All posts by Paola Sangiovanni

Unknown's avatar

About Paola Sangiovanni

Partner of GITTI and Partners. Seasoned transactional and regulatory legal counsel with a thorough understanding of the life sciences industry.

Healthcare, Technology and Malpractice in 2030

Legal news, , , , , , , , , ,

The “Home-Spital” of 2030.

I have enjoyed reading this article on what healthcare may look like in 2030 (in wealthy countries, may I point out). The author of the article says goodbye to the hospital, while welcoming the “home-spital”. She imagines that technology (think driverless cars and robot workers) will help us live in a safer world. Technology will also help preventing certain diseases. Regenerative options will slow down ageing. “You will go to hospital to be patched up and put back on track. Some hospital practices might even go away completely, and the need for hospitalization will eventually disappear. Not by 2030, but soon after”, she predicts.

Healthcare and Technology will be Increasingly Intertwined.

Telemedicine may become so pervasive that hospitals may be empty of patients and filled with patients’ data, continuously fed through wearable patient-monitoring devices or all kinds of sensors. Hospitals may become bio-printing laboratories, where 3D printers will manufacture organs, tissues and bones on demand.

It is somewhat uplifting to imagine that medicine may become so technologically advanced, so personalized and so effective, and health so plentiful. Others, however, warn against the threat of a de-humanized medicine that will solely rely on machines and will be unable to offer a human side to suffering individuals.

Will Technology Render Doctors Error-Free?

While this new world will pose issues of privacy, data security and fraud, will it solve the problem of malpractice? What will be the role of doctors in 2030? Will technology eradicate human error?

Technology is already helping doctors in many ways: drugs, devices, diagnostic instruments are now less harmful, more precise and a lot more effective. Watson computer is assisting oncologists finding the appropriate cure. Simulators helps doctor in their training and in performing surgical procedures. Checklists, protocols and guidelines can be embedded in the doctors’ routine so as to limit, recognize or avoid repetition of human error. We can foresee a world of doctors who follow protocols embedded in devices, leaving less room for deviation from standard practice, but also from mistakes: a computerized doctor, almost. Will this make doctors error-free?

Of Course, Technology can be a Source of Error, too.

The idea of technological devices that are perfectly designed and always perfectly functioning is false, as any product liability lawyer knows. Even the best technology is subject to faulty design of a whole line of products, or faulty manufacturing of a single product.

Malpractice and Product Liability Litigation may Merge in 2030.

Litigation may simply become more complex. In fact, doctors will be sued by patients along with creators of health apps, health data centers, data carriers, device or drug manufacturers, subjects who feed data to 3D printers or who analyze and monitor data processed by devices. It will be increasingly harder to disentangle doctors’ negligence with liability of med-tech, diagnostic or pharma companies. Litigation will rely even more heavily on the opinion of court appointed experts, who will need to be a panel of specialists with bioengineering, medical and information technology skills.

Two classes of doctors will probably emerge, even more distinctively than before: doctors who follow protocols suggested by computers, whose tasks will become closer to those of paramedics, and doctors engaged in research who write protocols that will bind other doctors. The first class will probably see a reduction in its freedom to make medical choices, but may be increasingly shielded from medical malpractice litigation. The protocol-writing doctors will work even more closely with the industry that designs, tests and manufactures medical technology.

Watch Out for the Paradox of Automation!

As this very interesting article (based on an analysis of the 2009 crash of Air France Flight 447, which killed 228 people) suggests, the so called “Paradox of Automation” could come into play. Tim Harford, the author, explains it as follows: “First, automatic systems accommodate incompetence by being easy to operate and by automatically correcting mistakes. Because of this, an inexpert operator can function for a long time before his lack of skill becomes apparent – his incompetence is a hidden weakness that can persist almost indefinitely. Second, even if operators are expert, automatic systems erode their skills by removing the need for practice. Third, automatic systems tend to fail either in unusual situations or in ways that produce unusual situations, requiring a particularly skilful response. A more capable and reliable automatic system makes the situation worse.

Technology that babysits doctors may ultimately weaken their skills. While automated devices may limit small errors, they may “create the opportunities for large ones”.

Conclusions.

Technology surely helps, who could deny that? But a messianic hope that technology will propel us into a risk-free, error-free and… malpractice-free world is a simplistic approach that is plain wrong.

Is Privacy Really a Fundamental Right?

