Italy Liberalizes the Ownership of Retail Pharmacies.

Starting from August 29, 2017, restrictions regarding owners of retail pharmacies will fall.

Previously, ownership of pharmacies was solely reserved to licensed pharmacists and entities owned by licensed pharmacists.  Thanks to a law decree of August 2, 2017, converted into law no. 124 of August 4, 2017, corporations may now own a retail pharmacy.

While a licensed pharmacist must be in charge of the management of the pharmacy, the law repeals the requirement that a pharmacist must be a shareholder of the pharmacy.  The market of retail pharma distribution will open up to corporate investments and may lead to the creation of corporate-owned retail pharmacy chains.

Ownership of a retail pharmacy will continue to remain subject to the following requirements:

  • Manufacturers of pharmaceutical products, scientific informers, and health professionals will not be able to own a pharmacy, since the relating incompatibility provisions remain in force;
  • Each pharmacy owner (including corporate entities) will be allowed to, directly or indirectly, control no more than 20% of the pharmacies located within the same region or autonomous province.

The new law also sets forth that pharmacies may be open to the public beyond the current time limitation imposed by law, upon prior notice to the competent authorities and to customers.

While this field remains highly regulated (the retail distribution of medicines on the territory and the attribution of the relevant authorizations have remained untouched), the next months will show if investors intend to take advantage of this opportunity and if small owners of pharmacies will be able to create the networks that their association, FEDERFARMA, has been advocating.

Advertisements

The Italian Constitutional Court Reaffirms Freedom of Doctors in Choosing Appropriate Care

On December 9, 2015 the Italian Ministry of Health had issued a much debated decree (also known as Decreto Appropriatezza). The decree listed a number of health services, with a particular focus on diagnostic tests, and limited the ability of a doctor within the National Health Service to prescribe them.

The aim of the decree was to limit the so-called “defensive medicine”, which plagues many health systems (see our previous post on medical malpractice and defensive medicine) and has been defined as follows:

“Defensive medicine in simple words is departing from normal medical practice as a safeguard from litigation. It occurs when a medical practitioner performs treatment or procedure to avoid exposure to malpractice litigation. Defensive medicine is damaging for its potential to poses health risks to the patient. Furthermore, it increases the healthcare costs. Not the least, defensive medicine also paves way for degradation of physician and patient relationship.”

The Ministry of Health intended to limit the ability of doctors to prescribe diagnostic tests to predetermined cases and conditions when they were deemed to be appropriate. Many doctors disliked the constraints (as well as the possible sanctions, subsequently lifted) denoted in the decree, which implied strong limitations to the “divine profession” and a fundamental distrust of doctors’ own judgment.

In a recent decision (Judgement no. 169 of 2017), the Italian Constitutional Court provides an interpretation of the decree that strongly favors freedom of physicians in their prescription activities. The Constitutional Court states that the decree can be regarded as being consistent with the Constitution only if it is interpreted as a mere recommendation to doctors, who must remain bound only by their personal judgment based on science and on their conscience. The judgment touches upon many other interesting principles, and an analysis of it can be found here.

In conclusion, the Court found that constraining doctors’ decisions would result in a breach of the constitutional right to personalized and effective health care. It also stated that decisions on appropriateness of health services cannot be based on political or economic rationales, but must always be filtered through the autonomous and responsible judgment of doctors.

Vaccination: an Issue between Policy, Science, Justice and Evidence.

 

The issue of vaccination, once simply relegated to the realm of medical science, has become increasingly political in the past few years. All of a sudden, you must be either strongly pro or fiercely against vaccines, as if this were a religious or civil rights issue. (Welcome to our new, polarized world).

THE EUROPEAN UNION COURT OF JUSTICE ON EVIDENCE AND VACCINES.  An interesting decision on this subject matter was issued a few days ago by the European Court of Justice. The case involved a French citizen, “Mr. W”, who “was vaccinated against hepatitis B through three injections, administered on 26 December 1998, 29 January 1999 and 8 July 1999, of a vaccine produced by Sanofi Pasteur. From August 1999, Mr W began to present with various troubles, which led to a diagnosis of multiple sclerosis in November 2000”. The case of Mr. W has been decided many times in France, where in some instance a causal link was found, while it was denied in other decisions.

