Wellness Musketeers

Why Smart Founders Bake Compliance Into Day One

David Liss

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 54:51

Send us Fan Mail

A bright idea in healthcare can change lives—and still fail if you miss the rules that run the system. We pull back the curtain on the legal landscape that shapes startups in healthcare and life sciences, from federal reimbursement to data privacy, and show how founders can turn compliance from a cost center into a competitive edge. With Dennis Sapien Panjindian, an attorney with deep experience at HHS OIG and in private practice, we map the landmines and the shortcuts that keep you moving.

We break down the core statutes every founder should know: the Anti-Kickback Statute, Stark Law, EKRA, the Food, Drug, and Cosmetic Act, and the False Claims Act with its whistleblower bounties and treble damages. You’ll hear why “normal” referral bonuses can be criminal in healthcare, how strict liability works like a tripwire, and what real-world enforcement looks like when deals, valuations, and even personal freedom are on the line. More importantly, we share the seven elements of a strong compliance program—leadership ownership, clear policies, role-based training, auditing and monitoring, open reporting channels, rapid investigations, and consistent discipline—and how to build them in phases that fit early-stage realities.

From using FDA approval as a moat to designing clean reimbursement pathways, we explore how compliance strategy drives product-market fit, speeds institutional adoption, and signals maturity to investors. We dig into AI’s collision with HIPAA and evolving FDA guidance, and what it takes to scale globally when the same clinical evidence yields different indications across regions. If your product touches diagnosis, treatment, or patient data—or seeks Medicare or Medicaid dollars—this roadmap helps you launch smarter, avoid costly pivots, and earn trust where it matters most.

If this conversation helps your roadmap, subscribe, leave a quick rating, and share it with a founder who’s building in a regulated space. What compliance move will you prioritize this week?

Support the show

Contact Wellness Musketeers:

Email Dave at davidmliss@gmail.com with comments, questions, and suggestions for future guests.

Follow us on our social media:

Support our Sponsor:

Subscribe to our newsletter: 

Welcome And Premise

SPEAKER_00

You have this big idea. What is it implicating? And you want to talk about being scary and getting a lawyer as being scary. What's scarier to me is walking into a dark room with a bunch of sharp objects. And yeah, a cost of a flashlight might put me out a few bucks, but it's going to save me the ER bill later on if I walk in there without it.

Guest Background And Host Creds

Why Regulated Startups Are Different

SPEAKER_01

Welcome to the very first episode of Ready for Launch: Startups in Regulated Spaces. I'm Dave Lis, your host and producer, and together with my co-host, Dennis Sapien Panjindian, founder of DSP Advocates, a law firm providing bespoke advocacy for founders, entrepreneurs, startups, and small businesses, we're here to help founders and business leaders understand the hidden legal and compliance challenges that can make or break their startups. In every episode, you'll get two things the compliance play, what the law requires, and the business play, how you can leverage that requirement into growth advantage. And finally, the launch code, the key takeaway from each episode. If you're an entrepreneur with a big idea in healthcare, life sciences, or any regulated space, this podcast is for you. Please take a moment to follow, rate, and share this show. It helps us reach more founders just like you. Our first guest is my co-host, Dennis Sapien Panjindian, an attorney with deep experience in healthcare and life sciences, regulatory investigations, and compliance. He's worked inside the U.S. Department of Health and Services Office of the Inspector General, or OIG, the largest watchdog agency in the federal government, and now advises startups and established companies on navigating some of the toughest regulatory challenges in business. And I'm Dave Liss. I've spent over 20 years producing podcasts, events, and healthcare communication strategies for global organizations and businesses around the world. I'll be asking the questions founders are thinking about and making sure our conversations stay practical, actionable, and focused on helping you grow. Dennis, let's start with the big picture. Why are startups in healthcare and other regulated industries so different from startups in unregulated spaces like software or retail?

SPEAKER_00

Thanks, Dave. Thanks for having me here. I'm excited to be doing this with you. It's really great. So this is really important to understand, right? Because the healthcare and life sciences industry is going to be unlike any other industry that we're aware of. There's a lot of things that are really counterintuitive to very common business practices, right? There is, for instance, you know, if you own a car dealership and someone sends you a customer and you say to that person, I'll give you 10% off of every car I sell because you send me a customer. That's a common business practice in regular industries, right? But in healthcare, that's illegal. That could actually land you in jail and that could take away your freedom. So those types of things that are counterintuitive are really they're really landmines all over the place, everywhere from how you're paid if you're a physician to different arrangements that you can enter into if you're an entity, uh, to even just how you're using data if you're if you're a tech company, right? So I think there's just so many risks abound that you really need to start thinking about what compliance looks like from day one. It even needs to be built into your own product design in in several instances.

SPEAKER_01

So like if if I'm I'm thinking about the an entrepreneur like uh Bill Gates starting out in a garage somewhere, when do they need to have this on their radar as they're building a product or service?

