Filed under: Compliance, Ethics, New Jersey
As trainers of compliance officers, Seton Hall Law faculty emphasize repeatedly the importance of not retaliating against whistleblowers, explaining the various legal risks attendant to punishing the employee who steps forward in good faith to address internal wrong-doing. But rarely do we talk about who’s got the compliance officer’s back – specifically, whether the law protects the compliance officer from retaliation by her employer for simply doing her job. Compliance officers who identify serious problems, particularly with product safety, can not only interfere with the company’s potential revenue, but also cost the company millions of dollars if, for example, the company has to self-report to a government agency and pay significant fines or recall a product. Compliance officers arguably are the most vulnerable targets of retaliation, as their jobs might be characterized as full-time internal whistleblowers. Both New Jersey and New York have recently answered the question of what legal protection exists for compliance officers, reaching different conclusions in the process. While a New Jersey appellate decision decided earlier this month found compliance officers to be within the statutory protection afforded to whistleblowers, a 2012 New York case declined such protection.
Like most other workers, most compliance officers are employees at will – that is, they do not have contracts that limit the circumstances under which they may be terminated. Thus, the question is whether whistleblowers merit an exception from the employment at will doctrine that allows employees to be fired for any or no reason at all. The New Jersey Conscientious Employee Protection Act (CEPA) is an overarching statute that protects almost all whistleblowers from retaliation; New York has no comparable general statutory protection but does have a series of industry-focused laws that provide some kinds of protection. Even in states with statutes such as New Jersey’s, however, the question is whether they apply to compliance officers, whose entire job involves being the company “watch dog.” While states have disagreed about this question, a September 4 decision by the Appellate Division in New Jersey in Lippman v. Ethicon extends New Jersey’s CEPA to compliance officers.
Joel Lippman, M.D. was Ethicon’s Vice President of Clinical Operations and Health Economics and Reimbursement – a new title resulting from what Lippman claims was a retaliatory reorganization designed to reduce his responsibilities – when he was terminated for having a consensual romantic relationship with an employee in a department that reported to him (the employee was not a direct-report). J&J (Ethicon is a Johnson& Johnson company) has no policy prohibiting such relationships, and the person who terminated Lippman was unable to recall another employee being terminated or disciplined for having such a relationship.
Lippman claimed that he was actually terminated due to accumulated frustration with his consistent advocacy of recalling dangerously defective products. He alleged that his superiors deemed him “needlessly conservative or naively insensitive to Ethicon’s business and corporate interests.” When Lippman sued under CEPA, Ethicon argued that CEPA does not apply to an individual whose whistleblowing activities fall within the scope of his job responsibilities. Rejecting that argument, the Appellate Division held that “’[w]atchdog’ employees, like plaintiff, are the most vulnerable to retaliation because they are uniquely positioned to know where the problem areas are and to speak out when corporate profits are put ahead of consumer safety.” The court defined the term “watchdog employee” to encompass those whose job duties put them in the best position to:
(1) Know the relevant standard of care; and
(2) Know when an employer’s proposed plan or course of action would violate or materially deviate from that standard of care.
Unless the case settles, Lippman will have to return to court to establish that he reasonably believed his employer was engaged in activity violating the law or public policy; that he either refused to participate or exhausted all internal means of securing compliance; and that his compliance activities were the cause of his termination.
Compliance officers in New York did not fare as well when the New York Court of Appeals issued its 2012 decision in Sullivan v. Hanisch. There was no applicable state statute, and, consistent with its general refusal to recognize a cause of action for being fired for opposing conduct in violation of public policy, the Court rejected an exception to the employment at will doctrine for a hedge fund compliance officer who was fired after confronting a colleague for engaging in “front-running,” improper trading conduct benefitting his own as well as family accounts ahead of firm clients. Sullivan unsuccessfully argued that “the legal and ethical duties of a securities firm and its compliance officer justify recognizing a cause of action for damages when the compliance officer is fired for objecting to misconduct.”
