All posts by Flavio Monfrini

Five Key Takeaways from Our Seminar on Clinical Trials

Events, Legal news, , , , , , , , , , , , , ,

If you missed our seminar on clinical trials on January 16, here are five key takeaways to help you understand the changing regulatory environment in Europe and Italy.

  1. Be ready for a new regulatory landscape

The recent clinical trials regulatory overhaul within the EU aims at fostering research and facilitating the tasks of all actors involved in this area. However, delays in the implementation of such new legislation are posing an actual risk for the entire sector throughout the EU, while competition from emerging economies is getting stronger.

  1. Harmonized, but not enough

In several areas, such as observational studies or ethical committee’s assessments, a unified approach at European level is yet to be adopted. This leaves a lot of fragmentation among the various countries and a lot of work to be done at local level in order to ensure compliance with applicable regulations. Be prepared to deal with such inconveniences, in particular in the pharmaceutical sector.

  1. Changes in data protection laws offer new opportunities but challenges remain

GDPR brought new harmonized provisions to improve and support the use of data for the purpose of conducting research. However, guidance from national data protection and regulatory authorities in areas such as legal grounds for processing and secondary use is far from established. Moreover, different EU countries continue to adopt opposite approaches when it comes to consent and legitimate interest as valid legal grounds for data processing in the framework of clinical research. Data protection compliance will therefore continue to require local check-ups.

  1. New opportunities for independent research

Recent regulatory changes in Italy are being implemented to foster independent not-for-profit research in the clinical area. The new regulations, which are about to be adopted, envisage new opportunities for the participation of private actors in independent research and allow not-for-profit research institutions to better exploit the results of their research. The potential for conflicts remain and caution should be exercised within public-private relationships, but there is hope that new paradigms of collaboration will see the light.

  1. A new world of evidence is out there

More and more projects in the clinical research field involve real world data and real world evidence, gathered in a number of different ways outside the rigid protocols of a controlled study, whether through medical devices or other data collection instruments. Real world data are key to understanding how treatments work in reality and developing new healthcare paths. However, both clinicians and private actors are operating in uncharted territories and the line between studies and alternative research projects is thinner than you may expect. Be mindful of the regulatory and compliance ramifications of these new powerful tools.

What the Implant Files Are Not Telling

Legal news, , , , , , , , , , , ,

The investigation.  The “Implant Files” is a global investigation carried out by reporters in 36 countries under the lead of the International Consortium of Investigative Journalists (https://www.icij.org/investigations/implant-files/). The project, which attracted significant worldwide attention over the last few weeks as articles and reports were published, purported to show how the medical device industry failed to place on the market safe products and ultimately harmed a significant number patients.

Regrettably the way the investigation has been reported by several media outlets and the conspiracy theories underlying certain articles leave the readers without a clear understanding of the issues on the table and the policies behind the current regulatory framework.

The approval process.  For instance,  while the investigation was conducted globally, many articles published by European consortium members focused their attention on the lack of a centralized authorization procedure for the marketing of medical devices in the EU and argued that a loose regulatory framework enabled manufacturers to sell unsafe devices on the European market.

The absence of a centralized marketing authorization procedure for medical devices in Europe is depicted as a failure of European lawmakers, influenced by the medical device lobby. However, none of the articles reporting on the investigation provides readers – who may not be familiar with the authorization process – a clear and complete picture of the rationale and public healthcare policies behind the current regulatory framework. Most notably, the Implant Files investigation fails to explain the benefits for patients of a faster launch of innovative devices on the market. Neither they show any meaningful and documented difference in terms of patient safety between the EU and the US, where a centralized authorization procedure administered by the FDA is in force. The fact that the investigation concerns the US as much as the rest of the world is probably a good indication that the type of approval procedure does not per se guarantee patients’ safety and an effective healthcare system.

The new regulation.  As to the timing of the investigation, it comes at a moment of transition when the new EU medical device regulation has already been enacted but has not yet begun to unfold its innovative potential in the industry.  Yet, the Implant Files investigation seems to assume that the new regulation will have no impact on the industry and the approval/vigilance system as a whole. The investigation does not really delve into the changes and improvements brought by the new regulation, which has in fact already addressed many of the issues raised by the Implant Files. Among such innovations, new and improved vigilance measures and an increased accountability for notified bodies should be certainly taken into consideration.

