Executive Summary Judging by the headlines, the federal government's efforts
to prosecute fraud against the government in health care have been
a great success. In the last decade, the annual fines imposed on
pharmaceutical companies alone have increased 813 percent and
approached a total of $25 billion in health care fraud recoveries,3
with more promised for 2012.4 But a deeper examination of these
numbers suggests that the headlines may not reflect reality, and
that there are significant problems with current enforcement of
anti-fraud statutes. A rational, effective, and fair health care fraud enforcement
system should: 1) impose appropriate penalties on companies and individuals who
defraud the government and generate appropriate recoveries for the
public fisc; 2) afford those who believe they are wrongfully
accused a meaningful opportunity to test the government's
charges against them; 3) allow the courts to serve as the ultimate
arbiter of the facts and the laws that govern the area, providing
clear notice of what the law requires; and 4) ensure that companies
that provide medicines and medical devices for patients in federal
health care programs adopt and operate the most effective corporate
integrity systems to minimize future violations. These should not be controversial points. Yet the enforcement
regime that has evolved in the United States over the last 15 years
does not reliably accomplish any of these basic goals. Indeed, a
review of the current enforcement regime reveals dysfunctional
dimensions. Preventing waste, fraud, and abuse in our health care system is
of course an important objective; billions of dollars are at risk,
and strong prevention and enforcement is critical. But the
government's goals for the health care system should be to
reduce fraud and reduce unnecessary costs. Measured against those
goals, the current enforcement headlines are more a mirage than an
indication of a successful enforcement program, and heaping on
larger and larger fines and/or punishing innocent people will not
fix the system and would be inconsistent with our core values. A relatively simple but fundamental change could promote
significantly improved corporate compliance across industry, help
restore the courts to their appropriate role in interpreting and
applying the law, thereby affording better notice of what the law
requires, and increase the fairness of outcomes in this area, all
while avoiding the jarring prospect of the federal government
choosing to punish the innocent on the theory that it will deter
the guilty. A substantial part of the dysfunction in the present enforcement
system emanates from a core flaw: the way the threat of
"exclusion" from federal health care programs is
utilized. Exclusion is an enforcement tool wielded (in the main) by
the Inspector General of the Department of Health and Human
Services ("HHS"), pursuant to which an individual or
company is banned for a period of time from participating in
federal health care programs, including Medicare and Medicaid.
Originally and for many years exclusion was applicable only to
so-called "direct" providers of products or services to
program beneficiaries—doctors and hospitals, for
example.7 But 14 years ago, HHS dramatically expanded
exclusion's potential reach by making entities that are
indirectly reimbursed for products prescribed to program
beneficiaries, including pharmaceutical and medical device
companies, subject to exclusion.8 There are effectively two types of exclusion that can apply to
companies. Under current regulations, a pharmaceutical or medical
device company faces "mandatory" exclusion from all
federal health care programs based on a variety of
statutorilydesignated offenses, whether or not the company provides
a valuable, unique, or essential product for program beneficiaries.
A company may also suffer "permissive"— or
"discretionary"—exclusion based on the HHS Office
of the Inspector General's ("OIG") judgment in a
range of circumstances, even, for example, when prosecutors decline
to indict. Extended to "indirect" providers, the threat of
exclusion therefore has enormous power. Put simply, because federal
programs constitute an enormous and growing portion of the
respective markets,9 essentially no pharmaceutical or
medical device manufacturer can survive exclusion. For that reason,
a concrete threat of exclusion—in the form of an indictment
for an offense mandating exclusion—itself threatens to
destroy a company in the way a mere indictment destroyed the
accounting firm Arthur Andersen.10 Thus, a company will
logically accept a settlement or plea agreement largely on the
government's terms so long as exclusion is not among them. In fact, ironically, as discussed below, exclusion is an
objectively undesirable outcome for federal programs and their
beneficiaries, because patients benefit from the products of the
companies in question. And so the OIG typically agrees not to
exclude pharmaceutical or medical device companies in exchange for
their adopting a "Corporate Integrity Agreement"
("CIA") requiring compliance practices approved by OIG,
and thus corporate exclusion in this area virtually never
happens.11 It might be thought, then, that the threat of
exclusion is an empty one, one that cannot be taken seriously by
companies considering whether to accept the government's
demands for settlements or guilty pleas. But to the contrary,
indictment for an offense carrying mandatory exclusion makes clear
that upon conviction, the interests of the federal government will
be irrelevant and exclusion will follow as a matter of law. And in
the charging process and the process of considering discretionary
exclusion, the fact remains that the balance of harms between the
company and the government entirely favors the prosecutors: While a
federal program and the care offered to beneficiaries will be
diminished by exclusion, unlike the company at issue, the federal
program will not be destroyed. Exclusion is likely an acceptable
(if sub-optimal) outcome for the government. But for companies, by
contrast, exclusion means destruction. This complete imbalance of
bargaining power drives the dysfunction of the present system,
compelling companies to accept settlements largely on the
government's terms, effectively without the power to contest
the government's theories of liability or damages in court. The public policy goals motivating the current enforcement
regime would be better served by a system that encouraged all
companies to adopt and maintain stateof- the-art corporate
integrity programs, certified as such by a rigorous and credible
third-party certifying organization. Exclusion should remain
available in appropriate cases for companies that do not adopt or
maintain a certified corporate integrity program, and for officers
or employees who acted with scienter (i.e., individuals
who are personally culpable). But for companies that have adopted
such programs, the threat of exclusion and nofault punishment of
officers and employees should be eliminated, so that federal
programs cannot be deprived of medical products produced by
companies with reliable compliance systems, and so that such
companies have a meaningful ability, when accused of wrongdoing, to
take their case to court if they believe they are not guilty or
that any violation has caused less harm than the government
contends. This proposed approach would retain the virtues of the present
system: strong deterrence and effective compensation for fraud and
other culpable behavior related to federal health care programs and
strong incentives for adopting aggressive corporate integrity plans
induced by the desire to avoid exclusion. Indeed, the proposed
approach would give companies powerful incentives to adopt and
maintain state-of-the-art corporate integrity programs. But this
new approach would also mitigate the extremely counterproductive
aspects of the current regime—the unfairness and enormous
inefficiencies produced by the outsized leverage it places in the
hands of government lawyers and agents and the way it functionally
ousts the courts from their role of applying and articulating the
law and protecting the rights of the accused. This paper proceeds in three parts. Part I sets forth the
background of the current enforcement regime, describing in detail
how the exclusion threat to pharmaceutical and medical device
companies works. It also explains "no-fault" exclusion
and sets forth the executive branch's aggressive interpretation
of the Responsible Corporate Officer doctrine as permitting the
criminal prosecution of innocent people. Part II describes the
serious public-policy problems created by this enforcement regime:
closing the doors to the courtroom, driving huge settlements that
in turn harm innovation, jobs, and the public health, and leading
to uneven corporate integrity programs across the industry. Part
III explores solutions and sets forth a proposal: To enhance
prevention of legal violations while preserving innovation and
lowering unproductive costs, exclusion of pharmaceutical and
medical device companies and no-fault liability for individuals
should be reshaped to incentivize and recognize state-ofthe- art
corporate integrity programs throughout the pharmaceutical and
medical device industries. Companies and individuals are subject to a wide range of
criminal and civil sanctions designed to deter and punish waste,
fraud, and abuse, among other wrongdoing in federal health care
programs. Unlike most other tools, the penalty of exclusion is
essentially binary—one is excluded or not;12 by
contrast, a criminal fine or civil damages can often be calibrated
along a spectrum to match the extent of the wrongdoing or to
achieve other legitimate government purposes.13 The exclusion authority has expanded significantly since 1965
when Congress enacted the Medicare and Medicaid programs. Congress initially confined the exclusion authority to
discretionary exclusion of health-care facilities such as hospitals
or extended care facilities that had failed to comply with the law,
to satisfy the qualifications for participating in a program, or to
submit necessary reimbursement information.14 This
authority reflected Congress's concern that the Secretary (of
what was then the Department of Health, Education, and Welfare)
should have the ability to prevent facilities receiving federal
monies from endangering the public health and harming the public
fisc. A little more than a decade later, in 1977, Congress expanded
the authority to allow the Secretary to exclude physicians, another
category of providers who, if not scrupulous, could endanger
individual patients and/or harm the public fisc.15 In 1987, Congress expanded the categories subject to exclusion
by identifying more than a dozen grounds on which the Secretary may
(but is not required to) exclude individuals and
entities.16 Today the Secretary may rely on 16 different
statutory grounds to exclude individuals or entities using her
discretionary authority.17 For example, "[t]he
Secretary may exclude ... individuals and entities from
participation in any Federal health care program" if they have
been convicted of certain misdemeanor offenses (under federal or
state law) relating to health care fraud,18 or other
convictions relating to other offenses that do not involve health
care fraud.19 The Secretary also has discretion to
exclude an individual or entity where she determines that it has
engaged in kickbacks or other prohibited
activities.20 Moreover, HHS may invoke exclusion even absent any conviction or
any action by the Department of Justice (DOJ) if OIG
"determines" that the "individual or entity has
committed an act" such as submitting false or improper claims,
fraud, kickbacks, and other prohibited activities.21 HHS
has issued its own guidance, which provides an "informal and
nonbinding" set of criteria exclude individuals and entities.
