Kirt Kraeuter has, until very recently, been supporting Pharma Integrity's clients with US & Canadian requirements. Before he left to assume a new permanent in-house role, he penned the following article to share with clients who are working with US colleagues and/or the US market. It has been really bittersweet wishing him well in his new job as we will miss him terribly. Thank you Kirt for all your valuable insight and support, your new colleagues are lucky to have you!
Many businesses find integrating their UK and Irish compliance schemes with their US colleagues to be a challenging task. While specific rules are different, you needn’t feel that an integrated compliance scheme is impossible. Understanding the international trade associations’ principles, and avoiding three common misconceptions will help you establish a common compliance framework across the Atlantic.
International Trade Associations
Innovative pharmaceutical and biopharmaceutical companies have a robust, interconnected family of international trade organisations. Generic pharmaceutical, nutritional product, and medical device manufacturers have significantly improved their global trade organization network in the recent past, but some work remains. Looking at the innovative pharmaceutical manufacturers’ associations provides both a current roadmap as well as a reasonable prediction of the future for other industries.
The International Federation of Pharmaceutical Manufacturers and Associations (IFPMA) is the starting point. Revised in 2019, the IFPMA Code provides principles that members must follow globally. This Code forms the common international framework; its contents are included, clarified, or enhanced in all member trade associations’ codes. Among these are the European Federation of Pharmaceutical Industries and Associations (EFPIA) and the Pharmaceutical Researchers and Manufacturers of America (PhRMA). EFPIA’s Code incorporates IFPMA’s principles and requirements, localising them for European use. EFPIA’s member associations, including ABPI and IPHA, further refine the IFPMA and EFPIA codes for use in their national codes. PhRMA’s Code covers US pharmaceutical manufacturers, and a comparison between it and the EFPIA Code provides significant insight into the similarities and differences between European and US compliance schemes.
However, there are three common misconceptions about US compliance, which can create significant difficulties when integrating compliance schemes across the Atlantic: that the European focus on self-regulation will work in US processes; that understanding US Federal law is sufficient; and that privacy risk is significantly less in the US.
Self-regulatory industry codes form a safety net for US pharmaceutical operations.
This misconception is both the most frequent and the most difficult to shake. While the PhRMA Code is binding on its members, enforcement is non-existent, particularly when compared with many European countries. Additionally, European industry associations frequently have memoranda of understanding or other mechanisms with competent authorities that permit the industry association to function as a kind of “safety net” for the industry. No such arrangement exists in the US, and US regulators have made no explicit or implicit declaration of support for the PhRMA Code. A company following the PhRMA Code may still find itself with questions from US regulatory agencies regarding its conduct. US regulators’ focus is likewise different than that of most competent authorities in Europe. While the US Food & Drug Administration (FDA) pays close attention to patient safety through its review of manufacturing and quality programmes, as well as the provision of fair and balanced information to both healthcare professionals and the public; other US regulatory entities also focus on the pharmaceutical and medical device industries. The US Securities & Exchange Commission (SEC), Department of Justice (DOJ), and Department of Health & Human Services (DHHS) review commercial conduct. These regulators engage in a much more robust “follow-the-money” approach to identify fraud and corruption than occurs in many other countries.
2. US compliance schemes need only consider US Federal regulations.
While US Federal regulations are a significant consideration, it is a mistake to think of the US as having a single regulatory framework as it has a sole competent authority in the FDA. In the US federal system, the states and even some municipalities have considerable regulatory oversight of pharmaceutical companies – while they cannot regulate license, they do have the ability to regulate nearly every other aspect of the industry. Most commonly, state regulation focuses on pharmaceutical promotion and transparency; both states and some municipalities require licensure of pharmaceutical sales representatives.
3. Privacy is a much less significant concern in the US than in European countries.
In the absence of an equivalent data protection provision to GDPR, it is very easy to assume that privacy is of little or no concern in the US. This assumption overlooks a series of patient privacy protections included in a US Federal regulation known as HIPAA. A key – and often-forgotten – element is that HIPAA provisions apply not only to patients but also any medical information (including employer-provided health insurance) retained on employees. Additionally, individual states – notably California – have consumer data privacy protection regulations that must be followed. Fortunately for European companies, GDPR provides a solid starting point for addressing US privacy. By resisting the temptation to scale back GDPR provisions and making a small number of adjustments to address US requirements, existing privacy programs can readily expand to address US operations.
Rather your company is a member of these trade associations or not, their codes are available for free online. It is fair to think of the international trade associations’ codes as a procedural document hierarchy: principles and certain essential rules are established at the highest level, with regional or national codes providing necessary clarification or adding specific requirements. Therefore, when reviewing your compliance schemes, structuring your policies and procedures in alignment with the principles established in trade association codes is the easiest way to create an integrated, international compliance scheme. Aim for integrated policies that establish a consistent set of principles and critical rules; permit clarification or expansion of processes and rules at either a regional or national level. The result will be an internationally consistent compliance scheme that meets the needs of each country in which your company does business.