Further, the investigation neglects the public discussions and exchanges that occurred throughout the EU (and the world) in the years that preceded the enactment of the new regulation, when the truth is that its provisions have been at the center of the public healthcare discourse for years, have been debated among experts, stakeholders and lawmakers in full transparency, have been reported by newspapers and specialized media. The alleged “scoop” seems a few years late.

The current vigilance system.  Lastly, one of the major flaws of many articles reporting on the investigation is that they give readers the idea that no meaningful vigilance system exists today. This is of course not correct. Italy, for instance, has a long-standing nation-wide register of approved medical devices marketed in its territory kept by the Ministry of Health. The same Ministry transparently shows on its website all safety notices and field actions carried out in Italy. The tool is easily searchable and can be found on the very first page of the medical device directorate’s site. 

Not only the Implant Files investigation failed to accurately report the existing vigilance and transparency measures, but created their own medical device database, allegedly aimed at providing the public with full access to data submitted by patients and reporters. 

Does the Implant Files investigation really benefit patients?  At the moment one cannot but wonder if this project really does provide patients with complete, accurate and independent information that can be useful for their health and wellbeing.

Is a public database, entirely managed by a private consortium, really empowering patients? How the database is managed, how the uploaded information is vetted and updated, for which purposes the uploaded information can be used by patients? Shouldn’t we work on improving a public, transparent system, managed by officers and professionals who have the scientific and regulatory expertise that is needed to address all issues involved, rather than building on a new, uncontrolled and unaccountable tool that could potentially distort patients’ behavior? The media would do a better service to the public opinion by giving a balanced, informative and articulate picture of the facts, rather than spreading sensationalistic news that would make anyone with an implanted device panic (and click on the article!).

 

Who’s Who Legal 2018: Our Life Sciences Practice in the Top Three!

Legal news, , , , , , ,

Who’s Who Legal just published its 2018 rankings, highlighting the leading practitioners recognized “for their excellent work across the full spectrum of life sciences law”.

Our very own Paola Sangiovanni has been recognized among the top three most highly regarded practitioners in the life sciences legal industry in Italy. Here’s what Who’s Who Legal says about Paola:

«The “fantastic” Paola Sangiovanni at Gitti and Partners is “a truly dedicated life sciences expert”, who is considered “a great deal-maker”. Her transactional expertise in the life sciences space is in high demand, thanks to her “client-focused approach and excellent service”».

We are very proud to share such a terrific achievement with our clients and friends, and we would like to thank you all for your continued support!

New Whistleblowing Legislation Approved in Italy

Legal news, , , , , , , ,

Whistleblowers will be granted a higher level of protection under new legislation passed earlier this week in Italy.

The new provisions apply to civil servants as well as employees in the private sector. Whistleblowing protection will shield individuals who submit a good faith report concerning unlawful conduct, provided that such report is based on a reasonable belief and factual elements.

The new legislation prohibits any retaliation or other discriminatory measures against good faith whistleblowers, including termination, demotion, transfer or other organizational action.

In the private sector, the new legislation has a significant impact on organizational models adopted to prevent corporate criminal liability pursuant to Legislative Decree 231 of 2001. In fact, all organizational models will need to set up appropriate channels for the confidential reporting of criminal conduct and violations of the organizational models themselves.  Measures aimed at protecting the identity of the whistleblowers and the confidentiality of the reports, as well as disciplinary sanctions against retaliatory or discriminatory measures against whistleblowers, will also need to be included in such organizational models.

The new legislation is expected to enter into force shortly, upon publication in the official gazette.

G7 Health Summit Closed Today in Milan

Events, , , , , , , , , ,

On November 5 and 6 the G7 Ministerial Meeting on Health was held in Milan. The meeting had an ambitious agenda, ranging from the impact of climate change on people’s health to antibiotic resistance.

According to the Italian Ministry of Health, hosting the summit on the occasion of the 2017 Italian G7 presidency, the meeting innovated in the way matters have been examined and discussed, by using a so called Delphi method based on the opinions of the world’s leading experts.

A number of satellite events have also taken place across the city, including a conference organized by police forces to address the cross-border fight against “pharmaceutical crime” in all its forms, identifying the critical factors and common responses. The conference focused on the strategies and international collaborations needed to crack down on counterfeit pharmaceutical products, as well as the import and on-line sales of unauthorized products.