Today the Secretary may rely on 16 different statutory grounds to
exclude individuals or entities using her discretionary authority.
For example, "[t]he Secretary may exclude ... individuals and
entities from participation in any Federal health care
program" if they have been convicted of certain misdemeanor
offenses (under federal or state law) relating to health care
fraud, or other convictions relating to other offenses that do not
involve health care fraud. The Secretary also has discretion to
exclude an individual or entity where she determines that it has
engaged in kickbacks or other prohibited activities. Moreover, HHS
may invoke exclusion even absent any conviction or any action by
the Department of Justice (DOJ) if OIG "determines" that
the "individual or entity has committed an act" such as
submitting false or improper claims, fraud, kickbacks, and other
prohibited activities. HHS has issued its own guidance, which
provides an "informal and nonbinding" set of criteria to
help officials determine whether to impose discretionary
exclusion.22 These criteria include the degree of
cooperation by an entity or individual, the efforts of the entity
or individual to undo or mitigate the effects of misconduct, and
whether the entity or individual acknowledged its wrongdoing and
changed its behavior.23 These guidelines leave broad
discretion to OIG, maximizing the government's leverage during
settlement negotiations. Also in 1977, Congress introduced the notion of
"mandatory" exclusion, which at that time was to be
imposed only upon physicians and individual practitioners—
who submit claims for reimbursement directly to the federal
government—when they are convicted of specified
crimes.24 Under the current statute, the Secretary
"shall" exclude individuals and entities that
have been convicted of: (1) "a criminal offense related to the
delivery of an item or service" under Medicare or Medicaid;
(2) "a criminal offense relating to neglect or abuse of
patients in connection with the delivery of a health care item or
service"; (3) "a felony relating to fraud, theft,
embezzlement, breach of fiduciary responsibility, or other
financial misconduct" in connection with the delivery of a
health care item or service; or (4) "a felony relating to the
unlawful manufacture, distribution, prescription, or dispensing of
a controlled substance."25 Mandatory exclusion
carries a minimum term of five years,26 and the term can
be increased based on various aggravating factors up to permanent
exclusion.27 Whereas "discretionary" exclusion—like other
forms of debarment common in the federal procurement
system28—is administered by the agency (now Health
and Human Services) responsible for achieving the goals of the
program, making exclusion mandatory for certain criminal offenses
has the consequence of shifting the decision-making about exclusion
from HHS and those responsible for program integrity and the
accomplishment of program objectives to the federal prosecutors who
decide whether to charge potential defendants with the offenses
that would trigger mandatory exclusion.29 If a company
is convicted of such an offense, it must be excluded, even
if it has state-of-the-art compliance, even if the violation was
aberrant and the work of rogue employees, and even if the
company's products are particularly important to patients
dependent on Medicare, Medicaid, or other federal health care
programs. Similarly, mandatory exclusion applies across entire
companies; it is not tailored or limited to particular products
linked to wrongdoing. Thus, mandatory exclusion removes
discretionary control over the continuing availability of certain
medicines and medical devices from the agency (HHS), with the dual
mission of both ensuring access to health care and also preventing
waste, fraud and abuse, and vests control instead within another
(the Department of Justice) that is charged in relevant part
principally with enforcing the criminal law.30 For the first 21 years after enactment of mandatory
exclusion—consistent, in our view, with Congressional intent,
as well as good policy—HHS confined its application to
so-called "direct" providers, i.e., those who are
directly reimbursed by federal payors.31 HHS expressly
and consciously stated that the mandate would not apply to
so-called "indirect" providers, such as pharmaceutical
companies.32 As discussed below, HHS changed this
approach—in our view unwisely—in 1998.33 In 1996, Congress again addressed the exclusion authority by
adding 42 U.S.C. § 1320a-7(b)(15), which expands the
Secretary's permissive exclusion authority to reach owners,
officers, or managing employees of a "sanctioned
entity."34 Pursuant to this authority, the
Secretary may exclude individuals who are officers or managing
employees of companies that have been convicted (whether at trial
or by plea) of particular offenses or of companies that have been
excluded. This authority allows for exclusion of an individual even
where the company she works for has not been excluded. Critically,
HHS has also interpreted this statutory provision to enable it to
exclude individual employees of sanctioned companies, even if
the individuals did not themselves engage in or even know anything
about any wrongdoing, indeed even if they had worked hard to
prevent violations of that or any kind.35 In October 2010, OIG issued factors to guide its discretion in
making such individual exclusion decisions.36 OIG has made clear
that it believes it can exclude literally any officer or executive
of such a company, though (thankfully) it has made clear it does
not intend to impose the sanction on every person against whom the
power might be invoked. Given the broad categories of people
theoretically subject to the power, meaningful guidance with
respect to who will be singled out for this punishment is plainly
essential. Yet in stark terms the new guidance deliberately imposes
no restraint whatever on the imposition of this draconian sanction:
"With respect to officers and managing employees, the
statute includes no knowledge element. Therefore, OIG has the
authority to exclude every officer and managing employee of a
sanctioned entity."37 The guidance further
declares that OIG may exclude individuals "based solely on
their position within the entity."38 Having
provided very little direction in the first place, the guidance
goes on to make clear that in any event it is
"nonbinding," "may be subject to modification at any
time," and is "not intended to limit OIG's
discretionary authority."39 As if this were not enough to worry about, the OIG's new
guidance treats individual culpability in a particularly troubling
fashion. Rather than provide that a lack of personal involvement in
the alleged crime creates at the very least a presumption
against exclusion—as traditional notions of justice
would seem to require—the guidance asserts that "when
there is evidence that an officer or managing employee knew or
should have known of the [underlying mis]conduct, OIG will operate
with a presumption in favor of exclusion."40 In
other words, entirely innocent officers or managing
employees—even those who are not even negligent—do not
have the benefit even of a minimal presumption against exclusion.
