Tag Archives: italy

New Whistleblowing Legislation Approved in Italy

Whistleblowers will be granted a higher level of protection under new legislation passed earlier this week in Italy.

The new provisions apply to civil servants as well as employees in the private sector. Whistleblowing protection will shield individuals who submit a good faith report concerning unlawful conduct, provided that such report is based on a reasonable belief and factual elements.

The new legislation prohibits any retaliation or other discriminatory measures against good faith whistleblowers, including termination, demotion, transfer or other organizational action.

In the private sector, the new legislation has a significant impact on organizational models adopted to prevent corporate criminal liability pursuant to Legislative Decree 231 of 2001. In fact, all organizational models will need to set up appropriate channels for the confidential reporting of criminal conduct and violations of the organizational models themselves.  Measures aimed at protecting the identity of the whistleblowers and the confidentiality of the reports, as well as disciplinary sanctions against retaliatory or discriminatory measures against whistleblowers, will also need to be included in such organizational models.

The new legislation is expected to enter into force shortly, upon publication in the official gazette.

Advertisements

Continuing Medical Education: New Rules under Italian Law (and How to Comply with Them)

A new regulation has been enacted in Italy, overhauling continuing medical education regulations. The new provisions will not only have an impact on healthcare professionals, who are subject to educational requirements, but also on pharmaceutical companies and medical devices manufacturers supporting educational events and congresses, as well as on third party providers and organizers. The new regulation has been adopted following consensus among regional authorities and the Ministry of Health on February 2, 2017.

The national commission for continuing medical education is entrusted with the task of determining the requirements and quality levels of educational events, as well as the minimum educational goals applicable nation-wide. The commission shall also adopt a manual for the certification of event organizers (so called CME providers). Regional authorities, on the other hand, must ensure a proper and adequate planning for medical education within their territories.

Furthermore, each professional shall develop and comply with an individualized educational plan (so called “dossier”), in order to ensure a coherent and complete education. Educational events attended abroad may also be recognized for purposes of medical education, in accordance with the criteria that will be established by the national commission.

As far as industry operators are concerned, the new regulation reiterates and strengthens the requirements of transparency and independence of educational providers from pharmaceutical/medical device companies. In particular:

  • CME providers must disclose any relationship between speakers/moderators and any private entity active in the healthcare industry;
  • CME providers must not have any direct or indirect interest in any pharmaceutical/medical device businesses or engage in any relationship with such businesses, other than the sponsorship pursuant to CME regulations;
  • CME providers must not organize any promotional events on specific products; a full segregation of activities between educational CME providers and other event organizers is therefore established;
  • The regulation further expands on the definition of conflict of interests and aims at better regulating all relationships and interests between the industry and educational providers;
  • More stringent provisions concerning advertisement and promotion during educational CME events are introduced, including restrictions for employees of the sponsor to attend educational classes and seminars.

While several provisions of the new regulation directly target CME providers, the industry should also be prepared to the new regulatory framework. Here is a list of what private operators should immediately think of:

  • Train your staff on the new regulations (both at your headquarters and on the field);
  • Check if internal company procedures needs to be updated;
  • Check if internal sponsorship documentation (including contracts) needs to be updated;
  • Review ECM providers with whom you usually work to ensure they comply with the new requirements and avoid conflicts of interests.

Italian Data Protection Authority Authorizes the “Privacy Shield”

The Italian Data Protection Authority has authorized the transfer of personal data to the United States on the basis of the new “Privacy Shield” program, designed by the European Commission and the U.S. Department of Commerce to provide companies with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. On July 12, 2016 the European Commission deemed that the “Privacy Shield” offered adequate protection and could enable data transfers under EU legislation.

The Italian Data Protection Authority has now issued a general authorization for the processing and transfer of personal data in accordance with the “Privacy Shield” program and with the European Commission adequacy decision. The general authorization will be published today on the Official Gazette. Italian companies and multinational corporations active in Italy will therefore be able to transfer personal data to United States entities adhering to the “Privacy Shield”.

This latest decision comes after the expiration of the previous general authorization allowing the transfer of personal data to the United States pursuant to the “Safe Harbor” framework, held invalid by the Court of Justice of the European Union on October 22, 2015.

The European Commission plans to implement a continuous monitoring of the “Privacy Shield”, while at the moment it remains unclear how many business entities will seize this opportunity and join in the new program.

Legal Issues 4.0: what approach suits innovation better?

The fourth industrial revolution is undoubtedly on the bull’s eye of international and domestic economic discussions. To name just one of the major events that recently focused on the Industry 4.0 debate, one could mention the World Economic Forum 2016 Annual Meeting held in Davos on January 20-23 2016, together with its ambitious title: Mastering the Fourth Industrial Revolution.

