Guest Column | June 9, 2023

The Business Case for Healthcare Compliance Programs for Emerging Companies

By Donielle McCutcheon and Kim Schroer, Sidley Austin LLP


In the rush to obtain final approval or clearance from the FDA, raise funds, develop compelling data, and preserve scarce cash, it can be tempting to put off investment in a healthcare compliance program. Some may reason that because the majority of healthcare fraud and abuse laws apply to companies with FDA-approved products, a compliance program would provide little value to the company during the clinical development stage and before commercialization.

This view is often shortsighted, however, as there are evident healthcare compliance risks for development-stage companies, including relationships with investigators and early adopters, clinical data integrity, and pre-launch roles such as medical science liaisons and thought leader liaisons. And, of course, there are tangible benefits to be gained from the early adoption of a robust healthcare compliance program, including increasing the company’s attractiveness to investors and other potential business partners, who may be crucial to keeping the company afloat in the early days, and setting the company up for commercial success as it approaches launch. To be sure, compliance programs can be efficiently and effectively scaled, as they can (and should) be tailored to the company’s particular size and circumstances. Given the significant business advantages emerging life sciences companies can stand to gain from implementing an effective compliance program, it is worth putting in the time to do so now, as further discussed below.  

Why Should A Pre-Commercial Company Have A Healthcare Compliance Program?

As with any life sciences company, a compliance program will help an emerging company comply with applicable law; prevent, identify, and address instances of potential non-compliance; and mitigate potential legal troubles. However, for a growing company with a mounting workload, that may not be motivation enough. What is more compelling is that for a company on a tight budget, like many development-stage pharmaceutical and medical device companies, an effective compliance program can actually save precious resources by establishing better oversight, controls, and monitoring of the company’s quality, research and development, clinical, and market access activities and imposing a level of discipline on company personnel to adequately prepare them for the heavily regulated future ahead.

Further, the controls implemented need not be overly complex or expensive in order to be effective. For example, establishing a compliance reporting mechanism for employees, such as a simple compliance hotline, and actively promoting a “see something, say something” culture can reduce the need for extensive oversight procedures at an early stage of development and yet still create an environment that encourages personnel to speak up. Additionally, orienting the company’s leadership and employees on key compliance concerns through a series of targeted training sessions can enable them to proactively take compliance considerations into account in developing programs and product offerings. This, in particular, can go a long way toward cutting future costs, as such programs and offerings will already be designed in a compliant manner once commercialization occurs and reimbursement becomes available. Moreover, a functioning compliance program also promotes a more engaged and productive workforce as a result of increased transparency and open lines of communication and helps to attract and retain experienced, well-qualified personnel who typically view companies with a firm compliance foundation as a better and more stable career opportunity.

A robust compliance program is also a proven strategic advantage in M&A due diligence, as it enables an acquiring or investing company to more readily, and more quickly, gain comfort in a target company’s operations and practices. In fact, one of the first things an acquiring company’s lawyers will request is not only documentation of a compliance program but also examples of the compliance program functioning in practice. So-called “paper only” compliance programs that are not actually part of the company’s day-to-day culture and activities will often not pass muster in diligence. Effective compliance programs can therefore be crucial for emerging companies reliant on investors to continue moving toward commercialization.

Looking forward, those companies that put in the time and effort to implement smart compliance controls early on will find it much easier to scale their programs up to meet high government compliance expectations by the time they are ready to launch. As Assistant Attorney General Kenneth A. Polite Jr. noted in remarks given in February 2022, the Department of Justice (DOJ) gives “significant credit to companies that build strong controls to detect and prevent misconduct.”1 Subsequently, in September 2022, Deputy Attorney General Lisa Monaco further stated that a company’s voluntary self-disclosure is the “clearest path for a company to avoid a guilty plea or an indictment,” explaining that such voluntary self-disclosure is “a sign that the company has developed a compliance program.”2

The deterrent effect of compliance programs is particularly crucial in the current enforcement environment, with DOJ recently announcing that 351 settlements and judgments were reached under the False Claims Act in fiscal year 2022, the second-highest total in a single year, resulting in recoveries exceeding $2.2 billion.3 The sooner a company can put a compliance infrastructure in place, the sooner it can socialize compliance among its personnel and foster an environment where potential compliance and fraud and abuse issues are prevented, identified, and addressed before they become expensive and/or reputational problems.