Nor does any favorable presumption protect individuals who took
steps to encourage compliance by the company.41 OIG defends this approach as necessary to provide sufficient
deterrence, an apparent admission that its approach is otherwise
not working properly.42 But OIG does not acknowledge
that its approach is fundamentally out-of-step with basic notions
of fairness. B. The Expansion of Exclusion to Pharmaceutical and
Medical Device Companies and Their Employees As noted above, until September 1998, the threat of exclusion
did not apply to "indirect" providers or the employees of
indirect providers. But then, for the first time, OIG applied the
exclusion authority to "indirect" providers of health
care services, bringing entities such as pharmaceutical drug and
medical device manufacturers within the scope of the exclusion
power.43 This was a true sea change. Yet OIG implemented
this enormous expansion of its exclusion power by regulatory fiat
without new congressional authorization.44 Extension of mandatory exclusion to indirect providers brings
with it significant potential adverse consequences for the public
health. Some medicines and medical devices have no equivalent, and
the exclusion of an indirect provider could mean that unique or
difficult-to-substitute medical products become immediately
unavailable to Medicare and Medicaid beneficiaries nationwide; a
company's ability to bring its product to the general market
therefore is subject to an existential threat. Even for other
medicines, serious restriction of the supply of products doctors
prescribe for patients to alleviate suffering or ameliorate disease
restricts available options for the beneficiaries of health care
programs and, moreover, threatens the economic survival of the
producer over the immediate and long term, which in turn threatens
to reduce the supply of its products to the public as a whole. Yet
despite the dramatic change in policy and potential consequences,
the regulatory expansion occasioned relatively little commentary at
the time. C. Towards Strict Liability: Expanding the Responsible
Corporate Officer Doctrine In addition to the stark threat of exclusion, the government has
increasingly invoked a different doctrine—the so-called
Responsible Corporate Office (RCO) doctrine—to hold strictly,
criminally liable the officers of pharmaceutical and medical device
companies for offenses they did not themselves commit.45
Prosecutors have recently argued explicitly that the Federal Food,
Drug, and Cosmetic Act (FDCA) "uniquely requires no proof
of intent or actual knowledge of the violations by the Corporate
Officials to establish their guilt for the misdemeanor
offense."46 Though a misdemeanor, a no-fault RCO
conviction is by no means a trivial matter; it can serve as the
basis for substantial fines and penalties, and/or imprisonment, and
as the basis for career-ending exclusion. Under the RCO doctrine,
DOJ obtained a conviction and HHS imposed exclusion on three
employees of the Purdue Frederick Company without ever showing that
they had "awareness of some wrongdoing."47 First embraced by the Supreme Court nearly 70 years ago in
United States v. Dotterweich, the RCO doctrine allows
executives and managers to be held criminally liable under the FDCA
for actions taken by others that result in violations of the FDCA
or for failure to take actions that could have prevented violations
of the federal public health statute.48 The Court
explained that the statute "dispenses with the conventional
requirement for criminal conduct— awareness of some
wrongdoing"—because "[i]n the interest of the
larger good it puts the burden of acting at hazard upon a person
otherwise innocent but standing in responsible relation to a public
danger."49 Then forty years ago, in United States v. Park, the
Supreme Court once again upheld the notion that executives may be
held criminally liable for having some "responsible
relationship" to the FDCA violation.50 In
Park, the Court assumed that there would only be minor
penalties for a misdemeanor, strict liability offense.51
The Court did not contemplate that RCO crimes might serve as the
basis for the harsh penalty of individual exclusion, because as
noted, such exclusion was not a feature of the landscape in 1975.
Nor did the Supreme Court contemplate that conviction of this
offense might carry increasingly significant fines. Most important,
the Supreme Court's decision in Park followed
assurances made by the Solicitor General on behalf of the United
States that the doctrine would be invoked with careful discretion
and ordinarily only after particular requirements were
met—including the limitation that prosecutors would not
invoke the doctrine unless the prospective defendant, like the
defendant in Park itself, had actual prior knowledge of
the violations. The United States assured the Court that the FDA
"will not ordinarily recommend prosecution unless that
official, after becoming aware of possible violations, ...
has failed to correct them or to change his managerial system so as
to prevent further violations. In those instances where prosecution
is brought, it is brought for past, as well as the most recent,
violations."52 The Solicitor General also submitted
to the Court that: The government is interested in the prevention and correction of
conditions potentially dangerous to the public health and welfare,
not in prosecution for its own sake. Accordingly, FDA's
standards for reference of cases to the Department of Justice for
prosecution embrace the following categories: continuing violations
of law ...; violations of an obvious and flagrant nature ...; and
intentionally false or fraudulent violations.53 The Supreme Court in Park in turn recognized the
importance of sound prosecutorial judgment in charging a crime with
a minimal mens rea requirement: The Court [has] recognized that, because the [FDCA] dispenses
with the need to prove "consciousness of wrongdoing," it
may result in hardship even as applied to those who share
"responsibility in the business process resulting in" a
violation. ... "In such matters the good sense of prosecutors,
the wise guidance of trial judges, and the ultimate judgment of
juries must be trusted."54 And consistent with those assurances to the Supreme Court, for
many years the FDA, which investigates potential violations of the
FDCA and refers cases to U.S. Attorneys for prosecution, issued and
adhered to guidelines limiting the circumstances when the RCO
doctrine would be invoked. For example, the 2007 referral
guidelines stated that "the agency ordinarily exercises its
prosecutorial discretion to seek criminal sanctions against a
person only when a prior warning or other type of notice can be
shown. Establishing a background of warning or other type of notice
will demonstrate to the U.S. Attorney, the judge, and the jury that
there has been a continuous course of violative conduct and a
failure to effect correction in the past."55 The
FDA also made clear that one episode of wrongdoing ordinarily would
not trigger criminal referral to prosecutors: "With the
exception of prosecution recommendations involving gross, flagrant,
or intentional violations, fraud, or danger to health, each
recommendation should ordinarily contain proposed criminal charges
that show a continuous or repeated course of violative
conduct."56 In January 2011, the FDA performed an about-face and effectively
disavowed the Solicitor General's representations on which the
Supreme Court relied in Park and discarded safeguards
previously contained in its referral guidelines.57 Under
the newly-minted standards, knowledge, a pattern of wrongdoing, and
prior notice of possible violations are no longer ordinarily
required to support referral for prosecution. Instead, the new
referral guidelines state: "Knowledge of and actual
participation in the violation are not a prerequisite to a
misdemeanor prosecution but are factors that may be relevant when
deciding whether to recommend charging a misdemeanor
violation."58 The new guidelines also dispense with
the previous language that "each recommendation should
ordinarily contain proposed criminal charges that show a continuous
or repeated course of violative conduct."59
Finally, the new guidelines omit the provisions stating that FDA
officials should ordinarily provide a prior warning or some type of
notice to prospective defendants before pursuing criminal charges.