The outcome of Sullivan’s case was in one way predictable and in another surprising. The Court of Appeals had rejected any public policy tort for decades but Sullivan relied on a 1992 holding in Wieder v. Skala, in which New York had carved out an exception to the employee at will doctrine for a lawyer fired by his law firm following his insistence that the firm adhere to the disciplinary rules requiring it to report professional misconduct by another firm employee. The Wieder holding rested on the implied understanding that the firm would adhere to the profession’s ethical standards and self-regulate. While the Sullivan Court left open the possibility of other employment relationships falling within this narrow exception, it decided that a compliance officer at a securities firm is not one of them.
Invoking language from the Wieder case, the Sullivan Court determined that it could not be said that “his regulatory and ethical obligations and duties as an employee ‘were so closely linked as to be incapable of separation.’” Also, fatal was that Sullivan was not associated in a firm of compliance officers charged with a duty of self-regulation; further, according to the Court, regulatory compliance was not even the “only purpose” or “very core” of Sullivan’s employment – it comprised only a percentage of his responsibilities. Finally, the court rejected the notion that Sullivan was a whistleblower because he addressed the issue only internally – he did not contact the SEC. If these elements are indeed essential to qualifying for the whistleblower exception created by the Wieder case, compliance officers have little hope for protection against retaliation under New York law.
The state of New York law raises the question of whether compliance professionals employed by New York companies should seek adoption of corporate policies protecting them from termination for performing their jobs. Perhaps even more effective, compliance professionals, at least in senior positions, might demand protective contracts that remove them from employee at will status. The granting and scope of such protections might be considered by government enforcers when they are called upon to consider just how serious a firm’s compliance efforts are.
Filed under: Conflicts of Interest, Drugs & Devices
When we think about health care reform, we need to remember that we have been attempting reforms through many avenues of myriad parts of our health system. The IRS revised Form 990 and schedule H in anticipation of the ACA; critics of conflicts of interest have been working on multiple fronts simultaneously. One of the challenges about all of these changes is how we measure whether they have made any positive difference.
The Accreditation Council for Continuing Medical Education (ACCME), which is the accrediting entity for Continuing Medical Education (CME), just released its annual report, which was much less interesting than I had hoped, as it is mostly a financial statement for the year’s CME activities. Nonetheless, it shows that industry grants to CME have declined from 50 to 30 percent of total CME income, which is attributed to the tremendous scrutiny CME has received over the years. Importantly, industry has not lost interest in medical conferences, as ad revenue from exhibits rose 7.2 percent to $296 million. You can read a summary of the report on Pharmalot or read the whole report.
While interesting, it’s hard to make out exactly what to conclude from this news about CME funding. First, it could be a response to the economy, but that’s belied by the increase in exhibit funding. And besides, pharma has historically been of the “you have to spend money to make money” mind. So, perhaps industry is indeed responding to the criticism about funding CME. Not mentioned is the possibility that CME sponsors have been turning away industry money, but that too is a possibility.
Some were concerned that if this happened, health professionals would be unable or unwilling to pay for their own CEUs. The total income for 2011 CME appears to be in line with prior years (especially given a methodology change adopted in 2011). While the number of physicians participating in CME was down slightly, that decline is consistent with a multi-year downward trend; the number of non-physician participants in CME is slightly up. Finally, as noted by Pharmalot, “other income, which includes registration fees paid by participants, rose 4.4 percent [in 2011] to nearly $1.2 billion.” While more than one year of experience will give a better picture, it seems fair to conclude so far that physicians are indeed willing to underwrite their own CME.
