Category Archives: Legal news

Courts Limit Administration’s Discretion in Public Contracts

Legal news, , , , ,

Recent rulings by two administrative courts in Italy have restricted the discretion of public entities in the award of public contracts without open procurement procedures, in particular in the healthcare sector. The two decisions reaffirm the Courts’ policy of restricting recourse to in-house contracts and extensions of expired contracts.

The first decision, issued on May 7, 2015 by the Supreme Administrative Court in Rome, invalidated the award of a service contract to a company established and owned by the regional government of Puglia for the provision of in-house services to healthcare facilities in the region. The contract was awarded without a public procurement procedure, on the basis of the fact that it was an in-house service contract. The Court, deciding upon an appeal brought by a competitor who was not granted the possibility to submit its offer, held that a procurement procedure open to competitors must always occur, even if a governmental entity has established a specific vehicle for the purpose of providing in-house services. The Court left a limited room for in-house services, i.e., services provided by an entity fully controlled and managed by the same administration awarding the contract, as if it was one of its internal departments.

On a different occasion, the regional administrative Court of Turin had the chance to reiterate that the extension of expired public contracts is prohibited by public procurement legislation, as it prevents competitors from participating in new public procurement procedures. In addition to stating again this general principle, the Court in its decision of April 3, 2015 no. 573 also held that governmental entities should proceed with calls for tenders whenever the goods or services they intend to procure are not covered by a national or regional framework agreement. In an effort to curb public spending, the Italian government has implemented in several sectors a centralized negotiation process, whereby a central governmental agency (“Consip”) enters into framework agreements for the supply of goods and services to local administrations. Local administrations are generally bound to adhere to such framework agreements and, if they do so, no call for tender needs to be issued. Public hospitals, on the other hand, must adhere to healthcare-specific regional framework agreements and to Consip agreements; only if no such agreements exist they may proceed with the issuance of a call for tenders.

In the case the before the Court, a local healthcare office postponed the validity of an expired supply contract, after assessing that the framework agreement entered into by Consip would have only partially covered the needs of the local administration and – most importantly – would have entailed a higher cost than the expired agreement. Regardless of the potential savings that the extension of the existing contract would have granted the public administration, the Court held that no exceptions can be envisaged to the issuance of a public procurement procedure. Clearly, more than by savings, the Court must have been guided by the desire to sanction a widespread practice of extending expired contracts, which in most cases stifles competition and does not guarantee lower prices.

It is expected that this policy, increasingly adopted by many administrative Courts, will be one of the highlights of the new public procurement legislation that is currently being examined by Italian lawmakers. The new public procurement code is, in fact, expected to provide new instruments for a more effective fight against corruption and inefficiencies within the public administration.

On-line Sale of OTC Medicinal Products

Legal news, , , , , ,

Effective as of tomorrow (July 1, 2015), Italian consumers will be able to purchase over-the-counter (“OTC”) drugs on-line.

Legislative decree nr. 17 of 2014 (“Decree”), enacting EU Directive 2011/62, introduced an innovative way of marketing medicinal products for pharmacies and authorized retailers. In order to do so, pharmacies and retailers must meet several conditions, aimed at preventing marketing of counterfeit products.

  1. First of all, pharmacies and retailers must be authorized by either regional entities, provinces or other competent authorities, upon providing the following information:
  • name, VAT and full address of the logistic site;
  • starting date of on-line sale;
  • website address and any other information that may be necessary to identify the seller’s website.

Any change must be communicated within 30 days, subject to forfeiture of the authorization.

  1. Secondly, the seller’s website must contain at least:
  • information relating to the authorizing authority;
  • a link to the Ministry of Health’s website;
  • a specific logo, including a link to the list of the authorized pharmacies and retailers, maintained by the Ministry of Health.

Additionally, the Ministry of Health’s website shall contain a link to a website created by the European Medicines Agency, which will include information on the purpose of the specific logo, as well as on the risks relating to medicinal products that are unlawfully supplied to the public. The Ministry of Health’s website will also contain information relating to the applicable laws and regulations, including any information on differences vis-à-vis other countries as to conditions regulating the supply of medicinal products.

