Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Certified Healthcare Compliance Exam > Healthcare Compliance Risk Areas > Flashcards

Healthcare Compliance Risk Areas Flashcards

1
Q

What Is Artificial Intelligence in Relation to Compliance Programs?

A

Artificial intelligence (AI) is simply the application of computer processing to simulate the actions of a person. One of the earliest AI systems was, in fact, a medical application called “MYCIN.” The program was designed to diagnose bacterial infections and recommend appropriate medications, with the dosage adjusted for the patient’s body weight. Viewed from current technology, MYCIN was quite primitive, using an inference engine with approximately 600 rules derived from interviews with expert human diagnosticians. MYCIN was originally written as part of a doctoral dissertation at Stanford University and was never used in actual medical practice for legal and ethical reasons (along with limitations related to the technology of the day.) But it formed the basis for continued experimentation and development. There are aspects of AI that are continuously evolving, but there are some basic terms that are worth understanding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Machine Learning?

A

This is a subset of AI in which the computer’s algorithms (essentially the AI computer program) are able to modify the computer’s actions with the objective of improving through experience. In many settings (medicine, aviation, or automobiles for example), learning through actual experience could be counterproductive. For example, imagine stating that a number of airplane crashes happened because the airplane’s computer program hadn’t learned to deal with unexpected turbulence yet. So, typically machine-learning systems are given what is called “training data” in order to learn how to function. Provided with data and outcomes, the software should be able to modify processing to result in better—or more accurate—performance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Rule-Based Machine Learning?

A

This involves systems that evolve a set of rules by which a program makes decisions. MYCIN, for example, had hundreds of rules. In a rule-based system, the program uses its experience to identify which rules are more or less useful and to modify the rules or the weights given to them to improve processing outcomes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Deep Learning Systems?

A

These systems are generally characterized as having multiple layers of processing, using layers that go from general to specific analysis, that are often being applied to large networks of unstructured data. An example might be a system that is designed to read human handwriting. Clearly, experience tells us that this isn’t easy, as there are as many variations in handwriting as there are people. But there are generalizations that can be used to do some preliminary analysis (for example, that a given character is uppercase) that can lead to deeper analysis to try to figure out which character is being represented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Cognitive Computing?

A

This is generally thought of as an alternative name for AI. There is no widely accepted definition, but you may run into the term as a synonym for AI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Computer Vision?

A

This is a subset of AI that focuses on how computers use digital images (still or video) in their processing. An assembly line for drug packaging can use computer vision technologies, for example, to inspect sterile vials of injectable medication to ensure that labels have been affixed and that the top is properly sealed. This can be done at the speed of the assembly line, with a mechanical “kicker” used to eject vials not meeting the specifications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Natural Language Processing (NLP)?

A

This is the part of AI that focuses on enabling interactions with humans by interpreting their language. It includes automated language understanding and interpretation, automated language generation, speech recognition, and responding with spoken responses. In the past few years, this has gone from the lab to millions of homes, with digital assistants like Siri and Alexa ready to listen and respond to requests. In many cases, the vendors of these systems seek user’s permission to use recordings of these interactions to improve the system’s performance. This has been recognized as a privacy issue. In at least one case, recordings of interactions with a digital assistant have been subpoenaed in connection with a murder trial.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are Chatbots?

A

These are very similar to natural language processors, although they were developed to replace human operators in online text-based chat systems. For example, a chat system could be fielded to answer routine questions and to forward difficult or complex ones to human operators, thus reducing the workload on the humans. In some cases, these can use text-to-speech processing to enable spoken responses.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are Graphics Processing Units (GPUs)?

A

These are specialized processors operating within computers designed to process image data. A GPU could be used to create the images displayed on a computer’s screen. However, these powerful units have been used for many other purposes. A current example is that GPUs are often used to process cryptocurrency transactions (a process known as mining, which can be very profitable). Specialized computers using massive numbers of GPUs have been developed as mining machines for cryptocurrency processing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Internet of Things?

A

This is a term that refers to the abundance of devices that can connect to a network that are not traditional computers (or smartphones or tablets). Ranging from smart lightbulbs to cameras to refrigerators, they enable remote control and monitoring of connected devices. There has been enormous growth in the number of medical devices that can connect to a network. Unfortunately, there are serious security concerns that have resulted in Food and Drug Administration (FDA) warnings relating to several devices, including network-connected infusion pumps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are Application Programming Interfaces (APIs)?

A

This refers to the connections between devices and the rules by which these connections are made and interpreted. So, for example, if an AI-based analytic engine is to be given access to a particular database, an API defines the way the systems interact, how requests are made, and how they are responded to.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

AI and the Compliance Function

A

When it comes to AI, compliance professionals are presented with what could be characterized as a double-edged sword. On one hand, AI represents an opportunity for compliance professionals to automate certain compliance activities. AI software can perform a compliance function within a given automated function. For example, an AI system could be instructed to issue a report (or email or text message) to a compliance officer if certain values are exceeded or fall below a specified threshold. If regular reports from multiple people are required, the system can monitor whether it has received the reports. It can be programmed to send a notice to those who have not made their report, and eventually to the compliance officer if reports are not received within a specified time period. The system can adjust processing based on an individual reporter’s performance. So, for example, more leeway might be given to someone who always files their reports on time versus someone who is frequently late.

For compliance officers, using AI represents what might be called a force multiplier, in that it enables compliance tasks to be assigned to a machine rather than requiring a human to track and identify reports not received on a timely basis. Because typical budgets for compliance are never enough to do everything a compliance officer might like, automating some processes can make those resources go further, which can be a valuable part of the overall compliance process in an organization.

On the other hand, AI software cannot exist in a vacuum. It needs to be properly controlled and carefully examined by a compliance professional. This person should be involved in the development or adoption of the AI software, along with its customization and testing. Compliance professionals should not underestimate the importance of being involved in testing. Problems with data used to train the system can produce results that might seem completely appropriate to the AI technical team, but may be recognized by compliance specialists as reflecting, for example, inherent biases that may be implicit in the training data, which is often historic in nature and may have been obtained from periods where various issues (like racial or gender bias) may not have been recognized. The technical people involved in the AI development process may not be sensitive to these issues. Compliance professionals must be—and can serve as—a vital system of checks and balances to assure that old problems are not carried forward into the new AI-based system.

AI and deep-learning systems can impact the traditional compliance function. Compliance professionals can both protect the organization from AI-related problems and take advantage of AI’s potential capability to enhance and serve the compliance function.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

AI Risk Area Governance

A

In thinking about AI systems, remember that the entire spectrum of AI is still an emerging area of technology. As a result, there are no laws at this time specifically regulating or otherwise uniquely addressing AI systems.

AI systems, however, can violate laws. For example, consider an AI system designed by a bank to make decisions on mortgage loan applications. For example, during the development and training of the system, AI could determine that a significant predictor of whether a mortgage will be successfully paid is the postal code of the borrower. From a technical standpoint, it might be reasonable to let the system make loan decisions—including the interest rate and other terms of a loan with significant weight given to the borrower’s postal code. But doing so might be determined to be an unlawful practice called redlining, which is defined as denying a service to someone on the basis that they live in an area believed to be a financial risk to the lender. This discriminatory practice was generally outlawed in the Fair Housing Act of 1968 and the Community Reinvestment Act of 1977.[3],[4] But those developing the AI system may be experts in technology—and not in banking or the application of those laws. This is an example of a system that could perpetuate bias if the problem went unrecognized.

It is necessary to consider AI in terms of the risks associated with:

Any compliance system (manual or automated)

Applicable laws and regulations

The need for controls over that system

The requirement that a compliance function be able to provide assurance that the necessary controls are working as intended.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the common compliance risks of AI?

A

AI Development Team May Not Include Sufficient Input from Counsel: AI systems are subject to all relevant laws, regulations, contractual agreements, and company/agency policies covering both the subject matter of the system and any technological issues relating to the system. If a system is created by external specialists as a work made for hire or the system is acquired under some form of a license agreement from the developer/owner of the system, the legal issues regarding the acquisition, ownership, and duties of the parties represent legal issues. For that reason, compliance professionals should consider whether the development of the AI system has received sufficient input from either in-house or outside counsel to assure that the system is in compliance with the applicable laws, regulations, and contractual agreements (such as for remote storage, data breach incidents, and privacy and security requirements). Compliance professionals are more aware of the potential impact of a system that violates laws, regulations, or contractual agreements than the average person, so it is important that they help assure the AI system has been subject to appropriate review and follow-up by counsel.

AI Development Team May Not Include Sufficient Input from Compliance Professionals: It is not unusual for an AI development team to be largely composed of technology and AI specialists. They are not compliance professionals, and one must not assume that this kind of technology team will adequately design or implement the needed compliance controls. Consider the extent to which non-AI systems require compliance oversight. AI systems often have greater freedom of action based on their rulesets and the experience that they gain during their operation. Compliance professionals have to review in detail the controls being implemented into the AI system to determine whether the properly implemented controls are sufficient. If they aren’t, the compliance professional must take whatever steps necessary to get those controls into the system, or to develop compensating controls that can replace missing controls within AI systems.

AI System May Not Be Designed to Retain All Records Required by Law or Regulation: There are many records that a company or governmental body must retain for specified periods of time, as required by law, regulation, or contractual provision. Tax-related information is a good example, but not the only one that is relevant. AI systems being built or licensed may not take all of the relevant laws and regulations into account. Both legal and compliance professionals must work together to understand what the requirements are and the extent to which the existing system design accurately reflects those requirements.