Most important to remember, however, is that the funding issue was merely a surrogate for the question of whether CME is biased either substantively or in subject matter coverage. I don’t think we really knew the answer yesterday, any more than the ACCME report enlightens us about what the answer is today. An annual report about CME in which I and others would really be interested would look at whether the subject matter of conferences has changed — are things being covered that weren’t before. Is comparative cost-effectiveness being addressed in presentations that address alternative treatments? Are real responses to racial health disparities being discussed? Is education being delivered to audiences comprised of interdisciplinary healthcare teams rather than the homogenous audiences found at many academy and similar meetings? Is CME delivery itself being studied to determine what learning methodologies are most effective? In short, if we can conclude that industry is listening to its critics by redirecting its funding, can we also infer that changes are occurring in response to other critiques of CME, such as those posed by the IOM report entitled “Redesigning Continuing Education in the Health Professions” and Seton Hall Law’s Whitepaper entitled “Drug and Device Promotion: Charting a Course for Reform?”
Presumably, it is a good thing to have less industry funding of CME — although we only see the change in the United States, not elsewhere . But it doesn’t get to the heart of the matter, which is the need for significant reform of CME generally. That’s the report I want to read.
Curiously not mentioned in any of the stories about Penn State is the existence of a hotline to which eye witnesses of Sandusky’s child rapes could have been anonymously reported, or the existence of an Ethics/Compliance Professional with direct access to and oversight by the board. Well, it turns out they’re not mentioned because they didn’t exist. It appears that even now, Penn State lacks a compliance program, the creation of which Special Investigative Counsel Freeh’s Report recommends. Previously limited to financial fraud and HR issues, a June 21, 2012 posting by Penn State’s internal auditor announces a poster redesign advertising its hotline number, to which any ethical or legal concerns can now be reported. Important will be training throughout the university regarding the law’s protection of whistleblowers, about which, according to Freeh’s Report, top university leaders were unaware.
While it is stunning that, even now, Penn State has not advanced further in setting up these protective measures, it is fair to say that much of higher ed has been slow to adopt compliance best practices common to the healthcare sector and most business entities. Those universities with academic medical centers are among those who caught the wave early, because hospitals had to put compliance programs in place in the late 1980′s at the insistence of the Health and Human Services Office of Inspector General. Experience in the health sector suggests that the kind of exceptionalism and favoritism extended to Paterno and Sandusky might not have happened if a strong compliance program with an ethics officer of stature had been in place. The board would not have learned about crimes on its campus from the newspaper if it received regular updates from a compliance officer about all reports and investigations.
Janitors witnessed Sandusky engaged in sexual behavior or showering with children, but were afraid to make reports lest they’d lose their jobs. An anonymous hotline would have provided a mechanism for this information to have led to a real investigation that would have confirmed the fears that Sandusky was a serial rapist. Again, the ultimate decision-makers would have had an understanding of the full extent of the situation with which they were dealing — surely in the face of full-blown written findings detailing the scope of the horrors occurring on their own campus they would have acted.
Finally, the existence of an autonomous compliance ethics and compliance officer with sufficient stature and experience to conduct a full investigation and force a discussion about the appropriate handling of such catastrophic events could have also changed the outcome. As it was, the oral information reported up the chain became so diluted by the time it reached the University President that a rape was reported to him as “horsing around in the shower.” A complete written report would have avoided any such misunderstandings. More important, the victim would have been identified and hopefully protected — no one involved in handling the matter inquired about or made any efforts to identify any of the victims. Instead, Sandusky was given the heads up that he’d been seen in the shower, putting his child victim at greater risk. To give Special Investigative Counsel Freeh “free rein” after-the-fact is too late; imagine the harm that could have been avoided had such an investigation taken place in response to an early hotline report complaining about Sandusky showering with children. While the success of a robust compliance program for institutional reform is varied, experience in health care suggests that it contributes much to the prevention and discovery of problems.
