All posts by Paola Sangiovanni

Unknown's avatar

About Paola Sangiovanni

Partner of GITTI and Partners. Seasoned transactional and regulatory legal counsel with a thorough understanding of the life sciences industry.

Less Open Tenders in e-Health Government Contracts?

Uncategorized, , , , ,

In Italy, general principles on government contracts mandate that the provision of services to public administrations must be preceded by the issuing of a public tender allowing various companies to transparently compete for the job. This blog has recently discussed a couple of court decisions that in fact confirmed and further strengthened such principle.

However, a recent decision by the Consiglio di Stato, the higher court which is competent for administrative matters, seems to go in the opposite direction in a case regarding services linked to digital health.

The facts of the case relate to the Lecce health center, located in Puglia, Italy, which assigned to a certain firm the tasks of providing maintenance IT services in the fields of RIS (Radiology Information System) and PACS (Picture Archiving and Communication System). The same firm had previously provided IT maintenance in the RIS-PACS field, was the exclusive authorized reseller of the concerned systems and was in charge of the integration of other IT systems already in place the health center. Given such qualifications, the health center refrained from issuing a public tender and instead used the tool of the “negotiated process” with such IT firm only, which is allowed when, due to technical reasons, the supply contract can be assigned only to a single firm. The petitioner of the case, on the contrary, argued that any other qualified IT company was able to integrate and maintain the IT systems.

What is interesting to note is that the Court gives weight to the “special complexity” of the services constituted by the shift to a digital imaging system: under such view, e-Health is viewed as a field fraught with risks (on data, and ultimately on patients), thus allowing to recur to the exception constituted by the “negotiated process” rather than to rely on the rule of open tenders.

What’s New in E-Health? Interesting Developments to Consider.

Legal news, , , , , , , , ,

E-Health is a term often used to describe a relationship established between electronic tools and the art of medicine. The European e-Health Action Plan 2012-2020, for example, describes e-Health as a “mean using digital tools and services for health”, which involves an interaction between patients and health-services providers. Within e-Health, the role of telemedicine is considerably growing.

Regulations and guidelines in the field of e-Health are growing in the Italian jurisdiction, too. In particular:

  1. A new Agreement on Digital Health (“Patto per la Sanità Digitale”) prepared by the Ministry of Health has been proposed to the State and Region Conference in June 2015
  2. New guidelines on electronic health records have been issued by the Data Protection Authority on June 4, 2015; and
  3. An interesting administrative court decision issued on July 10, 2015 set forth innovative principles in the field of digital health supplies to the public administration.

Our next blog posts will explore the above developments, which are set to change certain regulatory aspects of e-Health.

Stay tuned, and happy summer!

3D Printing In Healthcare: Regulatory Issues To Consider

Legal news, ,

The Democratization of 3d Printing: Joys and Sorrows

A fascinating technology is becoming more and more widespread and may completely change the world of manufacturing as we know it: 3D printing. An object passed through a 3D scanner or a file downloaded through the internet may enable almost anybody to produce an unlimited number of 3D copies.

This is a classic example of an innovative technology that is going through the process of “democratization”: with the price of 3D printers now in the range of tens of thousands of Euros, a manufacturing method, which was once available only to a few, may now be found in every architecture firm, in your garage and… in your hospital.

A beautiful National Geographic title points to the revolutionary aspects of 3D printing: “As epoch-making as Gutenberg’s printing press, 3-D printing is changing the shape of the future.” As in many other “revolutions”, it is difficult to imagine its full potential at its onset. Therefore, 3D printing sparks both enthusiasm and anxiety. Many intellectual property owners have much to fear from the possibility of producing countless unauthorized copies of products looking exactly like theirs. While the music and movie industries already suffered when home taping or file sharing became commonplace, 3D printing may impact nearly all industries. Others point to the risks connected with the complete lack of control over the production of guns or other dangerous objects (with others questioning how serious of a threat this might be).

