HIGHLIGHTS FROM EXL PHARMA’S 4TH CLINICAL BILLING & RESEARCH COMPLIANCE March 1-2, 2010
New Orleans, LA
HOT TOPICS IN RESEARCH & HEALTHCARE COMPLIANCE
Healthcare Regulatory Environment
Research Misconduct: Scientific versus Regulatory Misconduct
Regulatory Misconduct Conduct inconsistent with the regulations and
standards that govern the process of research
Scientific Misconduct Fabrication, falsification, plagiarism or other
practices that seriously deviate from those that are commonly accepted within the scientific community for proposing , conducting or reporting research
Research Compliance Professionals Handbook
Scientific Misconduct
Means fabrication, falsification, or plagiarism in proposing, performing, or reviewing research, or in reporting results Fabrication is making up data or results and recording or
reporting them. Falsification is manipulating research materials,
equipment, or processes, or changing or omitting data or results such that the research is not accurately represented in the research record.
Plagiarism is the appropriation of another person’s ideas, processes, results, or words without giving appropriate credit.
Research Misconduct does not include honest error or differences of opinion. 42CFR93.103
Non-Compliance and Misconduct
Non-Compliance / Regulatory Misconduct Failure to comply with laws, regulations,
protocols May be intentional or unintentional
Scientific Misconduct Fabrication Falsification Plagiarism
Non-Compliance / Regulatory Misconduct
Scientific Misconduct
Specific Legal Standards
Professional Malpractice
Fraud and Misrepresentation Fraud / False Statements
Mail Fraud Wire Fraud
Fraud, Waste and Abuse Anti-Kickback Law Anti-Self Referral Law False Claims Act - qui tam relators
Hot Topics in Research Compliance
Investigator Responsibilities
Privacy HIPAA / ARRA / HiTech GINA
Clinical Research Billing
Lagniappe
Protecting the Rights, Safety & Welfare of Study SubjectsFDA Guidance Published October 2009
Clarifies for investigators and sponsors FDA’s expectation regarding investigator responsibility regarding:
ensuring that the study is conducted in accordance with the agreements, investigational plans, protocols and applicable regulations
supervising the conduct of the investigations study staff delegated tasks
protecting the rights, safety and welfare of study subjects
controlling the test article – drugs, biological products, and devices
Protecting the Rights, Safety & Welfare of Study SubjectsFDA Guidance Published October 2009
Investigators commit themselves to conduct and supervise investigations and to protect the rights, safety and welfare of participants. The level of supervision should be appropriate to the staff,
nature of the trial and the subject population. This includes the following:
When tasks are delegated, the Investigator is responsible for ensuring that the individual to whom a task is delegated is qualified to perform the task.
The Investigator should ensure that there is adequate training for all staff participating in the conduct of the study.
The Investigator is accountable for regulatory violations resulting from failure to adequately supervise the conduct of a clinical study.
Protecting the Rights, Safety & Welfare of Study SubjectsFDA Guidance Published October 2009
Protecting the Rights, Safety and Welfare of Study Subjects includes the following: Providing reasonable medical care for study
subjects for medical problems arising during participation in the trial that are, or could be, related to study intervention.
Providing reasonable access to needed medical care, either by the investigator or by another identified, qualified individual.
Adhering to the protocol so the study subjects are not exposed to unreasonable risks.
Health Information Privacy Health Insurance Portability and
Accountability Act (HIPAA) American Recovery and Reinvestment
Act of 2009 (ARRA) Health Information Technology for Economic
and Clinical Health Act (HiTech)
Genetic Information Nondiscrimination Act (GINA)
Health Insurance Portability and Accountability Act (HIPAA)
Under HIPAA’s “Privacy Rule” a covered entity may not use or disclose an individual’s “protected health information” (PHI) unless the use or disclosure is authorized in writing by the individual (or their personal representative) or a specified regulatory exception applies: Privacy Board or IRB Waiver or alteration of authorization Preparatory to Research Information on Decedent Limited Data Sets De-identified Data
Minimum Necessary Standard Business Associate Agreements Fines / Penalties
ARRA, HiTech & Privacy Changes to the HIPAA Privacy and
Security Rules
Mandatory reporting for “breaches” Applies directly to business associates Caps on payment for PHI in research New civil and criminal penalties
HiTech - Mandatory Breach Notification
Any Covered Entity (or Business Associate) that “accesses, maintains, retains, modifies, destroys, or otherwise holds, uses or discloses” unsecured PHI must notify individuals whose unsecured PHI has been (or reasonably believed to have been) accessed, acquired, or disclosed as a result of a breach
Breach of Unsecured PHI = Notification to individuals
Secured PHI =
Encryption
HiTech - Mandatory Breach Notification
Effective Now! (September 23, 2009) Exceptions Must notify each individual Method of Notice:
Each individual by first class mail (or email if individual agrees) Alternative method if insufficient contact information (if for more
than 10 individuals, then website posting or media notice) Notice to “prominent media outlets” if more than 500 residents of
the state or jurisdiction are affected Concurrent Notice to HHS is more than 500 residents are affected;
an annual report to HHS including every breach Timing of notice – without unreasonable delay / within 60 days Content of notice requirements
HiTech – No sale of PHI Current Rule: CE may receive payment for a
disclosure of PHI where that disclosure is permitted by the regulations (such as for research)
HiTech Rule: prohibits indirect and direct remuneration for a disclosure without the individual’s authorization; authorization must explain whether PHI can be further exchanged for remuneration by the downstream entity receiving the PHI – with exceptions
HHS regulations required by 8/17/10; will apply to disclosures 6 months after regulations issued
Exceptions apply
HiTech – No sale of PHI - Exceptions
For public health activities For research, where the price charged
reflects the costs of preparation and transmittal of the data
For treatment For the sale, merger or transfer of the covered
entity To a business associate to perform functions for
the covered entity To an individual who wants copies of his or her PHI That fall within any future regulatory exceptions
HiTech Enforcement Clarifies / expands liability for criminal
violations Increases civil penalties Harmed individuals to receive percentage
of Civil Monetary Penalties State Attorneys General may bring civil
actions Continuation of the Office of Civil Rights
corrective action plans Audits
HiTech EnforcementState Attorney General
State AG may bring civil action in federal court: To enjoin further violation To obtain damages on behalf of the victim
Statutory damages: Up to $100 times the number of violations Not to exceed $25,000 for identical violations in a
calendar year Defendant pays State’s attorney fees
Effective NOW!