  1. Lastly, distribution shall be carried out in compliance with good distribution practices.

The Italian Agency for Pharmaceutical Products (Agenzia Italiana del Farmaco, “AIFA”) will be in charge of enforcing the new set of rules. AIFA will direct an anti-counterfeiting system in cooperation with the Ministry of Health, the High Institute for Health (Istituto Superiore di Sanità, “ISS”), the Anti-counterfeiting and Health Department of the Police (Nuclei Antisofisticazione e Sanità, “NAS”), and the Customs Authorities. The system will receive reports concerning allegedly counterfeit medicinal products, and AIFA will coordinate seizure of actually counterfeit medicinal products.

Furthermore, the Ministry of Health, upon AIFA’s proposal, will have the power to issue cease and desist orders directed at on-line sellers, as well as orders aiming at blocking the access to websites selling counterfeit medicinal products.

Lastly, on-line sale of prescription drugs will be punished with imprisonment up to one year and a fine between Euro 2,000.00 and Euro 10,000.00, whereas on-line sale of medicinal products by unauthorized individuals or entities will be punished with imprisonment from 6 months to 2 years and a fine between Euro 3,000 and Euro 18,000. On-line sale of counterfeit medicinal products will be instead punished with imprisonment up to 3 years and with a fine between Euro 2,600.00 to Euro 15,600.00.

The measures introduced by the Decree appear balanced. On the one hand they grant an overall wider access to OTC medicinal products along with a presumable price reduction; on the other hand they set forth a solid enforcement system preventing and punishing marketing of counterfeit drugs. As with every innovation in the field of health, only time will tell if benefits and risks are actually balanced.

3D Printing In Healthcare: Regulatory Issues To Consider

Legal news, ,

The Democratization of 3d Printing: Joys and Sorrows

A fascinating technology is becoming more and more widespread and may completely change the world of manufacturing as we know it: 3D printing. An object passed through a 3D scanner or a file downloaded through the internet may enable almost anybody to produce an unlimited number of 3D copies.

This is a classic example of an innovative technology that is going through the process of “democratization”: with the price of 3D printers now in the range of tens of thousands of Euros, a manufacturing method, which was once available only to a few, may now be found in every architecture firm, in your garage and… in your hospital.

A beautiful National Geographic title points to the revolutionary aspects of 3D printing: “As epoch-making as Gutenberg’s printing press, 3-D printing is changing the shape of the future.” As in many other “revolutions”, it is difficult to imagine its full potential at its onset. Therefore, 3D printing sparks both enthusiasm and anxiety. Many intellectual property owners have much to fear from the possibility of producing countless unauthorized copies of products looking exactly like theirs. While the music and movie industries already suffered when home taping or file sharing became commonplace, 3D printing may impact nearly all industries. Others point to the risks connected with the complete lack of control over the production of guns or other dangerous objects (with others questioning how serious of a threat this might be).

3D printing is already vastly used in the field of medical practice, and many more uses can be imagined in the future (printing organs for transplants is no longer an entirely futuristic scenario). Recent research on 3D programs deployed in Italian hospitals point to the advantages related to 3D models of patients for pre-surgery planning, for training, as well as for obtaining the patient’s informed consent. None of such uses are likely to trigger legal or regulatory issues, if data protection aspects are correctly handled.

Is 3d Printing a Regulated Activity? Is a 3d Printed Item a Regulated Object?

If, instead, a 3D object is created and used closer to patients, it is possible that a regulated item is obtained (most likely a medical device or an advance therapy medicinal product), or that a regulated activity is carried out, with a host of regulatory consequences. In fact:

3d Printing and Liabilities

Who is responsible if a 3D printed medical object is defective? The process of 3D printing involves a number of potentially responsible individuals, who may be liable, in full or in part. A Court would have to determine what went wrong. Depending on the circumstances, the doctor prescribing the 3D object, the surgeon implanting it, the radiologist choosing the images on which the 3D printing process is based, the manufacturers of the 3D printer or of the materials used, the user of a 3D printer… each of them may be responsible for the defect.

However, this is not a new scenario in medical technology, where product liability is always potentially connected with medical malpractice and where finding out the exact responsibility of each subject can be challenging. Italian law sets forth joint liability of all responsible persons and indicates that the person who paid damages has recourse against the other liable persons on the basis of risks, faults and consequences. If such allocation of liability is not possible, then each person is liable in equal parts.

Conclusions

There is often a general sense that an innovative technology is so new that it happens in a legislative vacuum, because how could the legislator have already foreseen rules specific to 3D printing? We have written about a similar approach in the field of medical apps. Instead, new technologies typically land on a pre-existing landscape of applicable regulations, which should be taken into account by innovators and users of innovation. Regulatory authorities may not be ready to start enforcement actions against 3D printing, but may decide to do so in the future.

