II. Compliance Program Elements A. The Basic Compliance Elements
The OIG believes that every effective compliance program must begin with a formal commitment by the pharmaceutical manufacturer’s board of directors or other governing body. Evidence of that commitment should include the allocation of adequate resources, a timetable for the implementation of the compliance measures, and the identification of an individual to serve as a compliance officer to ensure that each of the recommended and adopted elements is addressed. Once a commitment has been undertaken, a compliance officer should immediately be chosen to oversee the implementation of the compliance program.
The elements listed below provide a comprehensive and firm foundation upon which an effective compliance program may be built. Further, they are likely to foster the development of a corporate culture of compliance. The OIG recognizes that full implementation of all elements may not be immediately feasible for all pharmaceutical manufacturers. However, as a first step, a good faith and meaningful commitment on the part of the company’s management will substantially contribute to the program’s successful implementation. As the compliance program is implemented, that commitment should filter down through management to every employee and contractor of the pharmaceutical manufacturer, as applicable for the particular individual.
At a minimum, a comprehensive compliance program should include the following elements:
(1) The development and distribution of written standards of conduct, as well as written policies, procedures and protocols that verbalize the company’s commitment to compliance (e.g., by including adherence to the compliance
program as an element in evaluating management and employees) and address specific areas of potential fraud and abuse, such as the reporting of pricing and rebate information to the federal health care programs, and sales and marketing practices;
(2) The designation of a compliance officer and other appropriate bodies (e.g., a corporate compliance committee) charged with the responsibility for developing, operating, and monitoring the compliance program, and with authority to report directly to the board of directors and/or the president or CEO;
(3) The development and implementation of regular, effective education and training programs for all affected employees;
(4) The creation and maintenance of an effective line of communication between the compliance officer and all employees, including a process (such as a hotline or other reporting system) to receive complaints or questions, and the adoption of procedures to protect the anonymity of complainants and to protect whistleblowers from retaliation;
(5) The use of audits and/or other risk evaluation techniques to monitor compliance, identify problem areas, and assist in the reduction of identified problems;
(6) The development of policies and procedures addressing the non-employment or retention of individuals or entities excluded from participation in federal health care programs, and the enforcement of appropriate disciplinary action against employees or contractors who have violated company policies and procedures and/or applicable federal health care program requirements; and
(7) The development of policies and procedures for the investigation of identified instances of noncompliance or misconduct. These should include directions regarding the prompt and proper response to detected offenses, such as the initiation of appropriate corrective action and preventive measures and processes to report the offense to relevant authorities in appropriate circumstances.