As technologies advance and the provision of health care becomes ever more reliant on technology, the types and number of devices involved in patient care continues to expand. From screens and cameras in operating rooms to blood glucose devices in patients’ pockets, while the size and complexity of devices differ, one thing is constant: the risks created by the sales and marketing of devices and the need to comply with health care regulatory laws such as the Anti-Kickback Statute and Open Payments/Sunshine Act.
For manufacturers for which health care devices make up only a small part of their portfolio, it may be surprising to learn that their devices are subject to regulatory oversight and about the risks associated with business practices that are common in other industries such as the provision of meals or other business courtesies. But to the extent there is any reimbursement from a federal payer (e.g., Medicare or Medicaid) for a device – whether the device is separately reimbursable or reimbursed as part of a payment bundle – enforcement is possible and compliance with health care laws is vital.
Go deeper with GlobalData
Access deeper industry intelligence
Experience unmatched clarity with a single platform that combines unique data, AI, and human expertise.
Health care regulatory compliance
A primary law governing health care is the Anti-Kickback Statute (AKS), which prohibits knowingly and willfully offering, paying, soliciting, or receiving anything of value, either directly or indirectly, to induce or reward referrals or purchases of items or services reimbursable by federal health care programmes. The ‘anything of value’ or ‘remuneration’ can include cash, in-kind benefits, trips, meals, consulting fees, grants, free staff, and more.
Due to the broad nature of the law and to protect certain legitimate arrangements that may be beneficial and are otherwise low risk from a fraud perspective, both Congress and the US Department of Health and Human Services’ (HHS) Office of the Inspector General (OIG) have issued certain safe harbours to protect common types of arrangements. While compliance with a safe harbour is not mandatory, to the extent an arrangement meets all requirements of a safe harbour, the arrangement is deemed ‘safe’ in terms of AKS enforcement. Where arrangements do not fit squarely within a safe harbour, the analysis turns to whether there is a nexus between the ‘remuneration’ paid and any subsequent referrals or recommendations.
Violations of the AKS can result in both criminal and civil fines penalties, including exclusion from participation in Medicare and Medicaid and potential False Claims Act liability.
The False Claims Act (FCA) imposes liability for, among other things, the knowing submission of false or fraudulent claims or causing the submission of false claims. This includes claims tainted by kickbacks. Penalties under the FCA are substantial and include damages of up to three times the value of each false claim, plus per claim penalties that currently range from approximately $14,000 to $29,000, and the potential for exclusion from participation in Medicare and Medicaid.
US Tariffs are shifting - will you react or anticipate?
Don’t let policy changes catch you off guard. Stay proactive with real-time data and expert analysis.
By GlobalDataThe FCA is one of the government’s strongest enforcement tools because, in addition to the substantial penalties established by the Act, it also includes whistleblower or ‘qui tam’ provisions allowing private citizens to bring suit on behalf of the federal government. To the extent a qui tam case is successful, the whistleblower is entitled to a percentage of the amount recovered by the federal government. As a result, employees and others who may know of wrongdoing by a manufacturer are financially incentivised to bring a case to the government’s attention.
There are a variety of common sales and marketing activities, and other types of interactions with health care professionals or referral sources (collectively, HCPs), that can implicate the AKS and FCA. For example, any interactions with HCPs involving meals or trips can implicate the AKS, particularly where such meals or travel are ‘lavish’ and there is no legitimate business purpose associated with the interaction. Interactions that involve ‘entertainment’, such as concerts and sporting events are viewed as being high risk from an enforcement standpoint and will often result in an enforcement action.
Other examples of interactions with HCPs that can implicate the AKS and FCA include: speaker programmes, consulting or advisory arrangements, and the provision of free or discounted items or services, including practice support services. While each of these types of interactions may be legitimate if certain safeguards are in place, failing to implement appropriate safeguards increases a manufacturer’s risk.
There have been numerous settlements with a wide range of device manufacturers, including a 2016 settlement illustrating the risks of AKS violations for manufacturers whose products are typically reimbursed as part of a bundle. Olympus Corp of the Americas is a medical technology company that, until 2021, manufactured cameras, binoculars, and other products, in addition to medical devices like endoscopes. (Since January 2021, the company’s non-health care products have been marketed, sold, and distributed by a separate company.) In March 2016, Olympus agreed to pay over $623m to resolve both civil and criminal claims tied to an alleged scheme to pay kickbacks to doctors and hospitals.
As part of the criminal resolution, Olympus admitted that the company won new business and rewarded sales by providing kickbacks to doctors and hospitals including through consulting payments, the provision of foreign travel, lavish meals, and millions of dollars in grants and free endoscopes. For example, Olympus provided a doctor who had influence in a medical centre’s purchasing decisions the free use of $400,000 in equipment for the doctor’s private practice. The Olympus settlement, at its core, illustrates the risk sales and marketing practices can pose to a device company, even if the company’s products are not separately reimbursable.
In addition to the AKS and FCA, providers who are not accurately capturing and reporting transfers of value to certain HCPs, including physicians, nurse practitioners, and physician assistants (collectively, ‘covered recipients’), can face liability under the Open Payments (‘Sunshine’) Act. The Sunshine Act requires applicable drug and device manufacturers to report on an annual basis, most transfers of value to covered recipients. Reportable transfers of value include consulting fees, meals, travel, grants, education, research, and ownership interests. Manufacturers are “covered manufacturers” to the extent they have one drug or device that is reimbursable by Medicare, Medicaid, or the Children’s Health Insurance Program, including drugs or devices reimbursable as part of a payment bundle.
Failure to accurately report all transfers of value to covered recipients can result in significant civil monetary penalties.
Keys to compliance
To the extent a manufacturer has a device that is marketed or sold in a health care setting, manufacturers should determine whether its devices are reimbursed by a federal health care programme, including directly or through a bundled payment, to assess the applicability of regulatory requirements.
Manufacturers should also look to implement policies and procedures designed to address the company’s high-risk areas, including sales and marketing activities involving interactions with HCPs and provide training to all staff on the AKS, FCA, Sunshine Act and other applicable laws and the company’s policies designed to ensure compliance with these laws.
Implementing controls around contracting with HCPs, including implementing a needs assess, contracting process, controls to ensure payments made to HCPs and others are fair market value and do not take into account the volume or value of any expected referrals should also be a key focus. In addition, implementing a robust auditing and monitoring process using data maintained by the company (e.g., expense data) to proactively identify and address compliance concerns should be considered.
To further mitigate issues, manufacturers should look to develop an overall culture of compliance, including by having a visible compliance team, accessible reporting mechanisms, well-publicised and consistently followed disciplinary guidelines, and mechanisms for corrective action.
Finally, analysis should be undertaken to determine whether the manufacturer is a ‘covered manufacturer’ required to report transfers of value under the Sunshine Act and, if so, implement systems and controls designed to accurate capture and report all reportable transfers of value.
These proactive compliance steps can help to mitigate device manufacturers’ risks of enforcement for non-compliance with health care regulatory requirements.