The EU Court was requested to provide guidance on two questions relating to the interpretation of EU law on product liability and based its decision on the assumption that “medical research neither establishes nor rules out the existence of a link between the administering of the vaccine and the occurrence of the victim’s disease”.

The EU Court concluded that:

  1. National evidentiary rules are not precluded by EU product liability law so long as the burden of proof remains on the plaintiff who must prove the damage, the defect and the causal relationship between the defect and the damage; and

 

  1. National evidentiary rules are precluded based on presumptions according to which the existence of a causal link between the defect attributed to the vaccine and the damage suffered by the victim will always be considered to be established when certain predetermined causation-related factual evidence is presented.

 

The decision was harshly criticized as possibly opening the floodgates of vaccines litigation without requiring the plaintiff to actually prove a causal link. In this New York Times article, Dr. Paul Offit of the University of Pennsylvania, commented the decision by pointing out that “Using those criteria, you could reasonably make the case that someone should be compensated for developing leukemia after eating a peanut butter sandwich“. Many scientists have roared against the decision, and some pointed out that “Courtrooms are generally not a good place to decide issues of science”.

In my view, the European Court of Justice did what it usually does: interpret EU law and define the boundary between EU mandatory principles and national law. Civil procedure evidence rules are not harmonized between Member States, so I am not overly surprised by the ruling.

ITALY ESTABLISHES MANDATORY VACCINATION.  Italy has recently taken sides on the vaccination debate when on June 7, 2017 the Ministry of Health issued a law decree (n. 73) which renders 12 different vaccines mandatory (for free) for children between 0 and 16 years old. The aim of the decree is to achieve the so called “herd immunity” after which such diseases pose no threat to the entire community, as recommended by the World Health Organization. As explained by the same WHO, “Herd protection of the unvaccinated occurs when a sufficient proportion of the group is immune”.

The fear that there may be a link between vaccines and autism originated from an article appeared on Lancet in 1998 by Dr. Andrew Wakefield and his colleagues (Lancet 1998;351[9103]:637–41), which later the same British medical journal retracted since based on data that “are incorrect, contrary to the findings of an earlier investigation.” Yet, many courts have awarded damages to plaintiffs claiming to be victims of vaccination and many parents have failed to vaccinate their children.

The Italian vaccination decree arises out of a worrisome drop in vaccination rates in recent years. Anti-vaccination sentiments have been strongly voiced by the 5 Star Movement, the main populist political party in Italy with approval rates around 30%, even though they predate the rise of such movement. In the United States, a similar opinion has been held by Mr. Trump (a 2014 tweet of his read: “Healthy young child goes to doctor, gets pumped with massive shot of many vaccines, doesn’t feel good and changes – AUTISM. Many such cases!”, although his position has somewhat evolved) and consistently disputed by the medical community. The populist opposition to “big pharma”, who are allegedly making more money from vaccines than from people getting sick, often results in an anti-vaccination stance.

As the Editorial Board of the New York Times puts it, “One of the tragedies of these post-truth times is that the lies, conspiracy theories and illusions spread by social media and populist politicians can be downright dangerous. The denial of human responsibility for climate change is one obvious example; another is opposition to vaccination.”

The 2017 Results of WHO’s WHO Legal – Life Sciences Have Been Published

It is that time of the year when WHO’s WHO LEGAL – LIFE SCIENCES publishes the results of its analysis aimed at identifying “which law firms and which lawyers are the most highly regarded practitioners both by region and by type of life sciences law“.

Our firm has been featured in WHO’s WHO since 2013 and this year, again, we are proud to find ourselves listed in the Transactional, Regulatory and Product Liability categories. Here is what they say:

Paola Sangiovanni of GITTI AND PARTNERS comes highly recommended in our transactional, regulatory and product liability chapters as “a rising star” who is “highly competent, gives timely feedback and has great experience in biomedical and life sciences”.

Recognitions like this one allow you to look back: you are reminded that creating a practice takes time and dedication, but eventually bears fruit. We will continue to serve our clients with the usual passion in the future!

