OIG Outlines Multiple Probes Into NIH, PIs Who May Have Failed to Disclose All Support

By Theresa Defino

Table of Contents

The HHS Office of Inspector General (OIG) is investigating allegations that a dozen principal investigators (PIs) with NIH awards “failed to disclose foreign affiliations on their grant applications,” IG Daniel Levinson revealed in a recent letter to Sen. Chuck Grassley, R-Iowa, chair of the Senate Finance Committee. But Levinson also made clear that PIs aren’t his only target.

OIG also is looking into NIH’s operations, with a number of audits and reviews already underway or recently released, Levinson told Grassley. These include “evaluations to assess NIH’s vetting and oversight of its peer reviewers, including its efforts to prevent or detect inappropriate sharing of information by peer reviewers.” OIG is also probing “how NIH monitors the financial conflicts of interest (including foreign financial interests) reported by grantee institutions,” among other inquiries.

The correspondence between Grassley and Levinson illustrates the high level of ongoing concerns about foreign influences in U.S. research, which have intensified since last summer when NIH Director Francis Collins first testified about the topic before the Senate Health, Education, Labor and Pensions (HELP) Committee. Grassley wrote to Levinson after receiving responses to questions he posed to Collins (“Grassley: NIH Response on Foreign Influences ‘Leaves Many Questions Unanswered,’” RRC E-Alert, Jan. 17, 2019).

The 12 PIs are double the number Collins said at the time that NIH itself was investigating “based on suspicions that researchers with federal grants failed to disclose significant financial contributions from foreign governments” (“NIH Warns Institutions to be Vigilant Against Threats to U.S. Research From ‘Foreign Entities,’” RRC 15, no. 9).

Late last year, a high-ranking NIH committee submitted a series of recommendations both the agency and institutions should take to safeguard their research (“NIH Embraces Efforts to Thwart Foreign Entities, Recommends Similar Strategies for Universities,” RRC 16, no. 1).

OIG said the referrals from NIH about possible non-disclosure of foreign support were “recently received,” and that officials were “currently conducting a review…to determine whether the allegations warrant the opening of investigations.” Levinson said the referrals “appear to primarily involve principal investigators on NIH grants conducting medical research at U.S. universities who allegedly have failed to disclose foreign affiliations on their grant applications.”

Levinson added that, “When evaluating referrals, OIG is sensitive to the fact that academic and professional reputations could easily be damaged by erroneous allegations.”

In the previous five-year period, Levinson said OIG conducted only one such investigation and that the Department of Justice (DOJ) has not moved forward with the case.

In terms of other investigations, OIG “examined a total of 51 complaints in the past 5 years from NIH. Four of these complaints were related to potential research fraud, and none involved foreign contributions,” Levinson wrote to Grassley. “The other 47 complaints were not germane to the issues raised by your inquiry.”

Levinson also said there had been just one case in the past five years of a researcher who “allegedly stole intellectual property created by taxpayer-funded research,” and that, as with the failure-to-disclose case, “DOJ declined to pursue action.”

In response to another question from Grassley, Levinson said OIG has conducted no investigations of “researchers who were allegedly agents of a foreign government.” But he added that because OIG “does not possess statutory authority under the laws covering foreign agents, we have not traditionally investigated matters solely related to such violations. In cooperation with the FBI, OIG continues to expand its efforts in this area and will continue to do so as authority, resources, and funding allow.”

The IG provided some details about specific oversight tasks regarding NIH itself—but he noted OIG has extra funds on hand for the effort.

In fiscal year 2019, OIG got an additional funding boost to turn its attention to NIH—at NIH’s expense. Appropriations legislation required NIH to transfer $5 million of its funds to OIG for “oversight of grant programs and operations of the NIH, including agency efforts to ensure the integrity of its grant application evaluation and selection processes.” Levinson told Grassley that OIG “submitted a comprehensive NIH oversight plan” to the House Energy and Commerce and the HELP Committees, as well as the Appropriations Committees in both the House and Senate.

FCOI Oversight to be Reviewed

As previously stated, Levinson wrote that OIG was looking into NIH’s oversight of peer reviewers, data sharing and disclosure issues among grantees.

