KPMG Resources from Pharmaceutical Compliance Conference (PCC) 2023

04.26.2023 - 04.26.2023

Apr
26

Using Data, Analytics, and Industry Learnings to Enhance Auditing and Monitoring across your Patient Support Programs (PSPs)

Video Transcript

Sameer Singh:

Welcome to the Patient Programs, Monitoring & Oversight panel discussion. Hopefully, everyone's in the right place. This topic of patient programs comes up quite a bit at this conference. I've attended quite a few over the last few years. There's just no shortage of compliance risks as it relates to these programs. And the programs within this category are just extremely relevant, with whether you're talking about how programs, free drug programs, copay programs, we just continue to see a lot of investment in this area, a lot of focus. And if you're Compliance, you're probably getting a lot of questions, too.

The goal this session is to get everyone thinking about how to monitor these programs and be a little bit more innovative about it and just brainstorming about new ways to use data in overseeing these programs. We'll have some interesting use cases with our panelists and hopefully we'll get a good discussion among us and you all, too, time permitting. So, with that, I will introduce myself and turn it over to our panelists.

My name is Sameer Singh. I'm a director at KPMG. I sit in our Life Sciences Advisory Risk & Compliance practice. I'm based out of New York. I'm an attorney by background, but then with a firm on the consulting side since 2015. My primary compliance focus at the firm has been on pharma commercial activities, mainly ACP engagement and patient services. I speak for the three of us that the statements that we make are our own, not representative of our employers. Did I get that right, Quinton?

Quinton Kinne:

That sounds good, yes.

Sameer Singh:

Good. So with that, happy to be here, and I will turn it over to Quinton to introduce himself.

Quinton Kinne:

All right. Thank you. My name's Quinton Kinne and I work for Johnson & Johnson. I am with the Patient Engagement & Customer Solutions group. I'm currently in a commercial organization of the company, but prior to that I spent roughly 12 years in Compliance, ranging from investigations to healthcare compliance officer, and then regulatory compliance. I've been with the company for about 16 years now and I am in charge of the monitoring of our copay and coupon programs at Johnson & Johnson.

Jordan Seiferas:

Hi, everybody. I'm Jordan Seiferas. I'm the Managing Director at KPMG's Advanced Analytics & AI practice. I've been with KPMG now for about 15 years, and spent the first half of my career in the compliance space, as well, with our friends in [inaudible 00:02:26], that Sameer is in now, before moving into this Advanced Analytics group to try to introduce some of these more innovative or data analytics forward approaches to monitoring the patients' support space and other areas within life sciences. So really looking forward to the conversation here. Thank you everybody for coming. This is the most well-attended I think I've seen so far, if I want to pump up the attendance a little.

Sameer Singh:

Yeah, 2:15's hard to talk about data analytics. Is this working here? Good. So I'll advance the slide. All right. Just to level set on the topic of patient programs and just give the what and why before we get into the monitoring of these programs. We're broadly talking about manufacturer-sponsored programs.

And this is different from anything that might be operated by an individual organization, a charity. A different topic all together. But we're broadly talking about patient-focused programs, including health programs or patient assistance programs, commercial copay programs. This also includes enhanced services that you might contract directly with specialty pharmacies. You could even bucket it in any other educational programs, adherence programs, clinical support, bridge programs, as well.

I recognize that these programs are all really different. They have their own regulatory guidance, their own risk. Other considerations I won't get into, but the common theme and why we're bringing this together is that these are all programs designed to advance patient access in some way. This could be by addressing affordability or just reducing paperwork and other administrative burdens that are associated with just getting out product.

And patient programs just take many different shapes and forms, but you'll see here what a typical patient journey could look like. You just have many different types of services, you have many different programs. You could even have many types of vendors, all working hand-in-hand throughout this patient journey. And it starts from the time a patient is prescribed a product, through the time they get on the product, eventually, and even support provided after they're well into therapy. So you'll see services related to verifying benefits, calling patients and doctors, helping patients with their prior authorization forms and appeals. I guess helping doctors, too. Triaging patients, too, assistance programs, also offering product educational services, adherence services that I just spoke about.

And also, depending on the product profile, too, you'll have different types of services, so depending on that product, they might require infusion setup coordination, so they'll have services related to that. There might be services related to first-dose observations. So you'll see services really tailored to the needs of the patient for that therapy. And no matter the risks of the service, the general theme, I guess the risk theme, in a way, is that these programs embed the manufacturer into that patient's provider/payer dynamic. And this is a silly graphic that's more of a caricature of the perceived risk associated with these services.