 

“The Legal 500” Recognizes our Life Sciences Practice

We are happy to report about The Legal 500 rankings, which have just been released for the Health Care and Life Sciences Industry and confirm that “The practice has ‘smart, practical and responsive lawyers who are top-notch’. “

The full review follows:

“Gitti and Partners is the result of a recent merger of Italy Legal Focus – Studio Legale Bernascone & Soci with Gitti Raynaud and Partners Studio Legale. The practice has ‘smart, practical and responsive lawyers who are top-notch’. It regularly advises medical technology, biotechnology and pharmaceuticals companies; the client base also includes hospitals, scientific societies, contract research organisations and medical malpractice insurers. Paola Sangiovanni ‘gives very practical advice and delivers quickly’.”

In case you participated to the survey, thank you!

In all cases, have a relaxing Easter weekend!

Medical Malpractice in Italy: New Promises for Old Issues

On February 28, 2017, the Italian Parliament approved a long-awaited act, aimed at providing new tools to improve the quality of health care services and to fight the downsides of the so-called defensive medicine.

The act has been proposed and announced as a historical step for Italian health care legislation by Federico Gelli, head of the health care committee of the Italian Democratic Party.

The bill, in its 18 articles, offers a new comprehensive regulation of major aspects of medical malpractice and related issues, such as litigation management and insurance.

  • Article 2 and 3 introduce new administrative authorities: the health protection authority and the national observatory on health care good practices;
  • Article 5 formalizes and regulates the publication of guidelines and good practices for better visibility and increased certainty;
  • Articles 6 and 7 (re-)define the nature and limits of criminal, contractual and tortious liability of health care professionals and hospitals;
  • Article 8 introduces compulsory ADR mechanisms to reduce (discourage?) court litigation;
  • Article 10 establishes insurance obligations for public and private hospitals and health care professionals;
  • Article 12 allows direct compensation from insurance companies to victims of medical malpractice;
  • Article 14 creates a guarantee fund for medical malpractice victims.

Everything looks very promising, at first, but medical malpractice is a too delicate and too complicated subject to think that a simple act could really solve all the outstanding issues.

For example, Italian lawyers and health care professionals certainly remember the goofy attempt to limit health care professionals’ liability by the Italian legislator in 2012 that was not upheld by Italian courts’ decisions, thus nullifying the legislator’s intentions.

From another angle, compulsory ADR mechanisms and insurance obligations always carry the risk to become an obstacle to the effectiveness of the rights of individuals, if not a gift to insurance companies.

Lastly, it is worth noting that the ambitious goals set forth by the Italian legislator would have to be achieved without any additional public investment, as article 18 of the act expressly prohibits such spending. Indeed, it is hard to predict whether a true improvement of health care safety is achievable – automatically and free of costs – just because of a new bill.

In order to have a better understanding of the true potential of the new legislation, stay tuned for more reflections, which will appear on this blog.

Are doctors ready to fight corruption?

If you are reading this blog post, chances are that you are working for a pharma or med-tech company. If so, you are probably spending a sizeable portion of your time ensuring that such company does not get involved in corruption (even more so, if your role specifically entails the duty of complying with the United States Foreign Corrupt Practices Act (FCPA), the United Kingdom Anti Bribery Act (ABA), or Italian 231 legislation).

The fight against corruption can often feel lonely and unrewarding. While the mission of instilling ethical principles into the company’s money-making activities may be inspiring, the day-to-day reality of compliance can, at times, feel disheartening.

Sometimes “compliance” seems at odds with “business”. Compliance people need to emphasize pessimistic worst-case scenarios, which at times appear to be completely opposed to the bright optimistic viewpoint of business people. Often compliance is confined to saying “NO”, when the sales people repeat, over and over, “BUT OUR COMPETITORS ARE DOING IT!”

Here are a few reasons why you should never, ever!, give up.

  • You are doing this for your company.

While you may be, in fact, stopping or delaying certain sales of your company, you are truly protecting the company from the horrendous sanctions that it could suffer under the FCPA, the ABA or 231 legislation. Anybody within your company should be grateful since you are ultimately saving the company’s existence. As a result, you are saving the jobs of the company’s employees.

  • You are helping your fellow citizens.