Indeed, starting from Germany’s Industrie 4.0, European governments have been trying to master the demanding challenges that the fourth industrial revolution brought, taking co-ordinate actions with companies and research institutions in order to attract investments and be more competitive in the global manufacturing scene.

At a glance, Industry 4.0 consists in the transformation – or rather the evolution – of industrial manufacturing based on the new possibilities offered by:

  • The ability of machines, devices and sensors to connect and communicate with each other and analyze/process large amounts of data;
  • The ability of information systems to create a virtual copy of the physical world by enriching digital plant models with sensor data;
  • The ability of assistance systems to support humans by aggregating and visualizing information comprehensibly for making informed decisions and solving urgent problems on short notice;
  • The ability of cyber physical systems to physically support humans by conducting a range of tasks that are unpleasant, too exhausting, or unsafe for humans;
  • The ability of cyber physical systems to make decisions on their own and to perform their tasks as autonomous as possible.

The phenomenon hence embraces many fast-evolving fields such as Robotics, Internet of Things, Big Data and Smart Data.

After Germany, other European as well as oversea governments took actions aimed at exploiting, promoting and fueling with investments the research and development driven by such innovations. The United States started Manufacturing USA and France announced Industrie du Futur, to name just a few of such governmental programs.

Lastly, here in Italy, only a few days ago the Italian government announced the main features of its national Industria 4.0. The plan will make available public investments up to ten billion euro between 2017 and 2020, providing for tax incentives, as well as support for venture capital, ultra-broadband development, education and innovative research centers.

A number of legal issues are raised by the fourth industrial revolution.

  • The first and – one would say – more obvious one, is related to data protection. Intelligent and multi-linked objects continuously collect, generate and transmit data (including personal data) that are processed and analyzed, often across State’s boundaries, by both automated and manual means. It is hence fundamental that data protection laws and regulations offer appropriate legal instruments to control and limit what can potentially become an uncontrolled and automated leakage of personal data.
  • Property law is also at stake. In particular, in relation to non-personal data produced by machines and objects, ownership of such “products” seem to be mainly unregulated, with the exception of some specific instruments subject to database’s Moreover, moving towards more typical IP issues, it is clear that enhanced digitalization and connectivity both bring the risk of not being able to effectively keep trade and industrial secrets, as well as not being able to protect undisclosed know-how and business information.
  • Labour law will have to find instruments in order to manage the potential job loss deriving from automatization and innovation.
  • Product liability and, more in general, the legal framework of civil (and criminal) wrongs will have to face the fact that machines are more and more able to communicate, act and, in a way, “think” autonomously.

Can these challenges be tackled with existing legal instruments or do they require the adoption of tailor-made, brand new solutions?

The legal fields that have been mentioned here are, indeed, varied and do not allow one straightforward answer. Nevertheless, it may be worth noting that pushing for over-specific and unrealistically always-up-to-date legal instruments can be very risky. It can result, in fact, in a never-ending (but always late) frantic chase of fast-pacing technological developments, which can be more effectively tackled by adapting traditional flexible tools.

As it has been recently underlined by a study led by the European Parliament, “many of these issues have a cross-border and even pan-European element, e.g. migration of skilled labour, completing the digital single market and cybersecurity, cross-border research, standards etc”.

Perhaps, the success of the fourth industrial revolution from a legal point of view will largely depend on the ability and willingness to find harmonized and common solutions to global challenges, rather than create over-particular and specific new instruments. From this perspective, the new European Regulation on Data Protection can be seen as an encouraging legislative action providing for flexible but effective tools (such as, for example, data protection by design and data protection by default provisions) within the framework of the harmonizing strength of the European Regulation legal instrument.

Health Data Registries and Surveillance Programs, a New Italian Regulation Steps Up the Game

A new Italian regulation governing health data registries and surveillance programs aims at facilitating the use of such tools for purposes of monitoring health of the population, as well as healthcare spending. A comprehensive legal instrument regulating the various categories of registries and programs was much needed. In fact, the adoption of such a regulation was envisaged by national legislation since 2012 (Section 10 of law decree 179/2012), but no implementing measures has yet been adopted. A draft of regulation has now been released by the Italian government and submitted to the State-Regions conference prior to formal entry into force. The draft has already been reviewed by the Italian Data Protection Authority.

The new regulation aims at standardizing registries and programs adopted over the years, by setting forth: (i) the entities and professionals who may access the information contained in the registries, (ii) the categories of data that are available, and (iii) the measures to be adopted to ensure the security of data in line with data protection legislation.

The goals pursued by the regulation include a better monitoring of diseases at national level and relating treatment, survival rates, mortality index, as well as the increase or decrease over time of a certain disease. The data stored in the registries should also facilitate the carrying out of epidemiological studies in specific territories and/or for specific subsets of the population. Such broad purposes would allow the data to be used in connection with scientific studies, but also for the treatment and prevention of particular diseases.

