For a healthcare or life sciences company settling a government enforcement action, the prospect of being subject to an independent monitor, independent review organization (IRO), or other government-mandated compliance expert may become a reality. (We collectively refer to all of these individuals and entities as monitors throughout this update.) Hiring an independent monitor is a sensitive topic, as a company subject to a monitorship is required to open up its records and files, financial information, proprietary and confidential materials, IT assets, and employees to a third party — often at frequent and regular intervals, and often for a period of five years — not to mention the potential multimillion-dollar expense associated with the engagement.
Handled well, working with a monitor can result in positive enhancements and improvements for a company and its internal governance.
Handled poorly, a relationship with a monitor can disrupt and undermine a company’s business mission and efforts to promote a strong compliance program and culture.
Given the sensitivity of working with a monitor, we offer healthcare and life sciences companies the following seven tips for success.
Tip No. 1: Understand the type of monitor and the varying roles and responsibilities of each.
DOJ — Independent Monitors
Sometimes required by the Department of Justice (DOJ) in connection with, for example, deferred prosecution agreements, independent monitors are third parties that independently assess the company’s compliance program as well as the company’s compliance with settlement agreement requirements. DOJ regularly requires independent monitors in criminal resolutions with healthcare and life sciences companies.
OIG — Independent Review Organizations
IROs are unique to corporate integrity agreements (CIAs) between healthcare and life sciences companies and the US Department of Health and Human Services Office of Inspector General (OIG). These are independent third-party entities that conduct:
Since the mid-1990s, OIG has imposed CIAs in hundreds of cases with healthcare and life sciences companies. Such CIAs result from allegations of Anti-Kickback Statute violations, violations of the Federal Food, Drug, and Cosmetic Act, quality of care failures, and more. Each CIA defines the scope of responsibility of the IRO or independent compliance expert to review the company’s internal systems, financial arrangements and transactions, claims to the government, or other compliance matters.
OIG — Independent Compliance Experts
In addition to an IRO, a CIA will sometimes require an independent compliance expert to perform a review of the effectiveness of a company’s compliance program and deliver findings to the company’s board of directors. Some CIAs require board compliance training that may be performed by an outside compliance expert. These compliance experts must have relevant expertise in, for example, compliance with federal healthcare programs and FDA requirements.
Tip No. 2: Understand the authority of the type of monitor at issue.
Some monitors focus on a company’s compliance with the terms of the settlement agreement. Others focus on the company’s overall compliance program and its effectiveness at preventing and detecting wrongdoing.
All monitorships have one thing in common: a third party reviewing a company’s work and reporting any missteps to the government. The decisions made and reports filed by these organizations can have a significant bearing on the scope and direction of the implementation of the monitorship. Understanding the full implications at stake in connection with a government settlement are critical.
Tip No. 3: Get familiar with the selection process and consider in advance how to identify one or more well-qualified monitors that would meet the needs of the company and the settlement agreement.
Monitorships are negotiated resolutions of enforcement matters and are generally not governed by statute or regulation. Norms for monitorships, including monitor selection, have developed over time. A company preparing for a monitorship should be aware of any guidance from the relevant agency. The American Bar Association Criminal Justice Section has also published Standards on Monitors, which are not binding but do reflect best practices, including qualifications driven by integrity, credibility, and industry and subject matter experience.
DOJ: The DOJ Criminal Division in March 2023 further refined its guidance on the selection of monitors, including clarifications on when to impose monitorships; use of monitor teams; advancing diversity, equity, and inclusion; and cooling-off periods. Although the Criminal Division guidance does not technically bind other parts of DOJ, it does apply to most monitorships and provides a strong template for how other parts of DOJ (and other agencies) may select a monitor.