Corruption has a cost. Many entities, like Transparency International and its Italian chapter, have attempted to measure it. Certain sources estimate that corruption costs 20% of the total health expenses of a country. Eradicating corruption would thus mean a more efficient national health system, which would turn into more health services… and less taxes.

  • You are not alone.

Bribes can be offered by companies, but can also be requested by doctors. For a long time life sciences’ companies were interacting with doctors (who are public officials, under Italian law) who seemed to have a low sensitivity to corruption risks, as well as very little sympathy for compliance procedures of such companies. While companies in Italy had seriously started their anti-corruption battles about a decade ago, it seemed that doctors lagged behind.

This may now be changing as doctors are taking an active role in fighting corruption. In Italy, for instance, entities like Transparency International Italia and AGENAS have been working to involve doctors, too. On February 22, 2017 the medical societies Associazione Italiana Medici (AIM), Segretariato Italiano Giovani Medici (SIGM) and Segretariato Italiano Studenti in Medicina (SISM) have publicly endorsed the initiative “Cure Corruption”. Diabetologists (Associazione Medici Diabetologi (AMD) have also recently pointed to the close connection between sustainability of the health system and ethical interactions among its players (see the remarks by Maria Franca Mulas).

This is a very welcome development, as synergies between public administration, companies and doctors could really step up the fight against corruption and prompt a cultural change that will help the health system as a whole.

Continuing Medical Education: New Rules under Italian Law (and How to Comply with Them)

A new regulation has been enacted in Italy, overhauling continuing medical education regulations. The new provisions will not only have an impact on healthcare professionals, who are subject to educational requirements, but also on pharmaceutical companies and medical devices manufacturers supporting educational events and congresses, as well as on third party providers and organizers. The new regulation has been adopted following consensus among regional authorities and the Ministry of Health on February 2, 2017.

The national commission for continuing medical education is entrusted with the task of determining the requirements and quality levels of educational events, as well as the minimum educational goals applicable nation-wide. The commission shall also adopt a manual for the certification of event organizers (so called CME providers). Regional authorities, on the other hand, must ensure a proper and adequate planning for medical education within their territories.

Furthermore, each professional shall develop and comply with an individualized educational plan (so called “dossier”), in order to ensure a coherent and complete education. Educational events attended abroad may also be recognized for purposes of medical education, in accordance with the criteria that will be established by the national commission.

As far as industry operators are concerned, the new regulation reiterates and strengthens the requirements of transparency and independence of educational providers from pharmaceutical/medical device companies. In particular:

  • CME providers must disclose any relationship between speakers/moderators and any private entity active in the healthcare industry;
  • CME providers must not have any direct or indirect interest in any pharmaceutical/medical device businesses or engage in any relationship with such businesses, other than the sponsorship pursuant to CME regulations;
  • CME providers must not organize any promotional events on specific products; a full segregation of activities between educational CME providers and other event organizers is therefore established;
  • The regulation further expands on the definition of conflict of interests and aims at better regulating all relationships and interests between the industry and educational providers;
  • More stringent provisions concerning advertisement and promotion during educational CME events are introduced, including restrictions for employees of the sponsor to attend educational classes and seminars.

While several provisions of the new regulation directly target CME providers, the industry should also be prepared to the new regulatory framework. Here is a list of what private operators should immediately think of:

  • Train your staff on the new regulations (both at your headquarters and on the field);
  • Check if internal company procedures needs to be updated;
  • Check if internal sponsorship documentation (including contracts) needs to be updated;
  • Review ECM providers with whom you usually work to ensure they comply with the new requirements and avoid conflicts of interests.

2017 New Year’s Privacy Resolution: Road to Compliance with the New European Privacy Framework

Year 2017 already brought to us some exciting change. The beginning of the year is also the perfect time for appraisals of the past and resolutions for the near future. Whether we see it as a welcome enhancement of personal data rights or simply as another burdensome European set of requirements, 2016 delivered the new European General Data Protection Regulation (Regulation EU 2016/679, “GDPR”). Already 233 days passed since GDPR entered into force and 498 days are left until the new Regulation will start to apply on May 25, 2018. Roughly, one third of the time given to comply with the new regulatory framework has already gone by. Then, perhaps, the beginning of 2017 can be a good chance to ask ourselves what has already been done in the first 233 days and what still needs to be done in the future 498 days in order not to miss May 2018’s deadline.