New Mandatory Civil Monetary Penalties (CMPs)Tier Violation Type CMP for Each
ViolationA If offender “did not know, and by exercising
reasonable diligence would not have known,” that he/she violated the law
$100 - $50,000
B If the violation was “due to reasonable cause and not willful neglect”
$1000 - $50,000
C If the violation was due to “willful neglect” but was corrected
$10,000 - $50,000*Penalty required*
D If the violation was due to “willful neglect” and was not corrected
$50,000*Penalty required*
Maximum CMPs for Identical Violations in a CY - $1,500,000
Genetic Info Nondiscrimination Act (GINA) New Federal law that generally prohibits health insurance
companies, group health plans, and most employers to discriminate against subjects based on genetic information.
This law generally protects research subjects as follows: Health insurance companies and group health plans may NOT:
request genetic information from research studies use genetic information from research studies when making
decisions regarding eligibility or premiums Employers with 15 or more employees may not use subjects’
genetic information obtained from research studies when making a decision to hire, promote, or fire individuals, or when setting the terms of employment
GINA does not extend to life insurance, disability insurance, or long term care insurance.
Informed Consent Implications http://www.hhs.gov/ohrp/humansubjects/guidance/gina.html
Medicare Billing and Clinical Research
Medicare’s Clinical Trial Policy Extended Medicare coverage to “routine
costs” of “qualifying clinical trials”, as well as “reasonable and necessary” items and services used to diagnose and treat complications from participating in clinical trials
All other Medicare rules apply
Device Trials – Requires Medicare contractor approval
Research News on the Horizon Clinical Research Billing
Therapeutic Intent Off-Label Consistency among protocol, trial agreement
and informed consent Medicare Secondary Payer Rule
PhRMA and AdvaMed Codes of Ethics Prohibits entertainment, recreational items or
branded promotional gifts Provides guidance for educational meetings Prohibits more “non-educational” freebies
Research News on the Horizon
Conflict of Interest & Physician Payment Sunshine Act of 2009 Manufacturers would be required to report annually certain
payments or other transfers to physicians or physician medical or group practices; and physician ownership interests in applicable manufacturing or group purchasing organizations
Payments include gifts, honoraria, speaking fees, consulting fees, travel, services, dividends, profit distributions, stock or stock option grants and ownership or investment interests
The aggregate amounts to initiate compliance would be $100 per calendar year.
Failure to report could results in civil monetary penalties
TECHNOLOGY & COMPLIANCELessons Learned
Identifying a Solution Step 1 – Understand what
you have and where you are
Systems Business office Patient Records /
Registration Current Research Systems IT Capacity Who owns what and who
makes what decisions ?
Step 2 : What else to think about
People and Processes Does the current process work and is it
compliant ( how do you know that ? ) What’s done on the front end – what’s
done on the back end - who is responsible / held accountable ?
How are research patients identified in your system ?
Do the people involved even talk to each other ?
Do you have the requisite expertise to really understand what is involved ?
What do your clinicians ( investigators) understand?
Step 3: What solution is right for you ?
Knowing what you have to start with is really important Let me tell you a story !!!!
What kind of IT support will you have internally - what will you need from your vendor
How much modification are willing to / want to / should do ?
How change ready / averse is your organization ? What do you need to right now – what can you do
implement in a more phased approach
Budget + Contract + Protocol + Consent + MCA = Billing Compliance
Standardize contract language to extent possible Master Agreements Pass through costs
Standardize budget templates Standardize routine costs My experience ---- centralize key components /
decisions ( may not work for everyone) Budget detail takes time – but pays off in the
end - build budget / MCA to include investigational and conventional care items
Benefits of Web Based Systems
This is the easy part ---- Access to information Investigators / coordinators can view status Where is your information currently ? Data security / back up Easier to manage across multiple
organizations Build links to real time resource information
through links and “help”
Conclusions --
Education is a key component in assuring success
Create a taxonomy – How much integration can
you accomplish across all of your systems ?
In the end there is no Genie in the lamp -- our vision is to have all information related to research activity available with a single sign on
Still have any questions? For additional information on ExL Pharma’s Clinical Billing & Research Compliance Conferences, please visit
www.exlpharma.com