Medicare, Medicaid And Scale Of Risk

SPEAKER_00

You know, I think if, especially if you're going into tech, if you're using, if you're going into medical devices, it needs to be from day one. It needs to be built into the DNA of your item or service, whatever your product is. And like just to give you a sense of why, Dave, like let me just read off a little bit about the context of healthcare and life sciences in the US, right? If you think about it, the healthcare and life sciences industry is is one of the largest regulated spaces in the US, probably the most regulated space, maybe outside of like the nuclear industry. And and to get a sense of why, like, think about how many people are on Medicare, Dave. There's I was looking at some data. And in 2022, one in five Americans were on Medicare. That's 20% of the US population. And then you think about Medicaid, right? That's 23.5%. Almost a quarter of all Americans were on Medicaid in 2022. Now, you know, we could talk about politics and everything, but put all that aside. But just thinking about resources and like the vast cost of it all for that many people on these federal healthcare programs. In Medicare, uh, you know, in 2023 spending was around$840 billion. In 2024, it went up to$1.1 trillion. Now in Medicaid, there was about$620 billion spent on Medicaid in the US alone, right? And then that by the US federal government. Now, because Medicaid is a partnership between the federal and state government, that number actually, the total amount increases to almost 900 billion uh in in 2023 alone, total spending between federal and state governments. So think about that. That's 1.1 trillion in Medicare, almost a trillion in Medicaid. That's$2 trillion of taxpayer funds being spent on these federal healthcare programs. And what the government is concerned about is what they'll say is healthcare fraud and abuse. And, you know, there's an estimate out there that says in 2024, there's an estimated$87.1 billion of that federal healthcare spending that's lost to fraud and abuse. Um and that includes just nefarious fraud, but also just improper payments because people were noncompliant.

SPEAKER_01

Are there one or two questions that are true you could consider triggers that if you can answer these two questions, yes, you are involved in healthcare or life sciences?

DIY Pitfalls And Alphabet Soup

SPEAKER_00

Yeah. I mean, so I think the biggest question is is your product or service reimbursable by Medicare or Medicaid? I think that's the biggest thing, right? Because so much of these federal healthcare fraud and abuse laws, that is the main crux if you are receiving reimbursement by federal healthcare programs. But that's not it, right? I I think how is your product going to be used? Is it going to be used for the diagnosis or treatment of a medical con of a medical condition? Are you going to be receiving patient data? So I think those are like three good places to start to think about if uh if you need to start thinking about healthcare and life sciences compliance.

SPEAKER_01

What is the number one mistake that you feel that most founders make when it comes to compliance?

SPEAKER_00

I think it is that they could DIY it, right? Because a lot of entrepreneurs, a lot of these innovators, they're great. They're great people. They want to change the world. They they have this radical idea and they want to do good. Most of them really, really who enter this space, yes, there's profit to be made. But more importantly, they they really just want to save lives, improve lives. And but they think that they have this great idea and uh it's super innovative, and that's awesome. But compliance isn't something that could be DIY'd in your garage because the regulatory scheme is so wide. And and and and Dave, I don't know if you want to spend a few minutes just talking about the alphabet soup of healthcare fraud and abuse regulation.

SPEAKER_01

I think that'd be a good idea. I mean, I think that there's so many, and it's sort of like what's the place to start? What are triggers that mean that you need to start here now, or this can wait, or uh how you can build out your business.

Key Laws: AKS, Stark, EKRA, FDCA

False Claims Act And Whistleblowers

Real-World Consequences And Agencies

Compliance As Competitive Advantage

SPEAKER_00

Sure. Well, let me just talk about the alphabet suit of the regulations and the enforcement agencies, and then we can dive into how you can deal with compliance like potentially as a competitive advantage for you as an innovator, right? So let's start with the laws. So there's a criminal statute called the anti-kickback statute. This is the example that I gave earlier, where you cannot pay a kickback for a referral that is reimbursable by federal healthcare programs. So if you're a doctor, you can't pay someone for sending you a patient that's on Medicare or Medicaid. That's a no-no, right? And then there's a lot of safe harbors that they built into that, that statute that gets really complex to navigate. That's a criminal statute, but then there's also a civil statute called the START law. And this is applies specifically to physicians, and they cannot receive federal health care reimbursement for items or services, or they cannot receive uh things of value from the people that they have a financial relationship with, right? So I think it's it's and it's it's very akin to the kickback statute, but I think the the key thing here is that it's strict liability. The kickback statute, because it's a criminal statute, it requires intent, there's a lot of evidence there. The the Stark law, because it's strict liability, it's like a tripwire. If you receive payments and there's a financial relationship there and it's an improper one, you're already liable. There's the eliminating kickbacks and recovery act. That's very much like the kickback statute, but that specifically deals with recovery homes, treatment facilities, labs. There's the Food, Drug, and Cosmetic Act. This is where we deal with a lot of FDA approvals, right? Uh you have the medical device, you got to get it FDA approved. There's regulations about marketing on label, right? And then I think the biggest hammer, Dave, is gonna be the False Claims Act. And I'm not sure if you're not sure. Yeah, so the false yes, the False Claims Act, it's actually an old statute. It's it goes back to the days of the Civil War. Uh it was enacted in 1863. Sometimes it's called Lincoln's Law. It was really created uh initially to deal with people who were uh there was these defense track contractors that were supplying the Union Army during the Civil War with weapons that didn't work and the government paid out. This is their way of of preventing that. And what it did it did two big things that makes it one of the biggest enforcement tools in healthcare and life sciences. One, just the sheer amount of damages. The government can uh get up to three times the amount that was paid out. So just like if you defraud the government$100,000, the government can go after you for$300,000. It's just really, really meant to deter defrauding the government. But then the second one that makes it so powerful is that there's this thing called a key TAM provision. And what that means, Dave, that that that's it comes from an old, I think it's Latin phrase. You know, lawyers love their Latins, key TAM, Q-U-I-T-A-M. And it really meant someone who sues on behalf of the king as well as for himself. It's really a whistleblower provision meant to say, hey, if you have information that someone is defrauding the government and you come forward, you can get anywhere from 10% to 30% of what the government actually got back. Now think about the financial incentives for that, Dave. When I was at OIG, I had a case, it was the largest grant fraud research misconduct settlement that HHS entered into. It was a$120 million settlement that the government got back from the entity. It was research misconduct. It was a university that allegedly, there is no finding, there's no admission of guilt in that settlement, but they they put out this falsified research that was actually cited in several studies in order to get federal grants. And the settlement amount for that under the False Claims Act ended up being around$120 million. And the whistleblower got pretty much 30%. So they walked away with like$33 million. Wow. And just for bringing this forward and pushing the government to pursue this, right? And so talk about financial incentive and talk about risk, right? Like not only are you dealing with landmines all over, but now you're looking over your shoulder because it could be people in your own organization who might want to profit off of your missteps. And for that reason, baking compliance into your whole business plan, your whole business structure, and as much as possible into their product itself, that will that will save you so much, not only save you so much pain, so much stress financially as well from financial penalties, but it could ultimately become a competitive advantage.