AI System May Not Be Designed to Retain Records That Could Become Important Evidence in the Event of Litigation Relating to the System’s Operations: The information that counsel wants preserved in logs or other records of an AI system may go beyond requirements set by laws, regulations, or contractual provisions. For example, there is very little legal guidance on exactly what data an autonomous driving vehicle has to maintain. But counsel may have some very specific ideas on what should be available if—as has happened—the self-driving car kills a pedestrian. What were the sensors seeing? What was the ruleset that led the car to hit the pedestrian? If the data is not stored in a log or other record, it won’t be available, and that fact may, in and of itself, be seen as problematic if litigation ensues. History tells us that AI systems are no less likely than other systems to result in litigation, and as a result, thinking in terms of the evidence that counsel would like to have in the event of litigation is very important. The compliance department needs to ensure that those records are being created by the AI system and stored for the time period designated by counsel.

AI System’s Learning and Testing Data Sets May Be Ineffective in Preventing Unwanted Behavior or in Identifying Potential Issues with the AI System’s Performance: AI systems referred to as having machine-learning or deep-learning attributes are different than traditional AI programs in that these systems modify their functionality over time based on experience. These systems simulate the learning that would happen to a human. The set of rules that is part of the software determines how the system can change as it “learns.” What limits are set for these changes? Who has looked at the data used to train and test the system? Unless you actively look at these issues, you can’t simply assume that everything will be OK. For example, an AI computer-vision system that inspects vials to ensure that the label was properly attached might need to be adjusted if the label size changes or the dimensions of the vials change to avoid rejecting vials that are acceptable. Consider the example of AI facial recognition systems. At first, there was a general assumption that these systems worked well. But as facts emerged, that assumption had to be challenged. A federal study demonstrated that facial recognition systems misidentified people of color more than white people.[5] According to a report in The Washington Post, “Asian and African American people were up to 100 times more likely to be misidentified than white men, depending on the particular algorithm and type of search.”[6] This was not a study of systems that were being considered for use. These systems were in actual use and were misidentifying people of color. It raises a question of how that could have happened and why it was not noticed. Certainly, there was inherent bias in the data, but it’s also important to note that the people building these systems either did not understand that (or chose to ignore it). What might seem like an academic issue of how the system works can in reality result in life-or-death situations. For example, an innocent person inaccurately identified as a dangerous criminal who has resisted arrests in the past might lead to a rapidly escalating —and deadly—situation when police attempt to apprehend that innocent person.

Updates and Changes to the AI System May Impact the System’s Operations in a Way That Presents Increased Risks That Must Be Evaluated by Counsel and Compliance Professionals: AI and machine-learning systems, as all systems, will be updated at some point or on a regular basis. The changes could be a result of changing the underlying operating systems of the computers on which they run or a change in the desired functionality of the system. Regardless, it’s important that compliance personnel be involved to provide assurance that the changes won’t result in a degradation of controls or in reporting mechanisms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How are AI Compliance Risks Addressed?

A

During the Developmental Phase of AI System Development: The compliance function plays (or at least should play) an important role during the development (i.e., programming, installation, or customization) of the AI system. Taking an active role to understand what the system does, how it does it, any limitations on the system’s freedom of action, designed-in controls, reporting, data logging and preservation, and error reporting is key to being able to accurately report to management on how well the system is controlled and how those controls can be overseen.

During the Testing Phase of AI System Development: The compliance function should be involved in testing. The objective of testing should be to detect problems. All too often, developers want the system to be accepted, and may take shortcuts. For example, the developers may have a large file of data that is relevant to the system. They can take half of the file and use it for training the system, and then use the other half of the file as the test set. The problem with this is that any problems or bias that are consistent throughout the file will most likely not be caught, since the same error that is in the test set was also in the set of data used for testing. Making sure that the test data actively challenge the system is important.

During the Operational Phase of AI System: During the operational life of the system, the compliance function must examine reports coming from the system to understand potential problems. Compliance professionals looking at AI systems must do what they are good at—asking the “What if?” questions that may have been overlooked by the development team. Additionally, those using AI systems may not like the discipline imposed by these systems and develop ways to bypass them or render them less effective. Recognizing this possibility can lead a compliance professional to closely examine how the AI system is operating and be on the lookout for behaviors their experience tells them may be present. At the same time, sufficient testing must be developed that can determine that the right controls are in place and that they are working. AI systems are no different than any other corporate system in this regard.

Updating and Maintaining AI Systems: As AI systems are updated and maintained, compliance specialists should be involved to understand the changes to ensure that the systems do not negatively impact the controls in place and determine whether they require additional controls and whether the overall system of controls will continue to work properly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the possible penalties of AI noncompliance?

A

Legal Penalties
While no current laws focus specifically on AI, there are no exemptions for those systems either. Any violations of law that are attributable to the operation of AI systems are subject to the same penalties as any other violation. Depending on their functionality, AI systems can be subject to multiple laws in multiple countries.

Reputational Costs
Cases in which driverless cars have been involved in accidents—and, in at least one case, killed a pedestrian—are examples of incidents involving AI systems that can produce substantial reputational damage. The same can be said of the revelations of the differing error rates of facial recognition systems based on the role of the individual being matched having had a substantial effect on the developers of those systems. Reputational risk is always a factor to be considered.

Reputational risks cover a broad range of issues. Some examples include:

Negative publicity from the AI-related incident resulting in a loss of customer confidence.

Negative publicity from fines or other sanctions imposed by regulators in response to a data breach or other incident. This can also result in loss of confidence or a general degradation of the overall perceived reputation of the organization.

Loss of market valuation if the incident results in reduction in stock prices. This can be sudden and precipitous. It can then result in higher borrowing costs or access to capital markets.

The initiation of shareholder and related civil actions based on an incident can also contribute to reputational damage.

Loss of reputation of executives and board members, which can have a personal effect on them.

17
Q

What Are Financial Conflicts of Interest in Clinical Research?

A

Financial conflicts of interest (FCOIs) in clinical research are external interests held by the research investigator, and in some cases by the institution, that are financial in nature that could directly and significantly affect and/or appear to affect the design, conduct, and or reporting of research. Individual FCOIs are specifically defined in federal regulations that apply to Public Health Service (PHS)-funded research as external interests of the research investigator that reasonably appear related to their institutional responsibilities and are considered significant financial interests (SFIs).[2] FCOIs can be complex, considering that interactions have become increasingly more common among academia, industry/private sector, and government agencies in pursuit of advancing scientific discoveries using cutting-edge science and technology. The Bayh–Dole Act enacted in 1980 was the key piece of legislation that changed the landscape at academic institutions by allowing institutions and faculty to retain rights to inventions from federally funded research.[3] This provided a pathway toward commercialization through technology licensing and transfer and also opened up a wider door for interactions with industry. Therefore, it is critical to understand where FCOI risks may occur in such interactions and employ strategies to ensure that research remains objective and is ethically conducted.

In clinical research, FCOIs are important to detect and effectively manage in order to prevent bias from negatively or inappropriately affecting the design, conduct, or outcome of the research. These steps are also essential to maintaining the public’s trust in the research produced by healthcare or research institutions and individual researchers. Healthcare institutions often participate in clinical research through government, industry, or internal funding mechanisms. The federal government funds clinical research at healthcare institutions through the form of grants that require recipient institutions and research investigators to comply with the terms and conditions of the award, including FCOI disclosure and management. Industry-sponsored clinical research is governed by contracts between the institution and company developing or marketing the drug, device, or biologic under study, and is often bound by disclosure and reporting requirements pursuant to the Food and Drug Administration (FDA) financial disclosure regulations. There may also be other state and local laws or institutional policies that govern conflict of interest (COI) disclosure and management pertaining to business interactions and transactions. Clinical researchers and institutions have a shared responsibility in ensuring compliance with regulatory and other local requirements to promote objectivity in the research conducted at their organizations, which is why this remains an important and complex risk area for compliance professionals.

A number of factors that affect institutional FCOI risk and risk tolerance in clinical research include the overall maturity of compliance and research integrity programs; leadership support and investment; nature and breadth of research programs, including funding sources; degree of interactions with industry and commercialization activity; institutional culture; reporting mechanisms; and reputational impacts. The increasing pressures and complexities of the academic and scientific environments combined with heightened public scrutiny regarding FCOIs require more sophisticated oversight programs to ensure transparency, accountability, and effective management of conflicts.

A comprehensive lens should be applied when evaluating FCOI risks associated with clinical research. This is because other types of individual conflicts (e.g., conflict of commitment, role-based conflicts, conflict of conscience) may arise or be comingled with FCOI in the context of clinical research. Researchers in healthcare environments often have multiple roles, including that of a healthcare provider, faculty member or student, administrator, and institutional official, or serve on institutional review committees. They may have external interests (e.g., start-up companies) and collaborations or relationships (e.g., advisory board roles) that may intersect or conflict with their institutional responsibilities. Growing concerns by the US government over inappropriate influence by foreign governments on federally funded research have led to reinforcement by the National Institutes of Health (NIH) of appropriate disclosure by researchers and review by institutions of foreign support, relationships, and activities that represent an FCOI or conflict of commitment.[4] Institutional FCOIs may also arise from institutionally held investments or equity, royalties, significant donations from or interactions with industry, or from institutional officials who have substantial purchasing or business decision-making authority. There are currently no federal regulations that govern FCOIs on an institutional level, which are often left up to institutional policies. Despite this, there have been mounting concerns over increased institutional FCOIs at academic institutions and the need to ensure effective oversight and management of this particular risk area.[5] Therefore, healthcare institutions should be attuned to the various types of conflicts that may occur and employ ways to comprehensively review and manage these risks in clinical research.

18
Q

Risk Area Governance of Financial Conflicts of Interest in Clinical Research

A

FCOI federal regulations were promulgated in 1995 by the Office of the Secretary of the U.S. Department of Health & Human Services (HHS) to promote objectivity of PHS-funded research. HHS revised the regulations and issued a final rule on August 25, 2011, requiring compliance by institutions applying for or receiving PHS funding by August 24, 2012.