While universities have certainly taken notice of the disaster that has befallen the children whom Sandusky assaulted and Penn State for its multiple failures, it is less certain that they’ve taken sufficient steps to ensure that similarly horrible events won’t get swept under the rug at their own institutions. Universities are essentially small towns populated by an age cohort with adult problems and responsibility but frequently lacking the maturity to handle either effectively. When you add the numerous high risk activities that are inherent to university life, it is no exaggeration to say that it is by the grace of God that more tragedies don’t occur on campuses. I suspect there’s more than we know, and I fear the lesson of Penn State may be lost.
In short, all university boards should read Special Investigative Counsel Freeh’s Report and take seriously its recommendations for your own institutions. Specifically, corporate compliance should be taken seriously.
If you are interested in learning about the whistleblower programs and the laws protecting whistleblowers, enroll in Seton Hall Law’s 8 week online course entitled The Law Protecting Whistleblowers. Watch Seton Hall’s Online Certificate web page for details to be posted in mid-August.
Unsurprisingly, the market has responded to the new risks corporate officials in the life sciences industry face if their companies commit crimes that threaten the public’s health. On February 7, 2012 insurance broker Marsh USA and insurer Allied Assurance Co. unveiled a new product, called RCO Corporate Response, “which provides insurance coverage for pharmaceutical, life sciences, and health care corporate officers who may be held liable for their companies’ actions under the Responsible Corporate Officer (RCO) doctrine.”
For those who are rusty, The Responsible Corporate Officer Doctrine allows for the conviction of a high-level corporate official (ambiguity of terminology suggests that directors could be liable as well) whose company has violated the Food, Drug and Cosmetic Act irrespective of the official’s knowledge or involvement in the offense if the individual occupied a position that had a relationship with the unit that violated the statute, should have known about the activity, and had the authority to intervene. In short, the government need not produce evidence that the corporate official participated in or was aware of the illegal conduct. Potential penalties include fines, imprisonment, and debarment from the FDA. As shall be discussed further, these penalties can lead to exclusion from Federal healthcare programs.
The Doctrine, which was first articulated by the Supreme Court in U.S. v. Dotterweich in 1943, was affirmed in 1975 in U.S. v. Park (and so sometimes referred to as the Park Doctrine). The Dotterweich Court expounded on the rationale for imposing such a hardship on corporate defendants not actually involved in the illegal conduct: the welfare of unwitting consumers who have no ability to protect themselves against dangerous products and services must prevail over the hardship the Doctrine creates for the corporate executive with the position, responsibility and power to protect the public. The Park Court emphasized that guilt was not based solely on the defendant’s corporate position and explicitly recognized an affirmative defense where the defendant is “powerless to prevent or correct the violation.”
The Doctrine has been rarely used, so fast forward to 2007, when the corporate entity Purdue Frederick pled guilty to a felony of misbranding along with the CEO, Chief Medical Officer and Chief Legal Officer who plead to misdemeanor misbranding pursuant to the Responsible Corporate Officer Doctrine. The convictions arose from Purdue Pharma’s off-label promotion of OxyContin, which the FDA approved in 1995 to manage chronic moderate to severe pain. From 1995 until 2001, contrary to the package insert and evidence on the ground, a number of Purdue employees promoted OxyContin “as less addictive, less subject to abuse and diversion, and less likely to cause tolerance and withdrawal,” as subject to fewer peak and trough blood level effects, and producing less euphoria than other pain short-action opioids. These representations apparently occurred in some instances at supervisors’ urging, or as a result of sales training.
OxyContin became the number one prescribed Schedule II narcotic in the United States, with 5.8 million prescriptions in 2000. OxyContin revenues reached approximately $3 billion in June 2001, accounting for 80% of Purdue Pharma’s revenue. Despite its various troubles with OxyContin, Purdue Pharma never saw a dip in its revenues. Effective August 9, 2010, Purdue discontinued manufacturing and distributing the original formulation, replacing it with an FDA-approved reformulation that is apparently more difficult for abusers to penetrate by cutting, breaking, crushing or dissolving.
