Article by David W. Ogden1 and Elisebeth Collins Cook2

Executive Summary

Judging by the headlines, the federal government's efforts to prosecute fraud against the government in health care have been a great success. In the last decade, the annual fines imposed on pharmaceutical companies alone have increased 813 percent and approached a total of $25 billion in health care fraud recoveries,3 with more promised for 2012.4 But a deeper examination of these numbers suggests that the headlines may not reflect reality, and that there are significant problems with current enforcement of anti-fraud statutes.

A rational, effective, and fair health care fraud enforcement system should:

1) impose appropriate penalties on companies and individuals who defraud the government and generate appropriate recoveries for the public fisc; 2) afford those who believe they are wrongfully accused a meaningful opportunity to test the government's charges against them; 3) allow the courts to serve as the ultimate arbiter of the facts and the laws that govern the area, providing clear notice of what the law requires; and 4) ensure that companies that provide medicines and medical devices for patients in federal health care programs adopt and operate the most effective corporate integrity systems to minimize future violations.

These should not be controversial points. Yet the enforcement regime that has evolved in the United States over the last 15 years does not reliably accomplish any of these basic goals. Indeed, a review of the current enforcement regime reveals dysfunctional dimensions.

  • First, even on its own terms, a system yielding huge and escalating settlements is not sustainable. The settlements themselves impose high costs on businesses that produce important—even life-saving—products and thus are harmful to the health care system and bad for the economy. The federal government's goal should be to reduce these losses to the health care system by focusing on increased compliance with clear rules, thereby obviating any call for the imposition of penalties. Yet the government appears to be advocating more of the same—extracting ever larger sums from pharmaceutical and medical device companies, without apparently giving genuine consideration to whether alternatives might produce better compliance at lower costs.5
  • Second, the current system of huge out-of-court settlements fails to provide clear rules because enforcement avoids the courts almost entirely, leaving companies who want to understand and comply with the law without meaningful guidance in many areas.
  • Third, those unusual cases that have gone to trial (almost invariably against individuals, after the government has obtained a major out-of-court settlement with their manufactureremployer) often demonstrate that the government's case was overblown, or in some cases completely unfounded, leading to acquittals that in turn suggest that the settlements were unsound.
  • Finally, the government has pursued criminal charges or career-destroying exclusion from the industry against individuals even where the government admits that the individuals played no role in the alleged crime. Despite the patent unfairness of the idea, and despite the government's selfcongratulatory press releases about major settlements, government officials themselves openly question whether the escalating payments extracted through settlements and corporate pleas can bring about better compliance. Their disturbing solution is to increase recourse to punishing individuals who are without fault.6

Preventing waste, fraud, and abuse in our health care system is of course an important objective; billions of dollars are at risk, and strong prevention and enforcement is critical. But the government's goals for the health care system should be to reduce fraud and reduce unnecessary costs. Measured against those goals, the current enforcement headlines are more a mirage than an indication of a successful enforcement program, and heaping on larger and larger fines and/or punishing innocent people will not fix the system and would be inconsistent with our core values.

A relatively simple but fundamental change could promote significantly improved corporate compliance across industry, help restore the courts to their appropriate role in interpreting and applying the law, thereby affording better notice of what the law requires, and increase the fairness of outcomes in this area, all while avoiding the jarring prospect of the federal government choosing to punish the innocent on the theory that it will deter the guilty.

A substantial part of the dysfunction in the present enforcement system emanates from a core flaw: the way the threat of "exclusion" from federal health care programs is utilized. Exclusion is an enforcement tool wielded (in the main) by the Inspector General of the Department of Health and Human Services ("HHS"), pursuant to which an individual or company is banned for a period of time from participating in federal health care programs, including Medicare and Medicaid. Originally and for many years exclusion was applicable only to so-called "direct" providers of products or services to program beneficiaries—doctors and hospitals, for example.7 But 14 years ago, HHS dramatically expanded exclusion's potential reach by making entities that are indirectly reimbursed for products prescribed to program beneficiaries, including pharmaceutical and medical device companies, subject to exclusion.8

There are effectively two types of exclusion that can apply to companies. Under current regulations, a pharmaceutical or medical device company faces "mandatory" exclusion from all federal health care programs based on a variety of statutorilydesignated offenses, whether or not the company provides a valuable, unique, or essential product for program beneficiaries. A company may also suffer "permissive"— or "discretionary"—exclusion based on the HHS Office of the Inspector General's ("OIG") judgment in a range of circumstances, even, for example, when prosecutors decline to indict.

Extended to "indirect" providers, the threat of exclusion therefore has enormous power. Put simply, because federal programs constitute an enormous and growing portion of the respective markets,9 essentially no pharmaceutical or medical device manufacturer can survive exclusion. For that reason, a concrete threat of exclusion—in the form of an indictment for an offense mandating exclusion—itself threatens to destroy a company in the way a mere indictment destroyed the accounting firm Arthur Andersen.10 Thus, a company will logically accept a settlement or plea agreement largely on the government's terms so long as exclusion is not among them.

In fact, ironically, as discussed below, exclusion is an objectively undesirable outcome for federal programs and their beneficiaries, because patients benefit from the products of the companies in question. And so the OIG typically agrees not to exclude pharmaceutical or medical device companies in exchange for their adopting a "Corporate Integrity Agreement" ("CIA") requiring compliance practices approved by OIG, and thus corporate exclusion in this area virtually never happens.11 It might be thought, then, that the threat of exclusion is an empty one, one that cannot be taken seriously by companies considering whether to accept the government's demands for settlements or guilty pleas. But to the contrary, indictment for an offense carrying mandatory exclusion makes clear that upon conviction, the interests of the federal government will be irrelevant and exclusion will follow as a matter of law. And in the charging process and the process of considering discretionary exclusion, the fact remains that the balance of harms between the company and the government entirely favors the prosecutors: While a federal program and the care offered to beneficiaries will be diminished by exclusion, unlike the company at issue, the federal program will not be destroyed. Exclusion is likely an acceptable (if sub-optimal) outcome for the government. But for companies, by contrast, exclusion means destruction. This complete imbalance of bargaining power drives the dysfunction of the present system, compelling companies to accept settlements largely on the government's terms, effectively without the power to contest the government's theories of liability or damages in court.

The public policy goals motivating the current enforcement regime would be better served by a system that encouraged all companies to adopt and maintain stateof- the-art corporate integrity programs, certified as such by a rigorous and credible third-party certifying organization. Exclusion should remain available in appropriate cases for companies that do not adopt or maintain a certified corporate integrity program, and for officers or employees who acted with scienter (i.e., individuals who are personally culpable). But for companies that have adopted such programs, the threat of exclusion and nofault punishment of officers and employees should be eliminated, so that federal programs cannot be deprived of medical products produced by companies with reliable compliance systems, and so that such companies have a meaningful ability, when accused of wrongdoing, to take their case to court if they believe they are not guilty or that any violation has caused less harm than the government contends.

This proposed approach would retain the virtues of the present system: strong deterrence and effective compensation for fraud and other culpable behavior related to federal health care programs and strong incentives for adopting aggressive corporate integrity plans induced by the desire to avoid exclusion. Indeed, the proposed approach would give companies powerful incentives to adopt and maintain state-of-the-art corporate integrity programs. But this new approach would also mitigate the extremely counterproductive aspects of the current regime—the unfairness and enormous inefficiencies produced by the outsized leverage it places in the hands of government lawyers and agents and the way it functionally ousts the courts from their role of applying and articulating the law and protecting the rights of the accused.

This paper proceeds in three parts. Part I sets forth the background of the current enforcement regime, describing in detail how the exclusion threat to pharmaceutical and medical device companies works. It also explains "no-fault" exclusion and sets forth the executive branch's aggressive interpretation of the Responsible Corporate Officer doctrine as permitting the criminal prosecution of innocent people. Part II describes the serious public-policy problems created by this enforcement regime: closing the doors to the courtroom, driving huge settlements that in turn harm innovation, jobs, and the public health, and leading to uneven corporate integrity programs across the industry. Part III explores solutions and sets forth a proposal: To enhance prevention of legal violations while preserving innovation and lowering unproductive costs, exclusion of pharmaceutical and medical device companies and no-fault liability for individuals should be reshaped to incentivize and recognize state-ofthe- art corporate integrity programs throughout the pharmaceutical and medical device industries.