Another satellite event focused on the employment of new technologies in the healthcare sector, with particular emphasis on sustainability. Antibiotic resistance has also been a key item on the agenda. Italy is among the countries in the world where deaths linked to antibiotic resistance are higher.

Italian authorities did not conceal that one of the hidden goals of the summit was for them to lobby for the relocation of the European Medicines Agency- EMA headquarters to Milan. The political battle among candidate cities is about to get more intense, as a decision is expected to be adopted before the end of November.

More information on the agenda and materials of the summit can be found here: http://www.g7italy.it/en.

Continuing Medical Education: New Rules under Italian Law (and How to Comply with Them)

Legal news, , , ,

A new regulation has been enacted in Italy, overhauling continuing medical education regulations. The new provisions will not only have an impact on healthcare professionals, who are subject to educational requirements, but also on pharmaceutical companies and medical devices manufacturers supporting educational events and congresses, as well as on third party providers and organizers. The new regulation has been adopted following consensus among regional authorities and the Ministry of Health on February 2, 2017.

The national commission for continuing medical education is entrusted with the task of determining the requirements and quality levels of educational events, as well as the minimum educational goals applicable nation-wide. The commission shall also adopt a manual for the certification of event organizers (so called CME providers). Regional authorities, on the other hand, must ensure a proper and adequate planning for medical education within their territories.

Furthermore, each professional shall develop and comply with an individualized educational plan (so called “dossier”), in order to ensure a coherent and complete education. Educational events attended abroad may also be recognized for purposes of medical education, in accordance with the criteria that will be established by the national commission.

As far as industry operators are concerned, the new regulation reiterates and strengthens the requirements of transparency and independence of educational providers from pharmaceutical/medical device companies. In particular:

  • CME providers must disclose any relationship between speakers/moderators and any private entity active in the healthcare industry;
  • CME providers must not have any direct or indirect interest in any pharmaceutical/medical device businesses or engage in any relationship with such businesses, other than the sponsorship pursuant to CME regulations;
  • CME providers must not organize any promotional events on specific products; a full segregation of activities between educational CME providers and other event organizers is therefore established;
  • The regulation further expands on the definition of conflict of interests and aims at better regulating all relationships and interests between the industry and educational providers;
  • More stringent provisions concerning advertisement and promotion during educational CME events are introduced, including restrictions for employees of the sponsor to attend educational classes and seminars.

While several provisions of the new regulation directly target CME providers, the industry should also be prepared to the new regulatory framework. Here is a list of what private operators should immediately think of:

  • Train your staff on the new regulations (both at your headquarters and on the field);
  • Check if internal company procedures needs to be updated;
  • Check if internal sponsorship documentation (including contracts) needs to be updated;
  • Review ECM providers with whom you usually work to ensure they comply with the new requirements and avoid conflicts of interests.

Italian Data Protection Authority Authorizes the “Privacy Shield”

Legal news, , , , , , , ,

The Italian Data Protection Authority has authorized the transfer of personal data to the United States on the basis of the new “Privacy Shield” program, designed by the European Commission and the U.S. Department of Commerce to provide companies with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. On July 12, 2016 the European Commission deemed that the “Privacy Shield” offered adequate protection and could enable data transfers under EU legislation.

The Italian Data Protection Authority has now issued a general authorization for the processing and transfer of personal data in accordance with the “Privacy Shield” program and with the European Commission adequacy decision. The general authorization will be published today on the Official Gazette. Italian companies and multinational corporations active in Italy will therefore be able to transfer personal data to United States entities adhering to the “Privacy Shield”.

This latest decision comes after the expiration of the previous general authorization allowing the transfer of personal data to the United States pursuant to the “Safe Harbor” framework, held invalid by the Court of Justice of the European Union on October 22, 2015.

The European Commission plans to implement a continuous monitoring of the “Privacy Shield”, while at the moment it remains unclear how many business entities will seize this opportunity and join in the new program.