Codified at:

42 C.F.R. §§ 50.601-50.607 (Subpart F), Responsibility of Applicants for Promoting Objectivity in Research for which Public Health Service Funding is Sought and Responsible Prospective Contractors

45 C.F.R. §§ 94.1-94.6 , Responsible Prospective Contractors[8]

The FCOI regulations apply to institutions and research investigators that are recipients of funding from PHS funding agencies such as the NIH. Research investigators are defined by the regulations as the “project director or principal Investigator and any other person, regardless of title or position, who is responsible for the design, conduct, or reporting of research funded by the PHS, or proposed for such funding, which may include, for example, collaborators or consultants.”[9] These regulations do not apply to Phase I Small Business Innovation Research (SBIR) and Small Business Technology Transfer Research (STTR) applicants.

Investigators are responsible for complying with their institutional FCOI policy and disclosing any external interests (including those of their spouse and dependent children) that are reasonably related to their professional responsibilities at their institutions and considered SFIs. Review of SFI disclosures must occur no later than at the time of applying for PHS funding, at least annually during the period of the award, and within 30 days of acquiring or discovering a new SFI. Investigators must also complete FCOI training before engaging in PHS-funded research, at least every four years and under certain circumstances. Institutions have additional responsibilities under the regulations, including review of SFIs disclosed by investigators, identifying any COIs that require management or reduction or elimination of the interest as appropriate, and reporting FCOIs to the PHS awarding component prior to expenditure of funds and subsequently as required. Part of this process involves a designated institutional official(s) that determines that the investigator’s SFI could directly and significantly affect the design, conduct, or reporting of the PHS-funded research and therefore represents an FCOI. There are other oversight, policy, education and training, and handling of noncompliance requirements that institutions must comply with per the regulation.

SFIs are defined in the PHS regulations, which include the aggregate amount of remuneration received or value of equity interest from publicly traded entities in the past 12 months preceding the disclosure of $5,000 or more. SFIs also include those from non-publicly traded entities where remuneration exceeds $5,000 or any equity interest, intellectual property rights and interests upon receipt of income and reimbursed or sponsored travel from certain entities. Since industry interactions between industry and researchers may be sporadic or ongoing, new information representing an SFI should be disclosed to institutions within 30 days during the period of the research.

Institutions must be aware of any other applicable federal regulations, state or local laws, funding agency requirements, and institutional policies, especially if they differ from PHS rules, impose additional requirements, or govern other types of COIs and transactions. For example, the National Science Foundation, which is a federal agency that provides research funding, requires investigator disclosures of certain external interests in accordance with a higher SFI threshold amount of more than $10,000.[12] The FDA also requires clinical investigators (including their spouse and dependent children) to disclose certain financial interests, payments, or arrangements to the sponsor of a covered clinical study; however, their threshold amounts differ from PHS rules. Investigator interests that require reporting and disclosure to the FDA include equity interests in the sponsor and, for publicly held companies, any interest of more than $50,000 in value, any significant payments of other sorts of more than $25,000 from the sponsor, proprietary interests in the tested product, and other compensation that could be affected by the study outcome.

Requirements for other conflict review and management areas may depend on the institution (e.g., state-funded institutions, nonprofits) and type of individuals covered (e.g., state employees, healthcare providers, institutional officials, key employees). The Physician Payments Sunshine Act, which was passed in 2009 and embedded within the Affordable Care Act, requires applicable drug, device, biological, or medical supply manufacturers and group purchasing organizations (GPOs) to report annually to the Centers for Medicare & Medicaid Services (CMS) any payments or transfers of value to physicians and teaching hospitals worth more than 10 dollars. The legislation was meant to increase transparency of financial relationships between physicians and teaching hospitals and industry. CMS publishes this information on its website.

Certain institutions apply PHS regulations to a subset of research funded by PHS, whereas others apply it to all research activities, regardless of funding source and per institutional policies. Extending regulatory requirements more broadly depends on the risk strategy that an institution takes depending on the type of institution, makeup of researchers, funding, and type of research that is conducted. Many institutions also have policies that cover both individual and institutional FCOIs and include other types of conflicts that may occur within the clinical research environment.

19
Q

What are the common compliance risks of Financial Conflicts of Interest in Clinical Research?

A

Lack of Effective Organizational Oversight
Organizations that receive PHS research funding are responsible for complying with FCOI regulations, informing investigators about their FCOI policies, and ensuring effective oversight and management. The authorized organizational representative certifies when submitting a PHS grant application that the applicant’s institution is in compliance with the regulations. Other requirements and types of conflicts including intuitional FCOIs require review and management at an organizational level. Due to the complexity of this space, an effective organizational oversight structure for COIs in research must be in place to ensure compliance and mitigate risks.

Not Maintaining Up-to-Date Policies or Education and Training
FCOI policies are required to be written, up to date, and available to the general public via an accessible website or provided within five business days pursuant to a public request. Education and training should be ongoing and also updated to ensure that they contain relevant information and effectively address any conflicts of interests that may arise in the organizational environment. Research investigators must also complete FCOI training requirements for PHS-funded research.

Not Identifying or Managing FCOIs in a Timely Fashion
External financial interests including consulting, employment, remuneration, service on boards, equity interest (such as stock, stock options, or company ownership interest), and any others considered SFIs should be disclosed by investigators in a timely fashion and evaluated for FCOI before submission of a grant application, prior to engaging in any research activity, and annually or regularly thereafter. These steps are important to reduce the risk that the researcher’s judgment may be compromised by financial ties they have with industry and negatively affect the objectivity or integrity of the research.

Failure to Fulfill Federal Reporting Requirements
The institution is required to identify, manage, and report FCOIs to the PHS funding agency through initial and annual FCOI reports through eRA Commons. The reports must be submitted prior to expenditure of the funds and when renewals are granted for ongoing projects. Reporting by institutions is also required for any retrospective reviews in cases where FCOIs were not previously disclosed by the investigator and bias was found in the conduct of the research or in instances of noncompliance with the management plan. Clinical investigators who are also considered sponsors of covered clinical trials (sponsor-investigators) must ensure that they fulfill reporting requirements under the FDA financial disclosure rules.

Not Managing Risk of Subrecipient FCOIs
Collaborative PHS-funded research requires the awardee and subrecipients (e.g., subcontractor or consortium members) to either certify that their policy complies with regulations or rely on the awardee’s FCOI policy and incorporate which institution’s policy will apply in the agreement to identify and manage investigator FCOIs.

Inadequate Compliance Monitoring
Ongoing institutional review of compliance with FCOI management plans is required until the completion of the PHS-funded research.

Not Evaluating Overall COI Risk in Relation to Business and Environmental Changes
When macro-level changes occur that affect the nature of the business at organizations or when the regulatory environment or public perceptions change, this may lead to downstream impacts on an organization’s COI compliance risk profile. Certain types of arrangements may increase risk in clinical research:

Individual or institutional FCOIs related to clinical research, especially the high-profile ones, involve significant financial gains or greater than minimal risk in human subject research.

Researcher or faculty start-ups, employment or financial interests in companies seeking SBIR and STTR funding that involve subcontracting part of the research work to their departments or institutions, or involving licensing activities and clinical research at the institution.

Organizational investment arms that seek to invest in investigator or institutional start-ups or innovations that are tied to sponsored research at the organization.

Foreign collaborations, activities, or support that represent an FCOI or other type of conflict.

20
Q

How are compliance risks addressed for Financial Conflicts of Interest in Clinical Research?

A

Effective Program Oversight and Implementation
FCOIs must be managed by institutions that receive PHS funding, which means investing adequate resources into a COI research compliance program and staff, committees and designated official(s) that can effectively review investigator disclosures to identify any SFIs representing FCOIs that require mitigation or management, and reporting. Conducting regular compliance risk assessments to ensure that the institution has adequate resources and a good level of oversight is key. Reputational harm and risks to research integrity and the rights, safety, and welfare of research participants can occur as a consequence of noncompliance, which is why it is important to implement robust and effective COI compliance programs. Areas to evaluate include the following.

Program and Governance Structure
Ensure programs are structured appropriately and include the following elements:

Overseen by a centralized department with compliance oversight that is supported by leadership and organization-wide COI policies and procedures.

Led by an individual with executive-level and board-reporting responsibilities and a close connection to clinical research activities occurring at the organization.

Adequate resources, systems, and training for COI staff and committees to review both individual and institutional disclosures and mitigate or manage FCOIs.

Standardized procedures and mechanisms (e.g., hotline, nonretaliation policy) to report, investigate, and handle noncompliance.

Compliance coordination with other departments and offices across the organization, including, but not limited to: Human Research Protection Programs, Institutional Review Boards (IRBs), Grants and Contracts, Procurement, Foundations, Technology Transfer, Legal, Ventures and Innovations, and Academic and Medical Affairs.

Awareness and Education
Complexities involving both individual and institutional COIs in today’s environment require ongoing education and training efforts to reduce risks to objectivity and integrity in clinical research. Education and training on institutional COI policies can raise investigator awareness of regulatory requirements, enhance conflict identification, and foster better FCOI mitigation or management strategies. Education and training can be facilitated through organization-wide learning management systems or programs that track training and notify investigators prior to expiration.

Centralized Disclosure and Review Using Technology
Use of organization-wide technology, such as web-based platforms and electronic systems, to centrally capture and manage investigator disclosures allow for the following:

Timely disclosure of external interests by investigators, including any updates and real-time review of the information in relation to anticipated or ongoing grants and research activities.

Documenting FCOI review determinations and any other institutional actions.

Easy access and maintenance of records for at least three years from the date of submission of the final PHS expenditure report or where otherwise required.

Cross-referencing other sources of information, such as Open Payments, as part of the review process for any physician researchers.

Coordinating and sharing up-to-date disclosures and FCOI management plans through automated feeds or reports with IRB offices and committees, grants and contracts offices, and any other organizational departments requiring the information.

Facilitating posting and updating of information on a publicly available website or fulfilling written requests within five business days of any public requests regarding FCOIs of senior or key personnel that include the required elements.

Running reports and information to facilitate compliance monitoring and evaluating organizational risks over time.