SPEAKER_01

So I want to take a tangent, then go forward, but uh it made me think of a story I had a a friend who was a federal prosecutor, and there was a dentist, and the dentist submitted a billing to the federal government for reimbursement and he was overpaid. And then rather they thought, Oh, this is just a mistake, it'll never happen again. Then it kept happening, and then it turned out by the time they were caught, they had defrauded the federal government over over a couple hundred thousand dollars in in fees. And then he subsequently went to prison. And I don't know like how that works with everything in terms of an entrepreneur understanding their fees, understanding what to do if something like this happens, or just how it reflects compliance.

FDA Pathways And Go-To-Market

SPEAKER_00

Yeah, so this goes back to it was probably under the Stark Law or uh or the anti-kitback statute, right? Because when you're dealing with physicians, you gotta worry about fair market value, right? Are you paying these people fair market value? Because again, it's counterintuitive to a lot of things in regular industry, right? Like you in the in in regular industry, you want to pay the best and the brightest the most you possibly can to retain that talent. And it is true in healthcare and life sciences, but also if it looks like you're ultimately paying them for referrals for customers, for patients, especially patients that are in Medicare or Medicaid, now you're you're looking at legal risk, not just financial risk, but also risk to your own freedoms, like you said. It could be a criminal statute or it could be a criminal offense. And so you have anyone, uh, you have agencies like the DOJ that can pursue you criminally or civilly, but then you also have agencies like my former agency, OIG, who can take administrative actions against you. And then on top of that, you also have the state agencies with their own fraud or abuse laws and their own enforcement mechanisms as well. So you're really, really going into a quagmire if you're stepping into the healthcare and life sciences space and if you're not familiar with that area at all.

SPEAKER_01

So looking at the business play, can you share stories, of course, without naming names, a company that leveraged compliance into their business as a competitive advantage?

Investor Signaling And Opportunity Cost

Seven Elements Of Compliance Programs

SPEAKER_00

Sure. Yeah, I won't say the names just because I think that there's a lot uh going on in terms of compliance and enforcement and things like that. But I think a good example, there's a company out there that's a global pharmaceutical company. There are they are one of the top cancer therapeutic pharmaceutical companies, right? Cancer, terrible disease. I'm sure you've had people affected by it. I personally have had several family members impacted by cancer and friends impacted by cancer. And so, you know, it's something that these pharmaceutical companies are really, really trying to solve. And in 98, there was a pharmaceutical company that was the first to develop what's called a companion diagnostic for their pharmaceutical drug to treat cancer. And what this did was they not only created a therap a drug to treat either the symptoms or treat cancer itself, but then they also created this tool. It's a diagnostic tool, it's a diagnostic test to help identify if you have this gene for cancer or if you have this cancer itself and it made you eligible or qualified you for this specific product. Think about the use case for that, right? Like now not you're not just reactive and providing a life-saving drug to people who know they have it. Now you're thinking about how do I help people identify that I might have this disease even if you don't know it yet, right? And this becomes very important in like the rare disease space. Now we have these genetic tests that can help you identify if you are at risk of these rare genetic diseases. And when I say rare, we're talking about a single-digit percentage of the global population, right? And you think about that patient journey and how frustrating it can be for those individuals who are struggling with this disease. A lot of times their physicians aren't even aware of that disease or aren't knowledgeable enough or specialized enough to identify, hey, you might have this one rare disease that only impacts 7% of the global population. So imagine the stress of constantly having going back to the doctor saying, oh, I'm having these symptoms, these drugs aren't helping, it's because you've been misdiagnosed, right? And and how frustrating it is to hear from your doctor, I don't know what's wrong with you yet. Let's run more tests. Imagine if there was a test out there that could say, hey, actually, this is what you have. And actually this aligns with there's a drug out there that can help treat you. Now, in the rare disease context, in in several diseases, in the context of several disease states, that's not only more convenient and helping with the pain and suffering, but it could be life-saving, right? So this was the first company to do it back in 1998. They got FDA approval for it and it became almost a companion test to their drug. And now there's a whole industry of genetic tests companies sponsoring genetic testing programs so that they can help patients identify whether they're at risk early on, because what do we always hear about healthcare, right? Prevention is so much better than treating the symptoms after you have it. So it was it was revolutionary. You know, you think about it today, it's like, oh yeah, that does make sense. Like, why wouldn't you have a companion test to pair it up with a drug? But that was brand new at the time.

