criminal prosecutors focusing on evidence collection and making charging decisions. Compliance and remediation were typically seen as after-thoughts. In the context of healthcare investigations, the Department of Health and Human Services Office of Inspector General (HHS OIG) lawyers would handle compliance and remediation efforts arising from the investigation.

Let’s say it is a typical corporate healthcare investigation. There would be a government investigation. The government attorneys and the company would work out whether or not there was going to be a resolution, and how much the resolution was going to be. Anything related to compliance and post-resolution remediation was handled by the HHS OIG, which would negotiate a corporate integrity agreement and monitor that corporate integrity agreement — working with the company. The Department of Justice (DOJ) would little to do with those efforts. 

What has changed is that the compliance efforts at the time the misconduct allegedly took place are being more closely scrutinized by prosecutors and evaluated in the context of deciding what to do with the company. In the past, the question was: What happened? Now, it’s not just what happened. The question is: Why did it happen and what did the company do when it was put on notice that misconduct might be happening? If the culture of a company is such that it facilitated the misconduct, it can really affect how prosecutors view the company when it comes time to making charging decisions or negotiating a resolution. And, in at least one recent criminal resolution, we have seen a DOJ-supervised monitor replace a HHS-OIG corporate integrity agreement when it came to post-resolution oversight of a company.

Some prosecutors believe that companies should perhaps have a chance to avoid or mitigate criminal culpability if they consistently do the right thing and, conversely, be punished more severely if they do not. 

How would you describe the guidance that DOJ issued on compliance programs?

Gobena: On February 8, 2017, the DOJ Criminal Division, Fraud Division quietly issued an 11-part, multipage series of questions that they styled as guidance on corporate compliance programs. The origin of this goes back a couple of years to when DOJ hired a compliance consultant named Hui Chen. Her hire was the beginning of a heightened emphasis on evaluating corporate compliance during corporate criminal investigations. In the course of her evaluating corporate compliance programs in terms of alleged misconduct and to shape monitorships, she would ask a thorough set of questions designed to evaluate a company’s exiting compliance program.

I think what the DOJ Criminal Division, Fraud Division did by way of this program is basically memorialize those questions and topics to provide companies some guidance in terms of what they might expect to face in terms of scrutiny of their compliance programs from DOJ. The interesting thing is that it’s a series of questions, not a series of answers. It’s a little bit more than DOJ typically offers in terms of guidance on compliance programs, but by no means does it have the answers. I think that’s something companies are going to have to work through themselves along with their compliance departments and counsel. Interestingly, in March, HHS-OIG issued its own compliance guide, which includes issues to evaluate and further guidance. It is more detailed that the Criminal Division’s guidance and obviously tailored for life sciences companies.

In light of this DOJ guidance, what should companies do next?

Gobena: I think the one thing a company can do — even if it is not under investigation — is to take that DOJ guidance and ask itself those questions. For example, life sciences companies do a lot of business overseas and have to get their drugs and devices approved in other countries — oftentimes working with third parties. The oversight of third parties in other countries is very important with respect to Foreign Corrupt Practices Act (FCPA) investigations and whether or not companies are running afoul of that statute — especially since they are dealing with a lot of government entities. There can be allegations of companies trying to influence those government entities through bribery or corruption.

For a life sciences company that does a lot of work overseas, the questions about third-party management in this DOJ guidance are very useful — and reflective of the guidance Hogan Lovells typically gives regarding third-party oversight — regardless of whether or not it has an active investigation going on. That’s true even beyond third-party management, which is just one of 11 different subcategories in DOJ’s guidance. You can then transpose your company’s compliance program over these questions to see whether or not there are things you want to enhance or tweak.

For companies facing an investigation, how do remediation and self-disclosure factor in?

Gobena: One thing that’s being closely scrutinized now is remediation efforts. So if you find out that you have an employee who is engaged in misconduct, what you do about it is important in terms of how quickly you move. Do you fire the person or persons immediately? Take away job duties? The scope is also significant. For example, how broadly did you apply your remedial efforts? Did you hang an individual employee out to dry? Or did you consciously look into who may have been involved and take appropriate remedial efforts to make sure that those people aren’t viewed to be an issue. Remediation is something that’s being closely scrutinized on the criminal and civil sides. It’s creeping into many different parts of a company’s interaction with government. 

Whether the conduct was self-disclosed has become a major factor for many prosecutors. Alleged corporate misconduct comes to the attention of prosecutors in several ways — such as self-disclosure, a whistleblower, or some other form of law enforcement. Some prosecutors believe that self-disclosure is only possible when a company has a robust culture of compliance. 

However self-disclosure is a very complicated issue for life sciences companies. With Medicare’s newish 60-day overpayment rules and existing HHS-OIG disclosure protocols, providers reimbursed by Medicare have certain factors and rules that govern their decision-making. By contrast, the analysis by a manufacturer, pharmaceutical or medical device, would be different and involve different considerations.

How seriously do life sciences and other companies need to take this DOJ guidance?

Gobena: When the DOJ issues guidance, it is always a good idea to take it very seriously. Sometimes companies see the government issuing guidance and view it as generalized guidance that they will consider but not take too seriously. Providing guidance is probably as far as the Criminal Division could go in terms of telling a company what it should or should not do, and I think companies should take it seriously. The fact that guidance was issued and there are senior DOJ officials who issue the same kind of message in prior speeches shows that they truly believe in the importance of compliance in terms of deterrence of crime and changing corporate behavior. In April, the Attorney General (AG) reaffirmed these principals in an address to the Ethics and Compliance Initiative Annual Conference.

What impact will the Trump Administration have on DOJ investigations?

Gobena: The Trump Administration hasn’t said a lot publicly, but they have done something very significant that leads me to believe that they will continue this enhanced scrutiny of healthcare fraud — whether it’s criminal or civil. In their initial “skinny” budget, the HHS budget, which had a reduction overall, had an additional US$70 million dollars in discretionary funding that was allocated to the Healthcare Fraud, Abuse, and Control (HCFAC) program. HCFAC is what funds healthcare fraud efforts — whether it’s agents, prosecutors, or complex data analysis efforts. That’s about a 10 percent increase. 

It is just a budget blueprint, but it gives some insight about where the Trump Administration’s priorities are — particularly on the healthcare side. Enforcement efforts will likely increase. 

For More Information About the False Claims Act

Today, companies in all sectors of the economy that do business with the government or participate in government programs, face growing penalties, enforcement measures, and threats of litigation due to whistleblower action. Understanding how evolving enforcement measures will affect your business is crucial. 

That’s why we have published “False Claims Act: A year in review 2016.” This report reviews a year of key developments and trends in government enforcement of the FCA with an eye to the future and possible directions for the continued evolution of this law.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Hogan Lovells | Attorney Advertising

Written by:

Hogan Lovells

Hogan Lovells on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.