I. The Current Enforcement Regime

Companies and individuals are subject to a wide range of criminal and civil sanctions designed to deter and punish waste, fraud, and abuse, among other wrongdoing in federal health care programs. Unlike most other tools, the penalty of exclusion is essentially binary—one is excluded or not;12 by contrast, a criminal fine or civil damages can often be calibrated along a spectrum to match the extent of the wrongdoing or to achieve other legitimate government purposes.13

A. The Basic Structure of the Exclusion Regime

The exclusion authority has expanded significantly since 1965 when Congress enacted the Medicare and Medicaid programs.

1. Permissive Exclusion

Congress initially confined the exclusion authority to discretionary exclusion of health-care facilities such as hospitals or extended care facilities that had failed to comply with the law, to satisfy the qualifications for participating in a program, or to submit necessary reimbursement information.14 This authority reflected Congress's concern that the Secretary (of what was then the Department of Health, Education, and Welfare) should have the ability to prevent facilities receiving federal monies from endangering the public health and harming the public fisc. A little more than a decade later, in 1977, Congress expanded the authority to allow the Secretary to exclude physicians, another category of providers who, if not scrupulous, could endanger individual patients and/or harm the public fisc.15

In 1987, Congress expanded the categories subject to exclusion by identifying more than a dozen grounds on which the Secretary may (but is not required to) exclude individuals and entities.16 Today the Secretary may rely on 16 different statutory grounds to exclude individuals or entities using her discretionary authority.17 For example, "[t]he Secretary may exclude ... individuals and entities from participation in any Federal health care program" if they have been convicted of certain misdemeanor offenses (under federal or state law) relating to health care fraud,18 or other convictions relating to other offenses that do not involve health care fraud.19 The Secretary also has discretion to exclude an individual or entity where she determines that it has engaged in kickbacks or other prohibited activities.20

Moreover, HHS may invoke exclusion even absent any conviction or any action by the Department of Justice (DOJ) if OIG "determines" that the "individual or entity has committed an act" such as submitting false or improper claims, fraud, kickbacks, and other prohibited activities.21 HHS has issued its own guidance, which provides an "informal and nonbinding" set of criteria exclude individuals and entities. Today the Secretary may rely on 16 different statutory grounds to exclude individuals or entities using her discretionary authority. For example, "[t]he Secretary may exclude ... individuals and entities from participation in any Federal health care program" if they have been convicted of certain misdemeanor offenses (under federal or state law) relating to health care fraud, or other convictions relating to other offenses that do not involve health care fraud. The Secretary also has discretion to exclude an individual or entity where she determines that it has engaged in kickbacks or other prohibited activities. Moreover, HHS may invoke exclusion even absent any conviction or any action by the Department of Justice (DOJ) if OIG "determines" that the "individual or entity has committed an act" such as submitting false or improper claims, fraud, kickbacks, and other prohibited activities. HHS has issued its own guidance, which provides an "informal and nonbinding" set of criteria to help officials determine whether to impose discretionary exclusion.22 These criteria include the degree of cooperation by an entity or individual, the efforts of the entity or individual to undo or mitigate the effects of misconduct, and whether the entity or individual acknowledged its wrongdoing and changed its behavior.23 These guidelines leave broad discretion to OIG, maximizing the government's leverage during settlement negotiations.

2. Mandatory Exclusion

Also in 1977, Congress introduced the notion of "mandatory" exclusion, which at that time was to be imposed only upon physicians and individual practitioners— who submit claims for reimbursement directly to the federal government—when they are convicted of specified crimes.24 Under the current statute, the Secretary "shall" exclude individuals and entities that have been convicted of: (1) "a criminal offense related to the delivery of an item or service" under Medicare or Medicaid; (2) "a criminal offense relating to neglect or abuse of patients in connection with the delivery of a health care item or service"; (3) "a felony relating to fraud, theft, embezzlement, breach of fiduciary responsibility, or other financial misconduct" in connection with the delivery of a health care item or service; or (4) "a felony relating to the unlawful manufacture, distribution, prescription, or dispensing of a controlled substance."25 Mandatory exclusion carries a minimum term of five years,26 and the term can be increased based on various aggravating factors up to permanent exclusion.27

Whereas "discretionary" exclusion—like other forms of debarment common in the federal procurement system28—is administered by the agency (now Health and Human Services) responsible for achieving the goals of the program, making exclusion mandatory for certain criminal offenses has the consequence of shifting the decision-making about exclusion from HHS and those responsible for program integrity and the accomplishment of program objectives to the federal prosecutors who decide whether to charge potential defendants with the offenses that would trigger mandatory exclusion.29 If a company is convicted of such an offense, it must be excluded, even if it has state-of-the-art compliance, even if the violation was aberrant and the work of rogue employees, and even if the company's products are particularly important to patients dependent on Medicare, Medicaid, or other federal health care programs. Similarly, mandatory exclusion applies across entire companies; it is not tailored or limited to particular products linked to wrongdoing. Thus, mandatory exclusion removes discretionary control over the continuing availability of certain medicines and medical devices from the agency (HHS), with the dual mission of both ensuring access to health care and also preventing waste, fraud and abuse, and vests control instead within another (the Department of Justice) that is charged in relevant part principally with enforcing the criminal law.30

For the first 21 years after enactment of mandatory exclusion—consistent, in our view, with Congressional intent, as well as good policy—HHS confined its application to so-called "direct" providers, i.e., those who are directly reimbursed by federal payors.31 HHS expressly and consciously stated that the mandate would not apply to so-called "indirect" providers, such as pharmaceutical companies.32 As discussed below, HHS changed this approach—in our view unwisely—in 1998.33

3. The Exclusion of Innocent Individuals

In 1996, Congress again addressed the exclusion authority by adding 42 U.S.C. § 1320a-7(b)(15), which expands the Secretary's permissive exclusion authority to reach owners, officers, or managing employees of a "sanctioned entity."34 Pursuant to this authority, the Secretary may exclude individuals who are officers or managing employees of companies that have been convicted (whether at trial or by plea) of particular offenses or of companies that have been excluded. This authority allows for exclusion of an individual even where the company she works for has not been excluded. Critically, HHS has also interpreted this statutory provision to enable it to exclude individual employees of sanctioned companies, even if the individuals did not themselves engage in or even know anything about any wrongdoing, indeed even if they had worked hard to prevent violations of that or any kind.35

In October 2010, OIG issued factors to guide its discretion in making such individual exclusion decisions.36 OIG has made clear that it believes it can exclude literally any officer or executive of such a company, though (thankfully) it has made clear it does not intend to impose the sanction on every person against whom the power might be invoked. Given the broad categories of people theoretically subject to the power, meaningful guidance with respect to who will be singled out for this punishment is plainly essential. Yet in stark terms the new guidance deliberately imposes no restraint whatever on the imposition of this draconian sanction: "With respect to officers and managing employees, the statute includes no knowledge element. Therefore, OIG has the authority to exclude every officer and managing employee of a sanctioned entity."37 The guidance further declares that OIG may exclude individuals "based solely on their position within the entity."38 Having provided very little direction in the first place, the guidance goes on to make clear that in any event it is "nonbinding," "may be subject to modification at any time," and is "not intended to limit OIG's discretionary authority."39

As if this were not enough to worry about, the OIG's new guidance treats individual culpability in a particularly troubling fashion. Rather than provide that a lack of personal involvement in the alleged crime creates at the very least a presumption against exclusion—as traditional notions of justice would seem to require—the guidance asserts that "when there is evidence that an officer or managing employee knew or should have known of the [underlying mis]conduct, OIG will operate with a presumption in favor of exclusion."40 In other words, entirely innocent officers or managing employees—even those who are not even negligent—do not have the benefit even of a minimal presumption against exclusion. Nor does any favorable presumption protect individuals who took steps to encourage compliance by the company.41

OIG defends this approach as necessary to provide sufficient deterrence, an apparent admission that its approach is otherwise not working properly.42 But OIG does not acknowledge that its approach is fundamentally out-of-step with basic notions of fairness.