But you just think about the nature of the services that I just described. You just often have these direct interactions with doctors and patients and you're trying to get patients on therapy and you're coordinating between them, their insurance company, probably their pharmacies, too, and there's just a lot of hand-holding along the way. So you just have these built-in inherent risks associated with these programs, just based on where the manufacturer's kind of positioned itself. Which is, in my opinion, just coming from a compliance point of view, it's a very vulnerable position for the manufacturer, just through these service. These services are necessary. It's addressing a good intent, getting patients on product, but the risks are there.

And with the risks, I don't want to get too further into the details. I do want us to focus on the monitoring and oversight, but just at a high level, there's potential for substantial independant value that's being provided to doctors as it relates to providing those patients' what services. Just through the sheer convenience that some of these services might be providing doctors, you really, sometimes, just depending on what the service is, you're off-setting a lot of the doctors' time. Some of these services might entail helping doctors fill out forms, submit forms, and that takes away some of their time and resources, which is a good thing for them, but how much is that substantial independant value that might be crossing over into major risk.

Another risk is potential dissemination of off-label information, or any other approved communications. Again, you have very direct interactions through your agents, to doctors and patients, so there's a lot of room for that to go off the rails. Hopefully it doesn't, but hopefully you have the controls in place. Also, in the copay program context, government beneficiaries being allowed into or enrolling and receiving benefits through those programs, that's a risk. Or also pharmacies defrauding copay programs, which we'll get into, which is a unique problem but we'll get into some case studies there.

There also might be inappropriate triaging of prescriptions to pharmacies for commercial advantageous reasons. There's also potential of interfering with medical decisions and lack of patient privacy controls, HIPPA issues. I could go on. But just think about, again, that graphic that I had before, where the manufacturer's just putting himself in that position where things could go wrong. Hopefully it doesn't, but it's just by nature of the services being provided.

So with all that in mind, I really want to focus on the oversight and monitoring of these programs. And as you can see from this graphic here, your company might already have a lot of eyes and attention on these programs, Compliance just being one part of your overall assurance apparatus that you might have at your company. So in addition to compliance, you might have internal audit, you have quality, you have brand teams, you have some sort of first-line monitoring by brand teams and commercial teams. You also have vendors who are contracted to admit a lot of these services there. They have their own controls and oversight.

So there's a lot of eyes and attention and, Quinton, this is why I actually want to bring you in. You sit in a really unique group at Johnson & Johnson, that might not fit so neatly within this diagram. But it would be great if you could provide everyone with an overview of your specific group at Johnson & Johnson and how it's tasked with overseeing these particular programs.

Quinton Kinne:

Sure. So our group at Johnson & Johnson, or Janssen, was really put together to act as a center of excellence for these suppliers that run programs or that help us with programs that engage with the customers or patients. It was really seen as a high-risk area because of those outward-facing relationships. And prior to our group being in place, these programs were managed at a therapeutic or brand level, so they were really siloed. And they were being run by people, maybe marketing people, people who that's not really their job to manage suppliers.

And so it was really Compliance and Legal who saw an opportunity where we could really improve, or lessen, mitigate the risk that these programs create, or just inherent with them. And so this group was created. And actually, when it was created, at the time I was a compliance officer and I felt how different it was where you would see different individuals running these programs, and the difference in quality that you would get access those individuals. And having this centralized really helped get more consistent and manage the supplies. And also make sure that they were really... not just that we could get these programs approved and put into place, but then once they're in place, that they're actually run the way that they were intended to be run, the way that the originators wanted it, the way that our legal, compliance, privacy partners want it to be run. And then also so that we can monitor the programs, as they would carry on throughout their whole lifecycle, all the way to sunsetting them at the end, if that is what would happen.

Sameer Singh:

Great. And I think we would all agree that the more eyes on these programs, the better, especially given the risks that I just spoke about. But really, to maximize the effectiveness of a setup like this, you want to make sure you have very deliberate coordination and information sharing across great board. And, Quinton, I just know by working with your team, that that coordination is happening. It's not always easy. I know all these assurance functions and governing functions, they have their own mandate, their own review lens, so it would be good to know how your team is actually trying to, and coordinating with these teams and information sharing as much as you can.

Quinton Kinne:

Sure, sure. Yeah. We're constantly evolving. We are making the changes as we see better improvements. But we know bring in, and we have dedicated Compliance and Legal partners, where we bring them in from ideation to concept review to implementation, and then also throughout the lifecycle of the program, we engage with them through these quarterly or bi-annual meetings to discuss. And we also have weekly meetings where we could bring up any issues. And then when we would have to work with the audit teams, we coordinate with the other groups that do audits, as well.

