Life sciences and health care companies (“health care companies”) rightly invest a significant amount of time and money into ensuring compliance with health care regulations in the countries in which they are based, but global companies must also consider the panoply of compliance challenges posed by the European market. This alert will address the top five health care compliance challenges facing health care companies operating in Europe, as well as simple steps that health care compliance professionals can take to address these challenges. Future alerts will address these topics in greater detail.
1. Government Interactions in Countries with Public Health Care Systems
Health care companies operating in Europe will inevitably face a higher number of government interactions than their counterparts that operate only in the United States, because nearly all of Europe has either publicly sponsored and regulated universal health care or publicly provided universal health care. Due to the public or quasi-public nature of health care in much of Europe, there are a larger number of individuals who regulators may consider government officials and with whom employees may be interacting, including doctors, nurses, and hospital administrators. Enforcement actions against health care companies are often predicated on the fact that health care professionals are government officials, and companies that interact with them regularly must be particularly aware of these risks.
Companies doing business with state-sponsored health care systems will also need to contend with sometimes complex reimbursement regimes and potential obstacles around introducing new or innovative products. Delays caused by the necessity for government approvals or reimbursement can create the incentives for bribes or facilitation payments, and the volume of government interactions increases the odds that a company may violate an anti-corruption law like the U.S. Foreign Corrupt Practices Act (“FCPA”). Health care companies must also be aware of changing local laws, such as Germany’s recent implementation of a revised Act to Combat Corruption in Healthcare which holds self-employed health care professionals (“HCPs”) liable for active and passive bribery, rather than just those at state-owned hospitals who would be classified as “public officials.”1
Solution: Companies can significantly mitigate the risks around government interactions by: 1) having clear policies and procedures around government interactions, including guidance around meals, hospitality, and sponsorship for educational events; 2) training employees who interact with government officials on these policies; and 3) monitoring compliance with these policies.
For additional information, see our Global Anti-Corruption Resources here.
2. Distribution Networks in Diverse Geographic Locations
In addition to risks from its own employees, health care companies must also be aware of the compliance risks associated with their distribution networks and foreign subsidiaries in the fragmented European market. Relying on a suite of different distributors, speaking different languages, using different currencies and with different cultures can create significant compliance challenges for companies across Europe. The actions of third-party distributors have been the basis for many FCPA settlements, sanction-related fines and compliance problems over the years, and companies must ensure that they have appropriate control and oversight of their third parties to limit such risks.
Solution: Companies can protect themselves by ensuring that distributors are carefully controlled, including with regards to issues around export control, sanctions, product registrations, and corruption. These steps include: 1) conducting appropriate risk-based due diligence on third-party distributors; 2) having clear written agreements that contain representations that the distributor will comply with anti-corruption, sanctions, export control and product registration regulations in the jurisdictions in which they operate, as well as limitations on the geographic area in which the distributor operates; and 3) monitoring distributor activities.
For additional information, see our White Papers and Alerts here.
3. Competing Regulatory Regimes in European Countries
Another layer of complexity involved in doing business in Europe is the presence of competing regulatory regimes in the highly regulated European market. Conduct that is legal in one European country, or in the country in which a company is based, may be illegal in another European country. These regulatory regimes are subject to change at any time and keeping current with developing laws may be a challenge.
Companies should also consider ethical guidance published by professional bodies, such as the code of ethical business practices and guidelines on HCP interactions published by the medical device trade association Eucomed and the European Diagnostic Manufacturers Association (“EDMA”), the codes of practice for interactions with HCPs and patient organizations published by the European Federation of Pharmaceutical Industries and Associations (“EFPIA”), the guiding principles published by the International Federation of Pharmaceutical Manufacturers & Associations (“IFPMA”), and the Association of the British Pharmaceutical Industry (“ABPI”) code of practice in the UK, along with many other country-specific laws and sets of guidance. These trade association standards and accompanying guidance are also constantly changing. For example, on June 30, 2016, as required by EFPIA’s code on disclosures of transfers of value, EFPIA’s company members began disclosing payments to European health care providers and organizations in 33 European countries.
Solution: Companies should keep abreast of changes in regulatory regimes, including changes to transparency laws and antitrust regulations; develop a strategic approach to global and local policies that allows for flexibility to address varying and evolving legal requirements and ethical guidelines; and ensure that they seek the advice of competent local counsel in the jurisdictions in which they operate.
4. Data Privacy
Data privacy issues are a challenge for all companies, but they are a particularly tricky issue for health care companies that may be dealing with sensitive information related to patients’ health. It is even trickier in Europe, as stringent European Union (“EU”) data privacy standards will be applied and these may differ in interpretation and enforcement from country to country. Data privacy is an area of law that frequently evolves, as shown by the changes in the last year alone, including the loss of the safe harbor for U.S. companies, and the new General Data Protection Regulation that will come into effect for the EU in 2018 and have implications for all companies providing goods or services in and to European individuals, no matter where in the world the company is located.
Solution: With the focus on the new regime coming into force, any company doing business in or with Europeans should be reviewing its people, policies and procedures to ensure that they will meet the new accountability standards and remain compliant. If necessary, companies should seek advice from data privacy counsel to ensure that they comply with relevant laws in the jurisdictions in which they do business.
For additional resources, see our Alerts and White Papers here.
5. New Supply Chain Disclosure Requirements under the UK Modern Slavery Act
The UK Modern Slavery Act (“MSA”) requires companies that do business in the UK with worldwide annual turnover of £36 million to annually publish a slavery and human trafficking Statement on their websites indicating the steps they have taken during the fiscal year to ensure that slavery and human trafficking are not taking place in their supply chains or in their own businesses. This broad disclosure requirement is applicable to both UK- and non-UK-based companies, including those in the health care and life sciences industries. Compliance is for fiscal years ending on or after March 31, 2016 and the Statement should be published within six months after fiscal year end. The Statement must be approved by the Board and signed by a director. Although the MSA is a disclosure-only statute that does not require companies to adopt policies and related management systems, disclosures will be used by NGOs, socially responsible investors (“SRIs”) and other stakeholders to assess ethical sourcing programs and push for change. Health care and life sciences companies often have complex multi-tier global supply chains of limited transparency. In addition, the raw materials and components in the supply chains of health care and life sciences companies (such as certain agricultural products used in pharmaceuticals and metals used in medical devices) often originate in higher risk locations that can present modern slavery risks.
Solution: If the process has not already begun, companies should start focusing on their first MSA Statements. In preparation for putting pen to paper, companies should assess human trafficking risks and current compliance procedures and determine whether enhancement is warranted. As part of this exercise, companies should benchmark compliance activities against peer companies, existing voluntary compliance frameworks and NGO and SRI expectations. Although the MSA is a simple statute on its face, Statements often take longer to prepare than companies anticipate. Many decisions will go into the approach to be taken and, especially at larger companies, many constituencies will need to weigh in on the Statement and it is likely to go through several rounds of revisions.