B. The Expansion of Exclusion to Pharmaceutical and Medical Device Companies and Their Employees

As noted above, until September 1998, the threat of exclusion did not apply to "indirect" providers or the employees of indirect providers. But then, for the first time, OIG applied the exclusion authority to "indirect" providers of health care services, bringing entities such as pharmaceutical drug and medical device manufacturers within the scope of the exclusion power.43 This was a true sea change. Yet OIG implemented this enormous expansion of its exclusion power by regulatory fiat without new congressional authorization.44

Extension of mandatory exclusion to indirect providers brings with it significant potential adverse consequences for the public health. Some medicines and medical devices have no equivalent, and the exclusion of an indirect provider could mean that unique or difficult-to-substitute medical products become immediately unavailable to Medicare and Medicaid beneficiaries nationwide; a company's ability to bring its product to the general market therefore is subject to an existential threat. Even for other medicines, serious restriction of the supply of products doctors prescribe for patients to alleviate suffering or ameliorate disease restricts available options for the beneficiaries of health care programs and, moreover, threatens the economic survival of the producer over the immediate and long term, which in turn threatens to reduce the supply of its products to the public as a whole. Yet despite the dramatic change in policy and potential consequences, the regulatory expansion occasioned relatively little commentary at the time.

C. Towards Strict Liability: Expanding the Responsible Corporate Officer Doctrine

In addition to the stark threat of exclusion, the government has increasingly invoked a different doctrine—the so-called Responsible Corporate Office (RCO) doctrine—to hold strictly, criminally liable the officers of pharmaceutical and medical device companies for offenses they did not themselves commit.45 Prosecutors have recently argued explicitly that the Federal Food, Drug, and Cosmetic Act (FDCA) "uniquely requires no proof of intent or actual knowledge of the violations by the Corporate Officials to establish their guilt for the misdemeanor offense."46 Though a misdemeanor, a no-fault RCO conviction is by no means a trivial matter; it can serve as the basis for substantial fines and penalties, and/or imprisonment, and as the basis for career-ending exclusion. Under the RCO doctrine, DOJ obtained a conviction and HHS imposed exclusion on three employees of the Purdue Frederick Company without ever showing that they had "awareness of some wrongdoing."47

First embraced by the Supreme Court nearly 70 years ago in United States v. Dotterweich, the RCO doctrine allows executives and managers to be held criminally liable under the FDCA for actions taken by others that result in violations of the FDCA or for failure to take actions that could have prevented violations of the federal public health statute.48 The Court explained that the statute "dispenses with the conventional requirement for criminal conduct— awareness of some wrongdoing"—because "[i]n the interest of the larger good it puts the burden of acting at hazard upon a person otherwise innocent but standing in responsible relation to a public danger."49

Then forty years ago, in United States v. Park, the Supreme Court once again upheld the notion that executives may be held criminally liable for having some "responsible relationship" to the FDCA violation.50 In Park, the Court assumed that there would only be minor penalties for a misdemeanor, strict liability offense.51 The Court did not contemplate that RCO crimes might serve as the basis for the harsh penalty of individual exclusion, because as noted, such exclusion was not a feature of the landscape in 1975. Nor did the Supreme Court contemplate that conviction of this offense might carry increasingly significant fines. Most important, the Supreme Court's decision in Park followed assurances made by the Solicitor General on behalf of the United States that the doctrine would be invoked with careful discretion and ordinarily only after particular requirements were met—including the limitation that prosecutors would not invoke the doctrine unless the prospective defendant, like the defendant in Park itself, had actual prior knowledge of the violations. The United States assured the Court that the FDA "will not ordinarily recommend prosecution unless that official, after becoming aware of possible violations, ... has failed to correct them or to change his managerial system so as to prevent further violations. In those instances where prosecution is brought, it is brought for past, as well as the most recent, violations."52 The Solicitor General also submitted to the Court that:

The government is interested in the prevention and correction of conditions potentially dangerous to the public health and welfare, not in prosecution for its own sake. Accordingly, FDA's standards for reference of cases to the Department of Justice for prosecution embrace the following categories: continuing violations of law ...; violations of an obvious and flagrant nature ...; and intentionally false or fraudulent violations.53

The Supreme Court in Park in turn recognized the importance of sound prosecutorial judgment in charging a crime with a minimal mens rea requirement:

The Court [has] recognized that, because the [FDCA] dispenses with the need to prove "consciousness of wrongdoing," it may result in hardship even as applied to those who share "responsibility in the business process resulting in" a violation. ... "In such matters the good sense of prosecutors, the wise guidance of trial judges, and the ultimate judgment of juries must be trusted."54

And consistent with those assurances to the Supreme Court, for many years the FDA, which investigates potential violations of the FDCA and refers cases to U.S. Attorneys for prosecution, issued and adhered to guidelines limiting the circumstances when the RCO doctrine would be invoked. For example, the 2007 referral guidelines stated that "the agency ordinarily exercises its prosecutorial discretion to seek criminal sanctions against a person only when a prior warning or other type of notice can be shown. Establishing a background of warning or other type of notice will demonstrate to the U.S. Attorney, the judge, and the jury that there has been a continuous course of violative conduct and a failure to effect correction in the past."55 The FDA also made clear that one episode of wrongdoing ordinarily would not trigger criminal referral to prosecutors: "With the exception of prosecution recommendations involving gross, flagrant, or intentional violations, fraud, or danger to health, each recommendation should ordinarily contain proposed criminal charges that show a continuous or repeated course of violative conduct."56

In January 2011, the FDA performed an about-face and effectively disavowed the Solicitor General's representations on which the Supreme Court relied in Park and discarded safeguards previously contained in its referral guidelines.57 Under the newly-minted standards, knowledge, a pattern of wrongdoing, and prior notice of possible violations are no longer ordinarily required to support referral for prosecution. Instead, the new referral guidelines state: "Knowledge of and actual participation in the violation are not a prerequisite to a misdemeanor prosecution but are factors that may be relevant when deciding whether to recommend charging a misdemeanor violation."58 The new guidelines also dispense with the previous language that "each recommendation should ordinarily contain proposed criminal charges that show a continuous or repeated course of violative conduct."59 Finally, the new guidelines omit the provisions stating that FDA officials should ordinarily provide a prior warning or some type of notice to prospective defendants before pursuing criminal charges. And these new guidelines now have particular salience for officers of pharmaceutical and medical device manufacturers, because they have increasingly been threatened with RCO prosecutions.60

D. The Enforcement Framework

The threats of exclusion of companies, exclusion of individuals, and strict liability prosecution of individuals are not necessary to adequately punish those companies and individuals who engage in unlawful conduct. Wholly apart from those tools, the existing enforcement regime imposes substantial punishments. With respect to corporate defendants, the government may impose very substantial civil and criminal penalties, including damages and fines.61

For instance, under the civil False Claims Act, the government can collect damages of three times the amount improperly claimed, or three times the amount remunerated as part of an illegal kickback.62 Where the "items" are prescription drugs or medical devices, the statutory damages penalties can extend into the hundreds of millions or beyond. Criminal penalties are additive and very severe. Organizational defendants can be fined up to $500,000 for each felony offense or up to twice the gross pecuniary gains from their offenses.63 Health care specific crimes, such as felony violations of the anti-kickback statute or false statements made in applications to federal health care programs, can yield fines of $25,000 per violation.64

Similarly, individual officers or employees convicted of such offenses face large fines and significant jail terms. Like organizations, officers and employees are subject to fines for each service falsely claimed and each illegal kickback.65 Individuals face criminal fines up to $250,000 for felonies, $100,000 for Class A misdemeanors, or twice the gross pecuniary gains or losses caused by their crime.66 They may be imprisoned for five years for illegal kickbacks,67 false statements,68 false statements to receive payment from federal health care programs,69 or obstructing a federal audit,70 and up to twenty years if convicted of wire or mail fraud.71

Moreover, these penalties are available under a wide range of legal theories of liability. The government has pursued, among others, theories of criminal liability for criminal false claims,72 knowingly making false statements to the government,73 intentional obstruction of a federal audit,74 mail fraud and wire fraud,75 and various conspiracy statutes.76

Given the gravity of these potential consequences singly and collectively, it is not plausible to suggest that absent exclusion, guilty parties cannot be punished adequately. Therefore, as a punishment, exclusion is not needed. Moreover, properly conceived, exclusion's purpose is not punishment; its proper purpose is protection of the system from providers who carry an undue risk of future violations. With respect to companies that can demonstrate an appropriate commitment to complying with the law going forward, exclusion imposes unneeded harms on the public and government programs as well as on the defendant. Exclusion's purpose, put simply, should solely be to eliminate from federal programs those companies that cannot show a sufficient commitment to complying with the law going forward. Insofar as it operates as an additional deterrent beyond the others the law imposes, it should operate generally to encourage companies to maintain systems to reduce the risk of violations as much as possible.

