Health research organizations and other institutions including academic medical centers, research institutes, and medical schools, are aware of the dangers of foreign influence, but many haven’t started addressing them. Until now.
Regulators and investigators have turned their sights to international connections—researchers’ activities, monetary relationships, and talent recruitment from far-flung locations.
Organizations that are not compliant with well-established legal and regulatory frameworks are no longer tolerated. Several universities and research institutions have been implicated in Federal Bureau of Investigation (FBI), National Institutes of Health (NIH) and Department of Justice (DoJ) investigations of foreign influence and corruption.
To get ahead of enforcement, the health industry needs to prioritize compliance with laws like FCPA, export controls, sanctions laws, immigration laws, cybersecurity rules, and regulations that cover international grants. Institutions risk the loss of intellectual property, reputation, and funding sources. Health research organizations already have some of the most sophisticated compliance infrastructures, but they have only recently been required to monitor issues around foreign relationships. They need to assess their current international entanglements and address gaps in compliance, while remaining rooted in a culture of global collaboration and sharing for the greater good of patients and society.
Many health research organizations—academic medical centers, research institutes, and medical schools—view themselves as domestic organizations. However, their growth and ability to innovate and compete depends on collaborating with international organizations and governmental entities as well as foreign researchers, scientists and doctors.
The strength of collaboration poses the greatest risk: it opens up the prized brainpower and intellectual property—methods and applications—to people within that community, and consequently to potential US regulatory and prosecution risk.
In the past, espionage and bribes were the province of spies. Now, people on all levels within these collaborative communities can do the job, increasing the risk for intellectual property theft, reputational damage, disrupted access to funding, and weakened employee protection.
As of November 2019, 71 institutions, including many prestigious US medical schools, were investigating 180 cases involving potential IP theft with 24 of those cases referred by the NIH to the Department of Health and Human Services for potential criminal prosecution.
Source: "Vast Dragnet Targets Theft of Biomedical Secrets for China," Gina Kolata, The New York Times, Nov. 4, 2019
Begin by asking two fundamental questions:
Closing the gap to reduce risks around foreign influence doesn’t require a transformational program. Health research organizations and their research departments already have some of the most sophisticated compliance infrastructures. Organizations should consider creating a strategic mitigation plan to mitigate future risk.
Our Cybersecurity, Privacy and Forensics team/services can help you transform from value protectors to value creators by building trust, promoting resilience and enabling the business.
Our Risk, Control and Security Transformation Solutions can help you stay ahead of threats and build confidence and trust in the business by providing leading-edge systems, software, data analytics, automation and controls expertise to help organizations gain a higher return on investment from enterprise technologies through risk mitigation, streamlined processes and new cross-platform systems interaction.
Our Risk and Regulatory Consulting services can help you make sense of the shifting US policy environment by bringing together real-world experience across risk, regulatory, tax, controls, compliance, privacy and forensics.
Principal, Health Services Cybersecurity & Privacy, PwC US
Health Information Privacy and Security Practice, PwC US