 

New Environmental Crimes Introduced: Time to Update Your Corporate Compliance Program!

Legal news, ,

On May 19, 2015 the Italian Senate passed bill no. 1345-B, introducing new environmental crimes. The law will become effective the day after its publication on the Official Gazette, following promulgation by the President of the Republic. The law introduces the following environmental crimes in the form of delitti (i.e. the most serious form of crimes), punishable with imprisonment and fines. It is important to note that such crimes are included among the crimes that give rise to criminal corporate liability pursuant to Legislative Decree 231/2001 (“Decree”).  As a result, companies who have already set up an organizational and control model aimed at exempting it from criminal corporate liability must update it in order to take into account prevention of the newly introduced criminal conducts. The new crimes can be described as follows:

  • Polluting.    Anyone who unlawfully damages or jeopardizes in a significant and measurable way waters, air, the surface or the underground, as well as ecosystems, plants or animals, is punishable with imprisonment between 2 and 6 years plus a fine between Euro 10,000.00 and 100,000.00. Sanctions may be higher in case of pollution of protected areas (such as historical sites) or protected plants or animal species. Also, imprisonment can reach as far as 20 years in case of death or injury as a consequence of pollution. As far as companies are concerned, commission of such crime leads to the imposition of monetary sanction between 250 and 600 quotas as per the Decree. Blacklisting sanctions set forth in the Decree may also apply.
  • Environmental disaster. This crime punishes, alternatively, the irreversible alteration of an ecosystem’s equilibrium, the alteration of an ecosystem’s equilibrium the restoring of which is particularly burdensome or can be achieved only by extraordinary measures, or the offense to public safety in light of its effects or the number of people affected. The mentioned conducts are punishable with imprisonment between 5 and 15 years. Also in this case, if protected areas or species are damaged, imprisonment can be increased by one third. The commission of such crime by a company leads to the imposition of monetary sanctions between 400 and 800 quotas, as per the Decree. Also in this case, blacklisting sanctions may apply.
  • Trafficking and disposal of highly radioactive materials.                       Unlawful sale, purchase, receipt, transportation, importation, exportation, supply, detention, transfer and disposal of highly radioactive materials are punished with imprisonment between 2 and 6 years, plus a fine between Euro 10,000.00 and 50,000.00. Sanctions may be increased in case of danger of damage or deterioration of waters, air, the surface or the underground, as well as ecosystems, plants or animals. Also, if any of the conducts jeopardizes the life or safety of individuals, sanctions may be increased by one half. Companies may be punished with monetary sanctions between 250 and 600 quotas in accordance with the Decree.
  • Hindered control. Hindrance of vigilance and control activities on environment, hygiene and safety on the workplace is punished with imprisonment between 6 months and 3 years.

If the above crimes are committed in the form of organized crime, sanctions already set forth against organized crime are increased by one third, and, if companies are involved, they may face sanctions between 300 and 1000 quotas as per the Decree. Sanctions are increased by one third to one half in case any public official or person in charge of a public service carrying out environmental-related offices partakes in the criminal organization. Not only the law provides for new crimes, but it also incentivizes remedial actions. Sanctions are in fact diminished by one half to two thirds in case remedial actions are taken to prevent occurrence of further consequences or to restore the status quo ante. Also, whistle-blowing is incentivized by reducing sanctions by one third to one half. Quite interestingly, the law prevents the statute of limitations from running in case of stay of proceedings ordered to allow remedial actions to be taken. Lastly, failure to take remedial actions, if ordered by a judge or by the law, is punished with imprisonment between one and four years plus a fine between Euro 20,000.00 to 80,000.00.

Legality Rating by the Italian Antitrust Authority: Is It Useful?

Legal news, , , , ,

Not only must we punish corrupt companies but also encourage healthy businesses“. The statement released by Mr. Raffaele Cantone, Chairman of the Italian Anti Corruption Authority, summarizes the rationale underpinning the so called “legality rating”, i.e. a score that the Italian Antitrust Authority assigns to companies who apply for it. In fact, Law no. 62/2012, converting Law Decree no. 29/2012, requires the Italian Antitrust Authority to assign a score ranging from one to three “stars”, to any applying company who complies with a series of legal requirements (inter alia, the absence of criminal sanctions or preventive/precautionary measures against key personnel of the company, no judgments pursuant to Legislative Decree No. 231/2001, no breaches in the field of health and safety at work, and no definitive tax assessments against the company).