The GDPR imposes a much more burdensome level of compliance requirements to companies acting as data controllers and data processors.

Some of them require the assessment and preparation of organizational and implementing measures that need to be put in place well in advance of May 2018.

  • Data controllers and data processors must appoint a data protection officer (“DPO”). The controller and the processor shall ensure that the DPO is involved, properly and in a timely manner, in all issues which relate to the protection of personal data. The controller and processor shall support the DPO in performing his/her tasks by providing resources necessary to carry out those tasks and access to personal data and processing operations, and to maintain his/her expert knowledge. The controller and processor shall also ensure that the DPO does not receive any instructions regarding the exercise of those tasks. Furthermore, the DPO shall not be dismissed or penalized by the controller or the processor for performing his tasks and shall directly report to the highest management level of the controller or the processor.
  • Data protection by design and by default will have to be implemented. The data controller: (i) both at the time of the determination of the means for processing and at the time of the processing itself, must “implement appropriate technical and organizational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the processing in order to meet the requirements of [the GDPR] and protect the rights of data subjects” and (ii) “to implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed”.
  • A data protection impact assessment must be carried out. Such impact assessment must contain: a systematic description of the envisaged processing operations and the purposes of the processing, including, where applicable, the legitimate interest pursued by the controller; an assessment of the necessity and proportionality of the processing operations in relation to the purposes; an assessment of the risks to the rights and freedoms of data subjects; the measures envisaged to address the risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with GDPR.
  • Data controllers must guarantee the effectiveness of the data subject’s right to be forgotten and right to portability. This requires an assessment of the adequacy of the technical and organizational instruments currently available and, possibly, their improvement. More specifically, data controllers must be able to fulfill: (i) in relation to the right to be forgotten, their obligation to “take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data”; (ii) as regards to the right to portability, their obligation to allow the data subjects to effectively exercise their right to “receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller”.
  • Data controllers shall notify personal data breaches to the relevant supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it. This imposes on controllers the preparation of appropriate notification forms, as well as organizational measures to guarantee adequate resources to complete such task.
  • The mandatory content of the written contract between the data controller and the data processor requires a revision of all such contracts. They shall include, inter alia, the obligations of the processor to: process the personal data only on documented instructions from the controller, including with regard to transfers of personal data to a third country or an international organization; ensure that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality; delete or return all the personal data to the controller after the end of the provision of services relating to processing, including copies; make available to the controller all information necessary to demonstrate compliance with the obligations under GDPR; allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.
  • Information notice forms currently in use will need to be revised. In fact, information to be provided to data subjects must include, inter alia: the contact details of the DPO; the legal basis for the processing; the fact that the controller intends to transfer personal data to a third country or international organization and the existence or absence of an adequacy decision by the Commission; the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; the existence of the right to data portability; the existence of the right to withdraw consent at any time for processing based on consent; the existence of the right to lodge a complaint with a supervisory authority; the existence of automated decision-making, including profiling.
  • Data controllers and data processors must keep record of processing activities under their responsibility. Records to be kept by data controllers shall contain all of the following information: the name and contact details of the controller and, where applicable, the joint controller, the controller’s representative and the DPO; the purposes of the processing; a description of the categories of data subjects and of the categories of personal data; the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organizations; where applicable, transfers of personal data to a third country or an international organization, including the identification of that third country or international organization and the documentation of suitable safeguards; where possible, the envisaged time limits for erasure of the different categories of data; where possible, a general description of the technical and organizational security measures. Records to be kept by data processors shall include: the name and contact details of the processor or processors and of each controller on behalf of which the processor is acting, and, where applicable, of the controller’s or the processor’s representative, and the DPO; the categories of processing carried out on behalf of each controller; where applicable, transfers of personal data to a third country or an international organization, including the identification of that third country or international organization and the documentation of suitable safeguards; where possible, a general description of the technical and organizational security measures. Data controllers and data processors shall therefore dedicate and organize resources to be able to start keeping such records.

All this may appear daunting. Nevertheless, 498 days are more than enough to take all necessary steps, if we let one of our New Year’s resolutions be to timely walk the road to compliance with the GDPR.