Given emerging companies’ more limited resources and lower risk profile, their compliance programs need not be an expensive undertaking. In fact, the Department of Health and Human Services’ Office of Inspector General, the agency tasked with enforcing a number of healthcare fraud and abuse laws, has advised that compliance programs “should be tailored to fit the unique nature of the company,” including “its organizational structure, operations, and resources, as well as prior enforcement experience.”4 Setting up a basic compliance program, coupled with a few core policies and preliminary employee training on key laws and expectations, can go a long way toward ensuring the company maintains sustainable growth.  

Tips On Designing An Early-Stage Compliance Program

Emerging companies can benefit from tackling some of the following compliance steps early:

  • Identifying a Compliance Point Person. Appoint personnel to lead the company’s compliance efforts and to regularly monitor compliance activities. Consider whether existing personnel can be appointed to fulfill such roles after they receive training. Closer to launch, the company will want a chief compliance officer, but a point person with the requisite training or experience can be sufficient in the early days.
  • Build a Program that Addresses Identified Areas of Risk. Identify key areas of risk, both industry-wide and those specific to the company’s profile and operations, and develop and implement core policies that both inform personnel of the applicable risks and clearly discuss how personnel can address such risks in their roles.
  • Educate Personnel. Ensure all employees, directors, and officers receive training and have a baseline understanding of key healthcare fraud and abuse laws, which will enable them to more quickly identify and respond to potential risks as the company grows.
  • Establish a Compliance Reporting Mechanism. Create a compliance reporting hotline or other reporting mechanism (e.g., locked drop box, email account, etc.) that personnel can use to anonymously report potential compliance violations and ensure that such reporting is frequently monitored to identify and follow up on potential compliance issues.


  1. Press Release, DOJ, Assistant Attorney General Kenneth A. Polite Jr. Delivers Remarks at NYU Law’s Program on Corporate Compliance and Enforcement (PCCE) (March 25, 2022),
  2. Press Release, DOJ, Deputy Attorney General Lisa O. Monaco Delivers Remarks on Corporate Criminal Enforcement (Sept. 15, 2022),
  3. Press Release, DOJ, False Claims Act Settlements and Judgments Exceed $2 Billion in Fiscal Year 2022 (Feb. 7, 2023),
  4. OIG Compliance Program Guidance for Pharmaceutical Manufacturers, 68 Fed. Reg. 23731, 23732 (May 5, 2003).

About The Authors:

Donielle McCutcheon is a partner in Sidley Austin's Healthcare practice, serving as strategic regulatory counsel for healthcare and life sciences companies. She provides practical solutions to regulatory challenges, including on issues related to fraud and abuse, market access, coverage and reimbursement, drug pricing, and transparency reporting. She also has extensive experience on all aspects of healthcare compliance programs, including counseling on implementation issues and leading audits and internal reviews. McCutcheon also advises private equity firms and corporate clients on issues that arise in transactions involving life sciences companies.

Kim Schroer is a managing associate in Sidley Austin's Healthcare practice, counseling healthcare and life sciences companies that include pharmaceutical and medical device manufacturers, healthcare providers, and clinical laboratories on regulatory and compliance matters. She advises her clients on fraud and abuse issues involving the federal Anti-Kickback Statute and Stark Law, Medicare and Medicaid coverage and reimbursement, government price reporting laws, state drug price transparency matters, and the development of healthcare compliance programs. In addition, Schroer advises private equity firms and corporate clients on issues that arise in the context of mergers and acquisitions involving life sciences companies.