Effective FCOI Management Strategies
FCOIs in clinical research should be reviewed by the designated official(s) and/or COI committee, and management plans should be developed if they cannot be reduced or eliminated. Management plan strategies should comprehensively cover individual and any institutional conflicts and require certain conditions or restrictions for conducting the research, depending on the nature of the study. These can include, but are not limited to, the following:

Restricting conflicted individuals from participating in certain aspects of the research study, such as recruiting, enrolling, and obtaining consent from research participants; collecting or analyzing data; or assessing adverse events and safety monitoring.

Removing conflicted individuals (including institutional officials) from oversight of the research; lines of reporting tied to the research; or certain individuals involved in the design, conduct, or reporting of the research.

Recusal of conflicted individuals that serve on any institutional research review or other committee when a review is related to the entity or product in which they have a financial interest.

Modifying the research plan to reduce risk of bias resulting from the FCOI, such as randomization or blinding procedures, independent third-party analysis, or validation of results.

Ensuring the research team and research participants can approach an unconflicted individual or a compliance representative for any COI concerns.

For institutional interests, requiring an external IRB review, independent safety monitor/board, or monitoring body.

Employing an independent monitor or data reviewer or requiring independent audits to ensure the design, conduct, and reporting of the research is protected against bias.

Disclosing the FCOI:

To potential research participants by including language in the informed consent form

To collaborators and sponsors

To procurement

In publications and presentations

To any other parties deemed necessary

Compliance Monitoring and Handling of Noncompliance
Institutions are required to establish adequate and appropriate enforcement mechanisms to ensure compliance. This includes ensuring timely disclosure of SFIs and adherence to FCOI management plans by investigators. The following are ways to address these risks:

Develop institutional policies and procedures for escalation of identified noncompliance and any necessary reporting to IRBs, PHS funding agencies, institutional officials or committees, research integrity officers, and any others as required.

Perform regular monitoring of compliance with FCOI management plans. This can be done through regular check-in questionnaires with investigators, audits of research documentation at research sites, comparing publicly available information or publications against FCOI management plans, or requesting regular reports from independent monitors.

Create a tool for retrospective reviews of research that are required within 120 days if an FCOI was not disclosed by the researcher. If the institution determines as a result of the review that there was bias in the design, conduct, or reporting of the research during the noncompliant period, then they need to develop a mitigation report that includes actions taken to eliminate or mitigate the bias. A PHS mitigation report template should be developed that includes all required regulatory elements.

Evaluate and Identify Other Risk Areas
Regularly review COI processes that may touch other departments to detect any information or process gaps requiring improvements or enhanced coordination.

Provide additional education and training to sponsor-investigators holding an investigational new drug application or investigational device exemption, who are required by the FDA to collect information regarding financial interests and report appropriately.

Confirm ongoing review and management of subrecipient investigator FCOIs and any required reporting to PHS by the awardee institution.

Ensure effective measures are taken to manage other types of conflicts that may arise, such as institutional, commitment, role-based, procurement/purchasing, or others. This may require other disclosure and review mechanisms and additional COI management strategies to be applied in the context of the research.

21
Q

What are the possible penalties for Financial Conflicts of Interest in Clinical Research?

A

Noncompliance with PHS regulations by investigators may result in the PHS awarding component imposing special award conditions, suspension of funding, or other enforcement action. Institutional-level sanctions could occur and affect an investigator’s ability to conduct research at the organization. Sanctions can depend on the seriousness and severity of the noncompliance, taking into account the reasons for noncompliance, whether the noncompliance is continuing, and impact to the objectivity and integrity of the research involved and human subject protections. Remedial measures could include retraining, increased monitoring of the investigator’s compliance, or individual disciplinary measures. On a broader level, the impact of noncompliance may result in reputational harm to the institution or researcher and erosion of public trust.

22
Q

What Are Human Research Protections in Clinical Research?

A

Human Research Protections were founded on ethical principles that evolved over time as a result of past atrocities involving humans in research experiments. The Nuremberg Code and the World Medical Association’s Declaration of Helsinki were developed after the World War II Nuremberg trials and established ethical codes such as explicit and voluntary consent from patients and guiding principles for physicians. The Belmont Report was published in 1979 by the National Commission for the Protection of Human Subjects of Biomedical and Behavioral Research and described the basic ethical principles of respect for persons, beneficence, and justice. These principles collectively provided a framework for research ethics that led to today’s regulatory framework designed to protect human research participants.

Today, clinical research requires review by an institutional review board (IRB), which is a committee constituted by a group of individuals that ensures that any proposed research involving human subjects is ethical; adheres to established principles and rules; and has procedures in place to adequately protect the rights, safety, and welfare of humans participating in the research. Informed consent from participants is also a requirement under the regulatory framework. Clinical research is critical to contributing to scientific knowledge and advancing medicine. Over time, clinical research has become more fast-paced and complex as a result of advanced technology and expansion to multiple sites due to increased collaborative research efforts with industry and government agencies.

Healthcare institutions often participate in clinical research due to factors such as ties to research institutes and medical schools, provision of options for patients, and prestige. Institutions may participate in research that is funded internally, by the government, or industry. Externally funded research is governed by contracts and agreements that require adherence to various rules and regulations pertaining to human research protections and other areas of research conduct. Clinical researchers at healthcare institutions are required to navigate through a complex regulatory environment because research regulations add another layer on top of the already highly regulated healthcare environment. Therefore, depending on the complexity and extent of research, appropriate levels of monitoring and oversight of the research should be implemented to ensure compliance with regulations and adequate human subject protections during the research period.

Compliance risks for organizations depend on the nature and scale of the research, institutional oversight and culture, researcher qualifications and experience, populations involved, funding mechanisms, and legal and regulatory requirements that apply. Other factors that may affect human research protections, ethical conduct, or objectivity of the research include those related to academic pressures, researcher or institutional financial conflicts of interest, therapeutic misconception from research participants, community and cultural differences, and adequate resources to support and conduct the research. Thus, it is important to understand compliance risks more holistically when evaluating human research protections and consider both internal and external factors.

23
Q

Risk Area Governance for Human Research Protections in Clinical Research

A

Federal regulations that govern human research protections were promulgated by the Department of Health & Human Services (HHS) and apply to research conducted or supported by HHS.[5] The subparts of the regulation include:

The Common Rule;

Additional protections for pregnant women, human fetuses, and neonates;

Additional protections for prisoners; and

Additional protections for children.

The Common Rule, which is the federal policy for human research protections that defines ethical standards in human subject research, was revised in 2017 with compliance dates of January 19, 2018, and January 20, 2020.

The Office for Human Research Protections (OHRP) within the Office of the Secretary of HHS provides regulatory and compliance oversight and develops policies, guidance, and education for human subject protections. Institutions that are required to comply with federal regulations must promptly report to OHRP “(1) Any unanticipated problems involving risks to human subjects or others; (2) any…serious or continuing noncompliance with [the] regulations or the requirements or determinations of the IRB; or (3) any suspension or termination of IRB approval.”[8] Institutions that receive HHS support for research involving human subjects must also have a Federal-wide Assurance (FWA) or commitment to comply with federal regulations signed by an institutional official and designate an IRB that is registered with OHRP. Institutions may choose to apply Common Rule requirements to all research or just those that are federally funded.

Institutions that operate an IRB must ensure regulatory requirements are met and establish policies and procedures. This includes an appropriate IRB committee constitution and meeting IRB review and approval criteria under the Common Rule. IRB approval criteria include: ensuring that the risks to participants are minimized and reasonable in relation to anticipated benefits, an equitable selection of subjects, ensuring that informed consent is sought from the prospective participant or their legally authorized representative and documented, ensuring that adequate privacy protections are in place to maintain confidentiality of the data, and monitoring the data to ensure subject safety where appropriate. IRBs must also comply with Food and Drug Administration (FDA) regulations.

There are various FDA regulations that apply to clinical research that involves drugs, devices, and biologics. The following are FDA regulatory subparts that are more applicable to human research protections and IRBs:

21 C.F.R. § 50 (Informed consent)[9]

21 C.F.R. § 54 (Financial disclosure by clinical investigators)[10]

21 C.F.R. § 56 (IRBs) [11]

21 C.F.R. § 312 (Investigational new drug application)[12]

21 C.F.R. § 812 (Investigational device exemptions)[13]

FDA-regulated clinical trials must also adhere to good clinical practice (GCP), which is an “international ethical and scientific quality standard for designing, conducting, recording and reporting trials that involve the participation of human subjects.”[14] GCP is a set of international standards that were developed by the International Council for Harmonization of Technical Requirements for Pharmaceuticals for Human Use (ICH) to ensure that the rights, safety, and well-being of human participants in clinical trials are protected in accordance with ethical principles and the data is credible. There are a variety of ICH GCP guidance documents, and the most relevant one to healthcare institutions conducting clinical research is GCP ICH E6 (R2), which was amended to take into account the modern complexities of clinical research and use of electronic records.

Registration of “applicable clinical trials” on ClinicalTrials.gov, including summary results, is required per the FDA Amendments Act of 2007 and final rule. Registration is required for National Institutes of Health (NIH)-funded clinical trials and posting of a consent form is required for any clinical trial conducted or supported by a Common Rule agency. These requirements are part of efforts to provide the public with greater transparency and access to information about clinical research.

Institutions supported by Public Health Service (PHS) funding must comply with other federal regulations. This includes research misconduct regulations that serve to promote the responsible conduct of research. The Office of Research Integrity oversees PHS research integrity–related activities, and institutions are required to submit reports pertaining to research misconduct when certain criteria are met. Research misconduct is defined as “fabrication, falsification, or plagiarism in proposing, performing, or reviewing research, or in reporting research results,” and any such allegations require prompt review by institutions. Other PHS regulations govern financial conflict of interest (FCOI) and aim to promote objectivity in the design, conduct, and reporting of research.

