Compliance Risk Solutions
Bringing decades of practical in-house, business oriented compliance solutions to your company

Professional Services

Risk Analysis

Risk Analysis

Criminal and civil enforcement of the federal Anti-kickback statute (AKS) and False Claims Act (FCA) remains a priority with the government, due in part to the success they have had on recoveries. 2016 statistics from the US Department of Justice (DOJ) and the U.S. Department of Health & Human Services (HHS) show that for every dollar they spend on healthcare fraud investigations, they recover nearly $8 for taxpayers. The government’s enforcement efforts have been made easier through the Affordable Care Act (ACA), which relaxed the criminal intent standard to make AKS cases easier to prosecute.

A recent example of the DOJ’s success is the settlement by Olympus Corporation on March 1, 2016, which agreed to pay $646 million to resolve criminal and civil probes into illegal kickbacks and bribes to hospitals and doctors in various forms including research grants, consulting arrangements, luxury trips, and free equipment.

In addition to the potential for staggering fines against companies, and the concomitant impact on the market capitalization, the government has expressly stated that they intend to pursue claims against individuals. This not only includes those who were directly involved in the illegal activities, but those corporate officers and executives who “should have known,” or failed in their responsibility for monitoring or correcting the behavior regardless of their direct involvement.  This doctrine colloquially known as the Yates Memo requires that the any corporate settlement include a detailed explanation of which corporate employees were involved in order for the government to determine whether individual prosecution is warranted.  Mr. Rivas has worked with companies who were under Corporate Integrity Agreements with the OIG, where corporate officers and employees have been indicted and prosecuted, so understands the importance of “an effective compliance program.”

COMPLIANCE RISK SOLUTIONS, LLC, provides decades of in-house legal and operational compliance experience to help your organization navigate risks while growing in this highly regulated industry.  Our team recognizes that development of a compliance program is not simply a compilation of cookie cutter policies and procedures. Instead, we work with your business, clinical and regulatory teams to create processes that will help your business grow while being compliant.  Our senior and executive level business experience provides an understanding of the challenges of meeting regulatory requirements with limited resources.  In short, we provide expert guidance to help you tailor your Compliance Program to fit your resources, therapeutic category, risk profile and business needs.

  • Internal & External investigation support
  • Compliance Program initiation and implementation
  • Internal Review Organization (IRO) & Pre-IRO services
  • Board of Directors Compliance Expert Services
  • Interim CCO / staff secondment
  • Development & Delivery of Compliance Training
  • Fair Market Value analysis and HCP Interactions assessments
  • Aggregate Spend (state & federal) program development, gap analysis, auditing, reporting
  • Existing program gap analysis & process improvement (risk assessments)
  • Commercial, clinical and post-market auditing & monitoring
  • Promotional Review Committee support
  • Standard Operating Procedure development, revision
  • Grants review support
  • REMS support
  • FCPA & Global Anti-Bribery programs
  • Enterprise Risk Management programs
  • Expert witness
  • Litigation management
  • Evaluation of products liability risk for new products

Clinical Trials

Clinical Trials

Compliance Risk Solutions can help your organization navigate the complex regulations surrounding clinical trials as well as evaluate ways to help your enrollment and determine whether government or private payor reimbursement is available. This area of practice includes a risk analysis and audits of your principal and sub-investigators to ensure the integrity of the results. We can work with your Clinical Research Organization (CRO), or directly with your investigators and their institutions in all phases of the projects including contracting and advertising the availability of the trial to expedite enrollment. Our team has decades of experience on clinical trials, including:

  • Contracts with your investigators and their institutions
  • Pre-FDA audits
  • FDA audits
  • Advising on sales and marketing assistance with enrollment
  • Interacting with FDA on 483 observations
  • Protocol evaluations,
  • IRB submissions
  • Adverse event reporting
  • Litigation management/risk exposure

Polices and Procedures

Policies and procedures

Development of Policies and Procedures is the cornerstone of an effective compliance program.  The requirement of written policies and procedures was codified by the HHS OIG in a 2003 Guidance Document, and states:

  1. The development and distribution of written standards of conduct, as well as written policies, procedures and protocols that verbalize the company’s commitment to compliance (g., by including adherence to the compliance program as an element in evaluating management and employees) and address specific areas of potential fraud and abuse, such as the reporting of pricing and rebate information to the federal health care programs, and sales and marketing practices;

Enforcement actions have shown that a “cookie-cutter” or “cut and paste” approach to development of policies and procedures is almost as bad as not having policies and procedures that are specific and demonstrably applicable to your organization.  Our team has expertise in development of pharmaceutical and medical device policies across a variety of therapeutic categories. We work closely with your sales, marketing, regulatory, quality and clinical teams to adapt recommended policies, procedures, and work instructions to the tactical implementation of your strategic plans and the limitations of your internal resources.



The Department of Justice Office of Civil Rights [OCR] has investigated almost 131,000 HIPAA complaints as of the first quarter of 2016, with no indication of a reduction in volume. Of the investigations, OCR has resolved about 24,000 by requiring changes in privacy practices or technical improvements; however, they have also issued well over $33 million in fines. [HHS Enforcement Update]. Fines have been levied regardless of the fault (such as stolen laptop or lost cell phone) of the healthcare provider or business associate where a mandatory Risk Analysis was not conducted or in cases of an inadequate or non-existent HIPAA compliance program. In addition to federal enforcement many states provide additional requirements for the privacy and security of protected health information. For example, Texas House Bill 300, provides more stringent training requirements and potentially harsher penalties than what can be imposed by the OCR under HIPAA.

While the statute that encompasses HIPAA does not provide a private cause of action to persons whose personal health information has been exposed, recent class action lawsuits are attempting to create a cause of action against those responsible for the data breach. The legal and reputational cost to your organization for a data breach or disclosure of PHR will be more expensive than the cost of a Security and Administrative Risk Assessment, Policies and training.

Compliance Risk Solutions offers a turn-key approach to ensure that your HIPAA and Privacy requirements are based upon industry best practices. We provide a Risk Analysis and Audit tools to test the Security and Privacy settings of your EHR, and can draft best practice policies and procedures [including Business Associate Agreements], and customized training for your practice. Compliance Risk Solutions offerings includes compliance programs to protect your practice from violations of Stark, coding and billing, False Claims Act, and Anti-Kickback Statute among other allegations. Let us help you keep your practice or company’s electronic health records safe.

Quality and Regulatory

Quality and Regulatory

As with commercial compliance, deficiencies in your quality and regulatory compliance programs can result in significant financial penalties; extensive distraction from your core business to remediate, increased products liability risk, and loss of reputation.

It is common knowledge that FDA inspectors will minimally review the following files as part of their inspections:

  • CAPA
  • Complaint handling
  • Production and Process Controls
  • Management Controls
  • Design Controls
  • Document Controls

Inspections of medical device facilities have resulted in 483 Notice of Deficiencies or Warning Letters in the following categories as shown in the below tables.

CY2016 Total 483 Observations 1

QS Subsystem # of Observations Percentage
CAPA 1017 34%
P&PC 964 32%
DES 382 13%
MGMT 347 11%
DOC 317 10%
Total: 3027 100%
1  508_2016 WL 483 Data Presentation Final V 3 13 17 OC QS Approval

Calendar Year 2016 Warning Letter Citations 2

QS Subsystem # of Citations Percentage
P&PC 211 36%
CAPA 189 32%
DES 107 18%
DOC 48 8%
MGMT 39 7%
Total: 594 100%
2 Id.

Think about what your competitors will be telling your customers about the quality of your products if you receive a warning letter! Compliance Risk Solutions can help you put your QSR program into a sound footing. We are available to assist with your quality policies; FDA inspections; 483 or Warning Letter responses; and quality agreements with component manufacturers. Similarly, if you are contemplating an asset or company acquisition, you need to conduct a sound Quality and Regulatory due diligence effort to your business development team.