II. The Detrimental Consequences of the Current Enforcement Regime

In the first instance, it is fair to question whether HHS's 1998 extension of exclusion to indirect providers makes sense at all; there are good arguments that it does not. Even if the expansion is retained, mandatory exclusion, no-fault exclusion of individuals, and the exclusion of companies with a demonstrated commitment to compliance are particularly pernicious and should be abandoned.

A. The Illogic of Excluding Indirect Providers

Other than in isolated locations, such as rural areas where a particular hospital may be the only option, a medical facility or a particular physician that has committed a serious violation of the law can typically be excluded without severe consequences for the public. And with respect to such isolated locations, HHS has the authority to waive even "mandatory" exclusion to ensure that such harms do not occur.77 But there are far fewer alternatives to medicines and medical devices. Like rural hospitals, they are less readily fungible.78 Yet no exception seems clearly to apply to pharmaceutical and medical device companies. Consequently, the practical effect of exclusion of such companies would almost invariably be damaging to the public. Presumably, this is why pharmaceutical and medical device companies are excluded infrequently, and why those that are excluded do not hold significant market shares for a given type of drug therapy or medical device.79

Exclusion in these industries, therefore, typically remains just a threat. Yet it is a real threat that no rational company can test. Although the Justice Department is unlikely to convict (or perhaps even to indict) a company that produces health care products of importance to the public for an offense that carries mandatory exclusion, and although OIG is unlikely to choose to exclude such a company as a discretionary matter, the government could pursue exclusion simply to make an example of a company that was not willing to accept the government's terms. In any given case, therefore, the threat of exclusion is not empty and may not be a bluff. The value of exclusion in this area for the government, then, is exclusively its power to help coerce pleas or settlement agreements, including Corporate Integrity Agreements.

B. Problems With the Mandatory Exclusion Regime

With mandatory exclusion as a consequence of certain offenses, federal prosecutors have significant leverage in crafting the indictment not only to charge the gravest possible offense,80 but also to induce a plea to a charge that does not carry mandatory exclusion.81 A company may be able to survive a massive settlement, as the market generally recognizes,82 in part because prosecutors in reality can push a settlement amount only to the limit of what a company can afford to pay. The same is not true of exclusion.

1. The Exclusion-Driven Settlement Regime Largely Prevents Judicial Articulation of the Law

The first consequence of the outsized leverage afforded by the exclusion power is that it serves as a powerful disincentive to contest the government's allegations, and thus largely eliminates judicial superintendence of the law. Rather than develop through judicial application of the statute and precedents, the law develops through prosecutorial imposition effectively unchecked by the courts. Judges do not have an opportunity to play their assigned role because cases are almost invariably resolved prior to indictment. As a result, virtually all of the substantive guidance about the types of behavior pharmaceutical, medical device, and other health care companies should avoid so as not to trigger the exclusion penalty (or other sanctions) comes from indictments, plea agreements, settlement releases, and similar sources, and not from judicial opinions applying the law in principled ways to specific instances of conduct.

As this vague body of prosecutorand OIG-developed law evolves, the government seems not to prize developing clear rules of the road, but instead, prizes maximizing government discretion to redraw the road itself after companies have tried to traverse it. To take one example: The scope of the key phrase "related to the delivery of an item or service" under 42 U.S.C. § 1320a-7(a)(1), is not immediately apparent on its face.83 OIG has maximized executive discretion by refusing to clarify the phrase "delivery of an item or service," stating in a 1992 rule that:

We have decided not to define this term. This term has served as the basis for exclusions from Medicare and Medicaid for many years and the absence of a definition of the term has not posed any serious problems. The OIG assesses each conviction on a case-by-case basis to determine whether it falls within the ambit of the statutory language— that is, whether it is related to the delivery of an item or service under one of the programs—and each of those determinations is quite fact-specific. We believe that it will continue to be more effective to make these determinations on a case-by-case basis than to attempt to define the phrase further.84

Although agencies are typically entrusted to interpret and enforce the statutes they administer,85 leaving companies at the explicit mercy of ad hoc determinations by agents of the Executive Branch is a poor way to run any system of laws and certainly a poor way to govern an industry on which the public depends for products that save lives and alleviate human suffering.

The benefit of judicial decisions, of course, is that over time they articulate what is unlawful and what is not, and companies and individuals can rely on those pronouncements as they formulate their behavior in the marketplace. With the exclusion-driven settlement regime, however, not only do the players in the health care field lack meaningful opportunities to obtain consistent and transparent decisions informed by a thoughtful analysis of the prior precedent in this area, but relying on prosecutors to shape the rules may distort the substantive law.86

The government's record in cases in which individuals have challenged the government's case suggests the harm done by denying meaningful recourse to the courts. For example, in 2009, a grand jury indicted Stryker Biotech, LLC, its president, the head of the sales force, and two regional managers on various felony charges arising out of the company's alleged off-label promotion of two products.87 The prosecutors had told the court that the case would last two months and involve more than 70 witnesses. But during opening statements, the defense informed the jury that the government had not even spoken to any of the doctors who had allegedly been defrauded by Stryker's scheme.88 According to defense counsel, those doctors were willing to testify on the defendants' behalf that "[t]he defendants did not lie to them; the defendants did not deceive them; the defendants did not defraud them in any way."89 Shortly thereafter, the government dropped all the felony charges against the company in exchange for a misdemeanor plea and a fine from Stryker, and it dropped all charges against the individual defendants. The government had not even completed the direct examination of its first witness.90 The case was almost over before it began, and was seen as a major embarrassment for the U.S. Attorney's Office for the District of Massachusetts, which brought the case.

A decade ago, the government charged TAP Pharmaceutical Products, Inc., with conspiracy to defraud the government by handing out free drug samples to physicians, who would then bill the government for reimbursement.91 Facing exclusion,92 TAP agreed to pay a combination of criminal and civil fines totaling $875 million.93 The government then prosecuted thirteen TAP employees on the same grounds, though several were dismissed from the case before it reached the jury.94 The jury considered the evidence against eight remaining defendants and acquitted each and every one of them.95 In light of the verdicts, the court ordered that the single employee who pleaded guilty ought to have her guilty plea vacated—the government eventually dismissed all charges against her.96 Yet the conviction of the company, and its almost one billion dollars in fines and penalties, stood.

2. The Inability to Risk Exclusion Drives Huge and Disproportionate Settlements

With companies lacking the genuine ability to contest the government's allegations and legal theories in court, the second inevitable consequence of the threat of exclusion is the inevitability of settlement at virtually any amount the government demands. The quantum of settlement in large cases typically correlates not to the magnitude of the offense or any harm to the public, but instead correlates to a company's perceived ability to pay, or the government's apparent desire to announce a settlement larger than it obtained from the last company. For example, between January 2009 and December 2011, DOJ recovered $8.7 billion through False Claims Act cases—which it accurately heralded as the largest three-year recovery total in the Department's history and more than onefourth of the total FCA recoveries during the last 25 years.97 Over those three years, the Department of Justice more than doubled its recovery of monies from health care fraud cases, achieving record-breaking recoveries the last two years.98 In FY 2011 alone, approximately $2.4 billion of the $3 billion obtained through FCA settlements and judgments came from companies in the health care industry.99 And the vast bulk of these recoveries are obtained from legitimate companies providing medicines or medical devices, pursuant to doctors' orders, that save or substantially improve patients' lives. They are not obtained from the clearly reprehensible, fraudulent operations that have been much and appropriately publicized, such as phony medical clinics or prescription mills, which are typically not able to pay the enormous amounts that underwrite the Department's dramatic totals.100

It must be acknowledged that, from one perspective, the federal government has incentives to increase the size of payments in penalties over time by pharmaceutical, medical device, and other legitimate companies operating in the health care industry. In these times of budget deficits, bringing billion-dollar settlements into the public fisc has appreciable advantages. Moreover, unfortunately, the increasing nature of these settlements has become synonymous with success for the prosecutors. To be sure, companies that engage in wrongdoing can and should be punished appropriately. And illegal actions that impose significant harms on the government require significant penalties. But the escalation of fines and penalties on productive businesses places a substantial tax on the health care system that in itself creates a public harm. And a system in which the legal and factual theories underlying those settlements cannot be tested in court is a broken system.