The instrument, available to entities generating a turnover in excess of Euro two million per year, is completely optional, but continues to be widely utilized. A statement of the Antitrust Authority shows in fact that, in January 2015, the Authority  received respectively 14% more applications than in the previous month and the trend seems to continue.

So, companies line up as schoolboys in order to show that they are worth a certain number of “stars” in an effort to demonstrate the soundness of their compliance program: is it worth it? To respond, we have looked into the benefits of the legality rating to understand the actual relevance of a practice that is becoming widespread. Below is a summary of the alleged benefits.

  • A new Regulation, developed by the Italian Antitrust Authority in collaboration with the National Anti Corruption Authority, entered into force on November 14, 2012, sets forth that companies benefitting from a legality rating are enrolled in a register of virtuous firms. Such registration is supposed tofacilitate relations with banks or the granting of public funding as well as the possibility to participate in public tenders.
  • The first example of a public procurement process taking into account the legality rating refers to postal services. The procurement documentation (Decision of December 9, 2014, published in the Official Gazette no. 1 of the January 2, 2015) stated for the first time that “for the public procurement of large size, the contracting authorities can evaluate the opportunity to give an additional and proportionate score to companies that benefit from a legality rating issued by the Antitrust Authority pursuant to §. 5 ter of Law-Decree no. 1 of January 24, 2012, or that have equivalent certifications issued to foreign firms from other agencies or public authorities”. For the first time, legality rating actually mattered as it gave a chance to companies to score additional points in public tenders.Some have criticized the use of a legality rating in this context, given that section 83 of the Italian Public Procurement Code (Legislative Decree no. 163/2006) requires that contracting authorities assess bidding companies on the basis of objective requirements only. It has been in fact argued that making reference to a legality rating is too discretionary. However, the Antitrust Authority, in opinion no. 163/2013, seemingly admits the possibility of using discretionary requirements, such as “the curriculum of the company, possession of licenses or quality certifications, availability of business assets, the providing of services or similar work, and in general, skills and references” as “factors that can be weighedas criteria for admission to tenders”.

In conclusion, if public procurement tenders give some weight to the legality rating, then obtaining it may actually be a good idea.

The risk is, as with any type of certification, that it will become a merely formal requirement, which does not attest the actual compliance efforts or a corporation’s culture.

EMA Issues New Guidelines to Prevent Medication Errors

Legal news, , , , , , ,

On April 14, 2015 the European Medicines Agency (“EMA”) released two drafts of good practice guides aimed at improving the reporting, evaluation and prevention of medication errors. The new guides are addressed to regulatory authorities, as well as the pharmaceutical industry.

Medication errors generally refer to unintended mistakes in the processes of prescribing, dispensing or administering of medicinal products in clinical practice and according to EMA they account for an estimated 18.7 – 56% of all adverse drug events among hospitalized patients.

The first guide released by EMA provides an overview of the main sources and types of medication errors, as well as measures to minimize the risks that such errors are made. The second guide, on the other hand, focuses on suspected adverse reactions caused by medication errors, providing guidance and recommendations on how to record, code, report and assess such errors.

The guidelines from EMA recommend a number of actions to marketing authorization holders, including the periodical reporting of information concerning medication errors. Recommendations to the industry include periodical safety update reports and risk management plans to be adopted for each marketed pharmaceutical product. The overall scope of these reporting obligations is to implement a real-life continuous evaluation of the risks and benefits of all medicines placed on the European market.

The two draft guidelines are now open to comments from all relevant stakeholders: the public consultation procedure will expire on June 14, 2015. The final version of the guidelines is expected to be finally adopted later in 2015.

More information and the new draft guides can be found here: http://www.ema.europa.eu/ema/index.jsp?curl=pages/news_and_events/news/2015/04/news_detail_002307.jsp&mid=WC0b01ac058004d5c1.

Medical Malpractice: Contractual or Tortious Nature?

Legal news

The Rise of Medical Malpractice Cases and of Defensive Medicine.  Over the last two decades, medical malpractice has become a prominent issue in the Italian healthcare debate. Medical malpractice litigation has dramatically increased, with dire reflections on prices and availability of professional liability insurance. Insurance premiums have rapidly risen and insurers have often been unable to provide insurance coverage to physicians. As a consequence, physicians have been adopting changes to their practices, by taking allegedly unnecessary precautions or by refusing treatments that may be in the patients’ best interests but may also give rise to their  complaints (the so-called phenomenon of “defensive medicine”).   Different Interpretations of Malpractice by Courts.  Such phenomenon has been exacerbated by the fluctuating approach taken by civil courts in dealing with medical malpractice cases. In fact, Italian Courts have been advancing different interpretations on the nature of the relationship between a physician and a patient.

