MEASURING & MONITORING RISK USING ANALYTICS

© 2017 HURON CONSULTING GROUP INC.

MEASURING & MONITORING

RISK USING ANALYTICS

APRIL 13, 2017

PRESENTERS

2 © 2017 HURON CONSULTING GROUP INC.

Jack Tanselle

Managing Director

Huron Consulting Group

[email protected]

Jeff Fisher

Director

Huron Consulting Group

[email protected]

Brian Bohnenkamp

Partner

King & Spalding

[email protected]

TABLE OF CONTENTS


1 CURRENT LANDSCAPE 4

2 ASSESSING RISKS; DRIVING MONITORING

PLANS13

3 EVOLUTION OF COMPLIANCE ANALYTICS AND

CASE STUDIES19

4 ROADMAP FOR ESTABLISHING AGILE ANALYTIC

CAPABILITIES40

CURRENT LANDSCAPE

1

© 2017 HURON CONSULTING GROUP INC.4

RECENT LIFE SCIENCES SETTLEMENTS


Company Settlement Year Alleged Conduct

Sanofi Pasteur ~$20 million 2017 Pricing

Orthofix ~6 million 2017 FCPA Violations

Advanced BioHealing $350 million 2017 Kickbacks

Teva $519 million 2016 FCPA Violations

Forest $38 million 2016 Kickbacks

Biocompatibles $36 million 2016 Misbranding

Mylan $465 million 2016 Pricing

Novartis $16 million 2016 Off-Label Promotion

Acclarent $18 million 2016 Off-Label Promotion

Valeant/Salix $54 million 2016 Kickbacks

Genentech/OSI Pharmaceuticals $67 million 2016 Misleading Statements

Aegerion ~$40 million settlement reserve disclosed 2016 Off-Label Promotion

Pfizer/Wyeth $784 million 2016 Pricing

Olympus $646 million 2016• FCPA Violations

• Kickbacks

Novartis $390 million 2015 Kickbacks

Warner Chilcott $125 million 2015 Kickbacks

Millennium Health $256 million 2015 Kickbacks

Johnson & Johnson $25 million 2015 •GMP Violations

“Companies have spent a lot of time,

effort, and resources to comply with

open payments reporting requirements,

and I would recommend that [they]

capitalize on those investments.”

– Mary Riordan, OIG Senior Counsel,

from her Keynote Address at the

2015 Pharmaceutical Compliance

Congress

PERSPECTIVE FROM THE OIG: GROWING EMPHASIS ON KICKBACKS

Ms. Riordan went on to challenge

manufacturers:

• What types of financial relationships does

your company have with prescribers,

purchasers, or recommenders of your

products?

• Are there legitimate business needs for

those relationships?

• Are there processes and controls in place

to make sure these relationships are lawful

and don’t run afoul of kickback statutes?


TRENDING RISK AREAS


• Speaker programs

• Meals

• “Value-added services”

• Consulting arrangements

• Equipment loans

• Grants and donations

• Arrangements with specialty pharmacies

• Arrangements with PBMs and payors

• Interactions with patients and patient advocacy groups

• Coupons and co-pay cards

GROWING NUMBER OF RELEVANT AUTHORITIES TO CONSIDER IN ASSESSING POTENTIAL RISKS


• Federal– Anti-Kickback Statute

– FDA laws and regulations (e.g., advertising and promotion, clinical trials, adverse event , GMPs)

– False Claims Act

– Foreign Corrupt Practices Act

– Drug price reporting laws and regulations (e.g., Medicaid Best Price)

– Prescription Drug Marketing Act (samples)

– Executive Branch ethics laws (apply to interactions with VA and DoD)

– Open Payments/Sunshine Act

• State– State kickback prohibitions and false claims acts

– State gift bans and compliance program laws

– State transparency laws

– State consumer protection laws and restrictions on unfair trade practices

– State government ethics laws and lobbying requirements/restrictions

• Other important non-legal authorities– Industry codes of conduct (PhRMA Code, AdvaMed Code)

– Institutional conflicts of interest policies

BIG DATA ON THE SCENE . . .