Indeed, these outsized settlements have consequences. The money to fund them must come from somewhere, whether it be from a company's profitability (to the detriment of shareholders and the market generally) or from the amount of money invested by these companies to develop innovative new drugs and devices to fight diseases and chronic illnesses. Sizable payments to settle civil or criminal allegations are heavy costs borne by the private health care sector that may result in cuts to research and development budgets or marketing budgets that educate the public about drugs or devices that might improve or save their lives. Studies show that cutting research and development expenditures contributes to the already significant job loss being experienced by the pharmaceutical industry.101 Multi-million or multi-billion dollar payments by a company exacerbate the loss of its capital to support innovation and loss of jobs in an industry that is among the country's most productive and during a time when the United States remains in the forefront of pharmaceutical and medical device innovation.

Ironically, in other contexts, the government itself has recognized the distorting and counterproductive effect of mandatory exclusion, rejecting suggestions that it would be good policy to provide for mandatory debarment for Foreign Corrupt Practices Act violations:

[Mandatory exclusion] might have some deterrent effect, [but] that remedy would likely be outweighed by the accompanying decrease in incentives for companies to make voluntary disclosures, remediate problems, and improve their compliance systems. ... The purpose of debarment proceedings historically has been to protect the public fisc, not to deter or punish wrongdoing. Linking mandatory debarment to a criminal resolution would fundamentally alter the incentives of a contractor-company to reach an FCPA resolution because such a resolution would likely lead to the cessation of revenues for a government contractor—a virtual death knell for the contractorcompany. Similarly, mandatory debarment would impinge negatively on prosecutorial discretion. If every criminal FCPA resolution were to carry with it mandatory debarment consequences, then prosecutors would lose the necessary flexibility to tailor an appropriate resolution given the facts and circumstances of each individual case.102

Yet the Department of Justice's concerns about the harms mandatory debarment would do if imposed in the FCPA context play out every day in the health care fraud arena.

C. The Current Permissive Exclusion Regime Is a Missed Opportunity for Consistent, Optimal Compliance

Companies under investigation for health care fraud must satisfy not only the prosecutors with respect to civil settlement and criminal plea terms but also must resolve with OIG the question of exclusion: Even if there is not a conviction for an offense mandating exclusion, OIG will have to determine whether to exercise its permissive exclusion authority. Although discretionary, permissive exclusion has the same adverse collateral consequences, and the threat of it is therefore as severe. Permissive exclusion provides OIG power to pressure indirect providers to accept the government's terms during negotiations, even where there has been no opportunity to test the OIG's assertion that it has prima facie proof of wrongdoing by the entity.103

At the same time, permissive exclusion raises unique questions, given the discretionary nature of the authority and the lapse in time that will unavoidably occur between alleged misconduct and a determination as to whether exclusion will be pursued. Offenses that can give rise to permissive exclusion can be the result of conduct by employees long-since departed, of a company that was acquired by new management after the alleged wrongdoing, or of conduct that occurred prior to the implementation of a robust corporate integrity program.

In lieu of permissive exclusion, almost as a matter of course, OIG requires "indirect providers" to enter into Corporate Integrity Agreements designed to enhance compliance and prevent the recurrence of offenses. It is safe to say that OIG is not accomplishing its twin goals, as evidenced partly by the fact that corporations have agreed to hundreds of CIAs in the last few years.104 Moreover, the problems with this approach are two-fold: First, by imposing CIAs on a one-off basis at different times with different companies, OIG has created an inconsistent and ad hoc compliance regime across the industry. Second, as discussed in detail below, although offering real benefits, it is not clear that the CIAs facilitate optimal compliance. Both the OIG and the industry agree on the value of corporate integrity programs—the question is how best to achieve them.105

1. The Value of Incentivizing Corporate Integrity

With the adoption of the Federal Sentencing Guidelines for Organizations (FSGO or Guidelines) nearly 20 years ago, the Sentencing Commission recognized the significant value of corporate compliance programs for preventing and reducing criminal activity and achieving larger public policy goals, including the more efficient functioning of federal government programs. The Commission explained that pushing companies to institute robust compliance programs could "reduce and ultimately eliminate criminal conduct by providing a structural foundation from which an organization may self-police its own conduct through an effective compliance and ethics program."106 These hopes were realized, at least in part. Reflecting on the impact the Guidelines had made since their inception, the Ethics Resource Council has concluded that "evidence shows that the Guidelines have achieved significant success in reducing workplace misconduct by nurturing a vast compliance and ethics movement."107 Moreover, "employees in companies with effective, meaningful codes of conduct and programs based on the FSGO witness fewer incidents of misconduct, and are far more likely to report misconduct when observed."108 But in some respects, the results also have been limited, in part because "criminal cases against bigger corporate defendants are largely being detoured around the judges for whom the Sentencing Guidelines were intended."109 In other words, the extraordinary pressure to settle cases has deprived companies of a neutral arbiter not simply for purposes of determining liability, but just as importantly, for determining the type and size of the penalty inflicted on a company.

In addition to the Sentencing Commission, DOJ has repeatedly recognized the value of compliance programs. When considering whether to charge a corporation, the Principles of Federal Prosecution of Business Organizations in the U.S. Attorneys' Manual ("Manual" or "USAM") directs prosecutors to determine, among other things, whether a company has a well-designed compliance program.110 As one former Department official explained: "[I]f you really want to deter white-collar crime, the best weapon is an effective compliance program. ... [C]orporate criminal liability should incentivize corporations to establish effective compliance programs."111 And similarly, as one author of this paper has consistently maintained, "we in the legal profession—prosecutors, defense lawyers, and corporate counsel alike— ... have a common interest ... in making certain that responsible corporate citizenship is encouraged and rewarded."112 Yet as with the Sentencing Guidelines, it appears that "there is little hard evidence that organizations are receiving the promised consideration for their compliance programs and prosecutors rarely point to compliance/ethics programs when publicly discussing case resolutions."113

OIG has similarly embraced compliance programs as part of its wholesale strategy to reduce and prevent health care fraud, at least on paper: "OIG dedicates significant resources to promoting the adoption of compliance programs ... as an essential component of a comprehensive antifraud strategy."114 And OIG has issued numerous guidance documents geared toward sectors of the health care industry—including pharmaceutical manufacturers, hospitals, and physician practice groups—to help these key players understand the facets of effective corporate integrity programs that OIG expects these key players to institute in their respective business models.115 But OIG's approach of negotiating CIAs on a one-off basis yields a piecemeal approach that achieves less than it might in at least two ways.

a) Inconsistency Across the Industry

Today, most if not all of the major participants in the pharmaceutical industry have entered into CIAs to resolve allegations of actual or perceived wrongdoing. But these CIAs are entered into at different times, driven by the timing of government investigations, and have different substantive terms, defined through bilateral negotiations. Each CIA typically lasts about five years, which means some market participants are just starting CIAs while others are in the middle of the term, and still others are cycling off. The result is inconsistency across the industry and a piecemeal body of quasi-law that offers only glimpses of what may be the relevant standard of conduct.116 There are better ways to establish industry-wide best practices.