  1. Medical Malpractice as a Tort. Until 1999, liability arising from medical malpractice was deemed to be a tort. Interpreters believed that the absence of a formal agreement between the parties would trigger tort liability. As no contractual relationship was established between  physicians and patients, the latters, as injured parties, could rely  exclusively on proceedings based on section 2043 of the Italian Civil Code[1]. In light of this interpretation, medical negligence was considered to be a violation of a general duty of care, while patients bore the burden of proving damages suffered, a medical act negligent and a causation link between the two.
  1. Medical Malpractice as Contractual Liability. The above view has been gradually replaced by several opposing theories, which lean towards a contractual interpretation of the relationship between physicians and patients. Accordingly, medical negligence is currently held to be the failure to fulfil a specific obligation, and liability arising from such failure has been considered as contractual liability.

The more convincing approach to define the nature of physician’s liability was introduced by the Italian Supreme Court (Corte di Cassazione) with judgment no. 589/1999. According to such judgment, physicians can be held contractually liable under the theory of  “social contact” (contatto sociale). Such theory is based on the contractual liability of physicians for breaching the duty to protect patients’ health. Given the contractual nature of medical responsibility, damages can be awarded to patients if they produce evidence of the breach of contract committed by physicians, unless  physicians are able to prove that such breach is a result of conditions not attributable to them. In other words, physicians bear the burden to prove the exact fulfilment of the contractual obligation.   A New Statutory Provision on the Role of Guidelines in Medical Practice.  By enacting Law no. 189/2012, the Italian legislator has tried to counter the spread of defensive medicine. Section 3 of the aforementioned Law states that: “The health professional who, in her medical practice, adheres to guidelines and best practices accredited by the scientific community cannot be held criminally liable for ordinary negligence. In such cases however she remains subject to the obligation set out by section 2043 of the Civil Code. The judge, even when determining damages, shall take due account of the conduct referred to above”.   Renewed Controversy on the Nature of Medical Malpractice.  Reference to section 2043 of the Italian Civil Code in Law no. 189/2012 has sparked a new debate among scholars and in courts, some of which maintained that the legislator clearly meant to endorse the tort liability theory. For example, the Court of Milan[2] has recently stated that the theory of “social contact” has been repealed by the 2012 statutory provision and that, absent a specific contractual relationship established between patients and physicians, malpractice must be deemed a tort liability.   Others[3] have pointed out that the provision of Law no. 189/2012 merely states that, in the event of ordinary negligence, the obligation to compensate damages remains, without referring to the nature of medical liability, and that nothing in the statutory provision appears to be in conflict with previous case law on the contractual nature of medical liability.   The “social contact” theory therefore still stands, but the phenomenon of “defensive medicine” has yet to find a solution. [1] Section 2043 of the Italian Civil Code translates as follows: “Any willful or negligent fact causing to a third party an unfair damage triggers the obligation to reimburse such damage”. [2] Decisions no. 9693 of July 23, 2014 and no. 1430 of December 2, 2014. [3] For example, the Italian Supreme Court states this view in its decisions no. 8940 of April 17, 2014.

Defective Medical Devices: an Interesting Decision by the ECJ

Legal news, , ,

On March 5, 2015 the European Court of Justice (“ECJ”) delivered a ruling on product liability that could have consequences for manufacturers of medical devices.

FACTS OF THE CASE. The quality control system of a company selling pacemakers and implantable defibrillators in Germany found that a component utilized to hermetically seal pacemakers may experience a gradual degradation. That defect could lead to premature battery depletion, resulting in loss of telemetry and/or loss of pacing output without warning. In light of such circumstances, the manufacturer issued a warning recommending physicians to replace the implanted pacemakers with others provided free of charge. At the same time, the manufacturer also recommended physicians to turn off a switch in the defibrillators.