And now our group is a commercial organization so our audits cannot necessarily supplement any of the other audits. But we can coordinate with them so that way we're not overlapping or duplicating efforts, to try to make it a little bit easier on the supplier, because if you're a large supplier, we could hit you with four different audits in one year, and that can be really painful for that relationship.

Sameer Singh:

Yeah, just by show of hands, everyone, clients and other industry professionals that we talk to, has anybody really figured this out? It sounds like you guys have at least good touch points and there's coordination out there, but does anybody else have thing to share about how they're effectively coordinating among these groups, especially if you're Compliance? Tough question, huh?

Audience:

[inaudible 00:13:49]

Sameer Singh:

Yeah, you really do have to be deliberate about it. Compliance always wants that seat at the table and you hear that at this conference quite a bit. You've got to just know where to look. Not everyone knows that Quality might be doing audits of the vendor. Or you might not know that Internal Audit might be doing their own audit or some type of monitoring. It's out there, that information's there and that could save you time and resources, too. They might have already looked at something or a vendor where you don't really have to expend the resources. You have the data right there. Just something to think about.

Jordan Seiferas:

We've been working with you, honestly, for about five years, Quin, and your team before this organization was set up, and what I really remember was early on in our relationship, sometimes it was pulling teeth a little bit with the Legal function, in particular, trying to figure out and get approvals for what we wanted to do. What you've been able to do with this new program is really bringing it to the table and understanding exactly why we're doing things. Coming in as early as ideation has made them much more a business partner. That's really sort of greased the wheels a little bit and allowed us a little more freedom in terms of what we're doing because they understand that this is the purpose behind it and why we're looking to do things.

Quinton Kinne:

I feel that we've built, or are building, a really good program. In the beginning, it was a little bit tougher because it was new and it was different. But I do see that we have a lot of people that are really happy with the work that we're doing. There's always room for improvement and we are always looking for those ways, but we're very comfortable with where we're going.

Sameer Singh:

Great. So switching gears to the monitoring of these programs. On the slide you have your very typical ways of doing monitoring and oversight of patient programs. Your organization, this level of monitoring might already be happening with the various assurance functions that we just spoke about. But there's a lot of opportunity to step outside of this box and try to bring more innovation to it, especially now where the government is now expecting compliance functions to use data analytics as a tool to identify potential misconduct. There's a lot that could be done.

The good thing about patient programs is that there's such rich data associated with them. You have copay claims data, you have product dispense data, you have patient data. And then you also can look across your organization, particularly with sales and other commercial datasets. You have rebate data, you have charge-back data. What else am I missing? You have the pharmacy sales data, too. All of which can be combined and leveraged in some way. So coming to you as someone who actually focuses on advanced analytics at the firm, it would be great if you could spend some time talking about how you're seeing companies innovate beyond these traditional methods and incorporating more data analytics in their monitoring efforts.

Jordan Seiferas:

Yeah, for sure. First, I want to talk a little bit about some of the drivers of the change that we've seen. And you've hit on it a little bit. But, first and foremost, the rapid rise in data availability for all these programs has been tremendous over the last several years. You talked about all of those commercial data, rebates, sales data, charge-backs, et cetera. But we also have comes to, and we've been talking about it throughout this conference. There's been a bit of the theme around communications data, construction data, external data that can help you to contextualize what's going on within your organization, these programs. All of that being more and more available to organizations is one of the key drivers for the change here.

The second driver that I've seen in industry is the availability of tools that are enabling people to perform this analytics. So if we go back in time 10 years or so, maybe, some of the data analytics that are represented on the slide here are being done in Excel and maybe a little bit of SQL. For some people that are a little bit more specialized in that space, they would have picked up that capability. But as you start thinking about bigger data, you started to almost break out of what the traditional maybe compliance analytics professional might have. And now you're starting to see the emergence, and really it's maybe in the last five years or so, of low-code technologies that are enabling people to train themselves up in some of these technologies to become what we would call a citizen data scientist.

So you'll have tools like Alteryx or Dataiku, that are really drag-and-drop, but enable big data out of it. So that's another driver that's really helping functions get their hands around this space. One of the challenges I've always seen is, when advanced analytics was first coming out, it was really focused on the commercial organization, then it was focused a little bit on cost take-out because you're always looking at the financial impact. Compliance got a little bit set to the side for a while. And I see that these tools are really starting to enable everybody to start embracing things.