Other federal regulations that pertain to protecting the privacy and security of information may apply to clinical research. The Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security rules govern privacy and security of protected health information (PHI) for institutions that are considered covered entities.[19] Use and disclosure of PHI for research purposes by covered entities can occur through signed HIPAA authorizations (which may be combined with the research consent form) from research participants or waivers or alterations of HIPAA authorization granted by a privacy board or IRB. Covered entities must also implement appropriate administrative, physical, and technical safeguards to ensure the confidentiality, security, and integrity of electronic PHI. Research participant information may also be protected by researchers that have obtained a certificate of confidentiality (CoC) for research funded by HHS agencies (e.g., NIH) that serves to protect the privacy of research participants by prohibiting the disclosure of identifiable, sensitive research information.

Institutions must be aware of any other applicable federal regulations, state and local laws, or funding agency policies that apply to clinical research activities. This will depend on the type of institution that is conducting the research, nature and type of research, funding source, and contract and agreement terms. Special attention should be paid to high-risk or early-phase trials evaluating safety or research involving vulnerable and critically ill populations. Also, international research will require broader evaluation of other human research and data protection rules and regulations specific to the local and cultural context of the locations and populations.

24
Q

What are the common compliance risks for Human Research Protections in Clinical Research?

A

Lack of Effective Organizational Oversight
Organizations that conduct clinical research are responsible for complying with all applicable federal, state, and local requirements as well as contractual agreements, and therefore, must ensure effective oversight. Lack of knowledge regarding the clinical research portfolio (e.g., federally funded, sponsored by industry, investigator initiated), policies and procedures, or institutional-level infrastructure for oversight and monitoring will leave organizations vulnerable to compliance risks.

Not Maintaining Up-to-Date Policies or Education and Training
Up-to-date and accessible institutional policies and procedures should be available to researchers. Education and training should be ongoing and also updated to ensure that they contain relevant information and effectively address risk areas that may arise in the organizational environment. Research investigators should complete research training in accordance with institutional or funding agency requirements.

Investigator Noncompliance
This can occur due to a variety of reasons including lack of training, qualification, or experience, and not having standard operating procedures (SOPs) or adequate supervision of the research. Noncompliance, protocol deviations or violations can potentially affect the integrity of the research data or safety of the research participants.

Inadequate Protections for Research Participants
Protecting the rights, safety, and welfare of research participants are principal tenets of human research protections. Risks to this can occur if research is initiated without IRB review and approval or informed consent is not obtained appropriately from research participants. Risks pertaining to safety and welfare of research participants can occur if adverse events or unanticipated events that represent a risk to subjects or others are not assessed or reported to the IRB and other parties as required (e.g., sponsor, FDA).

Inadequate Protections of Privacy and Confidentiality
Breaches of research information can cause risks to research participant privacy and confidentiality of sensitive information.

Lack of Institutional IRB Compliance and Reporting
Organizations that operate their own IRB committee(s) and receive federal support for research must register their IRB with OHRP and comply with FWA requirements that include reporting serious and continuing noncompliance to OHRP. IRBs that review research involving FDA-regulated products require adherence to FDA regulations and reporting and are subject to routine FDA inspections.

Failure to Comply with FDA Rules
Clinical research involving FDA-regulated products requires adherence to FDA regulations. FDA rules apply to other uses of investigational products for treatment use under expanded access (including emergency use) or emergency use authorizations pathways. Clinical investigators that conduct clinical research involving FDA-regulated products are routinely inspected by the FDA.

Lack of Procedures to Handle Reports of Research Noncompliance
Organizations that do not have a process to handle and investigate such reports may open themselves up to risk. This is an important element of institutional oversight and institutions should have a process to investigate the allegation; if substantiated, ensure they follow any required reporting to federal agencies and institutional officials. Noncompliance or complaints from whistleblowers, research participants, or the public can be submitted to federal agencies such as OHRP that will then take necessary actions to investigate. Institutions will also need to take measures to investigate any allegations and may need to report back to the agency. PHS-supported institutions must have a program in place for reporting and investigating allegations of research misconduct.

Inadequate Compliance Monitoring
Ongoing institutional review of compliance with regulatory and institutional requirements is necessary to quickly identify issues that may affect human research protections, evaluate organizational risks, and inform education and training of researchers.

25
Q

How are compliance risks addressed for Human Research Protections in Clinical Research?

A

Establish Effective Oversight of Clinical Research
Institutions must establish comprehensive oversight for clinical research occurring at the organization, taking into consideration the complexity of the research, involvement of multiple sites or institutions, and use of external or central IRBs. Regulatory, funding, or sponsor requirements must be met, and the rights, safety, and welfare of research participants must be adequately protected. Attention should be paid to the evolution of the research portfolio and researchers over time as new risks may emerge. Considerations for effective institutional oversight include the following:

Institutional Human Research Protection Program Governance
Ensure programs are appropriately structured and include the following elements:

Oversight by a centralized institutional program and administrator with a compliance oversight function that is supported by leadership and operates under organization-wide policies and procedures.

If an institution has an internal IRB, the process for review and approval of human subject research is clear and supported by policies and procedures. Institutions that receive federal support for research must register their IRBs with OHRP and obtain an FWA.

Ensuring that appropriate agreements are in place if using external or central IRBs and external investigators or facilities.

Oversight programs should coordinate with multiple departments throughout the organization. The program can also evaluate any concerns; unanticipated problems; noncompliance issues; or concerns reported internally, from research participants, sponsors or funding agencies, private or government entities, or the public.

Institutional Review of Clinical Research
Reviews should be comprehensive to ensure any federal, state, and institutional requirements are met prior to and during the research. Considerations include:

Establishing a review process that ensures, but is separate from, IRB review and approval. Other regulatory requirements and areas that may directly or indirectly affect human research protections should be reviewed prior to implementation. Examples of other areas include ClinicalTrials.gov registration, financial conflicts of interest disclosure and management, device or electronic system information technology security reviews, export controls, biosafety and radiation safety measures or risk assessments, grant or contracted related requirements, research billing or compensation-related reviews, and international research where other regulations and local rules apply or other areas.

Ensuring that individuals involved in the research have the appropriate qualifications and level of experience and training.

Allocating appropriate staff and resources to perform the work.

Obtaining any necessary facility, ancillary department services (e.g., pharmacy or lab), and local community approvals.

Organizational Standards
Policies and procedures pertaining to clinical research should be easily accessible and available to researchers. They should be updated regularly and include regulatory, local, and institutional requirements. Information about clinical research requirements and reporting should also be included in the code of ethical conduct. Regular education regarding these standards can help enhance awareness and promote overall compliance.

Develop and Provide Ongoing Education and Training
Effective education and training are necessary to reduce the risk of research noncompliance. There should be ongoing education and training efforts on regulations, policies, and best practices, as well as new or emerging topics that are relevant to the clinical research community. An online learning management system can be used to disseminate and track training and education throughout the organization.

Provide Support for FDA-regulated Research or Activities
FDA-regulated activities can be complex and researchers and clinicians at healthcare organizations often require additional support to navigate regulatory requirements. Additional education and training may be necessary to ensure the research is conducted in accordance with FDA rules and GCP.

The following are compliance risk areas.

Investigational New Drug (IND) Applications and Investigational Device Exemptions (IDE)

Certain clinical research studies for both marketed and experimental products may require an IND application or an IDE, preliminary evaluation and review of requirements, and monitoring to ensure compliance.

Sponsor-Investigators
Investigators that hold an IND application or an IDE are also considered sponsors and take on additional responsibilities. They will often need supplementary education and training to ensure they fulfill sponsor responsibilities such as monitoring, safety reporting, and other requirements.

Expanded Access/Compassionate Use and Emergency Use
Investigational (or non-FDA-approved) drugs, biologics, or devices used for treatment of a patient with a serious disease or condition outside of a clinical trial must meet certain criteria. FDA and IRB review and reporting at certain time points are required.

Safety Monitoring and Reporting

Documenting adverse events, reporting any considered serious, and ensuring adherence to the data and safety monitoring plans are key elements to ensuring safety of research participants.

FDA Inspections
The FDA’s Bioresearch Monitoring Program (BIMO) conducts routine and for-cause inspections of clinical investigators and committees that review FDA-regulated research such as IRBs and Radioactive Drug Research Committees (RDRCs). Regular internal reviews should be done to ensure compliance with FDA regulations and prepare for external inspections. Any observations cited by the FDA will require appropriate corrective and preventive actions and an effective response strategy.

Implement a Compliance and Integrity Program
Institutional compliance oversight is necessary not only to ensure that organizational obligations are met and human research participants are adequately protected, but also to guard against more serious issues such as fraud and research misconduct. A comprehensive compliance program for human research protections should encompass the following:

Compliance Oversight
Establish an independent group that performs regular audits and reviews of ongoing clinical research to evaluate compliance of clinical research investigators and IRBs. The group should maintain an independent reporting structure and report to the highest levels of management. Regular risk assessments should be conducted and annual work plans developed that incorporate clinical research reviews.

Routine Compliance Reviews
Establish reviews that are conducted on a routine basis. Reviews can be risk-based to balance resources against research volume and can be comprehensive or focused on a particular area. This allows evaluation of investigator compliance with IRB approvals and reporting, the protocol, any conflict of interest management plans, obtaining informed consent from research participants, drug or device accountability, safety reporting, regulatory documentation, and any other applicable requirements. Higher-risk areas tend to be research:

Conducted by new or inexperienced researchers

Involving interventional procedures or products that have a higher risk profile

In early phase or a complex study

Of FDA-regulated products

Involving sponsor-investigator IND/IDE trials

Involving researchers with prior compliance issues

Involving vulnerable or critically ill populations

Nonretaliatory Reporting
Allow multiple ways to report noncompliance concerns (even anonymously) through a phone or web-based hotline, supported by institutional nonretaliation policies to ensure an open and safe environment.

Noncompliance Investigations and Reporting
Allegations of noncompliance, research misconduct, or complaints from clinical research participants must be investigated promptly and handled in accordance with institutional policies and applicable federal or state rules. Required reporting should be made within the time period based on any federal assurances and grant or contract requirements.