Legal news, Uncategorized, , , , , , , ,

Privacy of individuals is framed as a fundamental right in the European Union. In fact, the new European Union Regulation no. 2016/679 reiterates this in the very first of its “whereas”.

Yet, it is clear to everyone that such “fundamental” nature is regularly questioned by various factors, and particularly:

  • Technological progress, coupled with people’s growing addiction to smartphones, allowing the collection of an amazing number of personally identifiable information and leading to big banks of intrusive data; and
  • Security threats that prompt governments to closely monitor citizens’ behavior.

Once upon a time courts were called to decide on how to balance conflicting rights. These days, the act of balancing privacy and other issues has become much more common and it is in the hands of a variety of subjects, such as data processors, who must carry out a data protection impact assessment according to Section 35 of the EU Regulation no. 2016/679, and data protection authorities, who provide both general guidelines and specific advice.

A couple of recent decisions by the Italian Data Protection Authority have led me to believe that the Authority is readier than before to accept that there are justified limits to the right to privacy:

  • On July 14, 2016, the Italian Data Protection Authority has decided that a bank is allowed to analyze behavioral/biometric information regarding its customers (such as mouse movements or pressure on the touch screen) as a measure to fight identity theft and internet banking fraud. Of course, a number of limitations have been set by the Authority, in addition to consent of the customer/data subject, such as specific safety measures, purpose and time limitations, and the segregation of the customer names from the bank’s IT provider.
  • On July 28, 2016, the same Authority has granted its favorable opinion to the use of a face recognition software at the Olimpico stadium during soccer games in order to check that the data on the ticket and the face of the person actually attending the event correspond. Provided that strong security measures are used and that the processing is carried out by police forces, the processing was deemed to be necessary.

A tougher stance, instead, is adopted by the Italian Data Protection Authority in cases of processing aimed at marketing purposes, as in this decision, for example. (I note, however, that the code of conduct applying to data processing for the purposes of commercial information that will enter into force on October 1, 2016, blessed by the Italian Data Protection Authority, continues to allow the dispatching of commercial communications to individuals whose personal data is included in public listings, even without the data subject’s express consent).

Balancing rights and interests is inherent to law and justice. It remains to be seen, considering the obvious (and absolutely reasonable) limitations to which the right to privacy is subject, if it will continue to make sense to frame it as “fundamental” right.

The New EU-US Privacy Shield

Legal news, , ,

Yesterday the European Commission announced that the new agreement between the European Union and the United States on European data flowing into the United States has been approved. After months of negotiations, the deal was enthusiastically announced as “a robust new system to protect the personal data of Europeans and ensure legal certainty for businesses” that “brings stronger data protection standards that are better enforced, safeguards on government access, and easier redress for individuals in case of complaints” in the words of Věra Jourová, EU Commissioner for Justice, Consumers and Gender Equality.

Ever since the 2015 Court of Justice of the European Union (“CJEU”) landmark decision that put an end to the Safe Harbour system (i.e., the previous agreement regarding EU-US data flows), the US and the EU had negotiated for about 2 years in the attempt to create a system that aims at reassuring European citizens and creating clarity for United States businesses. An initial agreement on the Privacy Shield was already reached in February, and heavily criticized by the association of European data protection authorities named “Article 29 Working Party” (as we covered in our blog). Allegedly, the European Commission has taken note of such criticism and added additional clarifications and improvements to the draft.

Here are the main features of the Privacy Shield, as set forth in the Commission’s fact sheet:

  •  The U.S. Department of Commerce will register U.S. companies under the Privacy Shield if they commit to process personal data in accordance with certain compliance standards. It will also conduct regular updates and compliance reviews of participating companies, and companies who do not comply face sanctions and removal from the Privacy Shield list.
  • U.S. government’s access to personal data for law enforcement and national security is subject to clear limitations, safeguards and oversight mechanisms. There will be no indiscriminate mass surveillance on personal data transferred to the US under the EU-U.S. Privacy Shield arrangement.
  • EU data subjects will, also for the first time, benefit from redress mechanisms in the area of national intelligence for Europeans through an Ombudsperson mechanism within the Department of State independent from the US intelligence services.
  • In case of processing of personal data in breach of the Privacy Shield, EU data subjects will have access to several dispute resolution mechanisms: (i) redress by the data controller, (ii) free of charge alternative dispute resolution solutions, (iii) complaints submitted to their national Data Protection Authorities, who will work with the U.S. Federal Trade Commission to resolve complaints, (iv) arbitration mechanism.
  • The functioning of the Privacy Shield will be monitored and a public report to the European Parliament and the Council will be issued.