The third driver is where we are in the complexity of the business environment that we operate in. Just the idea of all these patient support programs and trying to provide access and affordability to patients, and operating within our healthcare system, operating within the remote hybrid work environment that we have, all creating new risks and new ways that we need to monitor. And the traditional methods that we have up here, a lot of them require that sort of in-person communication, that in-person interaction that might not be as practical as it was four or five years ago.

So the ability now for you to cover off on some of those risks within your portfolio using data analytics can allow you to focus some of your efforts back into the areas where you can. And then you really hit on the fourth one, which is the regulatory landscape. Now we're seeing DOJ and this is another trend that we're seeing here, with DOJ consistently saying that ignorance of noncompliant behavior because you're not looking at data is not a defense. And if there's something going on in your company, and you're not looking at your data and developing a program, they will hold you accountable.

And if you are trying, if you're building your program, they are recognizing that progress over perfection is acceptable right now. They're okay that people are starting to experiment, they're looking for that. But they want you to get started. Because you can't just flip a switch and immediately have all of your risks addressed through analytics. So what that comes down to, from those four drivers, are some of those changes that we're seeing, one is this trend towards continuous monitoring. So a lot of the analytics that have been done historically, and like we alluded to here, would be periodic.

They would be developed to support an audit or to support your risk assessment. But they weren't necessarily something that was tapped into your day-to-day systems. They weren't necessarily being monitored by individuals and acted upon on a periodic or a daily basis. But we are moving in that direction.

We have that ability now and that's exciting, creates additional challenges, as well, but we'll talk about one experience where we've done that before to really good benefits and outcomes. We mentioned all the different data that's out there. When we start to think about all the unstructured data, that's a space that companies are really starting to embrace a little bit more. So that's looking at communication data, invoice data, contacts, purchase orders, PRs, et cetera, and finding a way to structure that to drive compliance reviews, to drive oversight and try to take some of the tasks that have historically been done maybe in a sample approach or with heavy manual efforts, and freeing people up by leveraging natural language processing and AI to do those elements for you.

And you could sort of bucket a couple of other technologies like RPA, robotic process automation, or process mining into this as well, where you're trying to enable technology to take on some of the responsibilities of the business and free you up in a space where I think we saw earlier today, limits on resourcing is the number-one thing that you all are probably thinking about, leveraging technology there, and some of this unstructured data is a way to do that, as well.

We've seen, as well, and again, I'm going to keep going back to the monitoring techniques that are on the slide here. Increased trends towards capturing information coming out of all of these activities, so moving away from just reports and write-ups, but really capturing things in case management tools and other things of that nature, because those are all new data points now that will influence what you can do from an analytics perspective, and enable continuous feedback and continuous improvement into analytics.

All of that results in the trend of moving from the more reactive compliance function, the more manual compliance function, into one that's more proactive, identifying issues as they start, not as they've hit critical mass or material elements in the organization. There's a future that we can think about where we start getting into the predictive and the preventative. Some organizations are moving in that direction. It's a little bit more difficult. It is going to then require, again, compliance resources that act on preventative and predictive, which, when you're already constrained on resources, you want to be focusing on reality. But that is another area where, when you start to bring all this data together, you can start to look at what does the profile of a bad actor look like in some scenario, and try to identify them ahead of time through some level of intervention before they happen. A couple of questions? Yeah.

Audience:

[inaudible 00:23:15]. I'm sorry, you mentioned it but I missed it. But would you always say that Compliance is doing the analysis or doing this data analytics and some of the businesses are responsible for identifying and flagging [inaudible 00:23:27]?

Jordan Seiferas:

That's a good question. It really varies based on the organization. We've done this type of work within Internal Audit functions, Compliance functions, for Johnson & Johnson and this maybe unicorn type of function that you guys have that's more commercially focused. But I've seen it really across the board.

Audience:

So just to clarify, how you're describing it, are these your programs that are run in-house or are these also applications that, if we're using a third-party vendor, we then expect to see some of this analytics done, whether it's on our quarterly reports. Because I guess how you're describing it, it makes it sound like we have that data at our fingertips, if it's not something we're managing in-house?

Jordan Seiferas:

That's a good question. I've seen both. There are software-as-a-service providers that have some pre-built analytical routines that can help you to address some of these things. In the patient support space, we've seen that it's a little lacking. You'll see the software-as-a-service analytics in some of the heavily regulatory areas, your speaker programs, your ACP interactions, et cetera. This space still, I feel like, is a little emerging. The programs are very customized for the individual organization. So we're seeing the organizations predominantly taking on this responsibility at this point in time.