Organizational Communication
Serious or continuing noncompliance and research misconduct will require communication with other departments, such as legal affairs, human resources, risk management, or other groups. Institutional officials, research integrity officers, management, executive leadership, and the board should be appropriately informed of any issues.

Manage Privacy and Security
Healthcare organizations, which are considered covered entities, must pay attention to HIPAA rules and ensure privacy protections, security requirements, and breach reporting are met. International research requires special attention to local privacy and data protections requirements. This requires coordination with privacy boards, privacy officers, and chief information security officers at an organizational level. Clinical research should be incorporated into larger organizational privacy and security risk assessments, policies and procedures, and breach management and reporting. The following are areas to pay attention to:

Privacy Boards for Research
Ensure one is appointed (which can be the IRB) that issues waivers or alterations of HIPAA authorization requirements where appropriate.

Agreements
Appropriate agreements for covered entities should be in place when researchers propose use of certain data sets containing PHI, such as data use agreements, and when working with business associates that provide services that involve creating, receiving, maintaining, or transmitting PHI. This ensures that certain safeguards are in place when handling PHI.

Security of Research Information
Ensure that the appropriate controls and systems are in place to secure research data and ensure confidentiality of the information. This includes controlling access to research information, providing HIPAA-compliant tools and platforms for researchers to use, and ensuring appropriate security controls for research charts and devices where research participant information is stored. This can become more complex with increased use of mobile devices, cloud-based storage, and database applications.

Handling and Reporting Privacy and Security Breaches
Incidents must be investigated promptly and reported in accordance with federal and local requirements. Breaches will require notification to the affected research participants, IRB, institutional officials, the Office for Civil Rights, and any other federal or state agencies.

26
Q

What are the possible penalties for non compliance in Research Protections in Clinical Research?

A

Noncompliance with human research protection requirements by investigators may result in suspension or termination of the research by the reviewing IRB, special conditions imposed by the funding agency or sponsor, citations, or debarment by federal agencies. For example, the FDA will issue an observation or warning letter as a result of an inspection, and for more egregious cases will initiate clinical investigator disqualification proceedings. Depending on the severity, this may mean that they are not eligible to conduct FDA-regulated research, engage in product development activities, or may be restricted from receiving investigational products. PHS will take administrative actions against individuals found to have engaged in research misconduct, including debarment from eligibility to receive federal funding, prohibition from service on PHS advisory committees and grant review panels, supervision by the institution, submission of corrections or retraction of published articles, and other actions.

More serious noncompliance that is fraudulent in nature may result in fines and penalties. Violation of the False Claims Act (which qui tam or whistleblower lawsuits are often brought under) can result in civil and sometimes criminal liability for individuals and institutions. This can also lead to reputational harm for the institution or researcher and loss of public trust. Serious or systemic issues at organizations with an FWA could also lead to a halt of all research (or those that are federally funded) occurring at an institution.

Institutional-level sanctions may include limiting an investigator’s ability to conduct research at the organization. The type of sanctions will depend on the seriousness and severity of the noncompliance, taking into account the reasons for noncompliance, whether it is continuing noncompliance, and the impact to research integrity and research participants. Remedial measures can include retraining, increased monitoring of the investigator’s research, or disciplinary measures on the individual level.

27
Q

What Is the Medicare Clinical Trial Policy?

A

Clinical trial billing is one of the highest priorities for research sites that are doing therapeutic trials. This process is defined as a review of all documentation to create a coverage analysis to validate what can be billed out to commercial and government payers on a claim. It includes the coverage analysis with a convergence of documentation within the budget, contract, and consent. After a patient is identified as one who has consented to a particular study, tracking that patient throughout the life cycle of the study to ensure proper billing within the clinical trial policy and rules is best practice.

The clinical trial policy was enacted by President Bill Clinton in October 2000 to enable seniors to have more opportunity to participate in clinical trials. Information gained from important clinical trials is used to inform coverage decisions, so Medicare was instructed to revise rules to expand benefits for qualifying clinical trials.

The types of trials that are of highest importance for compliance are the investigational device exemption (IDE); drug; and coverage with evidence development (CED) studies. The role of the Medicare’s National Coverage Determination (NCD) and how it affects a site varies among different institutions. Because of the variety of tasks and responsibilities related to the clinical trial billing process, institutions often need several specialized individuals to maintain all aspects of compliance in billing Medicare and other types of health insurance. Establishing a billing compliance program takes not only expertise in the Centers for Medicare & Medicaid Services’ (CMS) National Coverage Determination for Routine Costs in Clinical Trials (NCD 310.1), but also a significant commitment.[3] Finding expertise in this area can be extremely difficult. The breadth of employees who are involved in the process reach across an institution or site. It will include a principal investigator and research team, the finance staff, and coding department.

Formulations of how this work is performed at each site are based on the electronic medical record, physician–investigator relationship to the site and practice group ownership, a clinical trials management system, the institutional review board’s views on identifying costs to patients, and the varying risk profile of the research portfolio. Staff must dedicate significant focus to billing compliance: by not having a solid program, a site can have true risks. By not having an effective program fully implemented, those risk increase. The roles and responsibilities defined by the U.S. Department of Justice Criminal Division’s Evaluation of Corporate Compliance Programs in June 2020 should be configured by solid policies, procedures, and defined responsibilities of the compliance team.

NCD 310.1 is an established policy that even after 20 years can be difficult to absorb. In order to cover conventional care, and the expanded benefits to monitor and prevent toxicities, one must understand the type of trial that is being done. Sites must designate who will perform the qualifying status and billing nature of the tests and procedures on the schedule of events in a clinical trial protocol. It takes careful review to ensure that all of the items eligible for billing Medicare and commercial insurance are correct and validated. This tedious process is called a coverage analysis. Within the study calendar, the items must be itemized as they will show up on a claim for justification of billing. Reviewing published evidence-based guidelines provides direction on the billing process before the study starts and helps ensure compliant billing once patients are enrolled.

The risk of not providing a coverage analysis and review can lead to liability under the False Claims Act. These risks were brought to national attention when Rush University Medical Center entered into a million-dollar settlement agreement with the Department of Justice in 2005 for clinical trial billing errors in cancer research. This included overpayments related solely to the NCD 310.1. Rush’s settlement with the federal government was the first to focus on a clinical trial policy.[6] The potential for noncompliant billing in clinical research became noticeable for sites across the country after the Rush settlement. Many sites began conducting more intense evaluations of qualifying status and determining routine costs. The risks of vague budgets without coverage analysis guidance became more evident as auditing moved forward. The coverage analysis became a powerful, necessary tool. Recognizing the application of NCD 310.1 to research studies as a priority in the study start-up process has become increasingly more important throughout the last 20 years.

28
Q

Risk Area Governance Medicare Clinical Trial Policy?

A

False Claims Act, 31 U.S.C. §§ 3729–3733
To mitigate the risk of billing errors, sites need to be aware of the laws that govern clinical trial billing and the False Claims Act. The False Claims Act basically states that if an individual or group knowingly submits a false claim for payment of government funds, they are liable for up to three times the government’s damages plus civil penalties. Although the False Claims Act uses the term “knowingly,” proof of specific intent to defraud is not required.[7] A coverage analysis is the source of truth for billing to all payers and will help in mitigating billing issues if errors occur.

Centers for Medicare & Medicaid Services
Centers for Medicare & Medicaid Services, “National Coverage Determination (NCD) for Routine Costs in Clinical Trials (310.1),” transmittal, July 2007

Centers for Medicare & Medicaid Services, “Clarification of Medicare Payment for Routine Costs in a Clinical Trial,” MLN Matters, SE0822 Revised, May 16, 2018

Centers for Medicare & Medicaid Services, “Chapter 15: Covered Medical and Other Health Services,” Medicare Benefit Policy Manual, Pub. 100-02, revised July 12, 2019

Centers for Medicare & Medicaid Services, “Chapter 14: Medical Devices,” Medicare Benefit Policy Manual, Pub. 100-02, revised November 6, 2014

Centers for Medicare & Medicaid Services, “Chapter 32: Billing Requirements for Special Services,” Medicare Claims Processing Manual, Pub. 100-04, revised July 21, 2020

The clinical trial policy, or NCD 310.1, is the indication of the terms and conditions for coverage. Effective for items and services furnished on or after July 9, 2007, Medicare covers the routine costs of qualifying clinical trials, which are defined in NCD 310.1, as well as reasonable and necessary items and services (such as a physical exam on day one of a treatment cycle for a patient with cancer, or a glucose lab for a patient with diabetes) used to diagnose and treat complications arising from participation in all clinical trials. It is important to remember that all other Medicare rules apply and that NCD 310.1 does not stand alone among Medicare rules. CMS has many billing guidance documents that guide billing for IDE, drug, and CED trials. The coverage requirements for routine costs of qualifying clinical trial services and how to submit claims lie within the various manuals.

Medical Services Coverage Decisions That Relate to Healthcare Technology, 42 C.F.R. §§ 405.201–405.215, 411 .15, and 411.406 (for device trials)
Device trial coverage rules lie within the Code of Federal Regulations in 42 C.F.R. §§ 405.201–405.215, 411 .15, and 411.406 and are partially dependent upon action by the Food and Drug Administration (FDA).[8] The FDA provides the category status for devices under an IDE of either a Category A (experimental) or Category B (nonexperimental/investigational) study. Understanding the FDA categorization of an IDE device is necessary to know how to bill not only the investigational device, but also the likelihood of CMS approval of the study for billing. CMS must approve billing for an IDE study, which is notated on the approved IDE trial website ClinicalTrials.gov, which is maintained by CMS.

29
Q

What are the common compliance risks for Medicare Clinical Trial Policy?

A

Billing for an Item or Service that a Sponsor or Grant Has Paid for or Funded
If a sponsor provides a payment in a budget for a service, you cannot submit that item or service on a claim or you may have double billed.