Health Data Registries and Surveillance Programs, a New Italian Regulation Steps Up the Game

Legal news, , , , , , , , , , ,

A new Italian regulation governing health data registries and surveillance programs aims at facilitating the use of such tools for purposes of monitoring health of the population, as well as healthcare spending. A comprehensive legal instrument regulating the various categories of registries and programs was much needed. In fact, the adoption of such a regulation was envisaged by national legislation since 2012 (Section 10 of law decree 179/2012), but no implementing measures has yet been adopted. A draft of regulation has now been released by the Italian government and submitted to the State-Regions conference prior to formal entry into force. The draft has already been reviewed by the Italian Data Protection Authority.

The new regulation aims at standardizing registries and programs adopted over the years, by setting forth: (i) the entities and professionals who may access the information contained in the registries, (ii) the categories of data that are available, and (iii) the measures to be adopted to ensure the security of data in line with data protection legislation.

The goals pursued by the regulation include a better monitoring of diseases at national level and relating treatment, survival rates, mortality index, as well as the increase or decrease over time of a certain disease. The data stored in the registries should also facilitate the carrying out of epidemiological studies in specific territories and/or for specific subsets of the population. Such broad purposes would allow the data to be used in connection with scientific studies, but also for the treatment and prevention of particular diseases.

The data protection provisions enshrined in the regulation are particularly stringent, and provide that all data must be processed by individuals specifically appointed by the data controller and subject to secrecy obligations. Furthermore, the data shall be encoded in a way that does not allow the de-anonymization of the data. Only in case of adverse events and relating field actions, data may be used to contact the interested subject upon prior authorization of the national registry holder. Data breaches will also need to be reported to the Data Protection Authority.

In conclusion, the new regulation provides welcome clarity in a field where regulations have been sporadic and at times incoherent. Moreover, the new regulation seeks to govern at the same time the different legal aspects connected with registries, from healthcare monitoring to data protection. There is little doubt that the hope of the government is to optimize such instruments to better control healthcare spending and conduct a more effective assessment of therapies and products on the market.

 

 

The Safe Harbor Decision (And What Is Wrong With It)

Legal news, , , , , ,

As most people and businesses on either side of the Atlantic are now aware, on October 6, 2015 the European Court of Justice invalidated the Commission’s Safe Harbor decision and made the transfer of personal data to the United States slightly more difficult for businesses.

The Court decision is based on two fundamental findings: first, the Commission’s Safe Harbor decision did not find – as it was required to do according to the Court – that the United States ensures a level of protection of fundamental rights essentially equivalent to that guaranteed within the European Union. Second, and equally important, the Court held that the Commission had no authority to restrict the powers of national data protection authorities to examine complaints of their citizens and assess whether the transfer of data to the United States affords an adequate level of protection.

Until the recent Court decision, the Safe Harbor program has provided a framework for the transfer of personal data from the European Union to the United States. Safe Harbor, however, is neither the only way to transfer personal data to the United States, nor the most commonly used. United States undertakings have consistently used – and will be able to continue to use even after the Court’s decision – model clauses and binding corporate rules.

As European and US undertakings have a wide variety of tools available to transfer data to the United States, the most troubling finding of the Court’s decision is not the invalidation of the Safe Harbor per se, but rather the recognition of much broader powers to member states’ data protection authorities. While the Safe Harbor scheme provided a single and simplified framework that was easily understood by United States’ businesses, the new decision leaves uncertainty as to the approach that each member state’s data protection authorities will take in connection with the export of their citizens’ data. As a consequence, in spite of the current efforts by European authorities to adopt a single data protection regulation ensuring a more uniform legislation throughout the continent, the Court decision is likely to lead – for at least some time – to a more fragmented and less clear legal framework among different member states.

Last, but not least, it is worth noting that one of the main reasons that led the Court to invalidate the Safe Harbor Commission’s decision has been the discovery of mass surveillance programs by US national security intelligence agencies and their rights to access personal data of European citizens. The concern of the European Court of Justice is well grounded and all of us, as individuals, are likely to share that same concern. However, why is the Court not equally worried about the surveillance programs and data retention policies adopted by several member states over the last few years?

Many have pointed out (see for instance here and here) that the Court decision is the result of different sensitivities between US and European people when it comes to the protection of their privacy, being the Europeans more keen to consider the protection of their personal data as a fundamental human right (or, rather, very keen on teaching data protection lessons to the United States). However, the failure of the European Court of Justice to acknowledge that such fundamental right is as much at risk within the borders of Europe as it is outside leaves us wondering whether the Court is really protecting the substance of our privacy as European citizens.