OxyContin is an effective and efficient analgesic. In addition to its legitimate use, however, OxyContin became very popular as a street drug, either taken orally, injected, or crushed, which circumvented the controlled release mechanism and allowed a more rapid and intense heroin-like high. The legal complications began when Appalachia experienced particular challenges with Oxy diversion, leading to criminal charges by US Attorney for the Western District of Virginia against what appears to have essentially been a shell corporation, Purdue Frederick, as well as three senior corporate officers. Notably, Purdue Parma, L.P., which is the corporate entity that actually sells OxyContin as well as the company’s other pain medications, was not charged, thereby enabling it to continue to submit drug applications to the FDA and have its products paid for by the Federal healthcare programs. Purdue Frederick and its executives agreed to plead guilty and pay fines totaling $634,515,475. Almost immediately, the HHS OIG used its discretionary exclusion power to debar all three executives from participating in Federal healthcare programs for twelve years. The executives have been unsuccessful in every level of administrative and judicial appeal thus far. In retrospect, the Purdue Parma execs may feel relieved after hearing that three Synthes executives received multi-month prison terms in addition to their fines pursuant to the RCO Doctrine for their company’s conduct of unauthorized clinical trials of bone cement in which three patients died.
On the heels of this success, the FDA announced that it was increasing its use of misdemeanor prosecutions against responsible corporate officials. The agency unveiled its internal agency guidance for determining when to forward a case to the Department of Justice for a “Park Doctrine Prosecution.” The guidance provides that a first time conviction for a violation of the FDCA will be a misdemeanor, with the second resulting in a felony. Further, some misdemeanor convictions can result in debarment by the FDA. Most importantly for this discussion, the guidance states that “Knowledge of and actual participation in the violation are not a prerequisite to a misdemeanor prosecution but are factors that may be relevant when deciding whether to recommend charging a misdemeanor violation.” The guidance enumerates the following additional criteria:
- The individual’s position in the company; relationship to the violation; whether the official had the authority to correct or prevent the violation
- Actual or potential harm to the public
- Obviousness of the violation
- Existence of a pattern of illegal behavior and/or failure to heed prior warnings
- Whether the violation is widespread
- Seriousness of the violation
- Quality of the legal and factual support for the proposed prosecution
- Whether prosecution is a prudent use of agency resources
Within the same week, Lewis Morris, Chief Counsel to the Inspector General of Health & Human Services testified before the House Ways and Means Committee that the OIG would review the case of any individual convicted pursuant to the RCO Doctrine for exclusion from participation in Federal healthcare programs. This, Mr. Morris testified, will overcome the barriers presented by corporations’ attitude that they are too important to the healthcare system to criminally prosecute and that fines are simply a cost of doing business. Mr. Morris assured the House Committee that the OIG would use this tool judiciously, employing a presumption in favor of exclusion only “when there is evidence that an executive knew or should have known of the underlying criminal misconduct of the organization.” The HHS OIG criteria for permissive exclusions from Federal healthcare programs includes a consideration of the entity’s misconduct, including whether it is part of a pattern of conduct and whether it caused harm to beneficiaries; the individual’s role in the sanctioned entity with a focus on degree of managerial control or authority and the position’s relation to the underlying misconduct and whether the misconduct occurred in the individual’s chain of command; and finally, detailed information about the nature of the sanctioned entity including its size, revenues, organization and structure.
With this background, one wonders how the new RCO insurance policy would work in these cases?
The benefits of the policy include coverage for:
- Defense costs incurred in the investigation or defense of any misdemeanor criminal proceeding, administrative proceedings brought pursuant to the RCO doctrine, as well as debarment proceedings.
- Defense cost coverage for potential RCO claims.
- Lost future compensation resulting from exclusion/debarment.
- “Recoupment loss” and/or clawback awards, which is the value of any compensation that must be returned or repaid by an insured person as a result of a judgment, decision, or settlement of an RCO claim.