3D printing is already vastly used in the field of medical practice, and many more uses can be imagined in the future (printing organs for transplants is no longer an entirely futuristic scenario). Recent research on 3D programs deployed in Italian hospitals point to the advantages related to 3D models of patients for pre-surgery planning, for training, as well as for obtaining the patient’s informed consent. None of such uses are likely to trigger legal or regulatory issues, if data protection aspects are correctly handled.

Is 3d Printing a Regulated Activity? Is a 3d Printed Item a Regulated Object?

If, instead, a 3D object is created and used closer to patients, it is possible that a regulated item is obtained (most likely a medical device or an advance therapy medicinal product), or that a regulated activity is carried out, with a host of regulatory consequences. In fact:

3d Printing and Liabilities

Who is responsible if a 3D printed medical object is defective? The process of 3D printing involves a number of potentially responsible individuals, who may be liable, in full or in part. A Court would have to determine what went wrong. Depending on the circumstances, the doctor prescribing the 3D object, the surgeon implanting it, the radiologist choosing the images on which the 3D printing process is based, the manufacturers of the 3D printer or of the materials used, the user of a 3D printer… each of them may be responsible for the defect.

However, this is not a new scenario in medical technology, where product liability is always potentially connected with medical malpractice and where finding out the exact responsibility of each subject can be challenging. Italian law sets forth joint liability of all responsible persons and indicates that the person who paid damages has recourse against the other liable persons on the basis of risks, faults and consequences. If such allocation of liability is not possible, then each person is liable in equal parts.

Conclusions

There is often a general sense that an innovative technology is so new that it happens in a legislative vacuum, because how could the legislator have already foreseen rules specific to 3D printing? We have written about a similar approach in the field of medical apps. Instead, new technologies typically land on a pre-existing landscape of applicable regulations, which should be taken into account by innovators and users of innovation. Regulatory authorities may not be ready to start enforcement actions against 3D printing, but may decide to do so in the future.

 

TO REIMBURSE OR NOT TO REIMBURSE? A recent judgement on scientific evidence and appropriateness of care.

Uncategorized, , , , , , ,

A judgment by the Italian Supreme Court published on April 10, 2015, determined that an alternative cure must be covered by the Italian National Health Service even in the absence of compelling scientific evidence as to its efficacy.

Health is protected by Italian law as a fundamental right of the individual, as well as a collective interest of the community, and dignity and freedom of the human being must always be respected. These general principles are enshrined in the Italian Constitution (section 32) and in section 1 of Legislative Decree no. 502/1992. Therefore, the right to health is framed as an absolute and fundamental right, a theoretical approach that – given the many restraints affecting patients’ access to care – may appear almost fictional.

Further, Italian legislation sets forth that the National Health Service must offer uniform essential levels of care and assistance, taking into account human dignity, equal access to care, quality and appropriateness of therapy, as well as economic factors. (These latter economic factors often appear most pressing, as patients affected by hepatitis C are currently learning!).

With regard to reimbursement, the Italian National Health Service must cover assistance services which show, for specific clinical or risk conditions, scientific evidence of a significant health benefit, from an individual and collective standpoint, compared to the resources employed. Such concept is often called “appropriateness” and is something with which doctors, hospitals, patients and authorities struggle daily. Nobody will deny that all the above mentioned factors are of primary importance, but balancing them can be difficult in practice.

The recent decision by the Italian Supreme Court (Corte di Cassazione, judgement no. 7279 of 2015) determined that a quadriplegic patient was entitled to free access to a non conventional therapy (so called “DIKUL” therapy), even in the absence of compelling scientific evidence as to its efficacy, when it was proven that the patient benefited from it through a sworn appraisal of a Court appointed expert. The Court pointed out that, while no compelling scientific evidence was offered, the efficacy of the therapy was in doubt, but not openly proven as not efficacious.

In its reasoning, the Court reiterated the higher hierarchy of the constitutional right to health over the discretional administrative decision of the hospital to administer a certain therapy. Further, the Court emphasized that the efficacy principle set forth in Italian law may be based on actual benefits to the patient brought by the DIKUL therapy: the mere absence of available scientific evidence in favor of the DIKUL therapy was not sufficient to deny its access to the patient. Only if there had been scientific evidence proving that the DIKUL therapy was inefficacious, then its reimbursement could have been denied.

