All posts by Paola Sangiovanni

Unknown's avatar

About Paola Sangiovanni

Partner of GITTI and Partners. Seasoned transactional and regulatory legal counsel with a thorough understanding of the life sciences industry.

Why E-Prescription is an Important Step Towards E-Health

Legal news, , , ,

Italian Regions are racing towards the goal of de-materialization of prescriptions of medicines. While the national average percentage of electronic prescriptions has not yet reached 50%, certain Regions are recording percentages above 80% (Veneto, Sicily, Campania, and Aosta Valley), according to the latest data published by Il Sole 24 Ore Sanità on the September 8-14 issue. The goal of 90% of de-materialized prescriptions, which has been postponed to 2016 by Law no. 11 of 2015, is getting closer. E-prescriptions will also have an interesting feature that may prove helpful for certain patients: the validity of e-prescriptions would no longer be limited to a single Region, but would spread to the national level.

What are the advantages of e-prescribing and why is it considered a crucial step towards E-Health? Saving on the cost of paper, as cited by certain commentators, is definitely not the point. E-Health requires costly investments in the field of Information Technology, which will not be easily set-off by money saved on paper!

E-prescriptions actually promise much more substantial benefits:

  • Increase of patients’ safety and error reduction: an electronic system can lead to less mistakes due, for example, to the selection of incorrect or unavailable drug dosages, the duplication of therapies or the misinterpretation of the content of the prescription, the avoidance of mistakes linked to the omission of certain information (e.g., allergies).
  • Better monitoring of appropriateness and control of the cost of therapies: e-prescriptions can be a formidable tool to gather data and keep track of health costs in real time, which may lead to a more efficient control on expenditures at every level. As an example, think about what an automatic alert suggesting more cost effective therapies or an optimization of the current therapy may do for a single patient and for the health system in general.

Let’s keep on counting electronic prescriptions (21 million out of 48 million last June!): they will not be the panacea for the national health system, but they can be a great step forward.

Drones and Privacy: Risks and Recommendations.

Uncategorized, , , , , , , ,

Drones Are Increasingly Used in the Civil Field. The civil use of drones is increasing, as also witnessed by the DRONITALY event that will be hosted near the Milan Expo in late September. And attorneys who are contributors to this blog find it certainly exciting when new technologies become widespread and thus present legal challenges!

When a new technology starts to become mainstream, the lack of adequate legal provisions is often deplored. In truth, the interpreter needs to take a deep breath and (i) identify the applicable laws, as well as (ii) understand the unique risks entailed by such novel technology, while comparing them with previous technologies. In the case of unmanned vehicle systems, commonly referred to as drones, it does not look like the applicable rules are lacking, but they are simply difficult to apply.

EU Data Protection Authorities Scratch Their Heads Together. The data protection authorities of the European Union, who work together within the “Article 29 Data Protection Working Party”, have recently tackled the issue of drones. The June 16, 2015 opinion by the “Article 29 Data Protection Working Party” (“Opinion”) is especially interesting because of its solid logic approach, which starts with a careful analysis of potential data protection risks linked to the increased use of drones, goes on to finding specific issues that are unique to drones, and ends with a number of recommendations to operators, manufacturers, regulators and law enforcement officials.

Unique Challenges to Personal Data. Drones are aerial vehicles that can be used for a host of activities (including – as pointed out by the Opinion – dull, dirty or dangerous operations, also known as “3D”). The Opinion is careful in pointing out that the use of drones per se is not problematic: it is the possibility to equip drones with recorders of audio and video data that poses challenges to privacy. Additionally, drones overcome obstacles such as walls or fences, and small drones may even enter buildings. Subjects whose data are recorded are often unaware of the processing of their data and, if they are or suspect that they might be, this may trigger a “chilling effect” on their conduct. In short, the principles of purpose limitation, data minimization and proportionality are at risk. Therefore, the Opinion strongly encourages a data protection impact assessment to check how, given the circumstances, the processing of data by a drone may impact the privacy of interested subjects. The assessment must start early on, and the rule of data protection by design must be respected by manufacturers and users. Such assessment must take into account:

  • The Applicability (or Inapplicability) of Exceptions. When personal data is processed by sensors installed on the drone, there is no doubt that data protection legislation applies. The exception for personal data processed in the course of a personal or household activity is never compatible with the sharing of such data on the internet. Law enforcement may also be found as a legal basis for processing, but it must be lawful, necessary and proportionate: indiscriminate surveillance is not acceptable.
  • Informed Consent. Freely given, specific and informed consent is difficult to achieve when it comes to drones. The Opinion suggests to try anything that may work (they, more elegantly, talk about a “multi-channel approach”): from signposts to symbols, signals, lights, registration marks or the publication on the internet of information on drone activities, so that a specific drone can not only be detected by interested subjects, but also linked to a certain data controller. Other grounds for lawful data processing may be found depending on the circumstances, such as performance of a contract to which the data subject is a party (e.g., security services offered through drones only recording the data subject’s property), processing to protect the vital interests of the data subject (e.g., rescue of victims of accidents) or for the purposes of a legitimate interest (e.g., wildlife research).
  • Security Measures. Personal data gathered must be safely stored and communicated (encryption is encouraged).
  • Anonymization or Deletion of Data. Data must not be kept for a period that goes beyond what is necessary to fulfill the purpose of the processing. Data must be accessed only on a limited basis and anonymized or deleted as soon as possible.

Many of the legal issues connected with drones are similar to those arising in case of video surveillance, already tackled by the Italian Data Protection Authority in 2010, with the notable exception that providing information to data subjects may prove to be much more challenging in case of aerial vehicles that fly at a distance.

Less Open Tenders in e-Health Government Contracts?

Uncategorized, , , , ,

In Italy, general principles on government contracts mandate that the provision of services to public administrations must be preceded by the issuing of a public tender allowing various companies to transparently compete for the job. This blog has recently discussed a couple of court decisions that in fact confirmed and further strengthened such principle.

However, a recent decision by the Consiglio di Stato, the higher court which is competent for administrative matters, seems to go in the opposite direction in a case regarding services linked to digital health.

The facts of the case relate to the Lecce health center, located in Puglia, Italy, which assigned to a certain firm the tasks of providing maintenance IT services in the fields of RIS (Radiology Information System) and PACS (Picture Archiving and Communication System). The same firm had previously provided IT maintenance in the RIS-PACS field, was the exclusive authorized reseller of the concerned systems and was in charge of the integration of other IT systems already in place the health center. Given such qualifications, the health center refrained from issuing a public tender and instead used the tool of the “negotiated process” with such IT firm only, which is allowed when, due to technical reasons, the supply contract can be assigned only to a single firm. The petitioner of the case, on the contrary, argued that any other qualified IT company was able to integrate and maintain the IT systems.

What is interesting to note is that the Court gives weight to the “special complexity” of the services constituted by the shift to a digital imaging system: under such view, e-Health is viewed as a field fraught with risks (on data, and ultimately on patients), thus allowing to recur to the exception constituted by the “negotiated process” rather than to rely on the rule of open tenders.

What’s New in E-Health? Interesting Developments to Consider.

Legal news, , , , , , , , ,

E-Health is a term often used to describe a relationship established between electronic tools and the art of medicine. The European e-Health Action Plan 2012-2020, for example, describes e-Health as a “mean using digital tools and services for health”, which involves an interaction between patients and health-services providers. Within e-Health, the role of telemedicine is considerably growing.

Regulations and guidelines in the field of e-Health are growing in the Italian jurisdiction, too. In particular:

  1. A new Agreement on Digital Health (“Patto per la Sanità Digitale”) prepared by the Ministry of Health has been proposed to the State and Region Conference in June 2015
  2. New guidelines on electronic health records have been issued by the Data Protection Authority on June 4, 2015; and
  3. An interesting administrative court decision issued on July 10, 2015 set forth innovative principles in the field of digital health supplies to the public administration.

Our next blog posts will explore the above developments, which are set to change certain regulatory aspects of e-Health.

Stay tuned, and happy summer!

3D Printing In Healthcare: Regulatory Issues To Consider

Legal news, ,

The Democratization of 3d Printing: Joys and Sorrows

A fascinating technology is becoming more and more widespread and may completely change the world of manufacturing as we know it: 3D printing. An object passed through a 3D scanner or a file downloaded through the internet may enable almost anybody to produce an unlimited number of 3D copies.

This is a classic example of an innovative technology that is going through the process of “democratization”: with the price of 3D printers now in the range of tens of thousands of Euros, a manufacturing method, which was once available only to a few, may now be found in every architecture firm, in your garage and… in your hospital.

A beautiful National Geographic title points to the revolutionary aspects of 3D printing: “As epoch-making as Gutenberg’s printing press, 3-D printing is changing the shape of the future.” As in many other “revolutions”, it is difficult to imagine its full potential at its onset. Therefore, 3D printing sparks both enthusiasm and anxiety. Many intellectual property owners have much to fear from the possibility of producing countless unauthorized copies of products looking exactly like theirs. While the music and movie industries already suffered when home taping or file sharing became commonplace, 3D printing may impact nearly all industries. Others point to the risks connected with the complete lack of control over the production of guns or other dangerous objects (with others questioning how serious of a threat this might be).

3D printing is already vastly used in the field of medical practice, and many more uses can be imagined in the future (printing organs for transplants is no longer an entirely futuristic scenario). Recent research on 3D programs deployed in Italian hospitals point to the advantages related to 3D models of patients for pre-surgery planning, for training, as well as for obtaining the patient’s informed consent. None of such uses are likely to trigger legal or regulatory issues, if data protection aspects are correctly handled.

Is 3d Printing a Regulated Activity? Is a 3d Printed Item a Regulated Object?

If, instead, a 3D object is created and used closer to patients, it is possible that a regulated item is obtained (most likely a medical device or an advance therapy medicinal product), or that a regulated activity is carried out, with a host of regulatory consequences. In fact:

3d Printing and Liabilities

Who is responsible if a 3D printed medical object is defective? The process of 3D printing involves a number of potentially responsible individuals, who may be liable, in full or in part. A Court would have to determine what went wrong. Depending on the circumstances, the doctor prescribing the 3D object, the surgeon implanting it, the radiologist choosing the images on which the 3D printing process is based, the manufacturers of the 3D printer or of the materials used, the user of a 3D printer… each of them may be responsible for the defect.

However, this is not a new scenario in medical technology, where product liability is always potentially connected with medical malpractice and where finding out the exact responsibility of each subject can be challenging. Italian law sets forth joint liability of all responsible persons and indicates that the person who paid damages has recourse against the other liable persons on the basis of risks, faults and consequences. If such allocation of liability is not possible, then each person is liable in equal parts.

Conclusions

There is often a general sense that an innovative technology is so new that it happens in a legislative vacuum, because how could the legislator have already foreseen rules specific to 3D printing? We have written about a similar approach in the field of medical apps. Instead, new technologies typically land on a pre-existing landscape of applicable regulations, which should be taken into account by innovators and users of innovation. Regulatory authorities may not be ready to start enforcement actions against 3D printing, but may decide to do so in the future.

 

TO REIMBURSE OR NOT TO REIMBURSE? A recent judgement on scientific evidence and appropriateness of care.

Uncategorized, , , , , , ,

A judgment by the Italian Supreme Court published on April 10, 2015, determined that an alternative cure must be covered by the Italian National Health Service even in the absence of compelling scientific evidence as to its efficacy.

Health is protected by Italian law as a fundamental right of the individual, as well as a collective interest of the community, and dignity and freedom of the human being must always be respected. These general principles are enshrined in the Italian Constitution (section 32) and in section 1 of Legislative Decree no. 502/1992. Therefore, the right to health is framed as an absolute and fundamental right, a theoretical approach that – given the many restraints affecting patients’ access to care – may appear almost fictional.

Further, Italian legislation sets forth that the National Health Service must offer uniform essential levels of care and assistance, taking into account human dignity, equal access to care, quality and appropriateness of therapy, as well as economic factors. (These latter economic factors often appear most pressing, as patients affected by hepatitis C are currently learning!).

With regard to reimbursement, the Italian National Health Service must cover assistance services which show, for specific clinical or risk conditions, scientific evidence of a significant health benefit, from an individual and collective standpoint, compared to the resources employed. Such concept is often called “appropriateness” and is something with which doctors, hospitals, patients and authorities struggle daily. Nobody will deny that all the above mentioned factors are of primary importance, but balancing them can be difficult in practice.

The recent decision by the Italian Supreme Court (Corte di Cassazione, judgement no. 7279 of 2015) determined that a quadriplegic patient was entitled to free access to a non conventional therapy (so called “DIKUL” therapy), even in the absence of compelling scientific evidence as to its efficacy, when it was proven that the patient benefited from it through a sworn appraisal of a Court appointed expert. The Court pointed out that, while no compelling scientific evidence was offered, the efficacy of the therapy was in doubt, but not openly proven as not efficacious.

In its reasoning, the Court reiterated the higher hierarchy of the constitutional right to health over the discretional administrative decision of the hospital to administer a certain therapy. Further, the Court emphasized that the efficacy principle set forth in Italian law may be based on actual benefits to the patient brought by the DIKUL therapy: the mere absence of available scientific evidence in favor of the DIKUL therapy was not sufficient to deny its access to the patient. Only if there had been scientific evidence proving that the DIKUL therapy was inefficacious, then its reimbursement could have been denied.

We have already commented on the infamous Stamina case in this blog, a case where the well intentioned desire of Courts and Parliament to help otherwise helpless patients prompted the recourse to a therapy which completely lacked any scientific basis and breached many legal provisions actually aimed at protecting patients (e.g., GMP manufacturing requirements, informed consent of patients).

The recent Supreme Court decision confirms the sometimes difficult relationship between scientific evidence and access to a certain therapy, particularly in cases of patients affected by diseases for which there are limited therapy options.

