Have a nice summer!

Meanwhile you may check out our client alert , which illustrates the new rules for accreditation of medical centers in Italy:

https://www.grplex.com/it/newsletter/download/1057/client-alert-7-2022

authored by our administrative law partner Laura Sommaruga.

Enjoy your holidays (and do not forget that they are crucial for your well being and sustained productivity, as confirmed by the WHO!).

EU Policies for the Digital Age

Confused about the Digital Service Act, the Digital Markets Act, the Data Governance Act and the Data Act? My recent article tries to make sense of all of them:

https://www.mondaq.com/italy/data-protection/1195638/an-overview-of-the-european-union-laws-and-policies-for-the-digital-age

The article also explains that the European Union has a strong vision on principles and policies for the digital age and aspires to a worldwide leadership role in the governance of digital phenomena.

Google Analytics under Scrutiny by Italian Data Protection Authority

The second issue of our summer series focuses on the recent decision by the Italian Data Protection Authority, which affects all users of the Google Analytics services in Italy, as well as other similar services that entail the transfer of users’ personal data to the United States.

Read our slides to understand what actions are available to you.

3.5 Million Fine for Excessive Pricing Imposed on Pharma Company by Italian Anti-Trust Authority

On June 6, 2022 the decision of the Italian Anti-Trust Authority sanctioning Leadiant Biosciences was published. The investigation, which started in 2018, was concluded with an administrative sanction of over 3.5 million for abuse of dominant position.

The Italian Anti-Trust Authority held that the price negotiated with the Italian medicine agency (AIFA) was excessive and unfair on the basis of the following elements:

(i) Leadiant is a monopolist on the market and its orphan drug based on chenodeoxycholic acid (CDCA) is life saving;

(ii) Leadiant intentionally pursued a complex strategy aimed at increasing the price of CDCA;

(iii) Through an exclusive supply agreement with the only reliable supplier of CDCA, Leadiant blocked any galenic manufacturing of CDCA by hospitals;

(iv) Leadiant artificially differentiated CDCA from another drug (a cheaper medicine based on the same active substance as CDCA used off label since it had a difference therapeutic indication); and

(v) Leadiant intentionally delayed negotiations with AIFA, which ended up lasting 2.5 years.

The anti-trust investigation concluded that the drug price was (a) disproportionate compared to the aggregate costs incurred and (b) unfair given the nature of the product, the investments in research and development, the risk of registration and its added therapeutic value.

The above decision taken by AIFA is still subject to appeal by Leadiant. At the same time, anti-trust authorities in Belgium and Spain are investigating Leadiant’s conduct, while the Dutch authority has already issued a sanction.

The European Health Data Space

On May 3, 2022 a Proposal for a Regulation on the European Health Data Space has been published. The proposed European Health Data Space draws from the premise that access and sharing of health data within and across Member States is difficult due to the complexity and divergence of rues, structures and processes. The European Health Data Space aims at harnessing the power of health data for people, patients and innovation by pushing towards health data science that will transform public health and foster innovation, while empowering individuals to take control of their health data. This proposed legislation is also a product of the Covid-19 pandemic, where the role of up-to-date, reliable and FAIR health data (i.e., data that is based on principles of Findability, Accessibility, Interoperability and Reusability) have been key in responding to the crisis and developing cures and vaccines. The ultimate goal is to build a European Health Union[1] that would strengthen resiliency of health systems and deliver to each Union citizen.

The European Health Data Space Communication supports both primary and secondary use of health data. With regard to primary health data, patients will have their health data available through access points established by Member States, but connected through a cross-border digital infrastructure, will be able to control and share their health data and mandatory requirements on interoperability, security, safety and privacy will apply. Electronic health record systems are subject to mandatory self-certification schemes, which must comply with essential requirements related to interoperability and security. The European Health Data Space promises to “make continuity of care across EU a reality[2].

Secondary use of data (i.e., health data used for research, innovation and public health) will also be supported by a European framework. Permit to use the data will obtained by health data access bodies, designated by Member States, which will establish how the data will be used and for which purposes (charges may apply), but always requiring closed secure environments, anonymous or pseudonymised data and transparency in their use. The platform HealthData@EU will facilitate cross border studies.

Governance of the European Health Data Space will be up to a new body, named European Health Data Space Board, chaired by the Commission. The Communication does not forget that investments in digitalization are costly and has made available 810 million euros to support the European Health Data Space.

Benefits of the European Health Data Space are expected for citizens, health professionals, researchers, regulators and policy-makers and for the industry.


[1] Bucher, A. (2022) ‘Does Europe need a Health Union?’ Policy Contribution 02/2022, Bruegel

[2] See page 12 of https://ec.europa.eu/health/publications/communication-commission-european-health-data-space-harnessing-power-health-data-people-patients-and_en

CAN COMPLIANCE BE AUTOMATED?

If you are working in the field of compliance, you know how grueling the compliance process can be. Rules need to be decided, written, communicated to employees and third parties, who need to be trained on such rules. Then, the company needs to find out if the rules have been breached and sanction those who breached them. This is how law works in general, so the various phases of the process are not surprising. It is also a largely imperfect method, which can become overly complicated in companies where internal rules are pervasive and complex.

Wouldn’t it be wonderful if the whole process could be governed by digital means? And I am not talking about placing all your compliance material in one big digital repository (something obviously useful, but not inherently changing the nature of the process). Imagine a company built on the principle of compliance-by-design, where the behavior of employees is limited by external tools that simply do not allow non-compliant conducts. (For example, if you place digital limits on banking payments, you will not need to convince employees that they cannot exceed certain payment limits, since the digital code would directly enforce such payment thresholds and the only way to circumvent them would be to hacker the banking program.)

