Data & Compliance: What You Know Can Empower You

Let’s start with the DOJ’s updated compliance guidance^[1]  for life sciences companies.

They put forward clear expectations related to compliance, audits, and other functions and emphasized the importance of having access to data.

But beyond access to data, they advised organizations to use data analytically to assess compliance throughout the organization, test the compliance program, policies, and procedures, and do all of this in a recurring manner rather than periodically.

Now, let’s assess the current state of compliance in the life sciences industry.

After dedicating 80% of resources to making sense of data, Life sciences companies only realize 20% of its value is in the form of useful generated insights.

As mentioned earlier, regulatory authorities such as the U.S. Department of Justice (DOJ) have increasingly emphasized the importance of data.

So, what exactly is a data-driven approach to compliance? The Data-driven approach to compliance is proactive in nature and enables life sciences companies to stay ahead of the curve and meet the evolving expectations of regulatory authorities.

By utilizing data, life sciences companies can augment the capabilities of their compliance programs, identify risks before they escalate to critical levels, and extract value from compliance data.

Additionally, data-driven compliance can lead to several positive outcomes for life sciences companies, some of which are:

• Enhanced compliance programs: Data can be used to identify and address gaps in compliance programs.
• Monitor where it matters the most: Identify key risk areas specific to the organization and monitor them for risk identification and remediation.
• Risk prioritization: Data analytics enables organizations to assess and prioritize risks.
• Identify compliance gaps: Identify compliance gaps early on and address them effectively.
• Value extraction: Data can be used to extract value from compliance data, such as identifying anomalies and patterns.

Join us today as we explore the concept of data, compliance, and law, highlight the transformative impact of data-driven compliance in the life sciences industry, and more.

The Interconnection of Data & Compliance

Data fuels compliance, providing evidence that organizations can use to demonstrate their adherence to laws and regulations.

Compliance, in turn, ensures regulatory adherence and protects organizations from fines and penalties, as well as reputational damage and other legal liabilities. Here are a few utilizations of data for compliance professionals:

• Data can be used to identify high-risk areas: By analyzing data on past compliance risks or challenges, industry trends, and regulatory changes, organizations can identify the areas where they are most at risk of non-compliance. This information can then be used to focus compliance resources and attention on the most critical areas.
• Data helps detect violations of specific laws and regulations: Organizations can use data to identify payments to physicians that may violate the Sunshine Act or uncover kickback schemes by identifying reps that had been violating the anti-kickback statute.
• Data can be used to augment compliance programs: By tracking and measuring compliance performance over time, organizations can identify areas where their compliance programs are working well and areas where improvement is needed. Taking corrective measures would significantly improve the compliance program’s maturity – improving its effectiveness.

Why is Data Critical for Life Sciences Companies?

• Provides evidence of compliance: When organizations are audited by regulators, they need to be able to provide evidence that they are complying with all applicable laws and regulations. Data can be used to provide this evidence, such as data on training programs, remediation reports, internal controls, and audit results.
• Elevates your compliance program from reactive to proactive: By analyzing data on past compliance incidents, as well as data on industry trends and regulatory changes, organizations can identify the areas where they are most at risk of non-compliance. This information can then be used to develop and implement risk mitigation strategies and move past conventional practices to assure regulatory compliance.
• Optimizes the cost of compliance: Compliance is often viewed as an expensive necessity. To counter this argument, Paul McNulty^[2] , former U.S. Deputy Attorney General, said, “If you think compliance is expensive, try non-compliance.” Generally, life sciences companies overlook the actual value of compliance data. Companies can improve compliance by analyzing compliance data and reducing the risk of hefty fines and penalties, saving companies millions of dollars.

How Data Improves the Maturity Level of a Compliance Program

Proper analysis of compliance data can be used to unlock hidden actionable insights. These insights contribute to improving the maturity level of a compliance program from reactive to proactive. Here’s exactly how it does that:

1. Data Uncovers Trends and Patterns

By analyzing compliance data over time, life sciences companies can identify trends and patterns that may indicate potential compliance risks.

For example, a company may notice that a particular type of compliance violation occurs more frequently or that a particular region is more at risk of non-compliance. This information can then be used to develop targeted compliance interventions.

2. Automate Compliance Tasks

Many compliance tasks, such as monitoring, training, remediations, and reporting, can be automated using data. This can free up compliance resources to focus on more strategic tasks.

However, human intervention is required to make sure the process is optimal and geared towards achieving effective automation.

What’s even more interesting is the fact that 33%^[3] of the compliance officers are prioritizing automating compliance monitoring in 2 years.

Compliance monitoring is perhaps the topmost critical aspect of risk management, and automating this would provide companies with comprehensive coverage of compliance functions’ analytical visibility and allow tracking of a variety of compliance metrics, such as the number of compliance incidents, resolved risks, cost of compliance-related investigations, and more.

3. Develop Predictive Analytics Models

Predictive analytics can be used to identify potential compliance risks before they occur, let alone get identified by external investigators.

For example, a company may leverage predictive analytics to determine the likelihood of compliance violations occurring in a particular region or business unit. This information can be used to develop measures in advance for prompt remediation.