The data protection provisions enshrined in the regulation are particularly stringent, and provide that all data must be processed by individuals specifically appointed by the data controller and subject to secrecy obligations. Furthermore, the data shall be encoded in a way that does not allow the de-anonymization of the data. Only in case of adverse events and relating field actions, data may be used to contact the interested subject upon prior authorization of the national registry holder. Data breaches will also need to be reported to the Data Protection Authority.

In conclusion, the new regulation provides welcome clarity in a field where regulations have been sporadic and at times incoherent. Moreover, the new regulation seeks to govern at the same time the different legal aspects connected with registries, from healthcare monitoring to data protection. There is little doubt that the hope of the government is to optimize such instruments to better control healthcare spending and conduct a more effective assessment of therapies and products on the market.

 

 

Another September, Another Spending Review.

This is almost becoming a tradition for the national healthcare service in Italy. Comes September… and a new spending review hits the pharmaceutical and medical device industry.

On August 4, 2015 a law decree has been approved by lawmakers, which introduces a number of new mechanisms for monitoring and reining in public spending in the healthcare sector. In particular, the new legislation has introduced several measures:

  • Negotiations with current suppliers of the national healthcare service in order to achieve a 5% reduction in current spending for general supplies;
  • Negotiations with current suppliers of medical devices in order to comply with the spending thresholds agreed upon between the central government and regional authorities;
  • Centralized negotiations with pharmaceutical companies in order to decrease the reimbursement price of products currently reimbursed by the national healthcare service.

While measures aimed at cutting spending in connection with general supplies and medical devices have been entrusted in principle to local authorities and healthcare providers, the national pharmaceutical agency (“AIFA”) plays a central role in the envisaged mechanism to achieve savings for pharmaceutical products. In accordance with the provisions of the new decree, AIFA has indeed conducted negotiations throughout the month of September 2015, with the aim of decreasing overall spending. The new legislation provides the grouping of products in several “clusters” that include therapeutically similar products, regardless of their active principles. The lowest price in each cluster is then used as the reference price for direct negotiations between AIFA and manufacturers.

The new measures also provide that, in case of failure to reach an agreement, reimbursement by the national healthcare service may be withdrawn. However, it is also expressly provided that generic products are not admitted to reimbursement until any patents and supplementary protection certificates of branded products are definitely expired, thus providing the industry with assurances in connection with their protected drugs.

The reiterated attempts by public authorities to renegotiate prices with suppliers appear to clash not only with basic contractual principles (“pacta sunt servanda”), but also with fundamental rules of public procurement legislation. As the government (in fact, almost yearly) demands discounts on existing contracts, reliance on such contracts is affected, along with transparency and open competition in public procurement procedures. The truth is that the need to cut public expenditures is increasingly overriding basic tenets of contracts and public procurement law.

Med Tech and Pharma industry associations have voiced their concerns, while suggesting that efficiency and savings may be obtained by the national healthcare service through internal reorganization processes rather than by demanding additional discounts to suppliers. In fact, if we step aside from the conflicting commercial interests of suppliers (who want to maximize their revenues) and purchasers (who need to minimize their costs), we cannot but note that, again, the government appears to use cost cutting tools that focus on quantity rather than quality. On the contrary, we would expect that more emphasis should be given to Health Technology Assessment and innovation. We surely need to spend less money, but also to spend it more wisely.

Electronic Medical Record: Italian Data Protection Authority Issues New Guidelines

On June 4, 2015, the Italian Data Protection Authority issued new guidelines governing the collection and processing of personal and sensitive data through the Electronic Medical Record.

  • What is an Electronic Medical Record?

A record, kept by a hospital or a healthcare center, containing patients’ clinical history at that specific hospital or healthcare center.

  • Patients’ rights

The guidelines set forth several rights to which patients treated at any hospital or healthcare center are entitled:

  1. Patients are entitled to decide whether the hospital or the healthcare center may store their data through an Electronic Medical Record. If a patient denies his/her consent, physicians will be able to rely only on information gathered during examination and treatment, as well as on information previously conveyed by the patient, if any. Denial of consent will not affect the possibility of being treated at the hospital/healthcare center.
  2. Specific consent is needed for the collection of certain categories of sensitive date, such as HIV infections, abortions, data relating to sexual assault. With respect to such data, patients will have the right to limit access to specific individuals/professionals.
  3. In addition to all rights granted by the Data Protection Code (such as the right to receive confirmation on the existence of personal/sensitive data, to know the origin of the data, the purpose and means of processing, as well as the logic applied to the processing) patients will also be entitled to receive information on each access to their Electronic Medical Record.
  • Hospitals and healthcare centers’ obligations

Hospitals and healthcare centers are required to provide patients with a thorough privacy notice concerning the processing of data through the Electronic Medical Record. Upon patients’ request, hospitals and healthcare centers shall also provide information concerning stored data and access logs to the Electronic Medical Record (including the professional accessing the data, date and time of access) within 15 days of the request. Patients will also be entitled to redact data or healthcare documentation that they do not wish to be included in their Electronic Medical Record.