Moreover, the terms of CIAs vary from company to company. For example, regarding the time allotted to train negotiated CIA requires half as much training time as Merck's negotiated CIA requires. Eli Lilly must provide twice the training to covered persons as Allergen must provide, but Eli Lilly is not required to provide training for board members at all. By contrast, their negotiated CIAs require Allergan, Forest Labs, and Novartis to train board members. Pfizer's negotiated CIA requires a Compliance Review program undertaken by the Audit Committee, while the Novartis CIA requires a Compliance Review program undertaken by the Board, while imposing a requirement on Novartis that it retain an independent compliance expert to oversee the review and prepare a written report.117

Some negotiated CIAs apply to subsidiaries and parent companies, while others do not; some define covered persons to include development personnel, while others do not; some require scope of management certifications from a broad range of personnel, while others do not; and some require compliance policies in more than twenty areas, while others require them in fewer than five areas.118 Although some of these differences may be explained as the development and refinement of best practices over time, and others may reflect differences in the underlying conduct that gave rise to the investigation, it simply cannot be the case that optimal compliance is achieved where similarlysituated companies must satisfy different requirements imposing different costs and different constraints during different time periods. Nor, obviously, do such differing obligations create a level playing field for companies compelled to operate under different sets of rules than their competitors. Given that it has engaged virtually every major company in the industry, the government should not have a role in creating an uneven competitive playing field, if that can be avoided.

b) Achieving Optimal Compliance

There are legitimate concerns that, in addition to promoting a lack of uniformity across the industry, CIAs may not be facilitating optimal compliance even within a given company.119 Negotiated CIAs tend to be backwards-looking, shaped by a particular type of violation or offense the government believes it has identified, rather than a systemic analysis of the compliance risks a company will face going forward.120 And negotiated CIAs tend to be inflexible while in force, even if the compliance risks change.121 Thus, for example, if a company allegedly violated regulations on promoting off-label uses for drugs, its negotiated CIA might center on promotional materials. But an independent, contemporaneous risk assessment might show that increased clinical trials or other activities expose the company to antikickback vulnerability requiring special measures, while the promotional issues had already been addressed by the company when the government investigation first came to light.

Typically, companies under a CIA are subject to annual reviews by Independent Review Organizations ("IROs"), but most CIAs do not explicitly require companies to engage in a specific process to identify compliance risk.122 And the IRO reviews focus on compliance with the negotiated CIA, without necessarily taking a step back to see if compliance has been institutionalized as a business matter and incorporated to support a core value or goal of a company. Compliance officers also have an obvious professional incentive to focus on demonstrating compliance with the CIA, rather than developing comprehensive goldstandard compliance regimes that will anticipate and reduce the potential for any category of fraudulent or illegal behavior.

Moreover, negotiated CIAs imposed by the OIG generally evolve by accretion; OIG tends to insist that a new CIA must incorporate all features of previous CIAs while imposing additional requirements. Although, with this approach, negotiated CIAs might be able to evolve and establish new "best practices" in the industry,123 companies are frequently required to retain requirements from old CIAs even where they have no demonstrated value, or even if there are intervening legal changes.124

Further, like IROs, under negotiated CIAs, companies often emphasize demonstrable compliance with the CIA (a rules-based approach), rather than instituting more effective but less auditable approaches. For example, as recently recognized at an OIG-hosted roundtable discussing CIAs, companies may train online because it is easier to demonstrate that individuals have completed computerbased training modules.125 In-person training may be more effective for a given company, but because it is harder to audit and demonstrate compliance with a training requirement, online training becomes the default. Similarly, for large entities, a requirement to train all covered persons annually can lead to training that is at a higher level of generality than optimal—to meet the CIA requirements, entities may not have the time or resources to differentiate between sales representatives on the one hand, and those in research and development on the other.

Finally, government auditors are not expected to have experience with business imperatives or any knowledge of the pharmaceutical industry generally, and as a result they may impose requirements that simply do not make sense for the industry. For example, some negotiated CIAs now require lawyers instead of compliance officers to "ride-along" for marketing calls, even though compliance officers may be better equipped to identify and minimize compliance risks, particularly on a real-time basis, and comprehensive legal training is not essential to success. These agreements may therefore not best harmonize the interests at stake, namely compliance with the law without chilling innovation and growth of the national economy and promotion of the public health, because they emanate from a negotiation in which the enforcement authorities make the decisions and hold all the cards, yet lack relevant technical, business, or public health expertise.

Having noted these shortcomings, negotiated CIAs have benefits, and OIG's practice of obtaining a CIA as a price of avoiding exclusion sensibly (within the current legal structure) uses the threat of exclusion in service of the right objective—future compliance— and properly drops the threat once that objective is secured through an acceptable compliance plan going forward. Similarly, many companies have gone above and beyond the requirements of applicable CIAs. Nevertheless, there is substantial room for improvement, both in terms of consistency among companies and in terms of achieving optimal and appropriate terms. This paper proposes a path forward.

D. No-Fault Individual Liability is Unfair and Unjustified

As noted above, in the service of deterrence, OIG claims the authority to exclude individual employees of pharmaceutical and medical device companies even in the absence of any evidence that they participated in or had knowledge of any wrongdoing allegedly committed by the company they serve.126 Similarly, FDA guidelines have moved away from any requirement of knowledge of, or a true opportunity to prevent, misconduct prior to referral for criminal investigation. This so-called "no-fault" exclusion, and its companion concept of criminal conviction under the Responsible Corporate Officer doctrine, represents a significant departure not just from our traditional notions of fairness and justice—here, an individual is being punished simply for the "crime" of having a particular job—but also has significant potential adverse consequences for the public health.

No-fault exclusion is essentially careerending for individuals in the health care industry because no company in the field can employ an excluded individual without itself facing exclusion.127 An indictment or conviction based on the RCO doctrine may be similarly devastating, particularly because of the severe reputational harm undoubtedly inflicted on the individuals before guilt is even proven, and because conviction under the RCO doctrine may serve as the basis for a decision to exclude. When conviction and/or exclusion can be imposed literally without any fault on the part of the individual punished, companies—and indeed the entire industry—may be deprived of high-functioning and experienced personnel without sufficient (or indeed, without any true) reason. Moreover, the broad spectrum of individuals who may be subject to exclusion provides the government with unacceptably unguided discretion in selecting among similarlysituated persons for the imposition of devastating punishments.

1. No-Fault Liability Fails to Promote Legitimate Public Policy Goals

Given the stakes for individuals, companies, and the public, it is important to consider the underlying principles of individual exclusion to ensure that the current system works consistently with those ideals. When Congress amended the exclusion statute to allow for corporate officer exclusion, it identified two core concerns: first, that "greater deterrence against fraud and abuse was needed in the Medicare program,"128 and second, that "culpable individual[s] would ... be subject to program exclusion, even if not initially convicted or excluded."129 Exclusion could therefore be invoked as a prophylactic to remove unscrupulous or dangerous individuals from a system when other measures will not work. But it should be obvious that these goals are not meaningfully served by excluding innocent people.

With respect to the first concern, effective deterrence is based on the utilitarian principle that punishments should be no more than needed,130 and should therefore be aimed at those individuals who can be deterred—namely, those knowingly doing wrong. This notion dovetails with Congress's second concern—that culpable individuals should be subject to exclusion.131 Exclusion should be directed only towards culpable people in order to comport with congressional intent, to say nothing of basic notions of fairness. Attempting to deter guilty people by threatening innocent people is not only a questionable enforcement strategy, but it also undermines the justifications for compulsive punishment. Under a theory of just deserts, punishment "must in all cases be imposed on him only on the ground that he has committed a crime," and that kind of liability requires a culpable mental state.132 The statements of OIG officials suggesting that increased use of nofault punishments is needed to enhance deterrence133 unwittingly recall Voltaire's satirical comment, referring to England at the time of the Napoleonic wars, that "in this country it is found good, from time to time, to kill one Admiral to encourage the others."134 OIG's approach simply does not reflect the values in our nation today.

