Welcome! I’m poring through notes from last month’s Pharmaceutical Compliance Congress, and am going to share some recaps of the sessions in this blog. So make sure to follow!

I’ll start with Pharmaceutical Enforcement Trends, a panel discussion where former HHS OIG counsel Kate Matos and Meredith Williams shared their views on what they described as a proactive, data-driven enforcement climate for pharmaceutical manufacturers.

The big takeaway is pretty simple: enforcement is getting smarter, faster, and more connected. DOJ, HHS, CMS, and OIG are increasingly using data to spot patterns earlier, and they expect companies to be doing the same. That means compliance programs can’t just rely on policies sitting on a shelf—they need real monitoring, sharper analytics, and quicker escalation when something looks off.

Speaker programs remain a live issue, especially where the same physicians show up again and again or events start to look more like marketing than education. The same goes for free diagnostic testing and patient support services: the question regulators keep asking is whether the program genuinely helps get the right treatment to the right patient, or whether it’s really a disguised sales tool.

Another important theme is that federal guidance may not be enough anymore. State enforcers, especially in places like Texas, are taking more aggressive positions that don’t always line up neatly with OIG’s approach, so national companies need to think beyond federal standards.

Digital health and cybersecurity are also moving up the risk list, with recent settlements showing that regulators care not just about data privacy, but also about software integrity and algorithm oversight. On the pricing side, the Inflation Reduction Act adds another layer of pressure with complex reporting, certifications, and little room for error. And finally, self-disclosure keeps looking more attractive—both financially and strategically—than waiting for a whistleblower or government inquiry.

Bottom line: this is a more proactive enforcement environment, and the companies that do best will be the ones that treat compliance as an operational capability, not just a legal requirement.

It was a fun conference and we learned lots! I’ll share more as I continue to dig out. If you have anything to add, I’d love to hear it in the comments below or feel free to drop me an email: pnash@nxlevelsolutions.com.

Thanks for reading!

Paul Nash