Billing for an Item that is Being Performed for Research Only
Validating all research-related items or services that do not meet the guidelines and identifying them as paid by the sponsor or as a patient liability is important to ensure that you do not bill inappropriately or violate the False Claims Act.

Billing for an Item or Service that is Promised “Free” in the Informed Consent Form
Billing for an item or service that has been identified to a patient in a consent form as “free” or “at no cost” must be provided and not charged to their payer or you may violate the False Claims Act.

Billing Medicare Advantage Plans for an Item or Service that Should Be Billed to and Paid for by the Medicare Administrative Contractor
Medicare has rules surrounding billing drug trials to regular Medicare, while Medicare Advantage plans should cover IDE approved studies. Knowing the particular payer is recommended.

Unknowing Stakeholders Who Can Displace the Process by Not Following Billing Rules in Ordering and Documentation in the Medical Record
The removal of codes, modifiers, national clinical trial number, or an IDE number is sometimes found when coding teams are not provided adequate information on clinical trial billing and coverage analysis.

Allowing Principal Investigators to Assert Standard of Care Services as the Same as Routine Costs in a Qualifying Trial and Not Validating the Billing Status of Protocol Events with a Coverage Analysis
“Standard of care” is not a term that Medicare uses. It covers routine costs in a qualifying trial and items and services that are medically necessary to diagnose or treat illness or injury.

Not Knowing All of the Study Portfolio Occurring and Not Managing All Study-related Activity from a Billing Compliance Perspective
The possibility that research is ongoing in a facility can lead to unknown claims being submitted without the rigorous review against the coverage analysis. This can lead to improper billing to all payers.

30
Q

How are compliance risks addressed for Medicare Clinical Trial Policy?

A

Billing for an Item or Service that a Sponsor or Grant has Paid for or Funded
Perform a coverage analysis and ensure that the budget and contract are consistent with it. Then, once a service is performed, ensure that the charges are segregated appropriately against the coverage analysis.

Billing for an Item that is Being Performed for Research Only
Identify services by reviewing the protocol for all items and services being done within the trial that are research driven while removing them from the claim consistent with the coverage analysis.

Billing for an Item or Service that is Promised “Free” in the Informed Consent Form
Understand the “Expected Cost” section of the consent when the patient is consented. Confirm that anything promised at no cost is not submitted on a claim or sent to a patient for payment.

Billing Medicare Advantage Plans for an Item or Service that Should Be Billed to and Paid for by Medicare Fee-For-Service
Recognize a clinical trial patient’s payer. If the patient is enrolled in a Medicare Advantage plan, ensure that the routine costs of the clinical trial services are diverted to the site’s regular Medicare administrative contractor for payment when they are participating in a drug clinical trial. Bill any remaining amount after Medicare pays to the Medicare Advantage plan to make the patient “whole.”

Unknowing Stakeholders Who Can Displace the Process by Not Following Billing Rules in Ordering and Documentation in the Medical Record
Conduct compliance training on the clinical trial billing process. Training is the only method for ensuring that all stakeholders are aware of the clinical trial billing process. From the principal investigator to the coder who releases a claim, all must understand and appreciate the correct billing process, which helps avoid errors in an intended workflow.

Allowing Principal Investigators to Assert Standard of Care Services as the Same as Routine Costs in a Qualifying Trial and Not Validating the Protocol with a Coverage Analysis
Principal investigators should be a part of the billing process. They should provide input and approve the coverage analysis as a commitment to bill all subjects consistently. By permitting them to just provide what they feel is standard of care does not guarantee that what they order is billable within the guidelines or coverage decisions. The only sure method to validate the items in a study is to do a thorough coverage analysis. Inappropriately billing Medicare for items or services in a clinical trial that are ineligible for coverage might constitute a false claim if the claim should not have been submitted in the first place.

Not Knowing All of the Study Portfolio Occurring and Not Managing All Study-related Activity from a Billing Compliance Perspective
Have a complete itemized list of ongoing studies at the site. If a site does not have a complete itemized list of the studies ongoing at a site, then it does not have the capability to safeguard all claims to be placed in a “hold” status or a work queue for the appropriate codes and modifiers to be added. This also warrants that the proper payer is billed for each encounter.

31
Q

What are the potential penalties for Medicare Clinical Trial Policy?

A

The potential penalties for noncompliance with the Medicare clinical trial policy can be significant.

National Coverage Determination (NCD) for Routine Costs in Clinical Trials (310.1)
If a site does not follow the NCD 310.1, errors in billing to Medicare can occur, which may violate the False Claims Act. Those items include:

Billing for the investigational item or service itself if it is not covered outside the study;

Items and services provided solely to satisfy data collection;

Items and services that are not used in the direct clinical management of the patient (e.g., monthly CT scans for a condition usually requiring only a single scan every six months); and,

Items and services customarily provided by the research sponsors free-of-charge for any enrollee in the trial.

While there is no single correct way to develop process compliance controls to meet federal clinical trials billing regulations around Medicare, standardization of the entire billing process is key. Establishing standards around a comprehensive clinical trial billing compliance program will help mitigate billing non-compliance risks. The risks of not complying with federal clinical trial billing regulations can lead to research suspension, fines, and/or the imposition of corporate integrity agreements.

False Claims Act
The False Claims Act prohibits filing or causing the filing of false claims or creating a false record to get a claim paid.[13] The core of a false claims case is that the government was cheated in one form or another—hence the false claim. This is typically due to double-billing or improper billing in a clinical research study.

The benefits of self-disclosure (e.g., a speedy resolution, lower multiplier, and an exclusion release without integrity agreement obligations) depend on the disclosing party’s willingness to work cooperatively with the Office of the Inspector General (OIG) throughout the process.[14] Depending on the facts, OIG “believe[s] that individuals or entities that use the SDP [self-disclosure protocol] and cooperate with OIG during the SDP process deserve to pay a lower multiplier on single damages.” OIG will attempt to process the issue faster due to streamlined processes and turnaround times.[15]

The False Claims Act is a punitive statute enforced by the Department of Justice and qui tam relators. For civil violations, its penalties provision authorizes fines of three times the amount the government paid for each false claim, plus an additional penalty of up to $11,000 per false claim.

32
Q

What Is Research Misconduct in Clinical Research?

A

Research misconduct (sometimes called scientific misconduct) is one of several behaviors related to research activities that are generally considered to be unethical or dishonest. Most people learn early in life that these behaviors are unacceptable. Nevertheless, rules exist to draw a distinct line separating allowable research behavior from research misconduct.

Research misconduct is limited to the following three behaviors: (1) fabrication, (2) falsification, and (3) plagiarism. There are many other unethical or incorrect behaviors that a researcher may engage in, such as noncompliance with research protocols or failing to disclose a significant financial interest with a research sponsor. These and many other fraudulent behaviors, however, are dealt with through other regulatory or administrative mechanisms.

There are any number of reasons why research misconduct might occur, but some of the most common motivators are pressure to publish or the desire for professional recognition or money. Another reason for misconduct may come from failures at the site level, such as lack of resources, staff turnover, lack of training, or absence of policies and procedures that should be in place to protect both the institution and the researchers.

It is important to remember that research misconduct is narrowly defined. It does not include honest differences of opinion among scientists, inadvertent errors, or disputes about the order of appearance in a list of authors’ names. Likewise, the use of sloppy research techniques or suboptimal record keeping, even the republishing of an author’s original or collaborative work (so-called “self-plagiarism”), are not considered instances of research misconduct. These activities, however, do represent inappropriate and sometimes unethical behavior, and institutions may choose to develop policies or procedures that address these behaviors, although they are not under the purview of the federal Office of Research Integrity (ORI).[3]

The ORI oversees and directs research integrity activities of the U.S. Public Health Service (PHS) on behalf of the Secretary of the U.S. Department of Health & Human Services (HHS), with the one exception: the regulatory research integrity activities of the U.S. Food and Drug Administration (FDA). Organizationally, the ORI is located within the Office of the Assistant Secretary for Health (OASH), which is in Office of the Secretary of Health and Human Services (OS) in HHS.[4] According to its website,

33
Q

What are the three specific behaviors of research misconduct?

A

Fabrication is making up data or results and, subsequently, recording or reporting them. Fabrication is perhaps the most serious form of research misconduct because it is outright deception—the results are conjured up from the deceiver’s imagination. It is science fiction posing as fact because the empirical work from which results have been reported either (1) was never conducted or (2) bore out results that were contrary to and replaced by those reported.

Falsification is manipulating research materials, equipment, or processes, or changing or omitting data or results such that the research is not accurately represented in the research record. Falsification is similar to fabrication inasmuch as it is a form of deliberate deception, but different in its magnitude and often its subtlety. For example, a study that yields merely promising results can be made to look like a major breakthrough by selectively removing data points that are not consistent with the desired outcome—an act of falsification.

Plagiarism is the appropriation of another person’s ideas, processes, results, or words without giving appropriate credit. Plagiarism differs from fabrication or falsification in that results or reports may be entirely accurate and true, except for the matter of who actually did the work. Plagiarism is a deception and more; the plagiarist commits a form of theft by taking credit for the work of others.

34
Q

A finding of research misconduct requires that:

A

A significant departure from accepted practices of the relevant research community occurred;

The misconduct was committed intentionally, knowingly, or recklessly; and

The allegation be proven by a preponderance of the evidence

35
Q

Risk Area Governance for Research Misconduct:

A

This article focuses on standards codified in HHS from 42 C.F.R. § 93, which details PHS Policies on Research Misconduct, and the National Science Foundation (NSF) regulation of 45 C.F.R. § 689, which explains Policies on Scientific Misconduct. Note that the ORI is responsible for oversight of misconduct for PHS agencies, including the National Institutes of Health (NIH). [7][8] The NSF Office of Inspector General is responsible for NSF-funded research.[9] The Department of Justice (DOJ) and the FDA may also investigate research misconduct related to research supported or funded by those agencies.