We have already commented on the infamous Stamina case in this blog, a case where the well intentioned desire of Courts and Parliament to help otherwise helpless patients prompted the recourse to a therapy which completely lacked any scientific basis and breached many legal provisions actually aimed at protecting patients (e.g., GMP manufacturing requirements, informed consent of patients).

The recent Supreme Court decision confirms the sometimes difficult relationship between scientific evidence and access to a certain therapy, particularly in cases of patients affected by diseases for which there are limited therapy options.

Italian Corporate Criminal Liability 101: Basic Facts You Should Know

Uncategorized, , , , , , ,

Are Companies Criminally Liable under Italian Law? Yes!

Legislative Decree no. 231/2001 (the “231 Decree”) has introduced in Italy the principle that companies are responsible for crimes committed by:

  • Individuals vested with powers of company’s representation, control, direction, or management;
  • Individuals subject to the authority or control by the above-mentioned individuals, including employees, consultants, non subordinate employees and whoever acts on behalf of the company.
  • As a result, a company may now be considered liable for crimes committed by individuals in the interest or to the benefit of the company (while crimes committed by individuals in their exclusive interest or in the exclusive interest of third parties do not trigger company’s liability). The company’s liability is separate and distinct from the liability of the individual who committed the crime.

Which Crimes Trigger Liability? Several (not just corruption!).

The 231 Decree lists a number of crimes for which companies may be liable, which include:

  • Corporate crimes;
  • Crimes against public administrations;
  • Crimes against the dignity of individuals;
  • Conspiracies and terrorism;
  • Crimes arising out of breach of laws protecting the environment and health and safety at work;
  • Crimes related to criminal associations;
  • Money laundering.

Which Sanctions Apply? Monetary and blacklisting sanctions.

If a company is found liable, the following sanctions may apply:

  • monetary sanctions up to a maximum amount of Euro 1,549,370.69 (and precautionary seizure of the price or profit arising from the crime),
  • blacklisting sanctions (applicable also as a precautionary measure), with duration between 3 to 24 months, which can consist of, inter alia, the prohibition to conduct the Business’ commercial activity, the prohibition to contract with the public administration, the prohibition to advertise goods or services, seizure, or the publication of the court’s decision (if a blacklisting sanction is applied).

Are There any Grounds of Exemption from Criminal Corporate Liability?  Yes!

A company is not liable pursuant to the 231 Decree if it proves that:

  1. The management has adopted and effectively implemented a so-called Organizational Model’ in order to prevent the commission of the criminal offences listed in the 231 Decree by subjects acting on behalf of the company;
  2. The company has established an internal body (‘Compliance Committee’) entrusted with the task of supervising the proper functioning and update of the Organizational Model, as well as the actual compliance by all those who must abide by it;
  3. Crimes were committed by individuals vested with management powers who have fraudulently avoided compliance with the Organizational Model;
  4. The Compliance Committee has not omitted to perform, or negligently performed its supervision duties.
  5. This explains why companies operating in Italy typically devote substantial resources in the setting up of an Organizational Model.

How to Set up an Organizational Model?  Risk assessment, gap analysis, preventive measures.

In order to prepare an Organizational Model the following process is usually followed:

  1. Examination of areas of risk: on the basis of the company’s Organizational Model and relevant job descriptions, the risk of commission of each crime set forth in the 231 Decree is assessed.
  2. Analysis of existing procedures: all existing procedures and ethical principles are reviewed in order to identify procedures that may reduce the risk of commission of the crimes.
  3. Possible implementation of new measures: should the analysis of existing procedures lead to conclude that some of the risks are not properly reduced, new procedures should be implemented.

The Organizational Model must be Effective A compliance program on paper will not help!