And these new guidelines now have particular salience for officers
of pharmaceutical and medical device manufacturers, because they
have increasingly been threatened with RCO
prosecutions.60 The threats of exclusion of companies, exclusion of individuals,
and strict liability prosecution of individuals are not necessary
to adequately punish those companies and individuals who engage in
unlawful conduct. Wholly apart from those tools, the existing
enforcement regime imposes substantial punishments. With respect to
corporate defendants, the government may impose very substantial
civil and criminal penalties, including damages and
fines.61 For instance, under the civil False Claims Act, the government
can collect damages of three times the amount improperly claimed,
or three times the amount remunerated as part of an illegal
kickback.62 Where the "items" are prescription
drugs or medical devices, the statutory damages penalties can
extend into the hundreds of millions or beyond. Criminal penalties
are additive and very severe. Organizational defendants can be
fined up to $500,000 for each felony offense or up to twice the
gross pecuniary gains from their offenses.63 Health care
specific crimes, such as felony violations of the anti-kickback
statute or false statements made in applications to federal health
care programs, can yield fines of $25,000 per
violation.64 Similarly, individual officers or employees convicted of such
offenses face large fines and significant jail terms. Like
organizations, officers and employees are subject to fines for each
service falsely claimed and each illegal kickback.65
Individuals face criminal fines up to $250,000 for felonies,
$100,000 for Class A misdemeanors, or twice the gross pecuniary
gains or losses caused by their crime.66 They may be
imprisoned for five years for illegal kickbacks,67 false
statements,68 false statements to receive payment from
federal health care programs,69 or obstructing a federal
audit,70 and up to twenty years if convicted of wire or
mail fraud.71 Moreover, these penalties are available under a wide range of
legal theories of liability. The government has pursued, among
others, theories of criminal liability for criminal false
claims,72 knowingly making false statements to the
government,73 intentional obstruction of a federal
audit,74 mail fraud and wire fraud,75 and
various conspiracy statutes.76 Given the gravity of these potential consequences singly and
collectively, it is not plausible to suggest that absent exclusion,
guilty parties cannot be punished adequately. Therefore, as a
punishment, exclusion is not needed. Moreover, properly
conceived, exclusion's purpose is not punishment; its proper
purpose is protection of the system from providers who carry an
undue risk of future violations. With respect to companies that can
demonstrate an appropriate commitment to complying with the law
going forward, exclusion imposes unneeded harms on the public and
government programs as well as on the defendant. Exclusion's
purpose, put simply, should solely be to eliminate from federal
programs those companies that cannot show a sufficient commitment
to complying with the law going forward. Insofar as it operates as
an additional deterrent beyond the others the law imposes, it
should operate generally to encourage companies to maintain systems
to reduce the risk of violations as much as possible. II. The Detrimental Consequences of the Current
Enforcement Regime In the first instance, it is fair to question whether HHS's
1998 extension of exclusion to indirect providers makes sense at
all; there are good arguments that it does not. Even if the
expansion is retained, mandatory exclusion, no-fault exclusion of
individuals, and the exclusion of companies with a demonstrated
commitment to compliance are particularly pernicious and should be
abandoned. Other than in isolated locations, such as rural areas where a
particular hospital may be the only option, a medical facility or a
particular physician that has committed a serious violation of the
law can typically be excluded without severe consequences for the
public. And with respect to such isolated locations, HHS has the
authority to waive even "mandatory" exclusion to ensure
that such harms do not occur.77 But there are far fewer
alternatives to medicines and medical devices. Like rural
hospitals, they are less readily fungible.78 Yet no
exception seems clearly to apply to pharmaceutical and medical
device companies. Consequently, the practical effect of exclusion
of such companies would almost invariably be damaging to the
public. Presumably, this is why pharmaceutical and medical device
companies are excluded infrequently, and why those that are
excluded do not hold significant market shares for a given type of
drug therapy or medical device.79 Exclusion in these industries, therefore, typically remains just
a threat. Yet it is a real threat that no rational company can
test. Although the Justice Department is unlikely to convict (or
perhaps even to indict) a company that produces health care
products of importance to the public for an offense that carries
mandatory exclusion, and although OIG is unlikely to choose to
exclude such a company as a discretionary matter, the government
could pursue exclusion simply to make an example of a company that
was not willing to accept the government's terms. In any given
case, therefore, the threat of exclusion is not empty and may not
be a bluff. The value of exclusion in this area for the government,
then, is exclusively its power to help coerce pleas or settlement
agreements, including Corporate Integrity Agreements. With mandatory exclusion as a consequence of certain offenses,
federal prosecutors have significant leverage in crafting the
indictment not only to charge the gravest possible
offense,80 but also to induce a plea to a charge that
does not carry mandatory exclusion.81 A company may be
able to survive a massive settlement, as the market generally
recognizes,82 in part because prosecutors in reality can
push a settlement amount only to the limit of what a company can
afford to pay. The same is not true of exclusion. 1. The Exclusion-Driven Settlement Regime Largely
Prevents Judicial Articulation of the Law The first consequence of the outsized leverage afforded by the
exclusion power is that it serves as a powerful disincentive to
contest the government's allegations, and thus largely
eliminates judicial superintendence of the law. Rather than develop
through judicial application of the statute and precedents, the law
develops through prosecutorial imposition effectively unchecked by
the courts. Judges do not have an opportunity to play their
assigned role because cases are almost invariably resolved prior to
indictment. As a result, virtually all of the substantive guidance
about the types of behavior pharmaceutical, medical device, and
other health care companies should avoid so as not to trigger the
exclusion penalty (or other sanctions) comes from indictments, plea
agreements, settlement releases, and similar sources, and not from
judicial opinions applying the law in principled ways to specific
instances of conduct. As this vague body of prosecutorand OIG-developed law evolves,
the government seems not to prize developing clear rules of the
road, but instead, prizes maximizing government discretion to
redraw the road itself after companies have tried to traverse it.
To take one example: The scope of the key phrase "related to
the delivery of an item or service" under 42 U.S.C. §
1320a-7(a)(1), is not immediately apparent on its
face.83 OIG has maximized executive discretion by
refusing to clarify the phrase "delivery of an item or
service," stating in a 1992 rule that: We have decided not to define this term. This term has served as
the basis for exclusions from Medicare and Medicaid for many years
and the absence of a definition of the term has not posed any
serious problems. The OIG assesses each conviction on a
case-by-case basis to determine whether it falls within the ambit
of the statutory language— that is, whether it is related to
the delivery of an item or service under one of the
programs—and each of those determinations is quite
fact-specific. We believe that it will continue to be more
effective to make these determinations on a case-by-case basis than
to attempt to define the phrase further.84 Although agencies are typically entrusted to interpret and
enforce the statutes they administer,85 leaving
companies at the explicit mercy of ad hoc determinations by agents
of the Executive Branch is a poor way to run any system of laws and
certainly a poor way to govern an industry on which the public
depends for products that save lives and alleviate human
suffering. The benefit of judicial decisions, of course, is that over time
they articulate what is unlawful and what is not, and companies and
individuals can rely on those pronouncements as they formulate
their behavior in the marketplace. With the exclusion-driven
settlement regime, however, not only do the players in the health
care field lack meaningful opportunities to obtain consistent and
transparent decisions informed by a thoughtful analysis of the
prior precedent in this area, but relying on prosecutors to shape
the rules may distort the substantive law.86 The government's record in cases in which individuals have
challenged the government's case suggests the harm done by
denying meaningful recourse to the courts. For example, in 2009, a
grand jury indicted Stryker Biotech, LLC, its president, the head
of the sales force, and two regional managers on various felony
charges arising out of the company's alleged off-label
promotion of two products.87 The prosecutors had told
the court that the case would last two months and involve more than
70 witnesses. But during opening statements, the defense informed
the jury that the government had not even spoken to any of the
doctors who had allegedly been defrauded by Stryker's
scheme.88 According to defense counsel, those doctors
were willing to testify on the defendants' behalf that
"[t]he defendants did not lie to them; the defendants did not
deceive them; the defendants did not defraud them in any
way."89 Shortly thereafter, the government dropped
all the felony charges against the company in exchange for a
misdemeanor plea and a fine from Stryker, and it dropped all
charges against the individual defendants. The government had not
even completed the direct examination of its first
witness.90 The case was almost over before it began, and
was seen as a major embarrassment for the U.S. Attorney's
Office for the District of Massachusetts, which brought the
case. A decade ago, the government charged TAP Pharmaceutical
Products, Inc., with conspiracy to defraud the government by
handing out free drug samples to physicians, who would then bill
the government for reimbursement.91 Facing
exclusion,92 TAP agreed to pay a combination of criminal
and civil fines totaling $875 million.93 The government
then prosecuted thirteen TAP employees on the same grounds, though
several were dismissed from the case before it reached the
jury.94 The jury considered the evidence against eight
remaining defendants and acquitted each and every one of
them.95 In light of the verdicts, the court ordered that
the single employee who pleaded guilty ought to have her guilty
plea vacated—the government eventually dismissed all charges
against her.96 Yet the conviction of the company, and
its almost one billion dollars in fines and penalties, stood. With companies lacking the genuine ability to contest the
government's allegations and legal theories in court, the
second inevitable consequence of the threat of exclusion is the
inevitability of settlement at virtually any amount the government
demands. The quantum of settlement in large cases typically
correlates not to the magnitude of the offense or any harm to the
public, but instead correlates to a company's perceived ability
to pay, or the government's apparent desire to announce a
settlement larger than it obtained from the last company. For
example, between January 2009 and December 2011, DOJ recovered $8.7
billion through False Claims Act cases—which it accurately
heralded as the largest three-year recovery total in the
Department's history and more than onefourth of the total FCA
recoveries during the last 25 years.97 Over those three
years, the Department of Justice more than doubled its recovery of
monies from health care fraud cases, achieving record-breaking
recoveries the last two years.98 In FY 2011 alone,
approximately $2.4 billion of the $3 billion obtained through FCA
settlements and judgments came from companies in the health care
industry.99 And the vast bulk of these recoveries are
obtained from legitimate companies providing medicines or medical
devices, pursuant to doctors' orders, that save or
substantially improve patients' lives. They are not obtained
from the clearly reprehensible, fraudulent operations that have
been much and appropriately publicized, such as phony medical
clinics or prescription mills, which are typically not able to pay
the enormous amounts that underwrite the Department's dramatic
totals.100 It must be acknowledged that, from one perspective, the federal
government has incentives to increase the size of payments in
penalties over time by pharmaceutical, medical device, and other
legitimate companies operating in the health care industry. In
these times of budget deficits, bringing billion-dollar settlements
into the public fisc has appreciable advantages. Moreover,
unfortunately, the increasing nature of these settlements has
become synonymous with success for the prosecutors. To be sure,
companies that engage in wrongdoing can and should be punished
appropriately. And illegal actions that impose significant harms on
the government require significant penalties. But the escalation of
fines and penalties on productive businesses places a substantial
tax on the health care system that in itself creates a public harm.