Sameer Singh:

And I'll just chime in here, just from the compliance perspective, it's probably a worthwhile exercise to go back to your organizations. And if you're really not there yet, and I know we're talking about very advanced analytics here, but if Compliance does not have centralized access to all this data, which they most likely don't, it's a worthwhile exercise just to go back and try to identify those key players and see where that data lives and just try to start mapping it. That's a good square one.

And I don't think Compliance has to go do this by themselves. We work with a lot of Internal Audit functions who also have that need and want to know where this data lives and have access to it. So you could partner with them. I think there's a lot of different key stakeholders that would have a lot of interest in getting access to it, so I think square one would be just identifying where this lives.

Jordan Seiferas:

And I think that's another reason to have Compliance and Legal at the table early, because as you're ideating and you're setting up these programs and establishing contacts with your suppliers, that's the time to negotiate data availability and access, right? There are data monetization principles and different ways you can think about that different conversation, but if you at least recognize that this is something you're going to monitor, getting that in early on is going to be the easiest way to do that.

Quinton Kinne:

Yeah. That's what I was going to say, as well. We've had to access data from after program implementation and it can be more difficult. I've had data that I've tried to get for a couple of years and we're finally just starting to get it.

Where if you can design it into to program in the beginning, before you sign the contracts, usually the suppliers are a little bit more willing to work with you.

Audience:

Do you have a lot of customers who have run into annual audit caps where they can only go into the patient services provider, whether you're Quality or you're Compliance, once a year, one calendar year?

Sameer Singh:

We deal with that all the time.

Audience:

I'm not going to continuously monitor if I can only get in once.

Sameer Singh:

Our clients are Compliance or Internal Audit and they'll just give me from the Internal Audit perspective. And if we're doing an audit of some vendor that's doing a patient support program, a hub, we're actively, and this is probably through trial and error over the last few years, were actively coordinating with Quality and just proactively asking them, "Are you auditing them? Is there going to be an issues?" Because, yeah, sometimes you're triggering that some [inaudible 00:27:11] and you have that one bite at the apple, so it's good to be coordinated because, to them, it's one audit. It's really two audits for you. But as far as the field work and all that, you're going to be coordinated. as far as the data request, you can coordinated to them. It might feel like one audit, but it's still two. But, yeah, we deal with that all the time. That's a very common occurrence and challenge.

Jordan Seiferas:

And I would also add, not all of the outputs of continuous monitoring would result necessarily in an audit. So I think the use case we'll talk about will be how we built that relationship with James, our copay vendor, where we engage with them on an, what is it, almost daily basis?

Quinton Kinne:

Yeah, I'm talking with him several times a week, yeah.

Jordan Seiferas:

So that's falling out of the continuous monitoring, too, to develop improvement.

Sameer Singh:

Good segue, because I do want to turn to you in the context of all the various things you could do with data that Jordan talked about. If you could spend a little time talking about J&J's copay programs and why it was a good candidate to introduce some of these data analytics concepts.

Quinton Kinne:

Sure. And it won't be specific to J&J, it'll be really more a general how these copay programs work. So generally, just to level-set the audience here, the copay programs work as a secondary payer. So what would happen is that typically a patient would go into a pharmacy, a retail pharmacy or a mail-order, and they would be prescribed a product. The doctor or the pharmacist would submit this to the primary payer and the claim would come back with X amount of copay, so say $500. And sometimes that could be very difficult for a patient to have to pay for it, if they have to pay for it monthly or bi-monthly.

So these copay programs are generally put in place to help with that affordability. There are business rules in place, so not everybody qualifies. But the design is to allow the patients to have access to product that they're prescribed if the doctor deems it appropriate for them. And they try to lessen the financial burden of not getting the product. The way that these programs are designed is by nature to be relatively easy for a patient to sign up for. And by doing that, it makes the compliance risk, or the fraud risks, really the fraud risks and abuse risks, increases, because the easier you make it for a patient to sign up, it's going to be abused.

That's why we looked at this program and felt that it was a good fit because there high dollar values going through on an annual basis. And it was something that we weren't looking at it as an organization. Our supplier was. There was some monitoring going on there. But we had additional datasets or data points that we could apply to really improve our monitoring efforts.

Sameer Singh:

And what specifically are you using data analytics to look for, for copay [inaudible 00:30:14]?