Italian Corporate Criminal Liability 101: Basic Facts You Should Know

Uncategorized, , , , , , ,

Are Companies Criminally Liable under Italian Law? Yes!

Legislative Decree no. 231/2001 (the “231 Decree”) has introduced in Italy the principle that companies are responsible for crimes committed by:

  • Individuals vested with powers of company’s representation, control, direction, or management;
  • Individuals subject to the authority or control by the above-mentioned individuals, including employees, consultants, non subordinate employees and whoever acts on behalf of the company.
  • As a result, a company may now be considered liable for crimes committed by individuals in the interest or to the benefit of the company (while crimes committed by individuals in their exclusive interest or in the exclusive interest of third parties do not trigger company’s liability). The company’s liability is separate and distinct from the liability of the individual who committed the crime.

Which Crimes Trigger Liability? Several (not just corruption!).

The 231 Decree lists a number of crimes for which companies may be liable, which include:

  • Corporate crimes;
  • Crimes against public administrations;
  • Crimes against the dignity of individuals;
  • Conspiracies and terrorism;
  • Crimes arising out of breach of laws protecting the environment and health and safety at work;
  • Crimes related to criminal associations;
  • Money laundering.

Which Sanctions Apply? Monetary and blacklisting sanctions.

If a company is found liable, the following sanctions may apply:

  • monetary sanctions up to a maximum amount of Euro 1,549,370.69 (and precautionary seizure of the price or profit arising from the crime),
  • blacklisting sanctions (applicable also as a precautionary measure), with duration between 3 to 24 months, which can consist of, inter alia, the prohibition to conduct the Business’ commercial activity, the prohibition to contract with the public administration, the prohibition to advertise goods or services, seizure, or the publication of the court’s decision (if a blacklisting sanction is applied).

Are There any Grounds of Exemption from Criminal Corporate Liability?  Yes!

A company is not liable pursuant to the 231 Decree if it proves that:

  1. The management has adopted and effectively implemented a so-called Organizational Model’ in order to prevent the commission of the criminal offences listed in the 231 Decree by subjects acting on behalf of the company;
  2. The company has established an internal body (‘Compliance Committee’) entrusted with the task of supervising the proper functioning and update of the Organizational Model, as well as the actual compliance by all those who must abide by it;
  3. Crimes were committed by individuals vested with management powers who have fraudulently avoided compliance with the Organizational Model;
  4. The Compliance Committee has not omitted to perform, or negligently performed its supervision duties.
  5. This explains why companies operating in Italy typically devote substantial resources in the setting up of an Organizational Model.

How to Set up an Organizational Model?  Risk assessment, gap analysis, preventive measures.

In order to prepare an Organizational Model the following process is usually followed:

  1. Examination of areas of risk: on the basis of the company’s Organizational Model and relevant job descriptions, the risk of commission of each crime set forth in the 231 Decree is assessed.
  2. Analysis of existing procedures: all existing procedures and ethical principles are reviewed in order to identify procedures that may reduce the risk of commission of the crimes.
  3. Possible implementation of new measures: should the analysis of existing procedures lead to conclude that some of the risks are not properly reduced, new procedures should be implemented.

The Organizational Model must be Effective A compliance program on paper will not help!

Once a company has adopted an Organizational Model by means of a resolution of the Board of Directors, the company must ensure that it is effectively implemented, that employees and other individuals acting on behalf of the company are duly trained on the model and that any breach of the Model is sanctioned.

In particular, the appointed Compliance Committee must actively supervise the effective functioning and adequacy of the Model on an ongoing basis and in independent fashion. The Compliance Committee is generally in charge of:

  • Monitoring the activity carried out within the company and the areas considered at risk;
  • Assessment of the actual implementation of, and compliance with the Organizational Model;
  • Cooperation and consultation with the management as regards the application of disciplinary sanctions to employees in the event of breach of the internal procedures provided by the Organizational Model.

The last event of our HEALTH INNOVATION ACADEMY is coming up!

Uncategorized, , , ,

On May 21, 2015 our HEALTH INNOVATION ACADEMY series will hold its last event. Join us to hear speakers on the topic of networks for innovation at Via Francesco Sforza 28, Milano (Aula Milani) followed by drinks.

As always, the event is organized in cooperation with the hospital IRCSS Cà Granda – Ospedale Maggiore Policlinico di Milano and with Politecnico di Milano – e-Health LAB – Informatica BioMedica e Sanità Digitale

To find out more about the May 21 program or about HEALTH INNOVATION ACADEMY’s past events, click here: http://healthinnovationacademy.weebly.com/reti-dellinnovazione.html