Compliance program

Introduction

GE HealthCare has a comprehensive Compliance Program consistent with the U.S. Department of Health and Human Services Office of Inspector General’s Compliance Program Guidance for Pharmaceutical Manufacturers (“OIG Guidance”), U.S. Department of Justice guidance, as well as applicable industry codes of conduct for our business segments – medical devices and pharmaceutical diagnostics.

GE HealthCare has implemented an appropriately tailored Compliance Program that includes a comprehensive framework of compliance controls with routine audits and monitoring to address business ethics risks throughout our business segments. Our Compliance Program represents our commitment to the highest standards of corporate conduct and integrity. GE HealthCare Board of Directors Audit Committee, in coordination with our Chief Compliance Officer, have responsibility for business ethics issues. GE HealthCare also provides our People Leaders with additional training and resources for managing business ethics.

The following is an overview of the fundamental elements of our Compliance Program.

I. Compliance Organization
GE HealthCare’s Compliance Program reflects our overall commitment to compliance with U.S. federal and state laws, including the elements specifically implemented to comply with California law. GE HealthCare’s Compliance organization is comprised of the Chief Compliance Officer who heads a team of compliance professionals (the “Compliance Department”). The Chief Compliance Officer is responsible for developing, operating, and monitoring the Compliance Program and overseeing the governance of the Compliance Program. GE HealthCare’s Chief Compliance Officer is empowered with appropriate authority to exercise independent judgment and has access to GE HealthCare’s senior leadership. Supporting the Chief Compliance Officer is a team of compliance professionals who help implement the Compliance Program for GE HealthCare. The team reports to and meets regularly with the Chief Compliance Officer. The Compliance Department reviews and modifies GE HealthCare’s policies and procedures as the business and industry change. The Compliance Department has the authority to recommend and effectuate changes within GE HealthCare as needed.

II. Policies and Procedures
GE HealthCare’s Compliance Program includes a Code of Ethics & Integrity, “The Spirit and The Letter”, “The Global Interactions Policy (GIP) – GE HealthCare global policy on interactions with Healthcare Professionals, Healthcare Institutions, Government Officials and Government Institutions “ (formerly The Lens Policy) as well as various other policies and procedures. The management of ethical marketing promotion is included in the GIP and monitoring program.

The Compliance Program addresses applicable provisions of U.S. federal and state laws and regulations. GE HealthCare certifies annually to adopt the AdvaMed “Code of Ethics on Interactions with Health Care Professionals,” and abides by the PhRMA “Code on Interactions with Health Care Professionals”, as applicable and relevant to our business segments. GE HealthCare has also established a total annual dollar limit on items of value (including meals), and activities that GE HealthCare may provide to a California-licensed HealthCare professional in accordance with Section 119402 of the California Health & Safety Code. The annual limit may be revised by GE HealthCare from time to time.

GE HealthCare has a comprehensive annual Compliance Risk Assessment program with a focus on healthcare specific risks and ethics.

View GE HealthCare's code of conduct, "The Spirit and The Letter," in the following languages:

ENGLISH
ARABIC
BRAZILIAN PORTUGUESE
CHINESE
FINNISH
FRENCH
GERMAN
INDONESIAN
ITALIAN
JAPANESE
KOREAN
NORWEIGAN
POLISH
RUSSIAN
SPANISH
THAI
TURKISH
VIETNAMESE

III. Effective Training and Education
Training and education of all of our colleagues on their legal and ethical obligations under applicable HealthCare laws and GE HealthCare’s policies and Code of Ethics & Integrity are critical components of our Compliance Program. For all relevant GE HealthCare colleagues, the training program consists of mandatory training and education on applicable HealthCare laws and our policies and procedures, with annual refresher courses via online learning modules. The training program is designed to provide colleagues with sufficient knowledge of relevant compliance policies and generally includes questions to assess colleagues understanding of the policies and concepts. GE HealthCare also periodically reviews and updates its training programs to identify any potential new areas for training and to ensure the program aligns with GE HealthCare’s compliance policies.

IV. Effective Lines of Communication and Channels for Reporting Misconduct

A hallmark of GE HealthCare’s Compliance Program is a steadfast commitment to a vibrant, well-publicized and effective open reporting environment. Employees remain GE HealthCare’s first and best line of defense in the early detection of potential compliance issues. GE HealthCare has created and maintains an open line of communication between the Compliance Department and all employees. GE HealthCare expects employees, agents, and vendors who do business with the company to report concerns over possible misconduct, potential conflicts, or known violations of the company’s policies and/or procedures to their supervisors, managers, or to the Compliance Department. GE HealthCare employees may contact the Compliance Department directly through email, mail, phone, or in-person contact/meeting.