• Gov’t reliance on data analytics

continues to increase

• Federal law enforcement

encouraged to use data analytics

prospectively to identify potential

fraud and abuse

• Open Payments and Medicare

Provider Utilization and Payment

Data databases available for

sophisticated analytics

. . . FOR EVERYONE TO USE


EVOLVING EXPECTATIONS FOR COMPLIANCE PROGRAMS


• Federal enforcement authorities are increasingly focused on compliance program

operational effectiveness.

• In November 2015, DOJ hired Hui

Chen, the first ever DOJ

Compliance Counsel, to provide

guidance to prosecutors on

compliance program effectiveness.

• In February 2017, DOJ published

guidelines to evaluate corporate

compliance programs.

EVOLVING EXPECTATIONS FOR COMPLIANCE PROGRAMS


• Risk Assessment and Mitigation

Process (RAMP) requirements

have become boilerplate provisions

in CIAs with HHS-OIG.

• In March 2017, OIG/HCCA

published the Resource Guide for

Measuring Compliance Program

Effectiveness.

ASSESSING RISKS; DRIVING MONITORING PLANS

2


RISK ASSESSMENT AND MITIGATION PROCESS (“RAMP”)


A RAMP program is the backbone of a sustainable, effective compliance program,

creating a repeating cycle of continuous improvement through risk mitigating activity.

RISK ASSESSMENT

(annual and ad hoc)

AUDITING &

MONITORING• Traditional audits

• “For cause” audits

• Live/field monitoring

• Records reviews

• Analytics monitoringContinuous

Improvement*

Mitigation planning

driven by risk

assessment output

Mitigation output and

external forces serve as

risk assessment inputs

External Forces:

Hotline, Investigations,

Changing Regulations,

Market Conditions

*Continuous Improvement:

• Management responses

• Evolving policies and procedures

• Improved/increased training

• Improved/increased communications

• Business ownership of compliance

• Routine, integrated dialogue

RISK ASSESSMENT PROCESS

Risk Activity

Catalogue

Assess Current Controls

Risk Scoring

(prioritize)

Create A&M Plans

Re-assess Refine Repeat

Create a

catalogue of

all potential

compliance

risk activities

Include risk

categories

as well as

specific risk

areas

Assess

controls

related to

each risk

activity

Meet with

risk activity

stakeholders

to learn

needs and

concerns

Use criteria

that may

include:

current

enforcement,

current

controls,

levels of

spending,

frequency

and volume

of activity

The risk

ranking

drives

auditing and

monitoring

plans,

including

dashboards

and reports

needed

Evaluate the

progress of

mitigation

efforts

Continue

dialogue w/

stakeholders

and assess

for changes

Repeat at

least

annually


RISK ACTIVITY CATALOGUE – EXAMPLES


RISK SCORING MODELS – EXAMPLE

17

Area for Review

Current

Enforcement

Activity

Level of

Spending

Frequency

of Activity

Existing

ControlsTotal

Sales & Marketing

Speaker Programs 5 5 5 5 20

Third-Party Arrangements 5 3 5 5 18

Consulting/Ad Boards 5 3 3 3 14

Promotional Materials 3 5 0 3 11

Gifts& Business Courtesies 3 3 5 0 11

Time & Expense Reporting 3 0 0 5 8

Medium

Maximum

Minimum Minimal risk with strong corporate compliance controls 0

Current or historical enforcement action with some compliance

controls

High risk due to current enforcement action and/or high levels of

scrutiny outside the organization. Action (or inaction) may impact

multiple areas within the organization

3

5


RISK ASSESSMENT: CRITICAL SUCCESS FACTORS


• Risk assessments, and the mitigation plans driven by the output from them, must

be jointly developed and implemented in partnership with business leadership.

• Risk activities must be identified and scored on a relative scale for prioritization.

• Key Performance Indicators (“KPIs”) must be developed to continually measure

the effectiveness of risk-mitigation actions.

– It can be challenging to prove the effectiveness of a compliance program, given the

objective is often to try to prove a negative: “the risk-mitigation actions must be working

since the bad event hasn’t occurred.”