Under the most recent DOJ Criminal Division guidance, the company will be asked to recommend a pool of three qualified monitors. The company must submit a written proposal identifying the qualifications and credentials of the monitor as well as certifications from the company and potential monitors regarding the monitors’ independence from the company. The Criminal Division will then review the monitor candidates’ qualifications, competence, and independence, and either identify a recommended monitor or ask the company to identify one or more additional proposed monitors. The guidance further outlines the Criminal Division’s internal review and approval process for monitors. Although other enforcement agencies, and even other parts of DOJ, may take different approaches to monitor selection, we expect that the DOJ Criminal Division guidelines will be the standard in the resolution of most criminal cases involving a monitor.
OIG: The terms of the CIA between OIG and the company set the standards for selection of the IRO or other reviewer required by the CIA. For example, an IRO in a pharmaceutical or medical technology company’s CIA related to violations of FDA regulations on off-label marketing or violations of the Anti-Kickback Statute might require the IRO to have specialized expertise in the relevant industry and in the applicable federal healthcare program and FDA requirements relating to the CIA.
Most CIAs provide OIG with the right to notify the company within 30 days if the IRO is unacceptable, in which case the company must select a new IRO. Further, if OIG has concerns during the CIA term about the IRO, it can require the company to terminate the IRO and select a new one. Individual CIAs set the required qualifications for IROs, and OIG has published frequently asked questions (FAQ) summarizing IRO qualifications.
Tip No. 4: Ask whether the potential monitor or other compliance expert has the capacity, expertise, and team at its disposal to fulfill the requirements of the monitorship — and to do so consistently year over year.
DOJ: In general, one person is identified as the monitor and bears ultimate responsibility and accountability for the monitorship. In practice and as understood by DOJ and other agencies, the work of almost all monitorships is conducted by multiple people under the supervision of the monitor. Although monitors can often hire or contract for people to perform the monitorship work, some monitors may work in a firm that has available in-house resources to efficiently and effectively staff the monitorship, including across multiple disciplines.
OIG: As is reflected in their name, IROs are entities, while a compliance expert can sometimes be an individual, for example, providing board compliance training. Within the IRO, one or more individuals will be responsible for the engagement and crucial to its success. As with DOJ monitors, the IRO or compliance expert should have the necessary expertise and capacity readily available either in-house or through established relationships.
Tip No. 5: Ensure that your process for engaging the monitor leaves no reason to question whether the monitor is an objective, disinterested third party.
All monitors must operate independently from both the government agency and the company.
DOJ: The DOJ Criminal Division guidance includes explicit independence requirements, including that the company will not employ the monitor’s firm for at least three years after the end of the monitorship. In addition, the monitor and their firm will need to ensure there is no conflict with existing clients.
OIG: The agency has written guidance on the requirements for IRO independence and objectivity. The guidance refers to the Government Accountability Office (GAO) Government Auditing Standards for standards on independence and objectivity and provides some examples of scenarios that would or would not impair independence and objectivity.
Tip No. 6: Implement a rigorous vetting process to ensure that the potential monitor has the right qualifications.
The relevant agency will detail required qualifications in guidance and the relevant settlement documents. Beyond more specific requirements, the monitor should have strong general credentials, including education, training, licensure, experience, and reputation in the professional community. In addition, the monitor should have experience and expertise with the subject area of the underlying case and all matters within the scope of monitor oversight or review. Healthcare and life sciences companies operate within a complex web of regulatory requirements and are subject to criminal, civil, and administrative enforcement under a variety of authorities for many types of conduct. Such companies may be subject to a monitor as a result of an investigation of several sets of facts that allegedly violate multiple statutes. For example, pharmaceutical manufacturers have resolved cases involving allegations of various violations of the Anti-Kickback Statute; the Federal Food, Drug, and Cosmetic Act; and the False Claims Act.
