AUTH/3236/8/19: Health professional v Merck Sharp & Dohme – incorrect Disclosure UK transfer of value entry

• A health professional complained about information on the ABPI’s Disclosure UK database, stating the 2018 disclosure included an incorrect entry indicating he/she received funding/financial support from Merck Sharp & Dohme (MSD).
• The complainant had previously raised similar issues about MSD’s 2017 data, considered in Case AUTH/3141/12/18 (which MSD appealed).
• The Panel identified incorrect material on Disclosure UK on 23 July 2019; MSD was notified on 26 July 2019 of the Panel’s rulings in the earlier case.
• MSD stated the original error arose when an employee selected the wrong health professional in MSD’s internal system (two individuals had almost the same name, differing only by middle name), and the identifier then flowed through connected systems.
• MSD described its transparency process, including internal systems, third-party data capture for meeting/congress support, internal review steps, and pre-disclosure verification letters/emails to health professionals/HCOs, followed by ABPI verification before publication.
• MSD said it corrected the earlier (2017/ASCO-related) disclosure on 11 January 2019.
• For the 2018 disclosure issue, MSD said it uploaded a corrected file to remove the incorrect data on 26 July 2019; the ABPI system supplier indicated the data was not removed in line with the usual timeframe and remained online for a further 10 days, with correction implemented on 13 August.
• MSD listed corrective and preventive actions (CAPAs), including retrospective checks of submissions by the relevant employee, additional retraining and manager checks, duplicate-name checks across 2018 disclosures, two-person checks when multiple entries appear for the same name, guideline updates and retraining, internal audit review, and external expert review of processes.

• The Panel concluded that another incorrect disclosure had been published by MSD on Disclosure UK, attributing a transfer of value to an individual who had not received it.
• The Panel ruled breaches of Clauses 24.1 and 7.2 because the published information was inaccurate and misleading.
• The Panel ruled a breach of Clause 9.1, finding MSD failed to conduct comprehensive checks and cross-checks (particularly given the earlier complaint sent to the company in January 2019) and could have carried out further checks prior to submitting data to the ABPI.
• The Panel ruled a breach of Clause 2, stating that a second inaccurate disclosure about a named individual reduced confidence and brought discredit upon the industry, and expressing concern about the undertaking wording given MSD’s knowledge that incorrect information was still present.
• The Panel considered whether there was a breach of undertaking (Clauses 29, 9.1 and 2 in relation to the undertaking) and ruled no breach, because the undertaking relevant to the prior case was not given until 13 August and the second publication in June did not amount to a breach of that undertaking.
• Complaint received: 15 August 2019. Case completed: 20 January 2020.

• Clause 2: Breach (publication of inaccurate transfer of value information for a second time; and concern about signing an undertaking without acknowledging knowledge of further incorrect publication).
• Clause 7.2: Breach (published information on Disclosure UK was inaccurate and misleading).
• Clause 9.1: Breach (failure to maintain high standards due to inadequate comprehensive checks and cross-checks).
• Clause 24.1: Breach (incorrect disclosure of a transfer of value against an individual who had not received it).
• Clause 29 (in relation to alleged breach of undertaking): No breach ruled.
• Clauses 9.1 and 2 (in relation to alleged breach of undertaking): No breach ruled.

• No explicit additional sanctions stated beyond the required undertaking/corrective actions described in the report

Why this matters: Disclosure UK is a public transparency record. Publishing a transfer of value against the wrong named individual is inherently misleading and, as this case shows, repeat errors can escalate into Clause 2 censure because they undermine confidence in industry self-regulation.

Where teams typically slip up (interpretation):

• Relying on name-based selection where similar names exist, without forcing a second identifier check (e.g., unique ID validation) before approval.
• Assuming “no record found” means “no issue,” rather than confirming the transfer of value is correctly attributed somewhere else in the system.
• Treating pre-disclosure HCP verification as the primary control, rather than a backstop (especially when the HCP is not expecting any ToV).

The control that would have prevented it: A mandatory dual verification step at the point of HCP selection and again at pre-submission reconciliation—requiring confirmation of the correct unique identifier and evidence that third-party feeds are complete (including exception reporting for late/missing uploads).

What I’d check in the job bag:

• Evidence of the HCP identity verification used (unique identifier selection record; any duplicate-name warning and how it was resolved).
• Reconciliation logs showing cross-checks between internal systems and third-party data feeds, including checks for missing/late transfers.
• Pre-disclosure communications sent (dates, content, recipient details) and how non-responses are handled.
• Approval trail for the Disclosure UK submission file and the correction file (who approved, when, and what changed).
• CAPA documentation: training records, implementation dates for two-person checks, and audit/external review outputs (if completed).

What the sanctions tell you (interpretation):

• Even without explicit additional sanctions, a Clause 2 breach signals heightened reputational risk and likely increased scrutiny in future cases.
• The Panel’s focus on “time and opportunity to double check” indicates expectations rise after a prior related case—enhanced controls should be demonstrable.
• Undertaking wording and context matter: signatories should ensure undertakings are accurate and reflect known issues at the time of signing.

3 questions to ask your team this week:

1. Where in our ToV process do we positively confirm the correct HCP identity beyond name matching, and what evidence is retained?
2. What exception reports do we have for missing/late third-party uploads, and who is accountable for clearing them before submission?
3. If we had a similar complaint last year, what additional pre-submission checks would we mandate this year—and can we show they happened?