SPEAKER_01

I mean, so is your role or is a role of a of council also to help people work their way through the approval process with these federal agencies so they can have their their business, their service, their technology included as accepted technology for billing?

SPEAKER_00

That's right. And in the US, you know, in order to sell uh or or market uh an item or medical device or a drug that could treat symptoms, it has to be FDA approved. So there's a whole process for that. That's under that's under the Food, Drug, and Cosmetic Act, right? And so you have to do you know, sometimes it's clinical trials, depending on on what the the the item or service is. There's different regular regulatory steps you need to take. And it's not something it's one, it's not cheap to go through. And then two, you know, there's a lot of administrative know-how. You got to know who which agency you're going to be submitting your applications to, what needs to be submitted, how to appeal bad decisions if you get a negative decision throughout this process. Um so definitely this is where you need at least uh the a consultant or or a legal professional to help you guide the way.

SPEAKER_01

How can entrepreneurs work with their legal advisors to make sure that compliance doesn't just slow them down, but actually positions them to be recognized a better opportunity for investors or in a better place in the market?

Culture Over Checklists

Diligence, Valuation And Deal Risk

SPEAKER_00

Sure. Now yeah, I mean, I think the best way to think about it is opportunity cost, especially if you have a new and innovative idea, right? Think about that companion diagnostic. That was the first one in the market that got FDA approved, right? You can't just have a copycat spring up overnight and do that. They need to one, figure out, wow, this is a great idea. How do they do that? But then two, they have to go through the whole process themselves of getting FDA approved before it enters the market. So being a first entrant that's FDA approved in the market, that gives you a great competitive advantage. You really have no other competition in that space at that point, right? So I think that's the biggest thing. So think of the opportunity cost, but then also think about the the flip side, the negative cost if not doing it, right? Your product doesn't get approved. That's probably the best case scenario. Worst case scenario, you're paying millions of dollars in fines or potentially even going to jail and losing your freedom. So the the whole range of positives of engaging a legal professional to help you do that, guide you through this process versus the the costs of not doing it. I think it, you know, if you put it in that context, it's an easy decision. But I get that it's difficult up front when you're running on a tight budget and you need to prioritize how you do it. You know, compliance doesn't need to be expensive. It can be built into the DNA of your company, of your product, and it isn't a one-time thing either. It'll grow with you, it'll evolve with you. And I think, you know, that's where there's a thing called the seven elements of a compliance program that is widely accepted as a best practice. And a lot of federal agencies expect you to have it. In fact, OIG, if you run afoul of laws and you don't have uh a compliance program, sometimes they will actually make you enter into a what's called a corporate integrity agreement where you're monitored by the agency for five years or so. And what they're monitoring is are you actually implementing these seven steps of a compliance program?

SPEAKER_01

So it's that line about how do you eat an elephant one bite at a time. So with this consideration for compliant, are there two or three first bites that you'd recommend?

AI, HIPAA And Fast-Moving Tech

Regulators’ Pace And Advisory Opinions

Timelines, Roadmapping And Scaling

Global Expansion And Divergent Rules

SPEAKER_00

Sure. I mean, I think to set the stage, I think we need to talk about what the seven elements are first, right? So the seven elements of a compliance program that agencies expect you to have are one, that you have a compliance function that, you know, that's either a compliance officer or a compliance committee on your board of directors, somebody that's actually in charge of this. The second element are policies and procedures. You have standardized policies and procedures in place to ensure compliance across your company. Third, you have training and education. So what this means is you're socializing those policies and procedures across your whole organization and relevant individuals in there, right? Who needs to know about these policies and procedures and how are you training them? Is it effective training? I think most of us have worked in companies where you have to do, you know, once a year, HR emails you and says, hey, you have to do this training do you do, and and you typically just leave it on in the background why some while some cartoon video plays. Is that effective training? Are you actually learning the policies and procedures then, right? Now think about if you're in a high risk space like healthcare and life sciences and something that could get your company in trouble or potentially you in jail, right? Think about how how do you make sure now that your staff is actually appropriately trained on those risk areas. The fourth is auditing and monitoring. So you are doing regular audits of your risk areas and you're doing ongoing monitoring of those risk areas as it goes. There's a difference, right? Auditing is more of a retroactive look. Monitoring is ongoing and in the moment. It's like the difference between like looking at old records from the past year versus watching a security monitor, right? Open lines of communication is the fifth element. So that the organization has an open line to report areas of noncompliance, whether that's directly to the compliance officer, but also that the compliance officer has a direct line to the C-suite. So a lot of times you'll see it's a best practice that the compliance officer is not part of legal. It doesn't report to legal, but it instead it reports directly to the either the chief executive officer, the president, or the board of directors, right? Because legal has certain interests in mind. HR has their own certain interests in mind. And you can imagine conflicting interests there between uh a compliance concern versus uh a legal decision that might have business implications for the company. Open lines of communication that also includes a hotline. A lot of times you'll see if you want to report something and remain anonymous, a hotline complaint. Like that's a great tool. And that's almost like the goals like expected now uh across these industries. Um and the last two are investigating issues of or suspected areas of of noncompliance, and then the last one is disciplinary or corrective actions when you actually find noncompliance. So a company, you you gotta be able to implement all those seven elements, right? Now, if you're gonna talk about eating an elephant one bite at a time, you're not gonna expect to have all that on day one. Maybe you start with, okay, day one, who is gonna be in charge of compliance? That's the first element, right? Like designate somebody and and who are they gonna report to? And um then you start building out your policies and procedures. And a lot of times, you know, that's a trial and error process. And it's also best practice of any business, right? Like you want to have good policies and procedures. I have my own law firm, and I think that's something I'm dealing with right now that I just launched. And like, how do you do this when a new client comes in? What's the policy for that? What's the procedure for that? So that anyone who steps into my shoes, or if I need to delegate that, they know exactly what to do and it's standardized. You know, that's what how it should be for compliance. And and it shouldn't be like a wish list, it should actually be how are things actually going, right? Um and then as you develop more and more, your training and education can get more sophisticated, your auditing and monitoring can get more sophisticated, right? So it should grow with your business. You don't need you the you're talking about sayings, you don't want to kill a fly with a cannonball. You don't want to overspend on compliance when it's not even a risk area for certain areas. So I think it's identify your risk and then have your compliance program grow with your company.

SPEAKER_01

Is there are there any companies that come to mind that are recognized for their their structure for compliance that other companies could look to as models?

Baking Compliance In From Day One

Finding The Right Legal Team

SPEAKER_00

You know, I'd be afraid to call out one company because you never know tomorrow. You might hear them in the news. But I I I think the best examples, honestly, are companies that have gotten in trouble and have gone through the corporate integrity agreement process and have succeeded in getting out of that monitorship because that means now the OIG has looked at their compliance program and has found it sufficient enough and such that they no longer need monitoring, right? Because it's a it's a process. They report those, they had to do annual reports, annual audits, and they had to report it to the OIG monitor, and then there's site visits sometimes. So it's pretty it's a pretty thorough examination for five whole years. And then on the other side of it, whatever issue that got them into it, it should be well off, right? So I think it's is sort of a counterintuitive example, but I think that that's at least been my experience when companies get out of a CIA, as we would call them a CIA corporate integrity agreement. And uh yeah, those companies, they have a lot of them have effectively gone from no oversight, no compliance to a pretty robust compliance program that is changes pretty well. And and you know what, Dave, it's really more so than, and I had this attitude and I was going through law school and learning about compliance. You hear about this and you think it's just like, oh, this is a checklist, seven elements policy procedures check, training education check. It's not, it's really about culture. It's a culture of compliance. Because what I found, and in my experience when I was a monitor at OIG, when we're implementing these uh compliance controls, it was really a people problem, right? You had people that either didn't care about compliance, that were greedy or incompetent or whatever it was, that just didn't care to put the effort into compliance. And that that showed in the culture that they created. And then as you're implementing this program and making it a requirement, those people naturally sort of weeded themselves out because they get put in the hot spot. They get put in the hot seat through these programs. They become identified much more quickly. The concerns get raised proactively as opposed to retroactively after the government comes knocking, and it really becomes a whole transformative culture. It's almost, I don't want to make it seem too kumbaya, but that's really what it is. It's really like a come to Jesus moment of who are we as a company, right?

SPEAKER_01

I've had um friends and for a lot of different contexts, they'll talk about how, oh, there's an expression, I understood it to be Chinese in origin, but I could be wrong. But the idea is fish rots from the head. And then if the leadership has to embrace something for the organization to implement it and act on it, and if the leadership doesn't embrace it, then it's not going to be enacted.

Bespoke Counsel Not One-Size-Fits-All

The Launch Code: Three Takeaways

SPEAKER_00

Exactly, right? So, I mean, and I think this is really what it is. It's not a checklist, and it's just in the same way that if you're an innovator, if you're an entrepreneur, if you have this big idea, you want that mission. You know, uh there's a guy out there, Simon Sinek, he did that TED talk, start with the why. And that's what makes successful companies successful. Like he talked about Steve Jobs and Apple. You know, he they start with the why. We we want to create products that transform people's lives. And by the way, we just happen to make computers. Like I a lot of entrepreneurs I know, that's sort of their why. They want to transform the delivery of healthcare, but we just happen to have this medical device that does it, or we just happen to make this drug that does it in this sector. But the why is that pull through. And then incorporated in that should be uh a thought about compliance, right? Because you're not if that should be a natural extension of your why, right? If you're if your why is to save lives, transform the delivery of healthcare in the United States, the compliance is is how you do that. And if you're being greedy about it, you're not saving lives anymore. If you're being nefarious in your business practices, that's not that's inconsistent with that why, right? So I think that's what it means to build it into the DNA. And and these seven elements, these enforcement actions, all this is really just like symptoms of, like you said, like the fish rots from the head. And so it really comes down to culture, it really comes down to values, and it really comes down to how those values manifest.

SPEAKER_01

How do investors and VCs evaluate compliance readiness during their due diligence process?

SPEAKER_00

So I think a lot of times it becomes an afterthought, and this is where a lot of people can get into trouble, and this is where a lot of deals can fall apart, right? Because uh I I had someone come to me the other day and they were talking about there's this physician practice that wants to buy another physician practice, and they're in early talks, but they had no idea about, you know, regulatory compliance, right? Like you're you're you're a healthcare practice, and yes, you're you're doing the deal, you want to talk about deal sheets, term sheets, you know, interest rates, things like that. But then like compliance became sort of an afterthought. It's like, oh wait, now they're looking to hire me and I'm gonna come in and gonna ask, okay, well, let's talk about it. Do you have policy policies and procedures? Do you have, you know, so I think it's a lot of times it becomes an afterthought and it can actually be a big hang up in deals because that became something that holds either holds up a deal that wasn't built into the timeline, the compliance review. But also a lot of times that compliance review can reveal real legal risks and financial risks that that really ruined the whole deal. I've had cases where that happened before.