While the scope of DOJ and OIG oversight will differ, some basic principles apply to monitors and IROs and other monitorship oversight. A company vetting monitors should consider the monitor’s range of experience in the industry and knowledge across the issues that may arise under the monitorship. For example, monitors with team members having direct experience in industry and government, and connectivity within the related staffing areas for the monitorship, can help drive both efficiency and the quality of deliverables for the company. Companies should also understand a potential monitor’s staffing plan and whether the third party will have consistent and regular staff or whether staff will rotate on and off the project from year to year.
Further, the company should look for a monitor who can communicate effectively and “speak the language” of both the agency and the company’s industry with credibility and be seen by the parties and the public as objective and fair.
Tip No. 7: Conduct a “test run” or monitor-readiness audit exercise prior to the independent monitor/IRO engagement to help understand the scope of what the monitor will review and to help ensure a seamless engagement.
Healthcare and life sciences companies that find themselves facing the prospect of engaging an independent monitor, IRO, or compliance expert should conduct readiness reviews of their internal compliance programs, systems, policies, processes, and procedures as well as their general compliance program controls — such as testing the effectiveness of an anonymous reporting hotline — in anticipation of a third-party monitor’s engagement. This should include an objective assessment of the policies that the company has in place currently and whether additional policies are missing or required, based on industry standards and relevant legal requirements; assessing training materials; conducting sample reviews of expenditures or other payments to understand any potential financial arrangements that may not be aligned with company policies or compliance requirements; or engaging a third party to conduct on-site monitoring of high-risk customer activities that might give rise to potential liability under the relevant settlement agreement (for example, pharmaceutical and medical device representatives’ interactions with physicians and other customers). Having a sense of where there may be gaps in a compliance program in advance of an monitor’s engagement will allow the healthcare or life sciences company a stronger opportunity to work together with the monitor to create practical fixes that are satisfactory to the government.
The Goodwin Team
The Goodwin Healthcare Regulatory and Life Sciences Regulatory & Compliance teams coordinate and work together closely to advise clients navigating the complex laws and regulations affecting healthcare and life sciences companies or at issue in government investigations. Goodwin’s experience in working with and understanding the valuable role of a monitor is unmatched.
One of the leaders of Goodwin’s Healthcare Compliance practice is Greg Demske, former chief counsel at OIG. In over three decades at OIG, Greg was immersed in OIG’s enforcement and guidance efforts, and as chief counsel from 2012 through 2022 led a staff of more than 100 attorneys and other professionals responsible for all of OIG’s legal work. In his time at OIG, Greg oversaw and signed hundreds of settlements of the False Claims Act, civil money penalty, and exclusion matters; corporate integrity agreements; and advisory opinions. He was responsible for all OIG administrative and civil health care fraud enforcement, guidance to the industry, oversight of CIAs, and other efforts to promote compliance.
Matt Wetzel is also a leader of Goodwin’s Healthcare Compliance practice. Matt brings the unique perspective of having sat in his clients’ chairs for over a decade — first as senior in-house counsel at a global medical technology company, where he oversaw several aspects of the global compliance program and managed a team of compliance professionals, and later as chief compliance officer of a diagnostic testing company. Matt regularly aids clients in building and launching their compliance programs, leading independent compliance assessments, conducting internal investigations, and supporting clients with day-to-day compliance counsel. Matt is a regular author and speaker on compliance matters.
The Goodwin team includes attorneys with significant experience at DOJ, OIG, FDA, and other regulatory agencies. We work daily with healthcare and life sciences companies to conduct independent compliance reviews and navigate significant legal and compliance challenges.
With Goodwin’s government and industry experience and compliance expertise, we are uniquely qualified to offer an objective, independent view of a healthcare or life sciences company’s compliance program.
Please contact Goodwin partner Greg Demske or Goodwin partner Matt Wetzel for any questions about independent monitorships, IROs, compliance experts, or conducting objective internal compliance risk assessments, internal investigations, and audits and monitoring activities.
Matt WetzelPartnerLife Sciences Regulatory & Compliance
Julie TibbetsPartnerChair, Life Sciences Regulatory & Compliance Practice