Indeed, if individuals can be prosecuted or excluded on a no-fault basis, then neither of the two posited statutory interests are meaningfully advanced. Under a no-fault scheme, there is no reasonable connection between an offender's culpability and potential punishment. More to the point, by punishing people with no connection to the violation, the OIG diverts valuable resources away from investigating and prosecuting those responsible for the offense towards those who were not responsible.135 For that reason, rather than producing prophylactic benefits, a no-fault exclusion regime could create completely counterproductive outcomes: With a strict liability penalty, individuals will rationally avoid engaging in even blameless or productive conduct if it carries the risk of exclusion. And worse yet, talented individuals may be hesitant to assume senior roles at pharmaceutical or medical device companies for fear of facing a strict liability regime that ascribes guilt to blameless conduct. The result of a lesstalented workforce could be both degraded performance across the board and reduced quality of legal compliance.

The same is true for the RCO doctrine, as the government implicitly recognized in its briefing to the Supreme Court in Park. Prior to the January 2011 changes to the FDA referral guidelines (which sets forth factors to help the FDA determine whether it should refer a matter for criminal prosecution), the government embraced opportunities for individuals to correct potential violations before bringing charges under the RCO doctrine.136 As Solicitor General Robert Bork explained to the Supreme Court in Park, "[t]he government is interested in the prevention and correction of conditions potentially dangerous to the public health and welfare, not in prosecution for its own sake."137 The OIG's comments and new guidelines suggest that this may no longer be true.

The recent case of Howard Solomon, CEO of the drug company Forest Laboratories, illustrates the risks involved in pursuing the threat of exclusion against individuals where very little guidance is provided to ensure responsible decision-making. In 2002, BusinessWeek profiled Mr. Solomon, a man moved by his son's battle with depression to lead Forest Laboratories to help bring antidepressant medications to the United States market.138 In 2010, the company pleaded guilty to crimes involving the distribution and promotion of some of its drugs; the government suggested no evidence or indication that Mr. Solomon was personally aware of or involved in the wrongdoing.139 Indeed, Mr. Solomon was not prosecuted on any theory, including the RCO doctrine. Yet in 2011, after announcing a change in policy toward increased exercise of no-fault exclusion of individuals, the HHS Inspector General formally considered excluding Howard Solomon despite this lack of indication of personal responsibility.140 After four months of deliberation, the Inspector General chose to close the case without further action—a significant retreat by the OIG in an area where it has been promising to flex its enforcement muscle.141 But the OIG still claims the authority to exclude a broad range of individuals without any finding of fault, and this remains (as it no doubt is intended to be) a very real threat to individuals in this critical sector of the health care industry.142

Thus, the current exclusion regime, taken in pieces and as a whole, raises serious public policy concerns, beginning with regulatory expansion of exclusion to indirect providers and proceeding to regulatory expansion of no-fault liability for individuals.

So it seems fair to ask:

Isn't there a better way?

III. Prescriptions: Emphasize Prevention

A. Options and Recommendations for Compliance

Dramatic improvements in compliance and fairness, while preserving strong enforcement, can be achieved with a simple change: Make clear that exclusion will be imposed on indirect providers only if a company has failed to institute an effective and comprehensive corporate integrity program that satisfies national standards.143 This approach would avoid senseless exclusion of responsible companies while creating powerful, acrossthe- board incentives for all companies to be responsible even in the absence of an ongoing investigation.

There is simply no point in excluding or threatening to exclude a company that has a documented, state-of-the-art compliance system. Although it can and should punish such companies for proven fraud through traditional civil and criminal sanctions, the government does not need the authority to exclude such companies.

Americans participating in federal health care programs are better off with access to the products of such companies, and the public health in general (and the economy at large) will benefit from the continued survival of these companies. But exclusion should not be taken off the table completely; it should remain an option for companies that have not instituted such systems or for individuals who are truly personally culpable. This approach would use the leverage of exclusion to achieve the OIG's professed goal across the entire industry—all companies would be powerfully incentivized to adopt a strong corporate integrity program.

Other benefits to the system of justice and the health care system would naturally follow. Companies with certified corporate integrity programs, if subject to investigation for a violation, could fairly consider whether they believe they violated the law and could contemplate requiring the government to persuade the courts of its legal theory, factual allegations, and the true extent of its injury, rather than settling on excessive terms. Where—as was apparently true in the Stryker and TAP Pharmaceuticals cases and likely was true in others where no individuals were prosecuted— the government has overreached, companies and their shareholders, and not just individual employees, would have improved access to the benefits of trial by jury and the presumption of innocence. Contemplating the need to prove its case, the government's settlement and plea demands would be tempered to the extent trial might yield an acquittal or more realistic damages numbers. And to the extent that there is a genuine dispute about what the law requires, the courts (and not the unilateral views of prosecutors or OIG officials) would play the inherently judicial role of ultimately interpreting and articulating the requirements of the law.

The spirit of this proposal is consistent with both U.S. and international laws that seek to promote compliance by mitigating punishment for companies that have high quality corporate integrity programs when they err. For example, the U.S. Sentencing Guidelines give "credit" to companies that "had in place at the time of the offense an effective compliance and ethics program."144 The United Kingdom's Bribery Act of 2010 also allows companies to invoke a defense against a bribery charge if the company "had in place adequate procedures designed to prevent persons associated with [it] from undertaking such conduct."145

This proposal would also align exclusion of indirect providers with the driving philosophy behind debarment, which looks at the concrete steps taken by a company to assess whether it is exercising "present responsibility" in complying with federal laws. Debarment is available "only in the public interest for the Government's protection and not for purposes of punishment."146 The procedures governing debarment recognize this distinction, and require a contracting official to consider "the seriousness of the contractor's acts or omissions and any remedial measures or mitigating factors." Indeed, "before arriving at any debarment decision, the debarring official should consider": "[w]hether the contractor had effective standards of conduct and internal control systems in place at the time of the activity which constitutes cause for debarment or had adopted such procedures prior to any Government investigation of the activity cited as a cause for debarment."147

A company's adoption of a certified corporate integrity program would also remove any conceivable rationale for "nofault" punishments of that company's senior officers. To the extent the threat of no-fault punishment has a legitimate governmental purpose, it must be to encourage officials to make sure that the companies they run take appropriate steps to comply with the law. Where a company has implemented and maintained state-of-theart compliance systems as certified by an independent entity recognized by the government, there can be no legitimate reason to prosecute or exclude individuals on a no-fault basis because the entire purpose of the threat has been met by other means. Indeed, the incentive of removing the threat of RCO prosecution and no-fault exclusion of company employees and officers would further induce companies and their officers to implement and maintain certified compliance systems, thereby promoting more effectively the outcome the doctrine is intended to achieve.

Accordingly, set forth below are four recommendations for improving the government's approach to exclusion, beginning with proposed changes to the mandatory exclusion authority and followed by proposed refinements of the permissive exclusion authority and rules for holding individuals liable. These recommendations are not mutually exclusive; indeed, a combination of all four should be adopted to establish an exclusion regime that incentivizes broadbased compliance most effectively. If lawmakers choose the path of incremental progress, however, each recommendation can function as a standalone measure to help rationalize the current regime.

Recommendation 1: Repeal or Limit Mandatory Exclusion for Indirect Providers

Mandatory exclusion for indirect providers simply makes little policy sense: It shifts the decision-making from HHS (where it belongs) to the Department of Justice (where it does not), effectively depriving DOJ of the ability to indict for appropriate offenses where the consequence for the defendant would harm the public interest, and threatening—if DOJ ever were to indict—to deprive those who manage federal health care programs of discretion to ensure the availability of possibly unique medical products for program beneficiaries. There are at least two options for responding to these problems.

  • Option 1: Limit mandatory exclusion to direct providers through legislation.

    A legislative fix could be as simple as clarifying the language in 42 U.S.C. § 1320a-7(a) to apply only to those individuals and entities that submit claims for reimbursement directly to the federal government. This would sensibly leave all exclusion decisions relating to those who provide medicine and medical devices to the discretion of those who manage those programs.
  • Option 2: Revise DOJ's prosecutorial guidelines to prohibit the charging of any offense that carries mandatory exclusion of a company with a certified corporate integrity program.