An obvious omission from this list of benefits is the actual fines that are levied as part of the conviction, which are generally in the hundreds of millions. This is undoubtedly because insuring such risk would be against public policy. Not mentioned on the web site, but revealed in an interview with the Philadelphia Inquirer is that policy exclusions “might” kick in if evidence exists that the insured engaged in affirmative conduct that resulted in conviction. PharmaLot uncovered the same caveat in its interview with Jack Flug, a managing director at Marsh: “If the government decided the target knew what was going on and intentionally did something wrong, the coverage would cease. The intent factor is critical.” Again, maybe dictated by public policy concerns.
But how will this work in practice? Recall that the FDA’s Park Doctrine guidelines – “Knowledge of and actual participation in the violation are not a prerequisite to a misdemeanor prosecution but are factors that may be relevant when deciding whether to recommend charging a misdemeanor violation.” DOJ will employ a presumption in favor of exclusion only “when there is evidence that an executive knew or should have known of the underlying criminal misconduct of the organization.” These criteria raise questions of just how the insurance company is going to ferret out evidence of intent, or whether it will use the language of these two government agencies to create its own presumption that intent exists once a conviction occurs, unless the insured can prove otherwise. Ultimately, there’s a real question of just how many payouts will actually be made under these new RCO policies.
Another question, obviously, is whether prosecutors engaged in settlement negotiations will allow these insurance policies to be invoked. U.S. v. Stein, the 2008 opinion in which the Second Circuit held that prosecutors’ threat to indict KPMG if it paid its employees’ legal fees violated the employees’ Sixth Amendment rights to assistance of counsel, sheds one possible perspective on the outcome of this question.
Finally, the Marsh’s policy description does not mention covering directors, though one would have to imagine it would be willing to sell such a policy if so requested. While it has yet to happen, given their aggressive stance, the FDA and OIG would not miss the opportunity, with the right facts, to pursue the Responsible Officer Doctrine against a board member, perhaps on the Audit Committee.
A final twist: according to the Inquirer, upon learning of the new policy, Secretary of Health & Human Services Kathleen Sebelius replied, “I don’t practice law on a regular basis, but usually you can’t insure yourself as a bank robber for robbing banks. That is intriguing. I’d like a list of their customers because that would give us a pretty good target of people to go after.”
President Obama has begun the process for healthcare reform by improving access through insurance reform, but achievement of his aspirations will require reform of our healthcare delivery system as well. Changing where and how healthcare is delivered and paid for is of particular importance given the emerging and generally non-acute needs of the aging baby-boomers, and the lack of sufficient primary care to serve the many who will become insured as health insurance reforms are implemented. Healthcare providers realize this, and the market is indeed adjusting as we speak.
Three examples of these changes to the delivery system include, first, moving much of the delivery of services out of hospitals and into the community. Healthcare systems are rapidly affiliating with or employing physicians to facilitate this change, in the hopes of enabling the various parts of the health care system to work more collaboratively, efficiently and cost-effectively. In many parts of the country, hospitals have been too cash-strapped to invest in necessary updating to their hospital facilities. Now that we are thinking differently about how to use the physical plant that hospitals occupy, and investing in new technology, these investments need to happen. As a third example, President Obama is infusing money into hospitals and physician offices to enable the United States to catch up to other developed nations in the digitizing of its medical records. The benefits of this change are numerous, but it is a very expensive transformation.
In order to provide quality service and compete in the fast-changing healthcare market, hospitals and the systems of which they are a part, need money to pay for these changes. A February 21, 2012 New York Times article on the expansion of Catholic hospitals provides a glimpse of this phenomenon of market reform. Cash-poor hospitals unable to access capital to invest in the new initiatives necessary to keep them competitive are looking for financially stronger partners with this investment ability. There are currently 56 Catholic healthcare systems in the country, ranging from the financially successful to the distressed. Thus it is unsurprising that a potential partner for some hospitals might be found among Catholic systems. Read more