Investigators know “things go wrong.” Company response is what matters.

Medtech and pharma companies face significant pressure on regulatory compliance, but authorities know those enterprises are run by human beings and that “things go wrong,” says Amanda Strachan, chief of the health care fraud unit in the US attorney’s office for the district of Massachusetts. “We understand that.”

Strachan, speaking at the AdvaMed MedTech conference last month, noted that her unit looks at a number of factors when evaluating whether a company should face criminal liability for something one of its reps did in the field. These factors include:

  • what the rep’s supervisors knew, and what their supervisors’ supervisors knew
  • what type of training the company implemented after learning of the event
  • whether the rep in question was retrained and/or disciplined.

“We look for response. We look for a company culture that demonstrates that ‘we take this seriously.’ It’s not just doing the bare minimum. It’s acting with a culture of integrity,” she said.

Companies that self-disclose typically present a package of steps they have taken and money they have paid back, she said. Strachan noted that while companies do not frequently self-report violations to her unit, it has happened on a few cases that she was involved with, and they did not result in criminal prosecution.

Companies that become aware of health care fraud somewhere in their operations have the best chance of avoiding legal and regulatory consequences if they are proactive about both taking corrective actions and informing authorities, she advised.

Leveraging data analytics

Strachan’s unit typically combs through data to identify red flags and outliers for investigation, and it has been working with a dedicated data analytics unit in Washington, D.C., to improve these efforts. Companies should leverage the same information and tools, she said.

“We know that this data that is available to us is available to others and is available to companies. We expect players in the industry are also monitoring their own data,” she said, and regulators want to see a response to any information that appears troubling.

When the health care fraud unit examines data, it looks at each data point to see how many red flags are present for a particular entity. These could include whether many patients travel from a great distance to see a particular health care provider, and whether a provider prescribes a high number of brand-name drugs versus generics.

But investigators will also look for reasons a case may not be nefarious, she said. These red flags could be explained if a provider or pharmacy is located in a rural area or if a high rate of brand-name drug prescriptions is driven by the particular practice specialty.

“I think we would just look for companies to be asking the same types of questions,” she said.

Enforcement priorities

Strachan also described her unit’s current enforcement priorities to conference attendees, noting that it is currently pursuing a broader range of activities compared with the traditional focus on off-label promotion and kickbacks.

She is frequently seeing fraud driven by high drug prices, as this can create pressure on sales reps to sell those therapies, particularly in light of prior authorization requirements and other efforts by insurance companies to control health care costs. When companies do have high-priced products, Strachan recommends taking steps to guard against these types of concerns.

It can be a particular problem in the startup space, she said, explaining that smaller companies are often formed by people focused on science and development who then arrive at the commercialization stage without strong compliance programs.

Additionally, the unit has seen issues around financial arrangements between pharma companies and specialty pharmacies, in the area of patient assistance and with telemedicine.

Telemedicine is challenging to monitor for fraud because “there is so much private information that is available out there about patients,” she said. For example, patients may receive calls from people with significant amounts of information about their care history who claim to offer a service their physician has recommended for them.

Meanwhile, the health care fraud unit has seen fewer problems in the area of off-label promotion than in the past. And when it does see red flags in this area, it looks for additional factors, such as risk of patient harm, kickbacks or HIPAA violations, before deciding whether to pursue a case.

“We’re looking for crime that to my view causes somebody harm, whether it’s financial or physical,” she said.

April Hollis is custom content editor for health care. She has been with SmartBrief since 2013 and has covered health care and life sciences topics since 2006.

For more news, research and commentary delivered straight to your inbox, check out all of SmartBrief’s health care newsletters, covering health IT, news for insurers, news for health care providers and more.