PROCEEDINGS. The insurance companies, covering patients whose pacemakers or defibrillators had been replaced, instituted legal proceedings to obtain reimbursement of costs relating to such replacements. The German High Court raised a preliminary question before the ECJ asking whether the devices that had been replaced may be classified as defective, despite lack of evidence that the actual product implanted was defective, on the basis of the corrective measures recommended by the manufacturer. Moreover, the German Court asked whether costs of replacing those pacemakers and defibrillators could be classified as damages, for which the manufacturer may be liable pursuant to the Product Liability Directive[1].

ECJ RULING. In its ruling, the ECJ stated that, in order to determine whether or not the manufacturer was liable, (i) the function of such products, (ii) the vulnerability of patients utilizing them, (iii) the costs borne to replace them, and (iv) the costs relating to turning off the switch of defibrillators had to be taken into account and balanced. In this respect, the ECJ observed that even the potential lack of safety of those products gave rise to the manufacturer’s liability, in light of safety standards that patients could expect from that kind of products and the abnormal possibility of damages to patients, who would be at risk of death. In addition, and in more general terms, the ECJ affirmed that costs borne to replace potential defective devices may constitute damages inasmuch as the expenses incurred are necessary to remedy the defect. However, such a judgment, as pointed out by the ECJ, pertained to the merits of the claim, and must therefore be ascertained by a national Court.

CONSEQUENCES OF THE RULING. Under the Product Liability Directive claimants must produce evidence of the defect, damages arising therefrom and a causation link between the two. By contrast, the ECJ’s decision establishes that even potential defects may be considered as defects. As a consequence, consumers appear to be relieved from the burden of proof that products are actually defective. By the same token, manufacturers’ right of defense seems to be compressed, as – when there are corrective measures recommended by them – the ruling does not leave any room for proof of lack of liability.

WHAT WILL BE THE IMPACT OF THE RULING.  The ECJ’s approach to product liability adopted in the ruling at hand appears to be skewed towards consumers’ protection. A cynical reading of the ECJ’s judgment may even prompt manufacturers to be reluctant to “admit their own mistakes” and issue safety warnings regarding their products! As often happens with legal issues affecting innovation and health policies, balancing of interests is key.

[1] Council Directive 85/374/EEC of July 1985 on the approximation of the laws, regulations and administrative provisions of the Member States concerning liability for defective products. According to the Directive, the producer is liable for damages caused by a defect in his product.

Medical Apps and the Law, Part II – Medical Apps: Helpful or Harmful?

Legal news, , , , , , ,

A BOOMING MARKET. The idea of running software on a mobile device with healthcare uses has been discussed as early as 1996[1]. However, the issue has assumed explosive proportions in recent years, thanks to the spreading of an “app mentality” among health care professionals and consumers, and its potential, given cloud computing, social networks and big data analytics, could be yet to be realized. According to a March 2014 BCC report, this growing trend will be continuing in the next years[2]. App stores offering thousands of medical app also confirm the trend, as about 97,000 mobile health apps in 62 app stores according to a Research2Guidance market report of last year. Hardware manufacturers are certainly not immune to the medical app fervor, and – for example – the new smartphone Gear 2 Neo by Samsung, launched on April 11, 2014 by Samsung in 125 countries, incorporates a heart rate sensor.

 

ACCORDING TO THE EU COMMISSION, MEDICAL APPS AND E-HEALTH HAVE GREAT POTENTIAL.  What is the view of the authorities on this phenomenon? The potential of apps makes them app enthusiasts, the reality of apps worries them. The European Commission believes in medical apps, which can be leveraged in order to eliminate barriers to smarter, safer, patient-centred health services. Further, digital health could also be a promising factor to cut Member States’ budget[3] while – in the words of the Commission – “putting patients in the driving seat[4]. The reality of the app market, however, does not necessarily boost patient empowerment. In fact, the Commission noted that there are substantial risks connected with the way apps are currently marketed: information to consumers is not clear, the trader’s contact details are not easy to find, the use of the term “free” is often misleading[5].

 

ENFORCEMENT ACTION BY THE ITALIAN DATA PROTECTION AUTHORITY. On September 10, 2014 the Italian Data Protection Authority has issued a warning regarding data protection risks inherent to medical apps (“Medical Apps: More Transparency Is Needed On Data Use”) promising future sanctions. The Authority found that insufficient information to users prior to installation, as well as the processing of excessive data. The survey conducted by the Italian Data Protection Authority involved a total of 1,200 apps and the findings thus obtained were striking: (i) barely 15% of them provided meaningful privacy notices; and (ii) in 59% of the apps reviewed the Authority found it hard to locate pre-installation privacy notices. The stance taken by the Italian Data Protection Authority echoes the Opinion 02/2013 by The “Article 29 Data Protection Working Party”, which had identified lack of transparency, lack of free informed consent; poor security measures; disregard for the principle of purpose limitation requiring processing of personal data only for specific and legitimate purposes.