The one million dollar question is: will the Privacy Shield hold?

The CJEU may struck it down in the future and privacy groups will undoubtedly test the waters with new cases. If this happens, some predict that there will not be any further attempt to create another “Safe Harbor” or “Privacy Shield”. As Mark Scott of the New York Times puts it: “The European Commission, the executive arm of the European Union, and the United States Department of Commerce spent years negotiating the new deal. If it were eventually overturned in court, few companies or privacy experts would have faith that either side could do any better the next time around”.

FDA’s Initial Thoughts on 3D Printing of Medical Devices Published Today

Legal news, , , ,

Curious about how regulations on 3D printing of medical device will evolve? Check out the draft guidance published today by the United States Food and Drug Administration (“FDA”). Comments and suggestions are welcome and should reach the FDA within the next 60 days.

The draft guidance looks interesting under a number of aspects. First of all, it provides a definition of additive manufacturing (“AM”), i.e., “a process that builds an object by iteratively building 2-dimensional (2D) layers and joining each layer below, allowing device manufacturers to rapidly alter designs without the need for retooling and to create complex devices built as a single piece.”

It also defines itself as a “leap-frog guidance” and clarifies that “leap frog guidances are intended to serve as a mechanism by which the Agency can share initial thoughts regarding emerging technologies that are likely to be of public health importance early in product development”, which is a nice way to say that the FDA recognizes that its thoughts are just initial and subject to change.

A number of caveats are singled out and manufacturers are invited to be careful about, and to design their quality systems so they take due account of:

  • device design, which can be altered in AM due to various factors (pixelation of features, various patient-matching techniques, effects of imaging, etc.)
  • software and software interactions;
  • machine parameters and environmental conditions;
  • material used (which can be raw material or recycled);
  • post-processing phase;
  • process validation and acceptance activities;
  • device testing;
  • cleaning and sterilization;
  • biocompatibility.

The FDA also believes that AM devices that are patient-matched should be subject to additional labelling information.

The draft guidance does not address the use or incorporation of biological, cellular, or tissue-based products in AM, which may require additional regulation. Also, point-of-care device manufacturing may raise additional technical considerations.

Interview with Diana Saraceni of Panakés Partners

Uncategorized, , , , , , ,

This post features an interview with Diana Saraceni, founder and managing partner of PANAKÈS PARTNERS , a venture capital investor that finances medical companies, early stage startup and SMEs in Europe and Israel.

Why does Panakés Partners focus on Med-Tech?

Life sciences, especially Med-Tech, have always been an innovative and growing sector. Improving health conditions is one of the goal of developed countries, and new challenges will always face us. Considering this highly changing environment, start-ups and small companies appears to have the best structure to generate innovative solutions. In Europe there are several areas of excellence in technology and chemistry, the ideal environment where promising Med-Tech start-ups can develop. Moreover, European regulatory system has faster and easier protocols for companies to get CE mark and go to market, especially compared to the American system, where FDA approval requires more efforts, both in economic and clinical terms, to enter the market. Lastly, if we consider that western countries invest, on average, 10% of GDP every year on health services and that medical and pharmaceutical enterprises are the most active in acquiring start-ups, the great opportunity Med-Tech represent for us becomes evident.

What are the specific areas where you expect more growth in the future?

Considering the ageing of population and the need of hospitals to optimize their resources and reduce costs, we expect a great demand for technologies designed for home healthcare and chronic pathologies management. These new solutions will allow patients to receive their treatment directly at their own home, letting hospitals to focus their resources on acute pathologies treatment. Furthermore, we are confident that there will be a significant growth in all technologies aimed to a minimally invasive medicine. We are talking about in vitro diagnostics systems or robot-assisted surgery, which will substitute, or at least reduce, tissue biopsies and traditional surgery. Lastly, we expect a great increase in solutions for personalized therapies. These technologies, which combine genetic profiling to Big Data algorithms, will help physicians in the definition of therapies specifically tailored for every patients, increasing the probability of success.

Which countries appears to have the best factors (in terms of legislation, culture, access to funding and applied research) that helps fostering innovation?