4. Benchmark Against Competitors

Life sciences companies can use data to benchmark their compliance programs, or industry spending against other companies operating within their industry.

This information can be used to compare expenditures, spot outliers, and identify high-risk reps, speakers, and events.

By using data to drive compliance, life sciences companies can improve their compliance posture. It reduces their risk of regulatory fines and penalties and protects their reputation.

How Compliance Professionals Can Start Utilizing Data for Regulatory Adherence

Here’s how compliance professionals can get started in utilizing data for their compliance program to ensure regulatory adherence:

1. Identify The Key Compliance Risks in Your Organization

This can be done by conducting a risk assessment or a compliance gap assessment. Both methods involve identifying the relevant laws and regulations, assessing the likelihood and impact of potential violations, and evaluating the organization’s existing compliance controls.

However, conducting a compliance gap assessment gives you an edge in one way: identifying the root cause of risks due to gaps within your compliance program.

2. Identify The Data Sources That Can Be Used to Monitor, Assess, And Prioritize Risk

This data can come from a variety of sources, such as sales departments, business processes, employee activity, regulatory filings, and past regulatory investigations.

Once you have this information collected and sorted, it is time to move on to the next phase, which is developing a data collection and analysis plan and integrating data analytics tools to visualize the data to derive actionable insights.

3. Implement A Data Collection, Analysis, and Remediation Plan

This plan should outline how the data will be collected, cleaned, and analyzed. To support this process, compliance professionals may need to invest in new technology, such as a compliance data analytics solution.

According to research, 53%^[3] of compliance professionals look to enhance technology and data analytics in the future. This validates the necessity of a data analytics solution.

Here are a few ways compliance data visualization would help you:

1. Make It Easier to Identify and Assess Compliance Risks

The data can be used to identify patterns and trends that may indicate potential compliance problems. For example, through data analytics, compliance professionals can:

• Monitor sales and marketing activities for potential off-label promotion.
• Evaluate all commercial activities of the organization for compliance.
• Track the number of compliance incidents and the time to resolve those incidents.
• Understand risk severity and prioritize remediations accordingly.

2. Implement Mitigation Strategies to Address the Identified Risks

The mitigation strategies should be tailored to the specific risks that have been identified.

For example, if compliance professionals identify a risk of off-label promotion, they may develop and implement a new training program for sales representatives on off-label promotion.

3. Proactively Monitor and Adjust Compliance Efforts

This can be done by tracking compliance metrics such as the number of compliance incidents, the time to resolve incidents, and the cost of compliance-related investigations.

The Transformative Impact of Data-Driven Compliance

Data-driven compliance is having a transformative impact on the way that organizations manage their compliance programs.

By using data to identify, assess, and mitigate compliance risks, organizations can:

• Augment the efficiency and effectiveness of compliance programs: Data-driven compliance can help organizations automate tasks and focus resources on the highest-risk areas.
• Prioritize Risk Remediation: Compliance data analytics enable companies to identify the most common and impactful compliance risks, assess the likelihood and impact of each risk, develop a risk prioritization matrix, and focus remediation efforts on the highest-priority risks.
• Reduce the risk of non-compliance: Data-driven compliance can help organizations identify and assess compliance risks before they lead to costly violations and incidents.
• Gain visibility into compliance performance: Data-driven compliance can help organizations track and analyze compliance performance over time.
• Make better decisions about compliance risks and mitigation strategies: By analyzing data, compliance professionals can gain a deeper understanding of compliance risks and develop more effective mitigation strategies.

Data-Driven Compliance: From the Regulatory Perspective

The Department of Justice asks three fundamental questions:

• Is the corporation’s Compliance program well-designed?
• Is the program being conducted applied earnestly and in good faith?” In other words, is the program adequately resourced and empowered to function effectively?
• Does the corporation’s compliance program work?

Data and data analytics figure prominently in those questions and their answers.

Regulatory authorities recognize the potential of data, and they’ve been providing guidance to life sciences companies and compliance professionals on how they can leverage data to drive compliance effectiveness.

For example, in its 2023 Evaluation of Corporate Compliance Programs^[1] , the DOJ states that “prosecutors may also consider whether a company is tracking data relating to disciplinary actions to measure effectiveness of the investigation and consequence management functions.”

Other relevant statements from the DOJ’s updated guidance emphasize the importance of data for life sciences companies and to ensure compliance, and this happens to be one of the reasons why we see several compliance professionals and organizations planning to leverage data for their compliance programs.

Additionally, the Centers for Medicare & Medicaid Services (CMS) has developed data analytics capabilities. The regulatory body is currently utilizing Data Analytics and Systems Group (DASG), which is responsible for developing and implementing data analytics solutions to improve the efficiency and effectiveness of CMS programs and to detect fraud, waste, and abuse.

References:

1. https://www.justice.gov/criminal-fraud/page/file/937501/download
2. https://en.wikipedia.org/wiki/Paul_McNulty
3. https://info.kpmg.us/content/dam/info/en/news-perspectives/pdf/2023/2023-Chief-Ethics-Compliance-Officer-Survey-Results.pdf