 

CONSENT IN WRITTEN FORM: A REQUIREMENT PECULIAR TO ITALIAN LAW.  Italian legislation includes a couple of additional requirements, which could kill the medical app market. We note, however, that they have not been mentioned by the Italian Data Protection Authority in their September 10, 2014 warning so it is unclear whether there is any appetite for enforcing them. In addition to a specific authorization by the Data Protection Authority, typically substituted by a general authorization such as this, Section 23 of the Data Protection Code requires that consent to process sensitive data, such as health data, must be given in written form, a requirement which is not satisfied by a mere “click” on the smartphone, but would only be satisfied by the digital or qualified electronic signature in accordance with Italian legislation. This obstacle could be solved only when (and if) the proposed EU Data Protection Regulation enters into force and repeals the existing Italian Data Protection Code, as consent to process sensitive data shall have to be “freely given, specific, informed and explicit” and the controller shall bear the burden of proof of such consent, but consent in written form would no longer be required.

[1] Regulation of health apps: a practical guide”, d4Research, January 2012, citing material from the Conference of the American Medical Informatics Association Fall Symposium of 1996.

[2]This market is expected to grow to $2.4 billion in 2013 and $21.5 billion in 2018 with a compound annual growth rate (CAGR) of 54.9% over the five-year period from 2013 to 2018”.

[3]In Italy, overall savings from the introduction of ICTs in the Health Sector are estimated to be around 11.7% of National health expenditure (i.e., €12.4 billion). Savings from digital prescriptions alone are estimated to be around €2 billion”. European Commission Memo of December 7, 2012 “eHealth Action Plan 2012-2020: Frequently Asked Questions”.

[4] It should be noted that, while the Commission is a fervent proponent of eHealth (see also the recent Green Paper on mHealth), there are strong limitations to its actions given its lack of competence in healthcare delivery and financing, which is entirely up to Member States. The effectiveness of eHealth solutions in Europe require the commitment of Member States to implement organizational changes which make patient-centric eHealth solutions an integral part of their healthcare systems, a task that each Member State is pursuing with various degrees. A March 24, 2014 press release by the European Commission commenting on two European surveys on the use of eHealth (including Electronic Health Records, Health Information Exchange, Tele-health and Personal Health Records) showed that many critical issues still exist: lack of penetration, lack of interoperability, and lack of regulatory certainty, to name a few.

[5] Focus of the Italian Antitrust Authority has so far been on game apps, rather than medical apps: it, too, found that apps were misleadingly presented to users as free, while they were not.

Medical Apps and the Law Part I – What is a medical app? Perhaps it is a medical device. Find out!

Legal news, , , , , ,

Technology often starts in a simple way, perhaps with a simple “click” on an “I AGREE” button on your smartphone. Once the technology has spread, lawyers and authorities start debating what it is and how it fits with the laws.

The following post is the first part of a legal analysis of medical apps attempting to establish what they are under current legislation (Part I), as well as what is wrong with them according to various authorities who have scrutinized them (Part II).

 I keep reading and hearing that apps are not regulated and that the European Union stands behind than the United States in that process. Both statements are wrong. Medical apps can be regulated, if they fall within the scope of the definition of “medical device”. The trick is to find out if they do…

It probably takes less time to download a medical app on your smartphone than to determine if it falls under the definition of “medical device”[1]. Where to look for guidance?

THE EU COMMISSION GUIDELINES. In June 2012 the European Commission has issued Guidelines (MEDDEV 2.1/6) in order to attempt to clarify when standalone software is a medical device. A 6-step decision diagram is also provided by the Guidelines as an aid to decide if a medical application is a medical device. If the medical app is indeed a medical device, then a conformity assessment is required and the app must carry the CE marking.

One key element stands out in order to decide whether a medical app is a medical device: its intended use. This has been further emphasized in the Brain Products GmbH case (Case C-219/11) decided by the European Court of Justice regarding an electro-technical system enabling human brain activity to be recorded. The Court stated that “a device used in humans for the investigation of a physiological process falls within the scope of Directive 93/42 only if the intended purpose of that device, defined by its manufacturer, is medical”, while specifying that the fact that the software is used in a medical context is not sufficient to trigger its qualification as “medical device”. Therefore, the intended use of a device is up to the manufacturer, although – as the influential medical device counsel and blogger Erik Vollebregt puts it – “you cannot disclaim an obvious intended purpose as this would amount to a contradictory label and consequently a non-compliant product”.