By tradition, Anglo-Saxons countries are the ones with a more innovation-oriented policy. Everyone who has interesting ideas is encouraged in developing them, entrepreneurs never stop to look for new opportunities and skip from one project to another, as if they have not realized anything yet, legislation offers benefits to support the creation of new companies. These are the reasons why realities such as incubators and venture capital funds were born and are widespread in these countries. Regarding the specific case of Italy, we can state that the presence of top-class engineers and the excellence of Italy in clinical research in several areas, combined with lower costs than the other developed countries, are the main factors for the success of many Italian start-ups.

Which challenges lay ahead of you?

We received hundreds of requests of funding from companies all over Europe. Now, our main challenge will be to select the most promising ones, both in terms of proposed technology and feasibility of the project. Furthermore, we need to enlarge our network, in order to reach more companies and to find those ones whith the potentiality to change the status of medicine and build up more success stories out of Europe. We like to think of Panakés as a highly entrepreneurial start-up from a certain point of view, with great opportunities and successes just waiting for us!

 

Encryption vs. Surveillance: How the Debate on Whether to Lock or Unlock a Cell Phone Will Shape Our Future

Legal news, , , , , , , ,

All of a sudden, the debate on privacy and encryption, typically confined within law school classes, between think tanks or on specialized blogs (such as ours), is making headlines.

Apple, the tech giant, is emerging as new privacy champion ready to fight against the US government, and possibly many other governments in the world in order to protect individual’s data.

It is probably too early to draw conclusions on this debate, the outcome of which will determine the degree of freedom that citizens will enjoy in the future, and the degree of surveillance that governments will have over citizens. The two extreme nightmare scenarios are clear:

  • an Orwellian world where individuals record every snippet of their life (including sensitive data such as health data!) and governments have unhindered access and control on such data;
  • a world devastated by terrorist groups, who want to destroy modern culture, yet have unconstrained access to encryption and to communication instruments that magnify their terror threats.

We are obviously eager to see what the US federal court will decide on the appeal announced by Apple. However, it is even more interesting to read the various positions on the issue in the debate. This is a list of articles that we have found more thought provoking:

Enjoy the reading!

Pause for the Holidays: an Exciting Year Lies Ahead!

Legal news, , ,

No doubt you deserve the holiday break that is coming up! We wish you a peaceful time off and a fabulous new year.

Indeed, 2016 promises to be a very interesting year for life sciences.

From the business point of view, the title of Deloitte’s study says it all: “Moving forward with cautious optimism”.  Not too enthusiastic, admittedly… but the centrality of the health sector in an ageing society is expected to overcome the strictures of health spending’s decrease in mature markets.

When it comes to legislation, the European Commission has certainly grand plans for 2016.  Final language is ready for the General Data Protection Regulation and the Data Protection Directive in the Field of Law Enforcement: the new rules will have an impact on m-health and medical devices’ manufacturers in particular, as well as on European companies in general. Stay tuned! Will the Medical Device Regulation and In-Vitro Diagnostic Regulations see the light in 2016? That remains to be seen.

We hope you have enjoyed our musings on issues that lie at the intersection of law and technology in 2015: we intend to bring you more in 2016.

Warm wishes from the Life Sciences’ Team at Italy Legal Focus.

Why E-Prescription is an Important Step Towards E-Health

Legal news, , , ,

Italian Regions are racing towards the goal of de-materialization of prescriptions of medicines. While the national average percentage of electronic prescriptions has not yet reached 50%, certain Regions are recording percentages above 80% (Veneto, Sicily, Campania, and Aosta Valley), according to the latest data published by Il Sole 24 Ore Sanità on the September 8-14 issue. The goal of 90% of de-materialized prescriptions, which has been postponed to 2016 by Law no. 11 of 2015, is getting closer. E-prescriptions will also have an interesting feature that may prove helpful for certain patients: the validity of e-prescriptions would no longer be limited to a single Region, but would spread to the national level.

What are the advantages of e-prescribing and why is it considered a crucial step towards E-Health? Saving on the cost of paper, as cited by certain commentators, is definitely not the point. E-Health requires costly investments in the field of Information Technology, which will not be easily set-off by money saved on paper!