Quinton Kinne:

When we set this up, we talked with our supplier to try to identify areas of risk, areas of fraud that we had to be concerned about. And some of these areas are the fictitious pharmacies, the fictitious claims, or the fictitious claim amounts. And all of these areas are things that we need to be aware of. Fictitious pharmacy is just where somebody starts submitting claims, maybe they get an NPI number, and the can start submitting claims for the patient. And everything's fake. They don't buy product. They're just trying to get money.

The fictitious claims, it's a legitimate pharmacy, but they are submitting false claims, as well. So it's kind of a mixed bag where maybe they're trying to supplement their income and just get some extra money from us. And then the hardest one, really, that we found to detect, is the fictitious claim amounts, where the claims are legitimate, they're actually going through, but then the pharmacy is modifying the amount of copay as it comes back from the payer, and then submitting a higher dollar value to us. So these are the areas that we focused on when we were setting up the program.

Sameer Singh:

And Jordan, I know we worked-

Quinton Kinne:

We have a question.

Audience:

[inaudible 00:31:29]

Quinton Kinne:

So the question was is this just kind of a run-of-the-mill pharmacy or a specialty pharmacies? We focus the majority of our efforts on those independant pharmacies. And they could be specialties, but it's generally not something that you would see at those large nationwide specialty pharmacies. It would be the smaller regional or even more likely independant pharmacies that we see this type of activity.

Sameer Singh:

Great. And Jordan, turning back to you, it would be great if you could describe how we worked with J&J to address this particular problem.

Jordan Seiferas:

Yeah. If you want to flip to the next slide, it's busy but I think this is being just distributed after the fact so you can take a look if you can't see it in the back right now. But I wanted to walk through a little bit about what the solution is that we developed with J&J is and some of the benefits that we have here. So Quinton was alluding to the fact that this was a good candidate because, even though the copay vendor was monitoring for fraud and abuse themselves, there's data that J&J had access to that the copay vendor didn't.

So obviously copay claims data is the first transactional dataset that we want to get access to. So every single paid, rejected, reverse claim coming through to us with the information we would need to evaluate for fraud, waste and abuse. We then supplemented that with managed care rebate claims, as well as the wholesale and purchases claims from a transactional dataset. So this all collectively helped us to set an idea, a definition of what that pharmacy should be doing, from an insured patient perspective, from secondary, from the amount of product that's flowing through the pharmacy. That was all supported there.

On a master data perspective, we supplemented with master data related to pharmacies, the physicians, products, business rules, trying to get a really picture of, to the question we had here, what was the nature of that pharmacy? Is this a community retail pharmacy, specialty, email order, chain? Is the physician an oncologist or a veterinarian? Obviously not. And then some information about products so that we could understand a little bit about indications, contraindications, things of that nature, all coming in to, again, paint a picture of what we're seeing from the individual pharmacies.

You'll note there's a really thin arrow. It might not be showing up on the screen. The reference data is really important for this solution here. The fact that we're relying on master data that is predominantly self-reported and industry data, meant that there were errors. So we had pharmacy data and CPDP data. Pharmacies are saying whether they're a community retail or a specialty. Some of them don't report that they're a specialty.

We need a way within this reference data to identify where we've acknowledged through a level of investigation that this pharmacy is in fact acting in a different capacity, and that the risk profile of that pharmacy is going to be different.

So we continued, over the last five years, to build out data, what we call false-positive overrides, where we've learned something in the investigation about that pharmacy. That material changes how we should be analyzing and looking at it. We keep track of all the investigation outputs. So everything time Quinton and his team perform an investigation, we're tracking what the outcome was. We want to monitor against false positives, we want to see if some of the analytics are no longer functioning as they should be, et cetera. And we also want to be capturing and quantifying benefits and value for executive leadership and buy-in.

The last two somewhat similar as a reference data source. The block pharmacy list and the physicians. We want into about known bad actors or physician-side MPIs that maybe are contributing to some of this fraud, or maybe they're being abused as part of this. It's very easy to get a hand on physicians MPI, and you can just submit those claims on their MPI. So we're consistently tracking all of that.

From an analytics perspective, we built a series of, at this point, over 50 distinct machine-learning models and algorithms. There are some rules-based items in there, as well. For example, the first example, analytics that is looking at similar pharmacies. And we look at that, basically saying, if I block a pharmacy owned by Jordan Seiferas, I want to see the next time any pharmacy owned by Jordan Seiferas submits a claim. I don't care about it being anomalous or trends, I want to see the next claim because I don't trust Jordan Seiferas to own a pharmacy and participate in my program. He's a very shady guy.