Institutions that seek PHS funding are required to have an assurance certifying that the institution has (1) policies and procedures to manage allegations of research misconduct and (2) a designated RIO to implement and manage the process.[10] Prior to 1996, this process required an “initial assurance” form; however, as of 1996, the act of signing the face page of a grant application constitutes a deemed assurance. It is important to note that compliance with these regulations is required when an application for funding is submitted and is not contingent upon receiving funding.[11] There also is an annual reporting requirement that describes any allegations and how they were managed in the previous year.

36
Q

What are the common compliance risks for research misconduct?

A

Treating Allegations Properly
Allegations of research misconduct generally fall into one of three categories: (1) good-faith allegations raised by individuals who have credible evidence for research misconduct; (2) good-faith allegations made by individuals who may be confusing honest disagreement or sloppy research practices with actual misconduct; or (3) allegations not made in good faith. [12] The last is very difficult to prove, therefore, the best practice is to treat all allegations as though they were brought in good faith.

Having Policies and Procedures
Not having policies and procedures in place can put an institution’s PHS funding at risk and create an environment ripe for noncompliance. Each institution that seeks PHS funding should have written policies and procedures to handle allegations of research misconduct that are consistent with the federal regulations. The ORI has published a model policy that can be accessed on its website.[13] The sample policy and procedures can be tailored to fit any research institution to outline the process that it will undertake when an allegation of research misconduct arises. The sample policy and procedures also define the individual roles involved in the handling of research misconduct.

Having the Proper Officials Assigned
Institutions must have individuals assigned to investigate allegations of research misconduct to fulfill part of the ORI’s requirement to have policies and procedures in place to conduct an inquiry and, if needed, an investigation of the allegation. In an investigation, the complainant is the person who brings forward the allegation of research misconduct. The respondent is the person accused of the misconduct. The RIO is the institutional official assigned the responsibility for carrying out the process described herein for the handling of allegations of research misconduct. The deciding official (DO) is the institutional official who makes the final determination on the allegation. The RIO and the DO should be two different individuals, because the RIO is responsible for carrying out the procedures involving the inquiry and investigation of the allegation of research misconduct and the DO, who is a higher-level official, is able to review the outcomes of both the inquiry and investigation and make a decision based on the facts alone.

Determining the Credibility of an Allegation
Not all allegations are credible, and the RIO needs to perform due diligence to determine which allegations should be pursued. The pursuit of a false one could be quite costly to the institution and the researcher alike. Such inquiries and investigations have the potential to damage careers and reputations, and neither should be taken lightly. Once an institution receives an allegation of research misconduct, it must first determine whether the allegation is sufficiently credible and specific so that evidence of the misconduct can be identified. If so, the RIO should initiate an official Inquiry and designate an Inquiry Committee. The Inquiry Committee reviews available evidence to determine whether an official Investigation is warranted and then prepares a report for the DO. The DO makes the final determination on whether a formal investigation will be conducted.[14]

If the inquiry advances to the investigation stage, a formal examination is conducted and a factual record is created that will result in a determination (1) not to make a finding of research misconduct or (2) to recommend for a finding of research misconduct that may include other administrative actions. The investigation ends when an Investigation Report is provided to the DO, who then decides what administrative action(s) to take.[15] There are specific points throughout this process at which the institution is obligated to report its activities and findings to the ORI.

37
Q

How are compliance risks of research misconduct addressed?

A

It is important that the research compliance program has in place an adequate program to monitor and address research misconduct—and that it trains the research community on this process. This should be part of the ongoing training program, along with an annual review of the process to determine whether any revisions to the established policies and procedures are required. Once a legitimate allegation of research misconduct is found and the institution decides to investigate, the RIO and DO must ensure they take the following actions.

Maintain Complainant Confidentiality and Ensure No Retaliation
An institution is obligated to take reasonable efforts to keep the identity of the complainant confidential; however, this may not always be practical, depending upon the setting and circumstances. It is equally important to protect the complainant from retaliation. Once the respondent is made aware of the inquiry, the RIO should discuss the institution’s policy against retaliation with the respondent as well as any others who are involved, particularly those who are more senior in their roles than the complainant. This policy should reflect a zero-tolerance standard regarding retaliation.

Preserve Respondent’s Reputation
The institution also has an obligation to preserve the reputation of the respondent throughout the process and ensure that information about the case is shared only with those who have a need to know. Reputations can be damaged for years as a result of an investigation, even when the allegation is ultimately determined not to be research misconduct.[16] Therefore, the inquiry and investigation should be carried out with utmost care in preserving the confidentiality of both the complainant and respondent.

Adhere to ORI Timelines
Specific timelines exist for the inquiry and investigation phases, as well as for reporting to the ORI. This is important, not only from a regulatory perspective, but also from a fairness perspective. Wrapping up the inquiry and investigation in a timely manner will go a long way to protecting the confidentiality of the process, as well as protecting the identity of the complainant and the reputation of the respondent. The inquiry should be completed within 60 calendar days of its initiation, unless extended by the RIO in writing (up to an additional 60 days). The inquiry ends when the Inquiry Report is complete and the DO has decided whether or not to move forward with an investigation. If the DO decides to move forward with an investigation, the RIO must notify the ORI within 30 days of the completion of the inquiry. The investigation must also begin within those 30 days. The investigation, Investigation Report, and submission to ORI must be completed within 120 days. Any additional extensions must be requested from and granted by ORI.[17][18]

Form an Impartial Committee
Assembling an impartial committee can be a difficult task. No members of the Inquiry or Investigation Committee should have any personal, financial, or professional biases toward the respondent or the complainant.[19] The members should be acceptable to both sides and may be from within or outside of the institution.

Conduct and Transcribe Interviews
Conducting interviews can also present a challenge. Some interviewees, particularly the respondent, may request to have legal counsel present for the interviews. Since the interviews are not legal proceedings, the institution has no obligation to address counsel or permit that person to participate in the interview. Transcripts of the interviews should be provided to the interviewee(s) so that they may offer any corrections to the record or provide additional information. Transcripts are part of the official record and will also be submitted to the ORI as part of the Investigation Report.[20]

Manage and Sequester Documentation
Sequestering records and materials should start when the decision is made to move forward with an inquiry. The information being sequestered is important for determining whether or not the allegation has a basis in fact and, therefore, should be secured and chain of custody recorded and maintained. At this stage, there is a risk of breaching confidentiality as the physical process of collecting and sequestering documents and materials can be difficult, especially when there is a research team working with the respondent who will have questions and who will need access to some or all of the sequestered documents or materials to continue their work. The RIO will have to determine the best way to protect the documents and materials, while allowing sufficient access to the research team.[21] Record keeping will need to be complete, up to date, and kept in a secure chain of command. Most institutions allow the respondent and complainant a brief period to comment on the draft reports before they are finalized and submitted to the ORI.

Respond Appropriately to ORI Review and Findings
Once the ORI receives a report, it will examine the information to determine whether the institution’s findings are defensible, supported by evidence, and an acceptable outcome of the inquiry and investigation. During its review, the ORI may determine it agrees with the institution’s report; request additional information; initiate its own review of the allegation; or refer the case to the HHS Office of Inspector General for further investigation. At the end of its review, the ORI will send a copy of the report to the institution and request that the institution directly notify the respondent and whistleblower of the outcome of the investigation. If a finding of research misconduct is made, the ORI may negotiate with the respondent a voluntary exclusion agreement (VEA) in which the respondent accepts the imposition of PHS administrative actions, or, if no agreement is reached, then the ORI makes a finding of research misconduct and recommends to the Assistant Secretary for Health the imposition of administrative actions or submits a charge letter to the HHS Departmental Appeals Board.

38
Q

What are the possible penalties for research misconduct?

A

Possible penalties for research misconduct are divided into three groups and range from minimal restrictions (Group I) to the most severe and restrictive (Group III). The possible penalties listed in the regulations are not exhaustive and do not include possible criminal or other administrative sanctions. Here are some examples of the penalties that may be directed to an individual or an institution within each of the three groups.

Group I penalties include a letter of reprimand to the individual or institution; a condition of an award that for a specified period an individual or institution must obtain special prior approval from NSF for particular activities; or a requirement that, for a specified period, an institutional official other than those guilty of misconduct certify the accuracy of reports generated under an award or provide assurance of compliance with particular policies, regulations, guidelines, or special terms and conditions.

Group II penalties include total or partial suspension of an active award or restriction of designated activities or expenditures under an active award for a specified period. All requests for funding from an affected individual or institution will require special reviews for a specified period to ensure that steps have been taken to prevent repetition of the misconduct—or will require a correction to the research record.

Group III penalties include terminating an active award; prohibiting an individual from participating as an NSF reviewer, advisor, or consultant for a specified period; or debarring or suspending an individual or institution from participation in federal programs for a specified period, after further proceedings under applicable regulations.

Factors that should be considered when determining the appropriate actions to be taken include the seriousness of the misconduct; the degree to which the misconduct was knowing, intentional, or reckless; whether it was an isolated event or part of a pattern; whether it had a significant impact on the research record, research subjects, other researchers, institutions, or the public welfare; and other relevant circumstances.

Interim actions that may be taken include, but are not limited to, totally or partially suspending an existing award; suspending eligibility for federal awards in accordance with debarment-and-suspension regulations; proscribing or restricting particular research activities, as, for example, to protect human or animal subjects; requiring special certifications, assurances, or other, administrative arrangements to ensure compliance with applicable regulations or terms of the award; requiring more prior approvals by the NSF; deferring funding action on continuing grant increments; deferring a pending award; or restricting or suspending participation as an NSF reviewer, advisor, or consultant. For cases governed by the debarment and suspension regulations, the standards of proof in the regulations shall control. Otherwise, NSF will take no final action under this section without a finding of misconduct supported by a preponderance of the relevant evidence.

Certified Healthcare Compliance Exam (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions