OIG developing ethics guide to prevent fraud

NIH grant recipients being targeted

By J. Mark Waxman, JD
General Counsel
CareGroup Healthcare System
Boston

One of the major fraud prevention efforts over the past decade has been the development and publication of compliance program guidance (CPG) for various aspects of the health care industry. Most recently, we have seen this effort with respect to the pharmaceutical industry and a focus on its relationship to health care providers.

Now, the OIG has turned its attention to the research arena and announced that it is developing CPG for recipients of extramural research grant and cooperative agreement (grant) awards from the National Institutes of Health (NIH). To facilitate that process, it also is soliciting input from those who might wish to implement CPG, principally colleges, medical schools, and other entities committed to furthering biomedical research.

The nature of a compliance plan

The elements of a compliance plan are based upon the U.S. Sentencing Guidelines, which were developed by the United States Sentencing Commission. They were designed to not only to create uniformity in sentencing but also encourage organizations to develop their own compliance (re: ethics) programs. The guidelines apply to almost all types of organizations including corporations, partnerships, unions, not-for-profit organizations, and trusts. One significant aspect of the guidelines is that each organization is responsible for the wrongful acts of its employees as long as the employees were acting in their official capacity. The theory is that each organization shares a degree of culpability if an employee acts in an unlawful manner, even if the organization did not know of or approve of their actions. It is, therefore, in the best interest of organizations involved in research to develop a compliance plan that includes:

  • Written policies and procedures that foster a commitment to compliance. In this context, the organization will likely need to address policies and procedures for both the administrative and billing components, as well as the IRB oversight functions.
  • An effective training and education program.
  • A designated compliance officer and compliance committee.
  • Effective lines of communication.
  • Internal monitoring and auditing.
  • Enforcement of standards through disciplinary guidelines.
  • Prompt response to problems, with implementation of corrective action plans and timely reporting to the NIH, Food and Drug Administration, or other relevant federal agency.

The OIG has addressed a number of areas specific to research that it will consider for this particular CPG. First, it notes that consideration will be given to an additional CPG element — "Defining roles and responsibilities and assigning oversight responsibility." While no particular comments are made informing us as to what OIG may have in mind, presumably it will be looking for comment as to whether clear guidance is required when both a medical school and hospital are in the same corporate structure, or whether clear determination of delegated authority must exist as between an IRB, research administrators, or entity finance personnel.

Second, OIG seeks input on the scope of the CPG and the types of activities that should be subject to it. It seems fairly obvious that the scope should be at least commensurate with the risks to improper expenditures of funds. A real question, however, exists as to whether it will extend into the clinical side of the research enterprise and those areas already subject to IRB oversight.

Third, the OIG notes that its fraud investigations to date have identified the areas of internal controls as problematic enough to "warrant attention" in a CPG. Internal controls in this context likely refers to the process of allocation funds or time spent among various grants, as between a grant and services provided to Medicare or other fee paying patients, or between various time periods over the course of a grant. This will address not only how this activity is to be conducted, but by whom and under whose supervision.

Indeed, the OIG notes that risk areas it has "tentatively identified" relate to charges allocations, "time-and-effort" reporting, and the use of program income. One interesting question in this latter area that is not addressed, but has been highlighted by the OIG elsewhere, is the interrelationship between routine Medicare service reimbursement and research activities and funds.

The implication of the OIG notice is clear, and is not the product of only this notice. Given the increasing amount of taxpayer funds that are pouring into research in the life sciences, particularly with bioterrorism likely to provide a new funding impetus, the OIG feels an increasing need to take those steps necessary to protect both the public and taxpayer dollars. OIG also may recognize that the research infrastructure within the nonprofit institutions that conduct much of the NIH-funded research is in need of all the help it can get, given the incessant budget pressures and the overall newness of many involved in the research process, including the board of directors of many of these entities.