And a system in which the legal and factual theories underlying
those settlements cannot be tested in court is a broken system. Indeed, these outsized settlements have consequences. The money
to fund them must come from somewhere, whether it be from a
company's profitability (to the detriment of shareholders and
the market generally) or from the amount of money invested by these
companies to develop innovative new drugs and devices to fight
diseases and chronic illnesses. Sizable payments to settle civil or
criminal allegations are heavy costs borne by the private health
care sector that may result in cuts to research and development
budgets or marketing budgets that educate the public about drugs or
devices that might improve or save their lives. Studies show that
cutting research and development expenditures contributes to the
already significant job loss being experienced by the
pharmaceutical industry.101 Multi-million or
multi-billion dollar payments by a company exacerbate the loss of
its capital to support innovation and loss of jobs in an industry
that is among the country's most productive and during a time
when the United States remains in the forefront of pharmaceutical
and medical device innovation. Ironically, in other contexts, the government itself has
recognized the distorting and counterproductive effect of mandatory
exclusion, rejecting suggestions that it would be good policy to
provide for mandatory debarment for Foreign Corrupt Practices Act
violations: [Mandatory exclusion] might have some deterrent effect, [but]
that remedy would likely be outweighed by the accompanying decrease
in incentives for companies to make voluntary disclosures,
remediate problems, and improve their compliance systems. ... The
purpose of debarment proceedings historically has been to protect
the public fisc, not to deter or punish wrongdoing. Linking
mandatory debarment to a criminal resolution would fundamentally
alter the incentives of a contractor-company to reach an FCPA
resolution because such a resolution would likely lead to the
cessation of revenues for a government contractor—a virtual
death knell for the contractorcompany. Similarly, mandatory
debarment would impinge negatively on prosecutorial discretion. If
every criminal FCPA resolution were to carry with it mandatory
debarment consequences, then prosecutors would lose the necessary
flexibility to tailor an appropriate resolution given the facts and
circumstances of each individual case.102 Yet the Department of Justice's concerns about the harms
mandatory debarment would do if imposed in the FCPA context play
out every day in the health care fraud arena. C. The Current Permissive Exclusion Regime Is a Missed
Opportunity for Consistent, Optimal Compliance Companies under investigation for health care fraud must satisfy
not only the prosecutors with respect to civil settlement and
criminal plea terms but also must resolve with OIG the question of
exclusion: Even if there is not a conviction for an offense
mandating exclusion, OIG will have to determine whether to
exercise its permissive exclusion authority. Although
discretionary, permissive exclusion has the same adverse collateral
consequences, and the threat of it is therefore as severe.
Permissive exclusion provides OIG power to pressure indirect
providers to accept the government's terms during negotiations,
even where there has been no opportunity to test the OIG's
assertion that it has prima facie proof of wrongdoing by the
entity.103 At the same time, permissive exclusion raises unique questions,
given the discretionary nature of the authority and the lapse in
time that will unavoidably occur between alleged misconduct and a
determination as to whether exclusion will be pursued. Offenses
that can give rise to permissive exclusion can be the result of
conduct by employees long-since departed, of a company that was
acquired by new management after the alleged wrongdoing, or of
conduct that occurred prior to the implementation of a robust
corporate integrity program. In lieu of permissive exclusion, almost as a matter of course,
OIG requires "indirect providers" to enter into Corporate
Integrity Agreements designed to enhance compliance and prevent the
recurrence of offenses. It is safe to say that OIG is not
accomplishing its twin goals, as evidenced partly by the fact that
corporations have agreed to hundreds of CIAs in the last few
years.104 Moreover, the problems with this approach are
two-fold: First, by imposing CIAs on a one-off basis at different
times with different companies, OIG has created an inconsistent and
ad hoc compliance regime across the industry. Second, as discussed
in detail below, although offering real benefits, it is not clear
that the CIAs facilitate optimal compliance. Both the OIG and the
industry agree on the value of corporate integrity
programs—the question is how best to achieve
them.105 With the adoption of the Federal Sentencing Guidelines for
Organizations (FSGO or Guidelines) nearly 20 years ago, the
Sentencing Commission recognized the significant value of corporate
compliance programs for preventing and reducing criminal activity
and achieving larger public policy goals, including the more
efficient functioning of federal government programs. The
Commission explained that pushing companies to institute robust
compliance programs could "reduce and ultimately eliminate
criminal conduct by providing a structural foundation from which an
organization may self-police its own conduct through an effective
compliance and ethics program."106 These hopes were
realized, at least in part. Reflecting on the impact the Guidelines
had made since their inception, the Ethics Resource Council has
concluded that "evidence shows that the Guidelines have
achieved significant success in reducing workplace misconduct by
nurturing a vast compliance and ethics movement."107 Moreover,
"employees in companies with effective, meaningful codes of
conduct and programs based on the FSGO witness fewer incidents of
misconduct, and are far more likely to report misconduct when
observed."108 But in some respects, the results
also have been limited, in part because "criminal cases
against bigger corporate defendants are largely being detoured
around the judges for whom the Sentencing Guidelines were
intended."109 In other words, the extraordinary
pressure to settle cases has deprived companies of a neutral
arbiter not simply for purposes of determining liability, but just
as importantly, for determining the type and size of the penalty
inflicted on a company. In addition to the Sentencing Commission, DOJ has repeatedly
recognized the value of compliance programs. When considering
whether to charge a corporation, the Principles of Federal
Prosecution of Business Organizations in the U.S. Attorneys'
Manual ("Manual" or "USAM") directs prosecutors
to determine, among other things, whether a company has a
well-designed compliance program.110 As one former
Department official explained: "[I]f you really want to deter
white-collar crime, the best weapon is an effective compliance
program. ... [C]orporate criminal liability should incentivize
corporations to establish effective compliance
programs."111 And similarly, as one author of this
paper has consistently maintained, "we in the legal
profession—prosecutors, defense lawyers, and corporate
counsel alike— ... have a common interest ... in making
certain that responsible corporate citizenship is encouraged and
rewarded."112 Yet as with the Sentencing
Guidelines, it appears that "there is little hard evidence
that organizations are receiving the promised consideration for
their compliance programs and prosecutors rarely point to
compliance/ethics programs when publicly discussing case
resolutions."113 OIG has similarly embraced compliance programs as part of its
wholesale strategy to reduce and prevent health care fraud, at
least on paper: "OIG dedicates significant resources to
promoting the adoption of compliance programs ... as an essential
component of a comprehensive antifraud
strategy."114 And OIG has issued numerous guidance
documents geared toward sectors of the health care
industry—including pharmaceutical manufacturers, hospitals,
and physician practice groups—to help these key players
understand the facets of effective corporate integrity programs
that OIG expects these key players to institute in their respective
business models.115 But OIG's approach of
negotiating CIAs on a one-off basis yields a piecemeal approach
that achieves less than it might in at least two ways. Today, most if not all of the major participants in the
pharmaceutical industry have entered into CIAs to resolve
allegations of actual or perceived wrongdoing. But these CIAs are
entered into at different times, driven by the timing of government
investigations, and have different substantive terms, defined
through bilateral negotiations. Each CIA typically lasts about five
years, which means some market participants are just starting CIAs
while others are in the middle of the term, and still others are
cycling off. The result is inconsistency across the industry and a
piecemeal body of quasi-law that offers only glimpses of what may
be the relevant standard of conduct.116 There are better
ways to establish industry-wide best practices. Moreover, the terms of CIAs vary from company to company. For
example, regarding the time allotted to train negotiated CIA
requires half as much training time as Merck's negotiated CIA
requires. Eli Lilly must provide twice the training to covered
persons as Allergen must provide, but Eli Lilly is not required to
provide training for board members at all. By contrast, their
negotiated CIAs require Allergan, Forest Labs, and Novartis to
train board members. Pfizer's negotiated CIA requires a
Compliance Review program undertaken by the Audit Committee, while
the Novartis CIA requires a Compliance Review program undertaken by
the Board, while imposing a requirement on Novartis that it retain
an independent compliance expert to oversee the review and prepare
a written report.117 Some negotiated CIAs apply to subsidiaries and parent companies,
while others do not; some define covered persons to include
development personnel, while others do not; some require scope of
management certifications from a broad range of personnel, while
others do not; and some require compliance policies in more than
twenty areas, while others require them in fewer than five