Additionally, he said that OIG is “initiating audits” of NIH institutes and centers to review the following areas within NIH, which also were mentioned in a newly updated OIG work plan:

  • “pre-award process for assessing risk of potential recipients of federal funds” and “post-award process for overseeing and monitoring of grantees on the basis of risks identified during the pre-award process”;

  • “policies, procedures, and controls in place for ensuring that both foreign and domestic grantees disclose all relevant affiliations, sources of support, and financial interests, including intellectual property interests”;

  • “oversight of its grantees’ compliance with NIH policies, including NIH efforts to ensure the integrity of its grant application and selection processes and to protect intellectual property derived from NIH-supported research”;

  • “oversight and monitoring of the financial conflicts of interest reported by grantee institutions”;

  • “internal controls for identifying and addressing potentially duplicative grant funding and overlap”;

  • “testing of select cybersecurity controls within the NIH electronic health records system”; and

  • “controls to ensure that NIH has an accurate inventory of hardware, software, and Internet Protocol resources.”

OIG: NIH Data Security Lacking

When Grassley released Levinson’s letter on Feb. 6, he summarized the contents without indicating whether he intended to follow up with OIG for more details, or with the FBI, or what his next steps might be. In a public statement, Grassley said he “intend[s] to continue scrutinizing this area so taxpayers get their money’s worth when funding this research and foreign actors can’t pilfer the good work done by legitimate researchers.”

RRC asked Grassley’s office whether he expects to propose new legislation or impose new requirements on NIH related to possible foreign influences. While Grassley spokesman Michael Zona said on Feb. 14 that no new information was available, he added that “This isn’t an issue that’s going to fall by the wayside for Sen. Grassley.”

One OIG audit of NIH was released shortly after Levinson wrote to Grassley. On Feb. 13, OIG issued a one-page version of a restricted report reviewing NIH’s controls over sensitive data, which concluded that the agency “should improve its controls when permitting access to sensitive NIH data.” OIG made a series of recommendations to better safeguard data, which were only partially accepted by NIH.

OIG said it has “identified risks related to the sharing of sensitive data,” and that its audit “objective was to assess whether NIH had adequate controls in place when permitting and monitoring access to NIH sensitive data.”

To conduct the audit, OIG “reviewed NIH’s internal controls for monitoring and permitting access to sensitive data. To accomplish our objective, we used appropriate procedures from applicable federal regulations and guidance. We reviewed NIH policies, procedures, and supporting documentation, and we interviewed NIH staff,” the report states.

Recommendations Include More Training

OIG considered the concerns it uncovered urgent enough that it “shared with NIH information about our preliminary findings before issuing our draft report to ensure that NIH could take prompt corrective actions.” It also “provided a detailed restricted report” to NIH.

Levinson’s letter to Grassley mentions the audit as a future task; the report had not been issued at the time.

Specifically, OIG recommended that NIH:

  • “work with an organization with expertise and knowledge in scientific data misuse”;

  • “strengthen its controls by developing a security framework”;

  • conduct a “risk assessment”;

  • implement “additional appropriate security controls designed to safeguard sensitive data”;

  • “develop and implement mechanisms to ensure data security policies keep current with emerging threats”; and

  • “make security awareness training and security plans a requirement.”

NIH disagreed with all of the recommendations except the final two in the list above. But it told OIG that it “recently established a working group to address and mitigate risk to intellectual property as well as to protect the integrity of the peer-review process.”

Still, OIG “maintain[s] that our findings and recommendations are valid. We recognize that NIH reported that it is already taking certain actions, such as the working group that was recently established, that may address our recommendations,” the report states. “We also provided NIH with other potential actions to address our findings and recommendations. If NIH determines that it does not need to strengthen its controls, it should document that determination consistent with applicable federal regulations and guidance.”

Link to Levinson-Grassley correspondence: http://bit.ly/2TN6frH

Link to updated OIG work plan: http://bit.ly/2X9qqSz

This publication is only available to subscribers. To view all documents, please log in or purchase access.
Purchase Login

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings