Companies who have been through a CIA are well aware of the requirements that are imposed for training, monitoring, data collection, and reporting. While no one would describe a CIA as pleasant, there is a kind of calm associated with knowing exactly what you need to do to meet the government's requirements. This calm can be contrasted with the uncertainly that follows the CIA monitoring period. Companies are likely to ask themselves questions such as:

• How can we avoid further investigations and another CIA?
• What, if anything, should we continue doing from our CIA requirements?
• What do good and sufficient monitoring procedures look like (post-CIA)?

You should not rely on the monitoring requirements of the CIA as guidance for avoiding future issues for a number of reasons. To start with, the requirements of CIAs are only based in part on any one company. While your CIA most likely had provisions specific to the reasons you were investigated, all CIAs also contain many of the requirements of prior CIAs. This is why OIG officials now recommend CIA language as a starting guidance on what to monitor and assess. However, not only are these generic guidelines unlikely to be sufficient for your company's unique needs, your areas of risk are likely to have changed since the CIA was issued.

Therefore, one of the first things a company should do after a CIA is conduct a risk mitigation analysis to determine the areas that are most likely to land you in hot water. Based on your products, your practices, and your history, what areas could put your company at the greatest risk? It is important to do this analysis and prioritize areas for scrutiny or monitoring, especially because you may have limited resources.

The following checklist contains other best practices to guide your post-CIA practices:

✔  Have you clearly defined performance expectations for your field force? 
 

• What does compliant sales behavior look like - at the product-level? For example, determine both what your sales force can and cannot say with HCPs and HCOs.
• What are your different field force roles allowed to do together? Teamwork and alignment are important, but make sure everyone knows the guardrails for compliant interaction. 
   

 ✔  Are you using effective learning techniques to convey performance expectations and change behavior?
 

• In order to change behavior you need more than online PowerPoint slides. Use live training, let people interact using realistic scenarios, provide opportunities for practice and feedback, and involve field leaders so they can model expectations (or "walk the talk"). Plan for follow up training or scheduled discussions, and create sustainability tools to reinforce the learning.
   

✔  Are you monitoring behavior in the field?
 

• Reinforce your training by "inspecting what you expect." Incorporate compliance monitoring into scheduled field rides to make it a regular part of doing business. Monitor specific behavior so you can give specific feedback.
   

✔  Are you looking at structured and unstructured data? 
 

• Mary Riordan at the OIG recommends the use of "creative auditing" to look at all the ways you interact with customers (i.e., call notes, physician requests for information, and interactions with physician-owned distributorships for anti-kickback violations). Expect the government to use different sources of data to attempt to "connect the dots" in any future investigations they may conduct.