But we do have a number of machine-learning models, as well, that leverage everything from time series modeling, so we can get trends and see how things materializing, if pharmacies are growing at rapid rates, for example, that are anomalous to their peers. Some network analytics that starts to tap into what I was just referring to on the known bad actors' angle. And then general anomaly detection. So we started, I think, with about 30. We've been building over five years, where we've added about 20 as we identify new risks and see things in the investigative process.

Outside of that first example that I spoke to already, some of the other areas, and this second one is one that we built after an initial go-live, was this idea of a multi-day claim pattern. The idea that, if you think about, for anyone that's been in the compliance analytics space, to bend the analysis. The idea that there is an expectation of what normal looks like in naturally occurring datasets. This is sort of a spin on that. If you're submitting fictitious claims, you probably don't have a good sense for what normal looks like. You don't know that people will come in on a Monday and a Wednesday, and they'll come in on a Saturday.

Fictitious pharmacies are going to be sending in claims every Monday, for example. They'll be submitting back-to-back claims to individuals that might appear to be the same, for a contraindication product. They don't know enough. There are a lot of bad actors here who are trying to get by and they maybe have been getting by for a while, and then we start to introduce these analytics and force them out of the program.

We look at claims versus purchases. This is sort of the bread and butter of what we did. How are you dispensing so much product if you've never purchased that product?

Are you purchasing it through another channel? Is there some other relationship? But, really, we're consistently looking at that one as a good indicator of a fictitious pharmacy or fictitious claims. And the last one, just general trends around the area.

Sameer Singh:

I know we only have a few minutes left here.

Jordan Seiferas:

Obviously, I need to go. We've don't have 18 minutes left.

Sameer Singh:

Oh, okay.

Jordan Seiferas:

I said we don't have 18.

Sameer Singh:

We have three minutes. But I know not every company is going to have this type of exposure, where their copay programs, it's mainly for big companies and maybe smaller or medium companies are not having this type of exposure. But just quickly, if you could just describe how you could use these concepts to, if you can in two minutes, to describe how it could help with the more traditional compliance types of issues that might be more relevant to compliance officers.

Quinton Kinne:

Sure. I'll try to summarize it really quickly. The benefits that we say specifically were blocking bad actors. Now, Janssen doesn't specifically block the pharmacies. What we'll do is we'll make a case, we'll write up a case study on an investigation file. We'll send it over to our vendor, and then it's up to them to make the final block. Now, we will argue sometimes, if we disagree. But it's really not up to us to block. What this has really helped us, aside from just returning millions of dollars of lost payments, is actually it's helped us build better controls.

So when we design these programs initially, you would set up business rules or program rules around how you want these claims to be paid or who gets the payment. But in practice, it doesn't always work that way, because there's usually a lot of rules. And so what this has allowed us to do is seeing in practice how they work and then looking for these anomalies that maybe we didn't expect, and going back to our Legal and Compliance partners to help improve the roles there, or the rules. We've done this around our voucher programs, we've done it around our copay programs, around the time to pay ability of our program. So it's really a feedback loop, outside of just a strait fraud abuse, that we've really been able to benefit from.

Jordan Seiferas:

So as we look at other areas, if the copay program aren't one that resonates with the organization, some of the other things you might just want to keep in mind is, coming out of your risk assessment process, if there's anything that has specific legal authority scrutiny, as I mentioned, they're looking for you to start doing this.

They're looking for progress and for you to get started. So if you do have any of those areas that you're not using analytics for yet, I would start looking into that now, trying to get access to data.

If you don't, and starting to get kick-started on that program, it is worth noting that if you are going to go down this route, which we've seen a lot of success with, there is a resource consumption element of this, as well. We need investigators in your program to be reviewing this. But as we've seen, the benefit outweighs some of the cost in there. But I would caution you not to implement continuous analytics and then not have somebody ready to consume insights, because that also might set you back.

Quinton Kinne:

Yeah, it's not a completely automated process. It takes a while.

Jordan Seiferas:

Because we're talking about patient access. If we're shutting down legitimate pharmacies that are false positives, then we're putting ourselves, gain, in a bad position, as well.

Sameer Singh:

We're at time. We might have time for maybe one or two questions. Go ahead.

Audience:

Thanks. Are you doing any kind of data warehousing with all these different inputs, so that the data is more streamlined?

Jordan Seiferas:

In some scenarios, yes. Not with the vendors' data, but we've implemented automation to help feed the system from the J&J side in this scenario here. The vendor was helpful in setting up some level of automation, as well. We just allowed them to do that and say that we needed it, and let them take care of it.

Sameer Singh:

All right.