areas.118 Although some of these differences may be
explained as the development and refinement of best practices over
time, and others may reflect differences in the underlying conduct
that gave rise to the investigation, it simply cannot be the case
that optimal compliance is achieved where similarlysituated
companies must satisfy different requirements imposing different
costs and different constraints during different time periods. Nor,
obviously, do such differing obligations create a level playing
field for companies compelled to operate under different sets of
rules than their competitors. Given that it has engaged virtually
every major company in the industry, the government should not have
a role in creating an uneven competitive playing field, if that can
be avoided. There are legitimate concerns that, in addition to promoting a
lack of uniformity across the industry, CIAs may not be
facilitating optimal compliance even within a given
company.119 Negotiated CIAs tend to be
backwards-looking, shaped by a particular type of violation or
offense the government believes it has identified, rather than a
systemic analysis of the compliance risks a company will face going
forward.120 And negotiated CIAs tend to be inflexible
while in force, even if the compliance risks change.121
Thus, for example, if a company allegedly violated regulations on
promoting off-label uses for drugs, its negotiated CIA might center
on promotional materials. But an independent, contemporaneous risk
assessment might show that increased clinical trials or other
activities expose the company to antikickback vulnerability
requiring special measures, while the promotional issues had
already been addressed by the company when the government
investigation first came to light. Typically, companies under a CIA are subject to annual reviews
by Independent Review Organizations ("IROs"), but most
CIAs do not explicitly require companies to engage in a specific
process to identify compliance risk.122 And the IRO
reviews focus on compliance with the negotiated CIA, without
necessarily taking a step back to see if compliance has been
institutionalized as a business matter and incorporated to support
a core value or goal of a company. Compliance officers also have an
obvious professional incentive to focus on demonstrating compliance
with the CIA, rather than developing comprehensive goldstandard
compliance regimes that will anticipate and reduce the potential
for any category of fraudulent or illegal behavior. Moreover, negotiated CIAs imposed by the OIG generally evolve by
accretion; OIG tends to insist that a new CIA must incorporate all
features of previous CIAs while imposing additional requirements.
Although, with this approach, negotiated CIAs might be able to
evolve and establish new "best practices" in the
industry,123 companies are frequently required to retain
requirements from old CIAs even where they have no demonstrated
value, or even if there are intervening legal
changes.124 Further, like IROs, under negotiated CIAs, companies often
emphasize demonstrable compliance with the CIA (a
rules-based approach), rather than instituting more effective but
less auditable approaches. For example, as recently recognized at
an OIG-hosted roundtable discussing CIAs, companies may train
online because it is easier to demonstrate that individuals have
completed computerbased training modules.125 In-person
training may be more effective for a given company, but because it
is harder to audit and demonstrate compliance with a training
requirement, online training becomes the default. Similarly, for
large entities, a requirement to train all covered persons annually
can lead to training that is at a higher level of generality than
optimal—to meet the CIA requirements, entities may not have
the time or resources to differentiate between sales
representatives on the one hand, and those in research and
development on the other. Finally, government auditors are not expected to have experience
with business imperatives or any knowledge of the pharmaceutical
industry generally, and as a result they may impose requirements
that simply do not make sense for the industry. For example, some
negotiated CIAs now require lawyers instead of compliance officers
to "ride-along" for marketing calls, even though
compliance officers may be better equipped to identify and minimize
compliance risks, particularly on a real-time basis, and
comprehensive legal training is not essential to success. These
agreements may therefore not best harmonize the interests at stake,
namely compliance with the law without chilling innovation and
growth of the national economy and promotion of the public health,
because they emanate from a negotiation in which the enforcement
authorities make the decisions and hold all the cards, yet lack
relevant technical, business, or public health expertise. Having noted these shortcomings, negotiated CIAs have benefits,
and OIG's practice of obtaining a CIA as a price of avoiding
exclusion sensibly (within the current legal structure) uses the
threat of exclusion in service of the right objective—future
compliance— and properly drops the threat once that objective
is secured through an acceptable compliance plan going forward.
Similarly, many companies have gone above and beyond the
requirements of applicable CIAs. Nevertheless, there is substantial
room for improvement, both in terms of consistency among companies
and in terms of achieving optimal and appropriate terms. This paper
proposes a path forward. As noted above, in the service of deterrence, OIG claims the
authority to exclude individual employees of pharmaceutical and
medical device companies even in the absence of any evidence that
they participated in or had knowledge of any wrongdoing allegedly
committed by the company they serve.126 Similarly, FDA
guidelines have moved away from any requirement of knowledge of, or
a true opportunity to prevent, misconduct prior to referral for
criminal investigation. This so-called "no-fault"
exclusion, and its companion concept of criminal conviction under
the Responsible Corporate Officer doctrine, represents a
significant departure not just from our traditional notions of
fairness and justice—here, an individual is being punished
simply for the "crime" of having a particular
job—but also has significant potential adverse consequences
for the public health. No-fault exclusion is essentially careerending for individuals
in the health care industry because no company in the field can
employ an excluded individual without itself facing
exclusion.127 An indictment or conviction based on the
RCO doctrine may be similarly devastating, particularly because of
the severe reputational harm undoubtedly inflicted on the
individuals before guilt is even proven, and because conviction
under the RCO doctrine may serve as the basis for a decision to
exclude. When conviction and/or exclusion can be imposed literally
without any fault on the part of the individual punished,
companies—and indeed the entire industry—may be
deprived of high-functioning and experienced personnel without
sufficient (or indeed, without any true) reason. Moreover, the
broad spectrum of individuals who may be subject to exclusion
provides the government with unacceptably unguided discretion in
selecting among similarlysituated persons for the imposition of
devastating punishments. Given the stakes for individuals, companies, and the public, it
is important to consider the underlying principles of individual
exclusion to ensure that the current system works consistently with
those ideals. When Congress amended the exclusion statute to allow
for corporate officer exclusion, it identified two core concerns:
first, that "greater deterrence against fraud and abuse was
needed in the Medicare program,"128 and second,
that "culpable individual[s] would ... be subject to program
exclusion, even if not initially convicted or
excluded."129 Exclusion could therefore be invoked
as a prophylactic to remove unscrupulous or dangerous individuals
from a system when other measures will not work. But it should be
obvious that these goals are not meaningfully served by excluding
innocent people. With respect to the first concern, effective deterrence is based
on the utilitarian principle that punishments should be no more
than needed,130 and should therefore be aimed at those
individuals who can be deterred—namely, those knowingly doing
wrong. This notion dovetails with Congress's second
concern—that culpable individuals should be subject
to exclusion.131 Exclusion should be directed only
towards culpable people in order to comport with congressional
intent, to say nothing of basic notions of fairness. Attempting to
deter guilty people by threatening innocent people is not
only a questionable enforcement strategy, but it also undermines
the justifications for compulsive punishment. Under a theory of
just deserts, punishment "must in all cases be imposed on him
only on the ground that he has committed a crime," and that
kind of liability requires a culpable mental state.132
The statements of OIG officials suggesting that increased use of
nofault punishments is needed to enhance deterrence133
unwittingly recall Voltaire's satirical comment, referring to
England at the time of the Napoleonic wars, that "in this
country it is found good, from time to time, to kill one Admiral to
encourage the others."134 OIG's approach simply
does not reflect the values in our nation today. Indeed, if individuals can be prosecuted or excluded on a
no-fault basis, then neither of the two posited statutory interests
are meaningfully advanced. Under a no-fault scheme, there is no
reasonable connection between an offender's culpability and
potential punishment. More to the point, by punishing people with
no connection to the violation, the OIG diverts valuable resources
away from investigating and prosecuting those responsible for the
offense towards those who were not responsible.135 For
that reason, rather than producing prophylactic benefits, a
no-fault exclusion regime could create completely counterproductive
outcomes: With a strict liability penalty, individuals will
rationally avoid engaging in even blameless or productive conduct
if it carries the risk of exclusion. And worse yet, talented
individuals may be hesitant to assume senior roles at
pharmaceutical or medical device companies for fear of facing a
strict liability regime that ascribes guilt to blameless conduct.
The result of a lesstalented workforce could be both degraded
performance across the board and reduced quality of legal
compliance. The same is true for the RCO doctrine, as the government
implicitly recognized in its briefing to the Supreme Court in
Park. Prior to the January 2011 changes to the FDA
referral guidelines (which sets forth factors to help the FDA
determine whether it should refer a matter for criminal
prosecution), the government embraced opportunities for individuals
to correct potential violations before bringing charges under the
RCO doctrine.136 As Solicitor General Robert Bork
explained to the Supreme Court in Park, "[t]he
government is interested in the prevention and correction of
conditions potentially dangerous to the public health and welfare,
not in prosecution for its own sake."137 The
OIG's comments and new guidelines suggest that this may no
longer be true. The recent case of Howard Solomon, CEO of the drug company
Forest Laboratories, illustrates the risks involved in pursuing the
threat of exclusion against individuals where very little guidance
is provided to ensure responsible decision-making. In 2002,
BusinessWeek profiled Mr. Solomon, a man moved by his son's
battle with depression to lead Forest Laboratories to help bring
antidepressant medications to the United States
market.138 In 2010, the company pleaded guilty to crimes
involving the distribution and promotion of some of its drugs; the
government suggested no evidence or indication that Mr. Solomon was
personally aware of or involved in the wrongdoing.139
Indeed, Mr. Solomon was not prosecuted on any theory, including the
RCO doctrine. Yet in 2011, after announcing a change in policy
toward increased exercise of no-fault exclusion of individuals, the
HHS Inspector General formally considered excluding Howard Solomon
despite this lack of indication of personal
responsibility.140 After four months of deliberation,
the Inspector General chose to close the case without further
action—a significant retreat by the OIG in an area where it
has been promising to flex its enforcement muscle.141
But the OIG still claims the authority to exclude a broad range of
individuals without any finding of fault, and this remains (as it
no doubt is intended to be) a very real threat to individuals in
this critical sector of the health care industry.142 Thus, the current exclusion regime, taken in pieces and as a
whole, raises serious public policy concerns, beginning with
regulatory expansion of exclusion to indirect providers and
proceeding to regulatory expansion of no-fault liability for
individuals. So it seems fair to ask: Isn't there a better way? A. Options and Recommendations for
Compliance Dramatic improvements in compliance and fairness, while
preserving strong enforcement, can be achieved with a simple
change: Make clear that exclusion will be imposed on indirect
providers only if a company has failed to institute an effective
and comprehensive corporate integrity program that satisfies
national standards.143 This approach would avoid
senseless exclusion of responsible companies while creating
powerful, acrossthe- board incentives for all companies to be
responsible even in the absence of an ongoing investigation. There is simply no point in excluding or threatening to exclude
a company that has a documented, state-of-the-art compliance
system. Although it can and should punish such companies for proven
fraud through traditional civil and criminal sanctions, the
government does not need the authority to exclude such
companies. Americans participating in federal health care programs are
better off with access to the products of such companies, and the
public health in general (and the economy at large) will benefit
from the continued survival of these companies. But exclusion
should not be taken off the table completely; it should remain an
option for companies that have not instituted such systems
or for individuals who are truly personally culpable. This approach
would use the leverage of exclusion to achieve the OIG's
professed goal across the entire industry—all companies would
be powerfully incentivized to adopt a strong corporate integrity
program. Other benefits to the system of justice and the health care
system would naturally follow. Companies with certified corporate
integrity programs, if subject to investigation for a violation,
could fairly consider whether they believe they violated the law
and could contemplate requiring the government to persuade the
courts of its legal theory, factual allegations, and the true
extent of its injury, rather than settling on excessive terms.
Where—as was apparently true in the Stryker and TAP
Pharmaceuticals cases and likely was true in others where no
individuals were prosecuted— the government has overreached,
companies and their shareholders, and not just individual
employees, would have improved access to the benefits of trial by
jury and the presumption of innocence. Contemplating the need to
prove its case, the government's settlement and plea demands
would be tempered to the extent trial might yield an acquittal or
more realistic damages numbers. And to the extent that there is a
genuine dispute about what the law requires, the courts (and not
the unilateral views of prosecutors or OIG officials) would play
the inherently judicial role of ultimately interpreting and
articulating the requirements of the law. The spirit of this proposal is consistent with both U.S. and
international laws that seek to promote compliance by mitigating
punishment for companies that have high quality corporate integrity
programs when they err. For example, the U.S. Sentencing Guidelines
give "credit" to companies that "had in place at the
time of the offense an effective compliance and ethics
program."144 The United Kingdom's Bribery Act
of 2010 also allows companies to invoke a defense against a bribery
charge if the company "had in place adequate procedures
designed to prevent persons associated with [it] from undertaking
such conduct."145 This proposal would also align exclusion of indirect providers
with the driving philosophy behind debarment, which looks at the
concrete steps taken by a company to assess whether it is
exercising "present responsibility" in complying with
federal laws. Debarment is available "only in the public
interest for the Government's protection and not for purposes
of punishment."146 The procedures governing
debarment recognize this distinction, and require a contracting
official to consider "the seriousness of the contractor's
acts or omissions and any remedial measures or mitigating
factors." Indeed, "before arriving at any
debarment decision, the debarring official should consider":
"[w]hether the contractor had effective standards of conduct
and internal control systems in place at the time of the activity
which constitutes cause for debarment or had adopted such
procedures prior to any Government investigation of the activity
cited as a cause for debarment."147 A company's adoption of a certified corporate integrity
program would also remove any conceivable rationale for
"nofault" punishments of that company's senior
officers. To the extent the threat of no-fault punishment has a
legitimate governmental purpose, it must be to encourage officials
to make sure that the companies they run take appropriate steps to
comply with the law. Where a company has implemented and maintained
state-of-theart compliance systems as certified by an independent
entity recognized by the government, there can be no legitimate
reason to prosecute or exclude individuals on a no-fault basis
because the entire purpose of the threat has been met by other
means. Indeed, the incentive of removing the threat of RCO
prosecution and no-fault exclusion of company employees and
officers would further induce companies and their officers to
implement and maintain certified compliance systems, thereby
promoting more effectively the outcome the doctrine is intended to
achieve. Accordingly, set forth below are four recommendations for
improving the government's approach to exclusion, beginning
with proposed changes to the mandatory exclusion authority and
followed by proposed refinements of the permissive exclusion
authority and rules for holding individuals liable. These
recommendations are not mutually exclusive; indeed, a combination
of all four should be adopted to establish an exclusion regime that
incentivizes broadbased compliance most effectively. If lawmakers
choose the path of incremental progress, however, each
recommendation can function as a standalone measure to help
rationalize the current regime. Mandatory exclusion for indirect providers simply makes little
policy sense: It shifts the decision-making from HHS (where it
belongs) to the Department of Justice (where it does not),
effectively depriving DOJ of the ability to indict for appropriate
offenses where the consequence for the defendant would harm the
public interest, and threatening—if DOJ ever were to
indict—to deprive those who manage federal health care
programs of discretion to ensure the availability of possibly
unique medical products for program beneficiaries. There are at
least two options for responding to these problems. This approach would build on the current version of the United
States Attorneys' Manual, which already addresses many topics
relevant to prosecution of corporate indirect providers, such as
the presence of a robust compliance program,148
interagency consultation,149 and the potential effect on
innocent third parties.150 In addition, the Manual
requires prosecutors to weigh factors such as voluntary disclosure
of problems, compliance with government laws and other standards,
efforts taken by the company to remedy problems, the magnitude of
the violation, alternative remedies that may be available, and the
existence of a history or pattern of violations.151
Recognizing that the exclusion of a company that has a stateof-
the-art corporate integrity program is counterproductive and
unjustified, and that the threat of such an indictment interferes
with defendants' rights to assert their innocence at a trial
and stunts the development of the law as announced by judges, DOJ
could simply take the possibility of an indictment for an offense
requiring exclusion off the table for such companies. Unless and
until a recognized independent certifying entity is in place, DOJ
might refine the Manual: 1) to require prosecutors not to indict
for an offense requiring exclusion of a company with a strong
compliance program; and 2) to require that U.S. Attorneys'
Offices obtain Main Justice approval before charging an offense
that would trigger the mandatory exclusion penalty so that
uniformity in assessment of such programs is achieved. Once a
certification system is available to companies, the Manual could
simply rely on that system to identify companies that benefit from
this rule. Permissive exclusion for indirect providers may be appropriate
where the indirect provider poses a significantly elevated risk of
violating the law, but it is inappropriate and misguided otherwise.