THE FDA’s VIEW. On September 23, 2013 the United States Food and Drug Administration tackled the same problem and issued a guidance documentto clarify the subset of mobile apps to which the FDA intends to apply its authority”, because while “The FDA encourages the development of mobile medical apps that improve health care and provide consumers and health care professionals with valuable health information.”, however “The FDA also has a public health responsibility to oversee the safety and effectiveness of medical devices – including mobile medical apps.

FURTHER HELP FROM THE UK. On March 21, 2014, the United Kingdom Medicines and Healthcare Products Regulatory Agency (MHRA) has also issued guidelines to help “healthcare and medical software developers who are unsure of the regulatory requirements for CE marking stand-alone software as a medical device”. The MHRA indicated that software functions that, e.g., analyze, alarm, calculate, control, convert, diagnose, measure, monitor, are likely to lead the app to be considered as a medical device.

REALITY CHECK! The intention of the EU Commission, the FDA and the MHRA to clarify the regulatory framework is commendable and guidelines abound (see also the D4Research guide), but how many mobile medical apps actually bear a CE marking? How many app developers, app stores and app users are even aware of such requirements? I have witnessed awards granted to apps and eHealth projects which showed no awareness of the regulatory aspects. Announcements to “crack down” on illegal apps have been issued (e.g., by the Dutch authorities). What is happening in Italy? While the Ministry of Health is developing its own apps, its general manager Dr. Marletta in December 2013 has announced that the explosion of medical app use is an area of concern, especially with regard to risks and liabilities, which will be monitored by the authority going forward. Actual enforcement action, however, is still to be seen.

THE PROPOSED MEDICAL DEVICE REGULATION: WHAT MAY HAPPEN NEXT.  If the Proposal Regulation replacing the Medical Device Directive sees the light, software will be expressly regulated and specific quality requirements will apply concerning the following aspects:

  • software design must ensure repeatability, reliability and performance according to the intended use;
  • appropriate means to eliminate or reduce as far as possible and appropriate consequent risks in case of single fault condition;
  • software must be developed and manufactured according to the state of the art taking into account the principles of development life cycle, risk management, verification and validation;
  • if intended to be used in combination with mobile computing platforms, software must be designed and manufactured taking into account the specific features of the mobile platform (e.g. size and contrast ratio of the screen) and the external factors related to their use (varying environment as regards to level of light or noise).CONCLUSIONS. Medical apps do not stand in a regulatory vacuum: if they fall within the definition of “medical device”, they are subject to essential requirements and should bear the CE mark.
  • INSTRUCTIONS FOR USE FOR MEDICAL APPS: IN WHICH FORM? We note that, under the e-labeling regulation (Regulation no. 207/2012) entered into force on March 30, 2013, stand-alone software that is deemed to be a medical device can have instructions for use in electronic form, provided that the devices are intended for exclusive use by professional users and that the use by other persons is not reasonably foreseeable. Instead, if the app is a medical device but intended for a patient, instruction for use in paper form must be provided. This requirement appears both unpractical[2] and unreasonable given that a patient downloading an app seems “digital” enough to be sufficiently protected by electronic instructions.

[1] The very definition of medical device included in Directive 93/42/EEC, as amended by Directive 2007/47/EC, includes software. In fact, “’medical device’ means any instrument, apparatus, appliance, software, material or other article, whether used alone or in combination, together with any accessories, including the software intended by its manufacturer to be used specifically for diagnostic and/or therapeutic purposes and necessary for its proper application, intended by the manufacturer to be used for human beings for the purpose of:

  • diagnosis, prevention, monitoring, treatment or alleviation of disease;
  • diagnosis, monitoring, treatment, alleviation of or compensation for an injury or handicap;
  • investigation, replacement or modification of the anatomy or of a physiological process,
  • control of conception,

and which does not achieve its principal intended action in or on the human body by pharmacological, immunological or metabolic means, but which may be assisted in its function by such means;”.

[2] An average smartphone user downloads 37 apps, according to the Opinion 02/2013 on apps on smart devices by the Article 29 Data Protection Working Party, page 2.