Closing And Calls To Action

SPEAKER_01

Sort of like uh taking this sort of the flip side. So what's the fastest way for a startup to lose investor trust? You may be just speaking to that.

SPEAKER_00

Exactly. So I mean, I think the fastest way to lose investor trust is it's sort of like getting exposed for for not having this on the forefront, right? You talk a big game, we're the best in X, Y, Z. And someone says, okay, well, let's see your policies and procedures, or or let's see your hotline complaint log. And then you're like, oh, what do you mean? That's a big red flag that there is no compliance program. And it could set off, okay, what other alarm bells are there? What other financial arrangements have you potentially entered into that if we invest, we're going to be on the hook for paying out civil monetary penalties, right? If if you're if you're not serious about compliance, that could really, really impact your marketability to VCs and investors.

SPEAKER_01

And can it increase valuation of a company or decrease it, depending on how what track they take?

SPEAKER_00

Potentially. I mean, I don't know if it necessarily would increase, but you could imagine it would decrease, right? So a lot of times what we do, uh a lot of publicly traded companies, for example, have to report instances of litigation or government enforcement. That's like an SEC regulation, right? And a lot of companies will have to make reports to their investors, make SEC reports that, hey, we just received a subpoena from the FBI because they're looking into this anti-kickback statute allegation. Imagine what that does for investor confidence. Imagine what that might do to your stock price once that's revealed, right? So the same thing is true in the smaller context, right? Like you have investors coming in, they will ask, do you have any known or threatened areas of litigation or enforcement? And you have to answer truthfully, otherwise, you know, you could the deal could get blown up. Investors come back after the fact and sue you. But, you know, and and that's gonna be an area that should come up as part of the compliance due diligence.

SPEAKER_01

Excuse me, how is AI changing the compliance landscape and healthcare and regulated industries?

SPEAKER_00

I think it is AI is a great example of what it means for an innovator or a disruptor to enter the healthcare and life sciences field, right? Because especially if you're coming up with something brand new, you're dealing with laws that have been in place. Like I said, the False Claims Act has been in place since the Civil War. And a lot of regulations have been in place in the 90s, 80s, 70s, before a lot of technology and business models that we have today were put into place. So you're trying to commercialize a product for the new era within a regulatory scheme that's antiquated, maybe going all the way back to the 90s, 1960s. And so how do you how do you marry that? How do you reconcile that? And a lot of times it's you don't know, and you're just making the best educated guess and hoping that you got it right. You know, now AI is an example of this. You know, HHS is putting out there's no consolidated framework just yet. They're putting out, you know, guidelines for how their own agencies should use AI, but AI, just the the free the how quickly it's being implemented and how quickly it's being adopted just by the general public, it creates a whole lot of risks, right? Because in AI, you have a program that is being trained. Now, think about this in a healthcare context, especially with HIPAA. How are you training this program? What patient data is being used to train it? If patient data is is is gonna be uh input into this system, what controls are there to protect it under this HIPAA statute? AI wasn't around when HIPAA was first written, you know? And so these are things that that's gonna have to be reconciled and and thought through.

SPEAKER_01

Could you have to anonymize HIPAA-related data and you as you build things?

SPEAKER_00

Is that how people it depends on the context, right? Like depends on who you are in that context. Are you are you are you delivering healthcare? Are you do you have a business associate agreement in place? How are you getting the P the the PHI or the PII? And so all those things, like it becomes very, very context specific.

SPEAKER_01

So as you're as you're looking at regulators, are they moving faster or slower than technology? And what does that mean for startups?

SPEAKER_00

Aaron Powell They are it's definitely slower. They're not ahead of the curve. They they're if anything, they're catching up to where we were five, ten years ago, because you think about think think about, and not to get political, but think about Congress today. Think about what it takes to pass a law. Think about what it takes for a new regulation to get drafted under the Administrative Procedures Act, even if you're not, even if there's a law already in place and you're you're just creating a new regulation. There has to be a notice to propose rulemaking. There needs to be a certain comment period where the public can comment on it. And then there needs to be a final rule that's written that addresses all of those comments. And then if any of those steps are not done correctly, that whole regulatory scheme could get thrown out the window as a violation of the Administrative Procedure Act, right? Bureaucracy. And so it's always going to be behind the curve. And there's, you know, there's ways to sort of walk around it. For instance, the OIG has a process called an advisory opinion that you can reach out to them and say, hey, you know, there's this risk area that my product or this financial arrangement that I've entered into implicates. This is what I'm certifying to be true about the context of the situation based on these facts. Is this something that would be allowed, or is this something that you would enforce a law against? And then OIG opinion puts out a guidance uh and and they put out a certain number every year. And that actually becomes a good guiding post for a lot of people. People in the industry to understand, okay, this is what the OIG thinks to be too high risk to where they would take enforcement action. And then this is where they said that they won't take any enforcement action, even though it might implicate this statute, because OIG has enforcement discretion. Now, there is a there's a caveat there that that advisory opinion only applies to the person who requested it. It can't be relied on by other parties and things like that. But it's still a good, it's like uh, you know, it's it's like sticking your finger in the wind to get to get an idea of which way the wind is blowing. Um and and so there's different tools and and guideposts like that out there.

SPEAKER_01

Is there a consideration for time associated with compliance and regulatory structures that that entrepreneurs should understand? Like I don't imagine any of this happens fast.

SPEAKER_00

Definitely not. And so, I mean, I've I think that's where I said like it's so important to think about it as it needs to grow with your company, right? And they one, if you're building something out of your garage, it is just you. So maybe it's just you that talks to an attorney or a consultant, and just to get an idea of hey, I have this product, what laws does this implicate? What do I need to think about? Because if you have that in the front of your mind as you're building your product, it's gonna be so much more beneficial and easier than if you already had a product or a service or a software and you found that wait, there's no way to effectively commercialize this without violating HIPAA. There's no way to effectively commercialize this, you know, that doesn't run afoul of certain laws. I think that just knowing getting it's like if you wouldn't go on a road trip or you wouldn't go on vacation to a new area without scoping the landmarks out, right? I mean, I guess you could if you want to be adventurous, but when the risk is potential loss of your freedom, then yeah, you would probably scope out, hey, like what places should I visit? You know, what places should I avoid? Where should I be more careful? And that's the same exact way with regulatory compliance and building your company. And now, as it gets more sophisticated, you have more actors under you, and then you have a more sophisticated compliance program. Maybe you have a compliance officer at that point who reports to you and that people can go to to raise their concerns or just ask questions. And so it's not a one size fits all. It should really be tailored to your industry, your product, and those specific risks associated with it.

SPEAKER_01

What should founders know about scaling into global markets with different regulatory requirements and regimes and procedures?

SPEAKER_00

Sure. I mean, think about the US, right? And I think AI was a good example because there is no national law regulating AI just yet, even in healthcare life sciences. But I think um there's different states have different laws around AI already, right? It's a patchwork system, and that's just alone in the United States. Now, imagine this on a global context. Imagine if you have a new drug or a new medical device and you get FDA approval. And because when you when you seek FDA approval, you don't always get it for everything that you ask for, you know, because it needs to be supported by clinical data. The FDAI looks at the clinical data and and verifies it and says, actually, yeah, based on the evidence that you gave, we think that we could say that this product treats brain cancer and skin cancer, right? Just as an example. Let's say you that's what you want. And then the FDA will look at it and they might say, yeah, actually it does treat both, and you can market it as such. Now you go to Europe, they may look at the same data because we know that science is always going to be peer-reviewed and there's always gonna be different conflicting. That's that's just the nature of science, right? And the consensus in Europe might be actually this product only has sufficient evidence to support an indication for brain cancer, not skin cancer. So now you're talking about the same product that's been approved for two different things, and now you're gonna talk about marketing it and bringing it to market. You can you now you're gonna have to have a set of marketing materials just for the US versus marketing materials in the in the U. And then think about all the different countries that you got to do that for, right? That's just like a minor little example. Same thing with the kickback statute, right? Or or or even like marketing practices. Certain countries will not let you market medicine, pharmaceuticals, directly to customers. In the U.S., it's allowed. That's why we have all these commercials on TV where the announcer speaks really, really fast, talk about the side effects and all those things. You won't see that in some countries, especially in Europe, right? Because that's not allowed. And because that has to do with the different philosophy of what the role of the physician is. You know, in the US, it's very much more patient-centric. In certain countries, it's much more the healthcare provider is really the gatekeeper because they have specialized knowledge to do that. So only the doctors can get marketed to and they can talk about that. You know, so there's different channels, there's different avenues in the way that it's done. And you gotta worry about being compliant with all of it. You gotta track it, you gotta implement a system that makes sure your practices are compliant with all of those. And then you gotta have a compliance program that's tailored to each and every jurisdiction, right? So it can get quite complicated.

SPEAKER_01

What does it mean to bake compliance in from day one? Are there simple processes that won't slow down innovation and then getting a lawyer? I mean, that's a big scary thing for a lot of companies.

SPEAKER_00

Right. I think baking compliance in from day one means understanding your risk area first and foremost. You have this big idea. What is it implicating? And I think and you want to talk about being scary and getting a lawyer is being scary. What's scarier to me is walking into a dark room with a bunch of sharp objects, right? And yeah, a cost of a flashlight might put me out a few bucks, but it's gonna save me the ER bill later on if I walk in there without it, right? That's how I view a lawyer in this instance. That's how I view a consultant in this instance. It's it's you are getting, you're coming in wide-eyed, right? And that alone not only keeps you out of trouble, but done correctly, it can give you a competitive advantage. Just like I said in the example earlier with the FDA approval for the companion diagnostic. If you're so cutting edge that you're the first one to market, that's gonna one put you way ahead of the competition because there won't be competition. And two, that gives you so much more credibility now as a new entrant in the space.

SPEAKER_01

How should people think about how to identify and find a lawyer that's appropriate for their needs or their industry or their business?

SPEAKER_00

In the same way that you as an innovator, as an entrepreneur, want to establish credibility. Think about the same ways that look for the same things in your attorney, right? So, what experience do they have? What credentials do they have? Um, and ask the questions, right? Like you want to talk about your budget first and foremost. A lot of people like talking about money, and they can just say, like, I don't want to spend any money or I have no money. Like, that's not a helpful conversation. You can say, look, realistically, this is my budget that I have and I want to do XYZ. What can you do for me there? Right. Some attorneys charge on billable hours, others do flat fees. Now, you can also ask about their experience. Like, what other past clients have you worked with? What are your success stories? What agencies have you interacted with? Because just because like someone's a healthcare and life sciences attorney or a compliance person, that doesn't mean that they know it at all, right? You could have someone who's very niche on just FDA approvals. That's a whole subset of the market in the legal industry, like just getting your products FDA approved. Those people may not necessarily have the same expertise as someone coming in and helping you now get your product eligible for federal healthcare reimbursement, right? And so that's gonna be different versus having someone come in and talk about how do you draft a contract with a physician so that it doesn't implicate the anti-Kback statute or the STARK law. So those are all different skill sets, and it may not be the same attorney. You gotta think about what your risk profile looks like first and foremost, and then build your team of Avengers right around that, addressing those specific risks.

SPEAKER_01

So it may, at the at the end of the day, it may not be a single lawyer. It just depends on your business.

SPEAKER_00

That's right. Yeah. And you may have like a general counsel who sort of manages this for you. Um, because that's often why you have companies that have in-house counsel, right? Like they manage all these risks, these legal risks, and then they'll engage outside counsel as needed for project-specific needs, right? We have this new product, we're at a stage where we need FDA approval. So we need someone to do that. Versus we're super early, we don't even have a product yet, we just need an investor. So, what does a contract look like? So, right. So, that's gonna be complete different skills.

SPEAKER_01

So, in a sense, are you saying that the counsel that a company should look for, you're looking for a shepherd, you're looking for a toolkit as opposed to just a saw or a hammer.

SPEAKER_00

Uh, I I like to think of it as uh, I mean, I like the shepherd example. I personally like to think of it as uh you want a tailor. You want a tailor who will take your measurements, see what looks best for you, see what you need, how do you move, right? One of my best friends is a tailor, and and this is why the example comes to my mind. He was actually, he did my suit for my wedding, right? And I told him what I needed and what I wanted to look like, and he he handmade my whole wedding outfit. And the same thing with good legal counsel. They'll look at your your profile, at your risk profile, and then they'll build a team around you that'll say, this is what will enable you to do what you want to do and to make you do it the best way you can do it.

SPEAKER_01

So and is this what you mean by a bespoke counsel or bespoke service?

SPEAKER_00

That's right. Yeah, at my law firm, we our big thing is bespoke legal advocacy, right? And just in the same way that a suit should flow with you and not against you, right? Like think about this now, there's the fashion head in me, right? You can tell the difference between a well-fitting suit and a terrible fitting suit. And the best fitting suits are those that flow with the body, that you know, that that look smooth with the body and aren't tight, aren't aren't pulling a cuts or restricting movement. And the same thing with good legal counsel. It shouldn't restrict your innovation, it shouldn't restrict your movement so much where it inhibits you, but it should actually flow with you and empower you to do what you want to do the best way possible. That's great.

SPEAKER_01

Let's like to go to the last part of our discussion where we talk about the launch code. So, based on our conversation, what are the top three things that you want innovators in healthcare and life sciences to take away from this conversation?

SPEAKER_00

Yeah, so I think the three things bake it into your DNA. Think about your your risk profile just as much as you're thinking about your product that you're building or your company that you're building or the service that you're building. Because one the more holistic a picture you have, the more successful you can be down the road. So bake it into your DNA as much as possible. The second thing, and this is sort of the flip side of it, think about the cost of noncompliance. Like I said, it's scary to pay out certain much for a lawyer, but scarier to me to walk into a dark room with sharp objects all around. That's the risk of noncompliance, right? Your product not getting approved or going to market, you having to pace financial penalties and possibly even going to jail, right? There's a whole range of risks there. And then lastly, think about compliance not as something that you need to do or a checklist, but really if it's done really, really well, it could be a key factor in giving you competitive advantage, right? It's a way to maximize value as opposed to inhibit it. So compliance done well and with good counsel, with good consultants, and growing with you, evolving with you, it really, really can be a competitive advantage. It can attract more investors, it can keep you out of trouble. In fact, it could at several times it could clear the competition, right? So I think those are the three things. Bake it into your DNA, think about the cost of noncompliance, and then use it as a competitive advantage.

SPEAKER_01

Dennis, that's great. Thank you so much for this helpful conversation for entrepreneurs.

SPEAKER_00

Of course. Yeah. And it was it's been great, and I'm excited to be doing this with you. You know, I'm really excited to have other guests that we'll be talking to about this in the industry, and I think it should be really, really interesting.

SPEAKER_01

And that's it for this first episode of Ready for Launch. A big thanks to Dennis for breaking down what makes startups and healthcare and life sciences so unique. If you found today's conversation valuable, please follow the show on your favorite podcast platform, leave us a rating, and share it with the founder, a business leader who could benefit. If you're interested in sponsoring, contact Dave or Dennis from the details in the episode show notes. Thanks for listening. We look forward to talking again soon.

Head Shot

"Aussie" Mike James

Co-host
Head Shot

Dave Liss

Co-host
Head Shot

Dr. Richard Kennedy

Co-host
Head Shot

Ketil Hviding

Co-host

Podcasts we love

Check out these other fine podcasts recommended by us, not an algorithm.

Your Brand Amplified Artwork

Your Brand Amplified

Anika Jackson, Bleav
Digital Health Today 360 with Dan Kendall Artwork

Digital Health Today 360 with Dan Kendall

Dan Kendall / Part of the Health Podcast Network