This approach would build on the current version of the United States Attorneys' Manual, which already addresses many topics relevant to prosecution of corporate indirect providers, such as the presence of a robust compliance program,148 interagency consultation,149 and the potential effect on innocent third parties.150 In addition, the Manual requires prosecutors to weigh factors such as voluntary disclosure of problems, compliance with government laws and other standards, efforts taken by the company to remedy problems, the magnitude of the violation, alternative remedies that may be available, and the existence of a history or pattern of violations.151 Recognizing that the exclusion of a company that has a stateof- the-art corporate integrity program is counterproductive and unjustified, and that the threat of such an indictment interferes with defendants' rights to assert their innocence at a trial and stunts the development of the law as announced by judges, DOJ could simply take the possibility of an indictment for an offense requiring exclusion off the table for such companies. Unless and until a recognized independent certifying entity is in place, DOJ might refine the Manual: 1) to require prosecutors not to indict for an offense requiring exclusion of a company with a strong compliance program; and 2) to require that U.S. Attorneys' Offices obtain Main Justice approval before charging an offense that would trigger the mandatory exclusion penalty so that uniformity in assessment of such programs is achieved. Once a certification system is available to companies, the Manual could simply rely on that system to identify companies that benefit from this rule.

Recommendation 2: Promote Compliance through a Corporate Integrity Initiative

Permissive exclusion for indirect providers may be appropriate where the indirect provider poses a significantly elevated risk of violating the law, but it is inappropriate and misguided otherwise. As discussed above, eliminating exclusion of indirect providers with certified compliance programs creates an opportunity to align the availability of the sanction with its proper function, and thereby create healthy rather than perverse legal incentives. Either by legislation or regulation, the threat of exclusion can drive the establishment of a new compliance regime—one built on a strong foundation of consistent and comprehensive compliance standards— while at the same time eliminating its current interference with the proper functioning of the legal system. This recommendation would work best in combination with the previous recommendation to eliminate mandatory exclusion for indirect providers either by statute or prosecutorial guidelines. In any event, certifiably compliant companies ought not be subject to either discretionary or mandatory exclusion for the reasons discussed throughout this paper.

There are at least two mechanisms by which a Corporate Integrity Initiative could be implemented.152

  • Option 1: Legislation directing OIG to incentivize and recognize compliance industry-wide by promulgating and implementing a Corporate Integrity Initiative.

    Any legislation should have the following elements:
    • Direct OIG to create compliance standards for indirect providers through notice-and-comment rulemaking, thereby allowing opportunity for public input in the creation of those standards;
    • Require OIG to contract with an independent certifying body— ideally a private, non-profit organization—to certify, conduct periodic audits, and re-certify or de-certify companies as meeting the standards;
    • Provide that OIG may not exclude a company certified as satisfying the standards; and
    • Require the certifying entity to periodically reevaluate and revise the standards for certifying compliance to ensure that they remain state-of-the-art.
  • Option 2: Regulatory promulgation and implementation of a Corporate Integrity Initiative.

HHS has the power under the regulations to establish rules to govern permissive exclusion and align its availability with legitimate purposes. Any regulation should incorporate the same key features set forth above: identifying an independent certifying body; providing that exclusion will not be available for a company with a certified corporate integrity program; and requiring that the standards evolve over time and that companies be required to continue to meet the evolving standards in order to maintain their certification.153

The independent entity would be responsible for:

  • Monitoring and assessing companies' compliance efforts;
  • Accrediting the companies that have satisfied the standards established by the OIG;
  • Collecting data to determine best practices;
  • Working with companies to help them establish their respective compliance programs;
  • Maintaining and helping evaluate periodically the compliance standards established by OIG; and
  • Providing the information necessary to OIG so it can make enforcement decisions.

The management of this organization might include representatives from industry, government, patient groups, research organizations or think tanks, and other key stakeholders. To monitor and assess companies' corporate integrity programs, the independent body also could work with the existing Independent Review Organizations to handle the frontline reviews and assessments. Under the new regime, however, the independent body would set forth how the new reviews and assessments would work.154

Recommendation 3: Limit or Eliminate No-fault Exclusion

As set forth above, there are serious problems with OIG's current assertion that it has the authority to exclude an individual who had no knowledge of the alleged underlying misconduct committed by the company she serves. It is similarly problematic for an individual to face exclusion for having held a position at a company that had a certified corporate integrity program—particularly where the employee herself has taken steps to prevent wrongdoing. Exclusion of individuals inflicts enormous consequences on the individuals themselves, companies, and the public health, and it should never be imposed without adequate safeguards.

There are several options to mitigate these core concerns.

  • Option 1: Eliminate no-fault exclusion by making clear—in statutes, regulations, and/or guidelines—that individuals may not be convicted or prosecuted absent scienter.

    OIG could issue clear guidelines for invoking its permissive exclusion power against individuals that would strengthen the relationship between real responsibility for the crime and any punishment. For example: a) Establish a minimum mens rea—intentional, recklessness, gross negligence, or negligence—before the OIG may levy the exclusion penalty against an individual; b) require specific findings of an individual's wrongdoing or knowledge of the underlying wrongdoing before the OIG exercises its exclusion authority;155 and c) take the exclusion penalty off the table if an individual has taken certain steps to improve a company's compliance system and prevent violations of federal health care laws. This proposal could parallel the corporate integrity program concept for indirect providers facing exclusion.
  • Option 2: Provide that in the event a company has a certified compliance program, no-fault individual exclusion would not be available.

Recommendation 4: Curtail the Recent Expansion of the RCO Doctrine and Make Clear It Is Not Available for Employees or Officers of Companies With Strong Compliance Programs.

The recent executive branch expansion of the RCO doctrine raises many of the same concerns as no-fault exclusion. The solution is simple: A company that has a certified compliance program (as set forth above) should not be charged with an offense under the Responsible Corporate Officer doctrine. The FDA referral guidelines should provide that in the event a company has a certified compliance program, FDA regulators should not refer a case to a U.S. Attorney's Office for prosecution under the RCO doctrine. And the Manual should provide that prosecutors do not have discretion to charge individuals in a company with a certified compliance program on the basis of the RCO doctrine.156 In the absence of an available certification, FDA should nonetheless address the fundamental unfairness of the current referral guidelines, at a minimum returning to guidelines that faithfully reflect the spirit and letter of the Park decision.

IV. Conclusion

It is a rarity when a simple change in the law could mitigate multiple policy ills, but this is one of them. Exclusion from federal health care programs of companies that meet high standards of corporate integrity does not make sense, nor does "no-fault" punishment of individuals. Yet the threat of exclusion—under the mandatory and permissive rubrics—has produced huge and escalating settlements and plea agreements that increase costs of the health care system, has entirely foreclosed meaningful recourse to the courts to test the government's legal and factual theories, and has denied the courts their critical function of interpreting and articulating the law, thereby depriving all of us access to needed legal guidance. By encouraging the development of an independent certifying entity to establish and monitor compliance with stringent corporate integrity standards, and by incentivizing compliance with those standards by removing the threat of exclusion or no-fault punishment of employees and officers for certified companies, the federal government can, without sacrificing its ability aggressively to enforce the law and deter bad conduct, immediately accomplish a win-win: promoting state-of-the-art compliance across the industry, fairer outcomes of its investigations, and clearer legal rules for all.

To view all article footnote references (from p.48 onwards on the original publication), please click here.

Footnotes

1 Mr. Ogden is chair of the Government and Regulatory Litigation Group at Wilmer Cutler Pickering Hale and Dorr ("WilmerHale"). He served as the Deputy Attorney General of the United States from 2009 to 2010, and in that capacity played a role in developing the Health Care Fraud Prevention and Enforcement Action Team ("HEAT"), an initiative led by the Secretary of the Health and Human Services and the Attorney General and co-chaired by the Deputy Secretary and Deputy Attorney General. He also served as the Assistant Attorney General for the Civil Division at the U.S. Department of Justice from 1999-2001, where he spurred the United States government's enforcement of the False Claims Act. This paper would not have been possible without the excellent work of Madhu Chugh and Daniel Aguilar, and the authors are very grateful for their efforts.

2 Ms. Cook is a counsel in the Litigation/Controversy and Regulatory and Government Affairs Departments at WilmerHale. She served as the Assistant Attorney General for Legal Policy at the United States Department of Justice from 2008-2009.

Previously published in the U.S. Chamber Institute for Legal Reform

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.