GE HealthCare also established a system to receive complaints or for employees to seek information or advice on questions via a compliance hotline. Complaints and questions can be submitted anonymously. We also encourage our employees, officers, and agents to ask questions about any activity where they are unclear about a potential violation or application of our Compliance Program. Questions may be posed through any of the established channels described above. GE HealthCare has also adopted procedures to protect the anonymity of those who raise potential concerns and to protect whistleblowers from retaliation. The company does not permit acts of retaliation or retribution against an employee or officer who in good faith reports a potential, suspected, planned, or actual violation or application of GE HealthCare’s compliance policies and any such actions will be dealt with appropriately.

EU Whistleblower Directive: GE HealthCare is committed to comply with the requirements of the Directive (EU) 2019/1937 of the European Parliament and of the Council 23 October 2019 as transposed into local laws, and provides reporting channels to internal and external whistleblowers to report possible compliance violations, including appropriate standards of protection for persons who raise concerns. To submit a concern, visit the GE HealthCare Open Reporting website.

 

V. Monitoring and Auditing
GE HealthCare’s Compliance Department and Internal Audit have the responsibility of developing a plan for auditing and monitoring compliance and business ethics risks with the company’s compliance policies. Through these audits, the Compliance Department can identify potential or existing areas of concern and potential program enhancements which include taking corrective action in an effort to prevent the recurrence of non-compliance as needed. The nature of these audits and reviews, the extent of the audits, and the frequency with which the Compliance Department and the Internal Audit performs such audits varies due to a variety of factors, including new regulatory requirements, changes in company practices, and other relevant considerations.

VI. Enforcing Standards through Well-Publicized Disciplinary Guidelines
GE HealthCare’s code of conduct, “The Spirit and The Letter,” provides notice to colleagues, including management, and agents that noncompliance with policies and laws will have disciplinary consequences, up to and including termination of employment.

VII. Investigating and Responding to Potential Violations and Implementing Corrective Action Initiatives
GE HealthCare’s Compliance Department thoroughly investigates all reports of non-compliance and/or allegations and suspected cases of misconduct brought to the Compliance Department’s attention.

The Compliance Department oversees the implementation of corrective action measures in response to findings of non-compliance, such as retraining, increased monitoring, and disciplinary actions.

GE HealthCare’s Annual Declaration of Compliance for Purposes of California Health & Safety Code §§ 11940-119402

In accordance with California Health & Safety Code sections 119400 and 119402, GE HealthCare has adopted a compliance program as required by California law that is in accordance with the OIG Guidance, consistent with the PhRMA Code / AdvaMed Code guidelines, and includes an annual limit for certain items and activities given to HealthCare professionals covered by this California law. As of the date of the declaration, GE HealthCare believes that it is in compliance with the company’s compliance policies and California requirements in all material respects.

In accordance with GE HealthCare’s understanding of the California statute, this declaration is limited to those activities undertaken by GE HealthCare that are directed to California.

For a copy of GE HealthCare’s Compliance Program please email compliance.governance@gehealthcare.com. [Updated May 9, 2024]

Related Links

AdvaMed Code
PhRMA Code

 

Transparency Reporting

GE HealthCare provides medical technologies and services that are helping to shape a new age of patient care. To help provide these technologies and services, GE HealthCare collaborates with HealthCare Professionals and HealthCare Institutions in multiple ways, including collaborating on research, product development and product testing, training HealthCare Professionals on the safe and effective use of medical technologies, and providing service and technical support on medical technologies.

The Physicians Payments Sunshine Act (“Sunshine Act”) requires that medical device and pharmaceutical manufacturers track and annually report payments or transfers of value made to - U.S. licensed physicians, physician assistants, nurse practitioners or teaching hospitals (“Covered Recipients”). Many forms of payment or value transfer are reportable, including meals provided to Covered Recipients, as well as payments for services provided by Covered Recipients, such as consulting engagements, research arrangements, educational grants, and travel expenses.

The Sunshine Act is administered by the Center for Medicare & Medicaid Services (CMS). CMS annually publishes the information reported by manufacturers on its Open Payments website, https://www.cms.gov/OpenPayments, on June 30 of each year.

Certain U.S. states also have transparency disclosure requirements.

GE HealthCare discloses all required payments made to healthcare professionals. For any inquiries or questions regarding transparency reporting, please contact the GE HealthCare Transparency Team at transparency.reporting@gehealthcare.com.

 

Anti-corruption

GE HealthCare is a leader in transparency and integrity in the global healthcare marketplace. Our policy against improper payments in business transactions is a key element of our Code of Ethics & Integrity — The Spirit & The Letter — and represents a core belief in how we do business.