As discussed above, eliminating exclusion of indirect providers
with certified compliance programs creates an opportunity to align
the availability of the sanction with its proper function, and
thereby create healthy rather than perverse legal incentives.
Either by legislation or regulation, the threat of exclusion can
drive the establishment of a new compliance regime—one built
on a strong foundation of consistent and comprehensive compliance
standards— while at the same time eliminating its current
interference with the proper functioning of the legal system. This
recommendation would work best in combination with the previous
recommendation to eliminate mandatory exclusion for indirect
providers either by statute or prosecutorial guidelines. In any
event, certifiably compliant companies ought not be subject to
either discretionary or mandatory exclusion for the reasons
discussed throughout this paper. There are at least two mechanisms by which a Corporate Integrity
Initiative could be implemented.152 HHS has the power under the regulations to establish rules to
govern permissive exclusion and align its availability with
legitimate purposes. Any regulation should incorporate the same key
features set forth above: identifying an independent certifying
body; providing that exclusion will not be available for a company
with a certified corporate integrity program; and requiring that
the standards evolve over time and that companies be required to
continue to meet the evolving standards in order to maintain their
certification.153 The independent entity would be responsible for: The management of this organization might include
representatives from industry, government, patient groups, research
organizations or think tanks, and other key stakeholders. To
monitor and assess companies' corporate integrity programs, the
independent body also could work with the existing Independent
Review Organizations to handle the frontline reviews and
assessments. Under the new regime, however, the independent body
would set forth how the new reviews and assessments would
work.154 Recommendation 3: Limit or Eliminate No-fault
Exclusion As set forth above, there are serious problems with OIG's
current assertion that it has the authority to exclude an
individual who had no knowledge of the alleged underlying
misconduct committed by the company she serves. It is similarly
problematic for an individual to face exclusion for having held a
position at a company that had a certified corporate integrity
program—particularly where the employee herself has taken
steps to prevent wrongdoing. Exclusion of individuals inflicts
enormous consequences on the individuals themselves, companies, and
the public health, and it should never be imposed without adequate
safeguards. There are several options to mitigate these core concerns. Recommendation 4: Curtail the Recent Expansion of the
RCO Doctrine and Make Clear It Is Not Available for Employees or
Officers of Companies With Strong Compliance Programs. The recent executive branch expansion of the RCO doctrine raises
many of the same concerns as no-fault exclusion. The solution is
simple: A company that has a certified compliance program (as set
forth above) should not be charged with an offense under the
Responsible Corporate Officer doctrine. The FDA referral guidelines
should provide that in the event a company has a certified
compliance program, FDA regulators should not refer a case to a
U.S. Attorney's Office for prosecution under the RCO doctrine.
And the Manual should provide that prosecutors do not have
discretion to charge individuals in a company with a certified
compliance program on the basis of the RCO doctrine.156
In the absence of an available certification, FDA should
nonetheless address the fundamental unfairness of the current
referral guidelines, at a minimum returning to guidelines that
faithfully reflect the spirit and letter of the Park
decision. IV. Conclusion It is a rarity when a simple change in the law could mitigate
multiple policy ills, but this is one of them. Exclusion from
federal health care programs of companies that meet high standards
of corporate integrity does not make sense, nor does
"no-fault" punishment of individuals. Yet the threat of
exclusion—under the mandatory and permissive
rubrics—has produced huge and escalating settlements and plea
agreements that increase costs of the health care system, has
entirely foreclosed meaningful recourse to the courts to test the
government's legal and factual theories, and has denied the
courts their critical function of interpreting and articulating the
law, thereby depriving all of us access to needed legal guidance.
By encouraging the development of an independent certifying entity
to establish and monitor compliance with stringent corporate
integrity standards, and by incentivizing compliance with those
standards by removing the threat of exclusion or no-fault
punishment of employees and officers for certified companies, the
federal government can, without sacrificing its ability
aggressively to enforce the law and deter bad conduct, immediately
accomplish a win-win: promoting state-of-the-art compliance across
the industry, fairer outcomes of its investigations, and clearer
legal rules for all. Footnotes 1 Mr. Ogden is chair of the Government and Regulatory
Litigation Group at Wilmer Cutler Pickering Hale and Dorr
("WilmerHale"). He served as the Deputy Attorney General
of the United States from 2009 to 2010, and in that capacity played
a role in developing the Health Care Fraud Prevention and
Enforcement Action Team ("HEAT"), an initiative led by
the Secretary of the Health and Human Services and the Attorney
General and co-chaired by the Deputy Secretary and Deputy Attorney
General. He also served as the Assistant Attorney General for the
Civil Division at the U.S. Department of Justice from 1999-2001,
where he spurred the United States government's enforcement of
the False Claims Act. This paper would not have been possible
without the excellent work of Madhu Chugh and Daniel Aguilar, and
the authors are very grateful for their efforts. 2 Ms. Cook is a counsel in the Litigation/Controversy and
Regulatory and Government Affairs Departments at WilmerHale. She
served as the Assistant Attorney General for Legal Policy at the
United States Department of Justice from 2008-2009. Previously published in the U.S. Chamber Institute for Legal
Reform The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
I. The Current Enforcement Regime
A. The Basic Structure of the Exclusion Regime
1. Permissive Exclusion
2. Mandatory Exclusion
3. The Exclusion of Innocent Individuals
D. The Enforcement Framework
A. The Illogic of Excluding Indirect Providers
B. Problems With the Mandatory Exclusion Regime
2. The Inability to Risk Exclusion Drives Huge and
Disproportionate Settlements
1. The Value of Incentivizing Corporate Integrity
a) Inconsistency Across the Industry
b) Achieving Optimal Compliance
D. No-Fault Individual Liability is Unfair and Unjustified
1. No-Fault Liability Fails to Promote Legitimate Public
Policy Goals
III. Prescriptions: Emphasize Prevention
Recommendation 1: Repeal or Limit Mandatory Exclusion for
Indirect Providers
A legislative fix could be as simple as clarifying the language in
42 U.S.C. § 1320a-7(a) to apply only to those individuals and
entities that submit claims for reimbursement directly to the
federal government. This would sensibly leave all exclusion
decisions relating to those who provide medicine and medical
devices to the discretion of those who manage those programs.Recommendation 2: Promote Compliance through a Corporate
Integrity Initiative
Any legislation should have the following elements:
OIG could issue clear guidelines for invoking its permissive
exclusion power against individuals that would strengthen the
relationship between real responsibility for the crime and any
punishment. For example: a) Establish a minimum mens
rea—intentional, recklessness, gross negligence, or
negligence—before the OIG may levy the exclusion penalty
against an individual; b) require specific findings of an
individual's wrongdoing or knowledge of the underlying
wrongdoing before the OIG exercises its exclusion
authority;155 and c) take the exclusion penalty off the
table if an individual has taken certain steps to improve a
company's compliance system and prevent violations of federal
health care laws. This proposal could parallel the corporate
integrity program concept for indirect providers facing
exclusion.