– The solution lies partly in a company’s ability to develop meaningful KPIs that act as

surrogates to predict the success or failure of your compliance initiatives.

EVOLUTION OF COMPLIANCE

ANALYTICS AND CASE STUDIES

3


OPPORTUNITY: USING ANALYTICS FOR DECISION MAKING

• Life Sciences companies are exploring how to best create an analytics platform

that provides the following:

– Summary and detailed analysis of operational and financial data

– Algorithms to measure and visually display operational and compliance risk

– Proactive alerts that identify risk trends

– Analytic views that meet customized needs of individual business users

– Flexibility and scalability to meet needs as demands increase


BARRIERS: USING ANALYTICS FOR DECISION MAKING

• Implementing a compliance analytic and dashboard application presents

significant challenges, including:

– Identifying source systems and data elements that have relevance to measure

compliance

– Identifying measures that can display compliance risk

– Determining requirements and design for compliance management and dashboard

application

– Incorporating best practices and industry current practices, as applicable, into the

design

– Creating and maintaining required data mart and visualization application


Tools

Web-Based

Forms

Data

Aggregation

Data

Visualization

Proactive Monitoring

Characterized by:

Retrospective Monitoring

Characterized by:

Highly/

entirely

manual

processes

Random

sampling &

reporting =

limited

insights

Time,

resource, and

cost-

intensive

Resources

less focused

on action;

consumed by

process

Does the

data exist?

Can we

access it?

Is it

structured so

we can

create the

analysis we

want? How much is it

going to cost?

How long is it

going to take?

Highly/entirely

automatic

analyses &

reporting

Complete

analysis =

comprehensive

insights

Reporting &

metrics that

are time,

resource, and

cost-effective

Resources

focused on

analysis and

actionGOAL

A long-term

solution that

flexes with

your needs

Embeds

subject matter

expertise in an

automated

platform

Redundancy in

analyses

Time to

structure data

Time to

generate ad hoc

reports

Time to execute

monitoring

activities


EVOLUTION: MORE PROACTIVE & AUTOMATED

SAMPLE DATA SETS

23

Data Set Sample Analyses Examples of Business Value Stakeholders

Expense

Data

• Identification of Expense

Outliers

• Per Attendee Meal Spend vs.

Policy Requirements

• Identify total vendor spend via expense

reporting to inform negotiations

• Identify potentially excessive spenders and

take action centrally

Compliance,

Marketing,

Medical

HCP Target

List

• Appropriateness of Physician

Specialty Targeting – e.g. on-

label/off-label; NSAID Rx

volume

• Faster decisions to include/exclude HCPs

nominated by the field for detailing

• Enhanced promotional targeting (e.g. pain

specialists, rheums, GP/FP, other audiences)

• Refinement of field resource allocation

Compliance,

Sales, Sales

Operations

HCP

Consultant

Spend

• HCPs Consultant Spend vs.

Policy Cap

• Strategic allocation of HCP engagement

based on transparency to potential cap

limitations

Compliance; all

who engage

HCPs

Promotional

Programs

Attendee

List

• List of HCPs that attend

multiple programs on the

same product, with frequency

• Increase market spend efficacy by knowing

when to refrain from inviting an HCP to

multiple programs on the similar topics

Compliance,

Marketing, Sales

Operations

Clinical Trial

Data

• Annual snapshot of

compliance with FDAAA and

NIH requirements

• Sourcing potential new drug candidates

• Identify highest-enrolling sites for a given TA

Clinical,

Commercial,

Regulatory, R&D

Training

Records

• Personnel training compliance

statistics

• Increase knowledge development of company

products and practices

Compliance,

Legal/HR


OTHER EXAMPLES

24

Multi-Source

Analysis

Compliance Value Business Value Stakeholders

HCP Risk

Scoring

Proactively identify

inappropriate relationships

Provides full picture of

information to assess

relationship with HCP

Compliance,

Marketing,

Sales, Sales

Operations

MSL Risk

ScoringProactively identify

candidates for increased

monitoring and records

audits

Proactive monitoring of

potential risks such as off-

label promotion, kick-

backs, misbranding, etc.

may mitigate suspicion,

investigations, hefty fines,

and loss of brand value.