Audience:

I have a question. [inaudible 00:41:30]. Sorry. My question comes to there's several patient service programs running. Are you focusing on one program that deep dives, like this case you showed? Or how you determine what the top program or programs you have to start?

Jordan Seiferas:

That's a good question. I would say that comes out of the risk assessment process. The risk assessment's going to help you identify where the primary risks are, financially, residual risk, et cetera, and that'll help identify where you're going to want to implement these continuous analytics. If you are getting started, doing a POC in some space to demonstrate a value and capability is good, but I think you were sort of hitting on this, as well. If you're going to do this across 10 different programs, you're going to have a lot of overlap in your data. So actually having a strategy around how you're going to do that, what is the data monitoring you're going to use for purchases data that'll be consistent across the board, starts to be very important, as well, because otherwise you'll start to have too many balls in the air, if you will, and you'll lose the foundation.

Sameer Singh:

I think we're at time. Thanks, everyone. I appreciate it.

Jordan Seiferas:

Thank you very much.

Sameer Singh - Director, Life Sciences Advisory (Risk & Compliance), KPMG US

Jordan Seiferas - Managing Director, Analytics and AI, KPMG US

Quinton Kinne - Associate Director, Patient Engagement and Customer Solutions, Johnson & Johnson

  • How to leverage copay, coupon, and other commercial data sets to identify risks and trends across your PSP and product portfolio
  • Discuss common audit and monitoring challenges that are trending in connection with customer, supplier, and vendor relationships
  • Benchmark and discuss best practices related to internal management and oversight of PSPs and coordination of data sharing and analytics 

Dive into our thinking :

Patient Programs Monitoring & Oversight

Download PDF

Featured content

KPMG Healthcare Professional Engagement Assist™

KPMG Healthcare Professional Engagement Assist™

Transform your approach to engaging with healthcare professionals

Read more

2023 KPMG Chief Ethics & Compliance Officer Survey

2023 KPMG Chief Ethics & Compliance Officer Survey

Anticipating more scrutiny

Read more

FCPA and anti-corruption strategies for the life sciences industry

FCPA and anti-corruption strategies for the life sciences industry

Mini-Roundtable

Read more

Life Sciences: KPMG 2022 Fraud Outlook

Life Sciences: KPMG 2022 Fraud Outlook

A triple threat across the Americas

Read more

Explore more

Insight icon
Webcast ReplayWebcast UpcomingListen Now

Biopharma deal trends outlook for 2022: Q2’22 M&A trends in LS

Deal strategies will focus on risk mitigation, accelerated development, or risk sharing (licensing, partnerships, R&D collaborations).

Insight icon
Webcast ReplayWebcast UpcomingListen Now

KPMG at the NASC 2023 Annual Conference

KPMG is proud to sponsor the National Association of State Comptrollers (NASC) 2023 Annual Conference

Read more

March 21, 2023

Insight icon
Webcast ReplayWebcast UpcomingListen Now

Shifting from compliance to quality

Taking steps toward adopting computer software assurance (CSA) in life sciences

Insight icon
Webcast ReplayWebcast UpcomingListen Now

KPMG at IIA’s 2023 Financial Services Exchange

KPMG is excited to be a Gold sponsor at the IIA’s 2023 Financial Services Exchange in Washington, DC.

Read more

September 11, 2023

Insight icon
Webcast ReplayWebcast UpcomingListen Now

Effects of the IRA on the pharmaceutical industry

A practical guide for pharmaceutical companies

Subscribe to receive Investigations Insider

Helping organizations in their efforts to achieve the highest level of integrity and to manage the cost and risk of litigation, investigations, and regulatory enforcement actions.

Thank you

You are now subscribed to Investigations Insider. You will soon receive a confirmation email and will now receive timely insights from KPMG.

Subscribe to receive Investigations Insider

Investigations Insider features timely insights from KPMG thought leaders, clients, delivery teams and regulatory and enforcement professionals covering issues impacting corporations.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Thank you!

Thank you for contacting KPMG. We will respond to you as soon as possible.

Contact KPMG

Use this form to submit general inquiries to KPMG. We will respond to you as soon as possible.

By submitting, you agree that KPMG LLP may process any personal information you provide pursuant to KPMG LLP's Privacy Statement.

An error occurred. Please contact customer support.

Job seekers

Visit our careers section or search our jobs database.

Submit RFP

Use the RFP submission form to detail the services KPMG can help assist you with.

Office locations

International hotline

You can confidentially report concerns to the KPMG International hotline

Press contacts

Do you need to speak with our Press Office? Here's how to get in touch.

Headline