Compliance program complexities: Insights from Teva’s head of compliance

In an exclusive interview with Compliance Insider, Brian Sharkey, head of US compliance and ethics at Teva Pharmaceuticals, discussed compliance challenges, strategies for addressing potential risks, and key performance metrics in compliance programs.

Sharkey leads Teva’s compliance efforts across all US business units, including innovative medicines, biosimilars, and generics, as well as for subgroups such as sales, marketing, and market access.

Brian Sharkey, head of US compliance and ethics at Teva Pharmaceuticals

His team focuses on upholding compliance program standards through policy implementation, training, and monitoring. “The way we do that is by identifying risks, advising our business partner what those risks are, and then working with them to find a compliant way forward,” he told us.

Sharkey also manages the company’s Open Payment submissions, ensuring accurate and timely reporting to the government. Additionally, as the US regional head, he is part of Teva’s global compliance leadership team.

What are the top compliance-related challenges facing pharma companies today?

Brian Sharkey: There’s a mix of challenges facing companies these days. There are what you would consider the traditional risks. And when we think about those risks, we evaluate programs based on what the government is telling us through guidance or enforcement activities to ensure that we stay abreast of the government’s focus. There are traditional things that have always been a focus in terms of financial interactions and relationships that companies have with HCPs, HCOs [health care organizations], and other types of stakeholders.

So anything hiring an HCP to serve as a consultant or participating in an ad board or if you’re conducting and executing speaker programs to ensure that you have the appropriate controls and rigor in place.

You have other traditional risks like promotional content — ensuring that all your promotional content is on label, fair, and balanced, and doesn’t violate governing federal laws and guidelines.

Privacy is an ever-increasing area that is becoming more complicated with different state laws, different responsibilities, different ways to address and maintain personal data to the extent companies have it. So that’s an evolving area.

Interactions with patients is an emerging area of risk, and we see this in some of the enforcement activities where companies are trying to engage patients or help them receive diagnostic services or treatments. We need to be sure that we’re following the law and regulations in those areas. Also, same in terms of electronic health records, which is a little bit of privacy, and how and what companies can do in that space.

What are examples of vulnerabilities found in compliance programs, and how can they be addressed?

Sharkey: I think it’s important that organizations and compliance organizations do some aspect of a risk assessment whereby they engage with their business partners to understand on an annual basis or more regularly what activities they are planning so that we can understand what the business is doing and where it’s going.

This isn’t anything unique to Teva, this risk assessment process — understand where the risks are based on what they’re doing and adjust our plans accordingly. Do we need to do more training in a given area? Are we venturing into different unique projects that we need to focus on? Do we need to increase our monitoring in a given area and decrease it somewhere else? Triangulate that with what the regulatory enforcement landscape is. Is there a new law? Is there new guidance? Is the government now focused on something, and how do our activities fit within that? To the extent that they’re going into areas that are newer or could be a focus of government enforcement activities, we need to consider whether to redirect or increase our resources.

Being honest when you look at your program. Identifying what the strengths are and where we need to do better — tackle those first. I think you can also get that separate from a risk assessment, which can be conducted internally, and you can obviously engage a third party to do it for you.

So there’s a lot of ways that you can do it. I think it’s also important to get feedback from the folks you are working with: your business partners or medical partners to show we value their input and their insight into what they’re doing and how we’re doing our job, how we can keep working well together, and ideally improve the relationship because we all have the same goal. We all want to deliver medicines and help improve patient lives. We all want to do it the right way. So the more we can talk and collaborate, the more likely we are able to address all those things appropriately.

What key metrics should companies use to evaluate the effectiveness of their programs?

Sharkey: You can look at your monitoring results and understand what you’re seeing. You can look at the percentages of overall activities at a certain level and then break it down according to a specific activity to see what the rates are and what the violations are. Are they small violations? Are they significant violations?

When you’re looking at those results, you should drill down further than, well, this particular activity we found may have violated a policy. You need to drill down to get to the root cause and understand why there was a lack of understanding by the employee. Does this expose a potential vulnerability in our training program? Did we fail to provide the best kind of guidance? Why did the violation happen? Because it’s one thing to see numbers and stats, but without understanding why these things are happening, those stats can be ultimately meaningless. You can say 90% were good and 10% had a violation, and that’s a good result. Maybe it’s not. Maybe the 10% are significant and reveal a gaping hole somewhere. So you really need to drill down on that.

Other metrics to look at — and different organizations do this in different ways — are company surveys. Perhaps there’s one that’s dedicated to ethics and compliance, and employee responses, or there’s ethics and compliance questions built into a larger organizational survey. Maybe it’s global, maybe it’s in the US, either way, companies can attack in different ways to get an understanding of how people feel about the program, and then you can evaluate that to see if there’s strengths or weaknesses that you can improve.

Looking at training rates is very important. Are assigned trainings being done on time? Are there gaps? Is a particular group not doing them in an appropriate time frame, and how can you develop that stronger? Also, the tone from the top when our compliance folks are talking about compliance and ethics — that’s important. People expect that. But when compliance is working with the business, when the business is setting the tone, when a head of sales or head of marketing is talking about compliance and ethics in town halls, presentations, and messages to their team: “We’re doing things the right way; we’re doing it with integrity,” and always adhere to our compliance policies, that’s powerful for them to set the tone.

That’s a softer metric, but look and see how often that’s embedded, and if it’s not embedded enough, you can work to improve that. That’s important.

There’s a lot of data out there … You can look at your monitoring results, training, and triangulate that with the government enforcement landscape and come up with risk scores and things like that, and we certainly do that. There are a lot of different things to look at.

Hear Brian Sharkey speak more about compliance programs at our upcoming conference.

DepositPhotos/garagestock