Compliance,

Sales, Sales

Operations

RBM Risk

Scoring

Sales Rep Risk

Scoring

Competitor

HCP Spend

Analysis

Identify spend outliers

compared to competitors

Determine whether

reallocation of spend is

necessary

Compliance,

Marketing,

Sales, Sales

Operations


CASE STUDY #1: OPEN PAYMENTS PEER ANALYSIS


• The commercial group wanted to gain insights into the promotional activities of their peers. The Requirement

• Commercial and Compliance collaborated on the project to ensure adherence to business goals and company policies.

• Key analytics were created to provide insights into speaker programs and HCP utilization.

The Analysis

• Compliance was able to discover key insights into peer makeup of speaker programs and HCP utilization.

The Results

COMPLIANCE MONITORING WITH OPEN PAYMENTS:Comparing HCP Utilization


Viewing how other peer companies engage HCPs that your company also utilizes

can help to identify optics seen by government and the public.

CASE STUDY #2: MEDICARE PART D TRENDS


• The compliance group wanted to gain an understanding, using publicly available data, of the prescribing patterns of the HCPs they engaged.

The Requirement

• Open Payments were analyzed in relation to Part-D data.

• Commercial and Compliance collaborated closely to ensure adherence to company policies, important in a sensitive exercise of analyzing HCP prescribing patterns.

The Analysis

• Compliance was able to identify HCPs outliers warranting further analysis due to potentially worrisome prescribing patterns.

The Results

COMPLIANCE MONITORING WITH OPEN PAYMENTS:Sales Correlated with Fee Payments


Sales information (e.g. Part-D) can be correlated with physician fee payments to

identify appearance of potential inappropriate influence.

CASE STUDY #3: SPEAKER PROGRAM MONITORING


• The compliance group wanted to track speaker program metrics in real-time. The Requirement

• Monitoring dashboards were created to provide real-time views of speaker programs, monitoring results, and investigations.

The Analysis

• Compliance was able to efficiently identify trends in speaker program policy violations resulting in a rapid response which included retraining and a shift in attendee invitation practices.

The Results

COMPLIANCE MONITORING OF SPEAKER PROGRAMSProgram Monitoring Summary


Tracking findings and corrective actions associated with monitoring Speaker

Programs figures to remain a staple activity to include in monitoring dashboards.

COMPLIANCE MONITORING SPEAKER PROGRAMSAttendee Count Distribution


Analysis of attendees can identify programs with low utilization.

CASE STUDY #4: SALES FORCE EXPENSE MONITORING


• The compliance group wanted to gain insights into the expense activity of sales reps and the organization’s association with vendors who present policy or perception risks.

The Requirement

• Analytics were created to monitor T&E expenses to identify vendors and key metrics.The Analysis

• Compliance was able to identify several risks in expense meal venues and per-person costs.The Results

COMPLIANCE MONITORING WITH CONCURTop Specialty Spending

33

Using analytics to inspect Concur expenses can identify potential HCP attendees

with inappropriate specialties.


CASE STUDY #5: PRICING & CONTRACTING ACCRUALS


• The Government Program group wanted reliable, repeatable, and efficient analysis of their monthly pricing and liabilities.

The Requirement

• Analytics were created to seamlessly integrate with the GP systems and processes, tailored to the organizations unique needs and variance drivers.

The Analysis

• Compliance was able to significantly reduce the burden of month- and quarter-end analysis of GP liabilities, and create informative, actionable management reports.

The Results

SAMPLE: QUARTERLY AMP SUMMARY REPORT


CASE STUDY #6: CALIBRATING FAIR MARKET VALUE


• The commercial group wanted to gain insights into the compensation peers were providing to HCPs.

The Requirement

• Analytics were created to statistically analyze the distribution of payments for various types of HCP engagements, including speaking and consulting for both CME and non-CME activities.