Once a company has adopted an Organizational Model by means of a resolution of the Board of Directors, the company must ensure that it is effectively implemented, that employees and other individuals acting on behalf of the company are duly trained on the model and that any breach of the Model is sanctioned.

In particular, the appointed Compliance Committee must actively supervise the effective functioning and adequacy of the Model on an ongoing basis and in independent fashion. The Compliance Committee is generally in charge of:

  • Monitoring the activity carried out within the company and the areas considered at risk;
  • Assessment of the actual implementation of, and compliance with the Organizational Model;
  • Cooperation and consultation with the management as regards the application of disciplinary sanctions to employees in the event of breach of the internal procedures provided by the Organizational Model.

The last event of our HEALTH INNOVATION ACADEMY is coming up!

Uncategorized, , , ,

On May 21, 2015 our HEALTH INNOVATION ACADEMY series will hold its last event. Join us to hear speakers on the topic of networks for innovation at Via Francesco Sforza 28, Milano (Aula Milani) followed by drinks.

As always, the event is organized in cooperation with the hospital IRCSS Cà Granda – Ospedale Maggiore Policlinico di Milano and with Politecnico di Milano – e-Health LAB – Informatica BioMedica e Sanità Digitale

To find out more about the May 21 program or about HEALTH INNOVATION ACADEMY’s past events, click here: http://healthinnovationacademy.weebly.com/reti-dellinnovazione.html

Medical Apps and the Law, Part II – Medical Apps: Helpful or Harmful?

Legal news, , , , , , ,

A BOOMING MARKET. The idea of running software on a mobile device with healthcare uses has been discussed as early as 1996[1]. However, the issue has assumed explosive proportions in recent years, thanks to the spreading of an “app mentality” among health care professionals and consumers, and its potential, given cloud computing, social networks and big data analytics, could be yet to be realized. According to a March 2014 BCC report, this growing trend will be continuing in the next years[2]. App stores offering thousands of medical app also confirm the trend, as about 97,000 mobile health apps in 62 app stores according to a Research2Guidance market report of last year. Hardware manufacturers are certainly not immune to the medical app fervor, and – for example – the new smartphone Gear 2 Neo by Samsung, launched on April 11, 2014 by Samsung in 125 countries, incorporates a heart rate sensor.

 

ACCORDING TO THE EU COMMISSION, MEDICAL APPS AND E-HEALTH HAVE GREAT POTENTIAL.  What is the view of the authorities on this phenomenon? The potential of apps makes them app enthusiasts, the reality of apps worries them. The European Commission believes in medical apps, which can be leveraged in order to eliminate barriers to smarter, safer, patient-centred health services. Further, digital health could also be a promising factor to cut Member States’ budget[3] while – in the words of the Commission – “putting patients in the driving seat[4]. The reality of the app market, however, does not necessarily boost patient empowerment. In fact, the Commission noted that there are substantial risks connected with the way apps are currently marketed: information to consumers is not clear, the trader’s contact details are not easy to find, the use of the term “free” is often misleading[5].

 

ENFORCEMENT ACTION BY THE ITALIAN DATA PROTECTION AUTHORITY. On September 10, 2014 the Italian Data Protection Authority has issued a warning regarding data protection risks inherent to medical apps (“Medical Apps: More Transparency Is Needed On Data Use”) promising future sanctions. The Authority found that insufficient information to users prior to installation, as well as the processing of excessive data. The survey conducted by the Italian Data Protection Authority involved a total of 1,200 apps and the findings thus obtained were striking: (i) barely 15% of them provided meaningful privacy notices; and (ii) in 59% of the apps reviewed the Authority found it hard to locate pre-installation privacy notices. The stance taken by the Italian Data Protection Authority echoes the Opinion 02/2013 by The “Article 29 Data Protection Working Party”, which had identified lack of transparency, lack of free informed consent; poor security measures; disregard for the principle of purpose limitation requiring processing of personal data only for specific and legitimate purposes.

 

CONSENT IN WRITTEN FORM: A REQUIREMENT PECULIAR TO ITALIAN LAW.  Italian legislation includes a couple of additional requirements, which could kill the medical app market. We note, however, that they have not been mentioned by the Italian Data Protection Authority in their September 10, 2014 warning so it is unclear whether there is any appetite for enforcing them. In addition to a specific authorization by the Data Protection Authority, typically substituted by a general authorization such as this, Section 23 of the Data Protection Code requires that consent to process sensitive data, such as health data, must be given in written form, a requirement which is not satisfied by a mere “click” on the smartphone, but would only be satisfied by the digital or qualified electronic signature in accordance with Italian legislation. This obstacle could be solved only when (and if) the proposed EU Data Protection Regulation enters into force and repeals the existing Italian Data Protection Code, as consent to process sensitive data shall have to be “freely given, specific, informed and explicit” and the controller shall bear the burden of proof of such consent, but consent in written form would no longer be required.

[1] Regulation of health apps: a practical guide”, d4Research, January 2012, citing material from the Conference of the American Medical Informatics Association Fall Symposium of 1996.

[2]This market is expected to grow to $2.4 billion in 2013 and $21.5 billion in 2018 with a compound annual growth rate (CAGR) of 54.9% over the five-year period from 2013 to 2018”.

[3]In Italy, overall savings from the introduction of ICTs in the Health Sector are estimated to be around 11.7% of National health expenditure (i.e., €12.4 billion). Savings from digital prescriptions alone are estimated to be around €2 billion”. European Commission Memo of December 7, 2012 “eHealth Action Plan 2012-2020: Frequently Asked Questions”.

[4] It should be noted that, while the Commission is a fervent proponent of eHealth (see also the recent Green Paper on mHealth), there are strong limitations to its actions given its lack of competence in healthcare delivery and financing, which is entirely up to Member States. The effectiveness of eHealth solutions in Europe require the commitment of Member States to implement organizational changes which make patient-centric eHealth solutions an integral part of their healthcare systems, a task that each Member State is pursuing with various degrees. A March 24, 2014 press release by the European Commission commenting on two European surveys on the use of eHealth (including Electronic Health Records, Health Information Exchange, Tele-health and Personal Health Records) showed that many critical issues still exist: lack of penetration, lack of interoperability, and lack of regulatory certainty, to name a few.

[5] Focus of the Italian Antitrust Authority has so far been on game apps, rather than medical apps: it, too, found that apps were misleadingly presented to users as free, while they were not.

Medical Apps and the Law Part I – What is a medical app? Perhaps it is a medical device. Find out!

Legal news, , , , , ,

Technology often starts in a simple way, perhaps with a simple “click” on an “I AGREE” button on your smartphone. Once the technology has spread, lawyers and authorities start debating what it is and how it fits with the laws.

The following post is the first part of a legal analysis of medical apps attempting to establish what they are under current legislation (Part I), as well as what is wrong with them according to various authorities who have scrutinized them (Part II).

 I keep reading and hearing that apps are not regulated and that the European Union stands behind than the United States in that process. Both statements are wrong. Medical apps can be regulated, if they fall within the scope of the definition of “medical device”. The trick is to find out if they do…

It probably takes less time to download a medical app on your smartphone than to determine if it falls under the definition of “medical device”[1]. Where to look for guidance?

THE EU COMMISSION GUIDELINES. In June 2012 the European Commission has issued Guidelines (MEDDEV 2.1/6) in order to attempt to clarify when standalone software is a medical device. A 6-step decision diagram is also provided by the Guidelines as an aid to decide if a medical application is a medical device. If the medical app is indeed a medical device, then a conformity assessment is required and the app must carry the CE marking.

One key element stands out in order to decide whether a medical app is a medical device: its intended use. This has been further emphasized in the Brain Products GmbH case (Case C-219/11) decided by the European Court of Justice regarding an electro-technical system enabling human brain activity to be recorded. The Court stated that “a device used in humans for the investigation of a physiological process falls within the scope of Directive 93/42 only if the intended purpose of that device, defined by its manufacturer, is medical”, while specifying that the fact that the software is used in a medical context is not sufficient to trigger its qualification as “medical device”. Therefore, the intended use of a device is up to the manufacturer, although – as the influential medical device counsel and blogger Erik Vollebregt puts it – “you cannot disclaim an obvious intended purpose as this would amount to a contradictory label and consequently a non-compliant product”.

THE FDA’s VIEW. On September 23, 2013 the United States Food and Drug Administration tackled the same problem and issued a guidance documentto clarify the subset of mobile apps to which the FDA intends to apply its authority”, because while “The FDA encourages the development of mobile medical apps that improve health care and provide consumers and health care professionals with valuable health information.”, however “The FDA also has a public health responsibility to oversee the safety and effectiveness of medical devices – including mobile medical apps.

FURTHER HELP FROM THE UK. On March 21, 2014, the United Kingdom Medicines and Healthcare Products Regulatory Agency (MHRA) has also issued guidelines to help “healthcare and medical software developers who are unsure of the regulatory requirements for CE marking stand-alone software as a medical device”. The MHRA indicated that software functions that, e.g., analyze, alarm, calculate, control, convert, diagnose, measure, monitor, are likely to lead the app to be considered as a medical device.

REALITY CHECK! The intention of the EU Commission, the FDA and the MHRA to clarify the regulatory framework is commendable and guidelines abound (see also the D4Research guide), but how many mobile medical apps actually bear a CE marking? How many app developers, app stores and app users are even aware of such requirements? I have witnessed awards granted to apps and eHealth projects which showed no awareness of the regulatory aspects. Announcements to “crack down” on illegal apps have been issued (e.g., by the Dutch authorities). What is happening in Italy? While the Ministry of Health is developing its own apps, its general manager Dr. Marletta in December 2013 has announced that the explosion of medical app use is an area of concern, especially with regard to risks and liabilities, which will be monitored by the authority going forward. Actual enforcement action, however, is still to be seen.

THE PROPOSED MEDICAL DEVICE REGULATION: WHAT MAY HAPPEN NEXT.  If the Proposal Regulation replacing the Medical Device Directive sees the light, software will be expressly regulated and specific quality requirements will apply concerning the following aspects:

  • software design must ensure repeatability, reliability and performance according to the intended use;
  • appropriate means to eliminate or reduce as far as possible and appropriate consequent risks in case of single fault condition;
  • software must be developed and manufactured according to the state of the art taking into account the principles of development life cycle, risk management, verification and validation;
  • if intended to be used in combination with mobile computing platforms, software must be designed and manufactured taking into account the specific features of the mobile platform (e.g. size and contrast ratio of the screen) and the external factors related to their use (varying environment as regards to level of light or noise).CONCLUSIONS. Medical apps do not stand in a regulatory vacuum: if they fall within the definition of “medical device”, they are subject to essential requirements and should bear the CE mark.
  • INSTRUCTIONS FOR USE FOR MEDICAL APPS: IN WHICH FORM? We note that, under the e-labeling regulation (Regulation no. 207/2012) entered into force on March 30, 2013, stand-alone software that is deemed to be a medical device can have instructions for use in electronic form, provided that the devices are intended for exclusive use by professional users and that the use by other persons is not reasonably foreseeable. Instead, if the app is a medical device but intended for a patient, instruction for use in paper form must be provided. This requirement appears both unpractical[2] and unreasonable given that a patient downloading an app seems “digital” enough to be sufficiently protected by electronic instructions.

[1] The very definition of medical device included in Directive 93/42/EEC, as amended by Directive 2007/47/EC, includes software. In fact, “’medical device’ means any instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, together with any accessories, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of:

  • diagnosis, prevention, monitoring, treatment or alleviation of disease;
  • diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap;
  • investigation, replacement or modification of the anatomy or of a physiological process,
  • control of conception,

and which does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means;”.

[2] An average smartphone user downloads 37 apps, according to the Opinion 02/2013 on apps on smart devices by the Article 29 Data Protection Working Party, page 2.