The Data Protection Authority’s guidelines also address important technical aspects and provide that patients’ healthcare information contained in the Electronic Medical Record shall be segregated from other administrative data. Sensitive data will need to be encrypted. Furthermore, access to the record will be granted only to medical staff involved in the patient’s treatment and any access and processing will be recorded on log files to be kept by the hospital or healthcare center for at least 24 months.

Lastly, the guidelines set forth strict data breach requirements for hospitals and healthcare center, by providing that any data breach or unauthorized access shall be reported to the Data Protection Authority within 48 hours of knowledge of the breach. Failure to report will lead to the application of penalties.

See the Data Protection Authority’s presentation of the new guidelines

What’s New in E-Health? Interesting Developments to Consider.

E-Health is a term often used to describe a relationship established between electronic tools and the art of medicine. The European e-Health Action Plan 2012-2020, for example, describes e-Health as a “mean using digital tools and services for health”, which involves an interaction between patients and health-services providers. Within e-Health, the role of telemedicine is considerably growing.

Regulations and guidelines in the field of e-Health are growing in the Italian jurisdiction, too. In particular:

  1. A new Agreement on Digital Health (“Patto per la Sanità Digitale”) prepared by the Ministry of Health has been proposed to the State and Region Conference in June 2015
  2. New guidelines on electronic health records have been issued by the Data Protection Authority on June 4, 2015; and
  3. An interesting administrative court decision issued on July 10, 2015 set forth innovative principles in the field of digital health supplies to the public administration.

Our next blog posts will explore the above developments, which are set to change certain regulatory aspects of e-Health.

Stay tuned, and happy summer!

Courts Limit Administration’s Discretion in Public Contracts

Recent rulings by two administrative courts in Italy have restricted the discretion of public entities in the award of public contracts without open procurement procedures, in particular in the healthcare sector. The two decisions reaffirm the Courts’ policy of restricting recourse to in-house contracts and extensions of expired contracts.

The first decision, issued on May 7, 2015 by the Supreme Administrative Court in Rome, invalidated the award of a service contract to a company established and owned by the regional government of Puglia for the provision of in-house services to healthcare facilities in the region. The contract was awarded without a public procurement procedure, on the basis of the fact that it was an in-house service contract. The Court, deciding upon an appeal brought by a competitor who was not granted the possibility to submit its offer, held that a procurement procedure open to competitors must always occur, even if a governmental entity has established a specific vehicle for the purpose of providing in-house services. The Court left a limited room for in-house services, i.e., services provided by an entity fully controlled and managed by the same administration awarding the contract, as if it was one of its internal departments.

On a different occasion, the regional administrative Court of Turin had the chance to reiterate that the extension of expired public contracts is prohibited by public procurement legislation, as it prevents competitors from participating in new public procurement procedures. In addition to stating again this general principle, the Court in its decision of April 3, 2015 no. 573 also held that governmental entities should proceed with calls for tenders whenever the goods or services they intend to procure are not covered by a national or regional framework agreement. In an effort to curb public spending, the Italian government has implemented in several sectors a centralized negotiation process, whereby a central governmental agency (“Consip”) enters into framework agreements for the supply of goods and services to local administrations. Local administrations are generally bound to adhere to such framework agreements and, if they do so, no call for tender needs to be issued. Public hospitals, on the other hand, must adhere to healthcare-specific regional framework agreements and to Consip agreements; only if no such agreements exist they may proceed with the issuance of a call for tenders.

In the case the before the Court, a local healthcare office postponed the validity of an expired supply contract, after assessing that the framework agreement entered into by Consip would have only partially covered the needs of the local administration and – most importantly – would have entailed a higher cost than the expired agreement. Regardless of the potential savings that the extension of the existing contract would have granted the public administration, the Court held that no exceptions can be envisaged to the issuance of a public procurement procedure. Clearly, more than by savings, the Court must have been guided by the desire to sanction a widespread practice of extending expired contracts, which in most cases stifles competition and does not guarantee lower prices.

It is expected that this policy, increasingly adopted by many administrative Courts, will be one of the highlights of the new public procurement legislation that is currently being examined by Italian lawmakers. The new public procurement code is, in fact, expected to provide new instruments for a more effective fight against corruption and inefficiencies within the public administration.