Certain Scholars have seen in blockchains an opportunity for compliance programs and organizational models pursuant to legislative decree 231/2001. Under 231 Italian legislation an entity is punished for not having set up sufficient organizational measures to prevent the commission of a certain crime: in theory, a digital prevention system may be an ideal tool to prevent crime commission with the utmost diligence. If you look for automated solutions online, you will find heaps of offers that promise that compliance will be made easy: the RegTech phenomenon is already well established and generating huge revenues.

I am generally a fan of innovative solutions, but I question how much effort is required in translating compliance information into digital rules. As anyone who deals with artificial intelligence may confirm, the process is generally neither quick nor cheap.

I also wonder whether the field of compliance, based on ethical principles, and therefore inherently human centric, can benefit from a full digitalization. Some have warned against the risk of “brutalization of a workplace relations and worry that digital compliance systems “imitate predictive policing”.

Compliance requires sophisticated human judgment, and 0/1 binary codes are not always appropriate to automate complex decisions on human interactions based on ethical principles.

An Update on the Latest Amendments to the Italian Pharma Industry Association’s Code of Ethics

Amendments to the Italian pharmaceutical industry association’s (Farmindustria) Code of Ethics have been introduced on January 19, 2022 https://www.farmindustria.it/app/uploads/2018/06/2022-GENNAIO-19.pdf.

One of the most important changes concerns section 4.7, which defines Patient Support Programs (PSP) as initiatives implemented by pharmaceutical companies aimed at making available additional services for the direct benefit of patients. Such services are not intended to replace the services of hospitals and other healthcare organizations. For more information on PSP, check out our previous blog post https://lawhealthtech.com/2022/02/07/new-guidelines-on-patient-support-programs-adopted-by-italian-pharma-industry-association/ .

Besides, other important amendments have been introduced:

  • Training and Information to Non-Prescribers: new section 3.25 (i) allows pharmaceutical companies to carry out training and information activities aimed at healthcare professionals who are not authorized to prescribe medicines, but are involved in the treatment management, provided that such activities do not have any promotional purpose and that the information provided is linked to their roles in patients’ treatment management; and (ii) extends to such professionals the possibility to attend events, courses and congresses, as long as such events do not concern topics relating to medicines;
  • Information to the Public: new section 3.26 (i) allows pharmaceutical companies to provide unsolicited information to the public, through personnel not belonging to commercial or marketing areas, relating to products and diseases pertaining to the relevant therapeutical area, provided that such information does not have a commercial nature and matches the information set forth in the package leaflet or institutional information channels; and (ii) confirms that a full literal reproduction of the package leaflet information may be published on the companies’ websites available to the public;
  • Interactions Other than Medicines Promotion: new section 3.28 (i) allows pharmaceutical companies to provide information on medicines to various stakeholders such as institutions, professionals, organizations, etc., without this falling within the scope of medicines promotion; and (ii) specifically regulates the possibility to carry out, during the medicine’s life cycle, institutional and market access activities or other non-promotional interactions towards institutions and health care professionals, as well as account management activities aimed at ensuring the application of commercial policies through interactions with public or private counterparties involved in the medicines procurement processes and activities aimed at the mutual sharing of non-promotional information and data.

The above new provisions of the industry Code of Ethics undoubtedly aim at regulating several aspects of the day-to-day promotional and educational activities of pharmaceutical companies that have been so far ignored by the industry association regulations. However, the new previsions are quite vague in their scope and it remains to be seen whether they will have any meaningful impact on the market practices in the pharmaceutical sector.

New Rules on Non-Profit Studies

Non-profit clinical studies have a new source of regulation: the Ministry of Health November 30, 2021 decree (“Non-Profit Decree”), repealing the December 17, 2004 decree.

The Non-Profit Decree applies to:

  • low-intervention clinical trials;
  • observational trials;
  • non-profit clinical trials provided that the following conditions apply:
    • The trial is not aimed at industrial or commercial developments of drugs;
    • The sponsor is a non-profit entity (if non-profit and profit sponsors coexist, then the trial falls outside the scope of the Non-Profit Decree);
    • The sponsor does not have title to the marketing authorization of the trial drug, nor has any economic relationships (cointeressenze) with the marketing authorization holder;
    • Data and results of the trial, as well as decisions over their publication, are exclusively of the sponsor.

The main novelty of the Non-Profit Decree is the possibility that sponsors of non-profit trials transfer the relating data and results, both in the trial phase and once the trial is completed, for registration purposes. Such transfer must be governed by a contract between the promoter and the transferee, the consideration of which is identified by a patent consultant jointly identified by the parties.

In the event of a transfer:

  • The transferee becomes the data controller of the trial data;
  • Costs associated with the trial, as well as fees due to AIFA and the competent ethics committees, which were waived in light of the non-profit status of the trial, must be paid; and
  • The proceeds of the transfer are allocated in favor of the sponsor (50%), a non-profit trial fund (25%) and a an AIFA fund (25%).

The transfer must be notified by the promoter to AIFA, the competent Ethics Committee and the trial centers involved.

The Non-Profit Decree also sets forth that observational studies require prior approval by the competent ethics committee and that AIFA will adopt new guidelines for the classification and conduct of observational studies on drugs.

In case of any non-profit trial on a study drug, the pharmaceutical company having title to the drug must share with the sponsor an updated copy of the drug dossier and any safety data on the trial drug must be shared between the pharmaceutical company and the sponsor.

The Non-Profit Decree opens new opportunities for non-profit sponsors: it remains to be seen if there will be an appetite to purchase data by private entities and if a price set forth by an independent expert will be an effective mechanism.