GE HealthCare’s approach to anti-corruption compliance includes:

  • • Corporate policies and procedures that prohibit improper payments in every transaction, whether with a government or with a private party
  • • Extensive controls, including thorough due diligence, careful screening and training on GE HealthCare policies for third-party intermediaries such as distributors, service providers, and commercial agents and representatives
  • • Heightened attention to key risk areas such as gifts and entertainment, travel and living expenses, donations, and facilitating payments
  • • Prompt investigation and remediation of any concerns
  • • Extensive training of GE HealthCare colleagues on improper payments
  • • Robust internal controls and accounting processes designed to detect and prevent violations of Company policy relating to improper payment risks and to ensure accurate books and records relating to transactions
  • • Enhanced due diligence concerning improper risk associated with mergers, acquisitions, and joint ventures
  • • Strategic use of Internal Audit to identify and assess potential improper payment

The importance of strong anticorruption compliance
Greater attention is being paid to the effectiveness of corporate compliance programs in preventing improper payments. The Justice Department and the US Securities and Exchange Commission (SEC) have issued a resource guide on the US Foreign Corrupt Practices Act (FCPA) that endorses a strong compliance program. The UK Bribery Act and the US Sentencing Guidelines similarly highlight the need for a strong program. As part of the compliance program at GE HealthCare, operating with a strong anti-corruption program is essential to how we do business.

 

GE HealthCare Biometric Information Privacy Policy

In accordance with the Illinois Biometric Privacy Act, 740 ILCS 14/1 et seq. (“Privacy Act”), this GE HealthCare Biometric Information Privacy Policy (“Policy”) sets forth GE HealthCare’s policy and procedures for the collection, use, safeguarding, storage, retention, and destruction of biometric data (as defined below).

Definitions

As used in this Policy, biometric data includes “biometric identifiers” and “biometric information” as defined in the Privacy Act.

“Biometric identifier” means a retina or iris scan, fingerprint, voiceprint or hand or face geometry scan. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physician descriptions such as height, weight, hair color or eye color. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996.

“Biometric information” means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s biometric identifier that is used to identify that person. Biometric information does not include information derived from items or procedures excluded under the definition of biometric identifiers.

GE HealthCare’s Purpose for Collection of Biometric Data
GE HealthCare and/or its vendors collects, uses and may store biometric data for the purpose of identifying an employee’s electronic signature. In the event GE HealthCare begins collecting biometric information for any additional purposes, GE HealthCare will update this Policy.

Disclosure and Authorization

To the extent GE HealthCare and/or its vendors collects, captures, or otherwise obtains biometric data relating to an employee, GE HealthCare will

  1. 1. Inform the employee in writing about the collection, storage, and use of such biometric data
  2. 2. Inform the employee of the specific purpose and length of time for which the biometric data is being collected, stored, and used;
  3. 3. Receive a written release signed by the employee authorizing GE HealthCare and/or its vendors to collect, store and use the employee’s biometric data for the specific purposes disclosed by GE HealthCare, and for GE HealthCare to provide such biometric data to its vendors; and
  4. 4. Not disclose, redisclose, or otherwise disseminate an employee’s biometric data unless:
    1. The employee or the employee’s legally authorized representative consents to such disclosure or redisclosure;
    2. The disclosure or redisclosure completes a financial transaction requested or authorized by the employee or the employee’s legally authorized representative;
    3. The disclosure or redisclosure is required by state or federal law or municipal ordinance; or
    4. The disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.

Retention Schedule

GE HealthCare will retain employee biometric data and will request that its vendors permanently destroy such data, upon the earlier:

  1. 1. The initial purpose for collecting or obtaining such biometric data has been satisfied (e.g., employee is no longer using the Nymi Band); or
  2. 2. Within three (3) years after the employee’s employment with GE HealthCare ends.

Data Storage, Transmission and Protection
GE HealthCare will store, transmit, and protect biometric data using a reasonable standard of care. Such storage, transmission and protection from disclosure will be performed in a manner that is the same as more protective than the manner in which GE HealthCare stores, transmits and protects other confidential and sensitive information. Neither GE HealthCare or its vendor will sell, lease, or trade any biometric data that it receives from its colleagues.

 

GE HealthCare Transparency in Coverage Machine-Readable Files

In accordance with the Affordable Care Act and Consolidated Appropriations Act, 2021, part 49, GE HealthCare must disclose in-network group health plan provider rates for covered items and services, out-of-network allowed amounts and billed charges for covered items and services and negotiated rates and historical net prices for covered prescription drugs on a public website using machine-readable files. The Departments of Health and Human Services, Labor, and the Treasury envision that third-party developers and other entities will download, process, and compile this data, creating more advanced price transparency tools that will help consumers shop among plans and providers, as well as giving the broader public information on patterns in health care costs and generate opportunities for innovation. This public information is available below.



Related Links

JB07901US