Health research organizations are facing increased scrutiny for foreign influence; is your organization compliant?

Changes in oversight

Health research organizations and other institutions including academic medical centers, research institutes, and medical schools, are aware of the dangers of foreign influence, but many haven’t started addressing them. Until now.

Regulators and investigators have turned their sights to international connections—researchers’ activities, monetary relationships, and talent recruitment from far-flung locations.

A decreasing tolerance for non-compliance

Organizations that are not compliant with well-established legal and regulatory frameworks are no longer tolerated. Several universities and research institutions have been implicated in Federal Bureau of Investigation (FBI), National Institutes of Health (NIH) and Department of Justice (DoJ) investigations of foreign influence and corruption.

Now what?

To get ahead of enforcement, the health industry needs to prioritize compliance with laws like FCPA, export controls, sanctions laws, immigration laws, cybersecurity rules, and regulations that cover international grants. Institutions risk the loss of intellectual property, reputation, and funding sources. Health research organizations already have some of the most sophisticated compliance infrastructures, but they have only recently been required to monitor issues around foreign relationships. They need to assess their current international entanglements and address gaps in compliance, while remaining rooted in a culture of global collaboration and sharing for the greater good of patients and society.

Global connections and foreign dependencies in the health industry have grown in recent years

Many health research organizations—academic medical centers, research institutes, and medical schools—view themselves as domestic organizations. However, their growth and ability to innovate and compete depends on collaborating with international organizations and governmental entities as well as foreign researchers, scientists and doctors.

The strength of collaboration poses the greatest risk: it opens up the prized brainpower and intellectual property—methods and applications—to people within that community, and consequently to potential US regulatory and prosecution risk.

In the past, espionage and bribes were the province of spies. Now, people on all levels within these collaborative communities can do the job, increasing the risk for intellectual property theft, reputational damage, disrupted access to funding, and weakened employee protection.

As of November 2019, 71 institutions, including many prestigious US medical schools, were investigating 180 cases involving potential IP theft with 24 of those cases referred by the NIH to the Department of Health and Human Services for potential criminal prosecution.

Source: "Vast Dragnet Targets Theft of Biomedical Secrets for China," Gina Kolata, The New York Times, Nov. 4, 2019

Take stock of your international relationships and create a strategic mitigation plan

Begin by asking two fundamental questions:

  1. How many international organizations, people, intermediaries, and sources of funding—and US sources tied to foreign health professionals—do we rely on?
  2. How do we mitigate and monitor the risks posed by these relationships?

Closing the gap to reduce risks around foreign influence doesn’t require a transformational program. Health research organizations and their research departments already have some of the most sophisticated compliance infrastructures. Organizations should consider creating a strategic mitigation plan to mitigate future risk.

Four steps to rally your organization around an action plan

How PwC can help

Cybersecurity, Privacy and Forensics

Our Cybersecurity, Privacy and Forensics team/services can help you transform from value protectors to value creators by building trust, promoting resilience and enabling the business.

Learn more

Digital Risk Solutions

Our Digital Risk Solutions can help you stay ahead of threats and build confidence and trust in the business by providing leading-edge systems, software, data analytics, automation and controls expertise to help organizations gain a higher return on investment from enterprise technologies through risk mitigation, streamlined processes and new cross-platform systems interaction.

Learn more

Risk and Regulatory Consulting

Our Risk and Regulatory Consulting services can help you make sense of the shifting US policy environment by bringing together real-world experience across risk, regulatory, tax, controls, compliance, privacy and forensics.

Learn more

Contact us

Jeremy Diebling

Principal, Healthcare Cybersecurity & Privacy, PwC US

Nalneesh Gaur

Health Information Privacy and Security Practice, PwC US

Follow us