The Analysis

• Compliance was able to identify how their own compensation compared to peers.The Results

COMPLIANCE MONITORING WITH OPEN PAYMENTSFMV of Speaker Program Payments


Open Payments data can be used to compare your speaker program payments

against peers, giving insight into your FMV range.

CASE STUDY #6: RETURN ON EDUCATION


• The commercial group wanted to move towards optimizing total spend and distribution of spend to optimize return on education investment with speaker programs.

The Requirement

• Commercial and Compliance collaborated on the project to ensure adherence to business goals and company policies.

• Key analytics were created to provide insights into speaker programs and HCP utilization.

The Analysis

• Commercial and Compliance were able to jointly agree on shifts to be made in speaker program content, speaker selection, and regional spend while enhancing risk mitigation

The Results

RETURN ON EDUCATIONEvent Location Pattern Analysis


Inputs• Product sales

• Category sales

• SPB events

Outputs• Potential for more targeted

education

• SBP overlay in a click-through

national dashboard

Implications• Resource over/underdeployment

• Restricted speaker access

environments

• Suggestion of content

requirements

ROADMAP FOR ESTABLISHING AGILE ANALYTIC CAPABILITIES

4


STRATEGIC CONSIDERATIONS

• Consider your organization’s unique vision statement and goal for conducting

analyses

– For example: To identify positioning vis-a-vis competitors, and to draw insights that

inform both compliance and HCP engagement functions

• Consider a governance document to guide analytics work at your company

• Identify stakeholders across all functional areas and build consensus around

a unified team

• Evaluate internal capability to:

– Interpret analyses from both a compliance and commercial perspective

– Construct effective, informative analyses, including technology solutions

– Manage the project in a controlled manner, taking into account the numerous

stakeholder sensitivities


DETERMINE REQUIREMENTS: BUSINESS, COMPLIANCE, FUNCTIONAL AND DATA


Activity Work Steps Deliverables

Identify Business/

Functional

Requirements

• Review existing compliance policies and other documentation

• Identify business, functional, and compliance analysis requirements

• Conduct stakeholder interviews/workshops to determine functional/business

requirements

• Create analysis views for proof-of-concept application

• Create risk management algorithms

• Identify required data elements

• Evaluate completeness and accuracy of data capture and identify gaps and

solutions to remediate them

• Develop Functional Design Specification

• Develop requirements traceability matrix

• Business/Functional

Requirements

• Traceability matrix

documenting business

and regulatory

requirements

• Draft Functional

Design Specification

for Proof-of-Concept

Application

Develop and

Deploy Proof-of-

Concept

Application

• Develop data-based visualizations in accordance with the Functional Design

Specification

• Review functionality with project team

• Incorporate feedback into functionality

• Implement Proof-of Concept Application

• Updated Functional

Design Specification

• Proof-of-Concept

Application

• Identify functional, business, and compliance requirements then combine with

data requirements to help the team develop an end-to-end compliance and

dashboard application

• Specific work activities and deliverables for the requirements gathering phase

are provided in the table below.

EXAMPLE METHODOLOGY


Objective(s) Key Activities Key Deliverables

1. Create initial

designs for

visualizations and

dashboards

2. Identify source

data requirements

that will support

visualization and

dashboard

designs

1. Utilize risk assessment visualization library as a

baseline to help users describe risk visualization

requirements

2. Work with client stakeholders to identify visualization

requirements

3. Create initial designs for dashboards and

visualizations

4. Design drill-down, roll-up, and data amplification

scenarios and designs

5. Define alert criteria

6. Identify source data elements for visualizations

7. Review source systems to ensure data elements are

resident within the source systems

8. Work with client IT to create approach to capture data

elements not currently stored in source systems

• Dashboard mock-up diagrams

• Dashboard data requirements,

refresh processes, and ongoing

support recommendations

Phase I

Design/Enhance

Risk

Assessment

Process

Phase II

Determine Data

and Risk

Measures

Phase III

Design

Dashboards

and

Infrastructure

Phase IV

Replicate for

Global Rollout

THANK YOU

Documents

MEASURING & MONITORING RISK USING ANALYTICS