E-prescriptions actually promise much more substantial benefits:

  • Increase of patients’ safety and error reduction: an electronic system can lead to less mistakes due, for example, to the selection of incorrect or unavailable drug dosages, the duplication of therapies or the misinterpretation of the content of the prescription, the avoidance of mistakes linked to the omission of certain information (e.g., allergies).
  • Better monitoring of appropriateness and control of the cost of therapies: e-prescriptions can be a formidable tool to gather data and keep track of health costs in real time, which may lead to a more efficient control on expenditures at every level. As an example, think about what an automatic alert suggesting more cost effective therapies or an optimization of the current therapy may do for a single patient and for the health system in general.

Let’s keep on counting electronic prescriptions (21 million out of 48 million last June!): they will not be the panacea for the national health system, but they can be a great step forward.

Drones and Privacy: Risks and Recommendations.

Uncategorized, , , , , , , ,

Drones Are Increasingly Used in the Civil Field. The civil use of drones is increasing, as also witnessed by the DRONITALY event that will be hosted near the Milan Expo in late September. And attorneys who are contributors to this blog find it certainly exciting when new technologies become widespread and thus present legal challenges!

When a new technology starts to become mainstream, the lack of adequate legal provisions is often deplored. In truth, the interpreter needs to take a deep breath and (i) identify the applicable laws, as well as (ii) understand the unique risks entailed by such novel technology, while comparing them with previous technologies. In the case of unmanned vehicle systems, commonly referred to as drones, it does not look like the applicable rules are lacking, but they are simply difficult to apply.

EU Data Protection Authorities Scratch Their Heads Together. The data protection authorities of the European Union, who work together within the “Article 29 Data Protection Working Party”, have recently tackled the issue of drones. The June 16, 2015 opinion by the “Article 29 Data Protection Working Party” (“Opinion”) is especially interesting because of its solid logic approach, which starts with a careful analysis of potential data protection risks linked to the increased use of drones, goes on to finding specific issues that are unique to drones, and ends with a number of recommendations to operators, manufacturers, regulators and law enforcement officials.

Unique Challenges to Personal Data. Drones are aerial vehicles that can be used for a host of activities (including – as pointed out by the Opinion – dull, dirty or dangerous operations, also known as “3D”). The Opinion is careful in pointing out that the use of drones per se is not problematic: it is the possibility to equip drones with recorders of audio and video data that poses challenges to privacy. Additionally, drones overcome obstacles such as walls or fences, and small drones may even enter buildings. Subjects whose data are recorded are often unaware of the processing of their data and, if they are or suspect that they might be, this may trigger a “chilling effect” on their conduct. In short, the principles of purpose limitation, data minimization and proportionality are at risk. Therefore, the Opinion strongly encourages a data protection impact assessment to check how, given the circumstances, the processing of data by a drone may impact the privacy of interested subjects. The assessment must start early on, and the rule of data protection by design must be respected by manufacturers and users. Such assessment must take into account:

  • The Applicability (or Inapplicability) of Exceptions. When personal data is processed by sensors installed on the drone, there is no doubt that data protection legislation applies. The exception for personal data processed in the course of a personal or household activity is never compatible with the sharing of such data on the internet. Law enforcement may also be found as a legal basis for processing, but it must be lawful, necessary and proportionate: indiscriminate surveillance is not acceptable.
  • Informed Consent. Freely given, specific and informed consent is difficult to achieve when it comes to drones. The Opinion suggests to try anything that may work (they, more elegantly, talk about a “multi-channel approach”): from signposts to symbols, signals, lights, registration marks or the publication on the internet of information on drone activities, so that a specific drone can not only be detected by interested subjects, but also linked to a certain data controller. Other grounds for lawful data processing may be found depending on the circumstances, such as performance of a contract to which the data subject is a party (e.g., security services offered through drones only recording the data subject’s property), processing to protect the vital interests of the data subject (e.g., rescue of victims of accidents) or for the purposes of a legitimate interest (e.g., wildlife research).
  • Security Measures. Personal data gathered must be safely stored and communicated (encryption is encouraged).
  • Anonymization or Deletion of Data. Data must not be kept for a period that goes beyond what is necessary to fulfill the purpose of the processing. Data must be accessed only on a limited basis and anonymized or deleted as soon as possible.

Many of the legal issues connected with drones are similar to those arising in case of video surveillance, already tackled by the Italian Data Protection Authority in 2010, with the notable exception that providing information to data subjects may prove to be much more challenging in case of aerial vehicles that fly at a distance.