By Mark Gardner
Click below to watch a 30-minute Q&A session with three GC’s on current legal-regulatory matters moderated by Jesse Atkins.
This is the last installment of our Uff-Da! 2022 Legal-Regulatory Update and Reception: Live from the Heart of Medical Alley. To view other sessions from the program click here.
- Physician remunerative ($) relationships
- OIG Special Fraud Alert on Speaker Programs
- Virtual interactions and moving back to in-person programs
- Addressing problematic competitive behavior
- Navigating EU transitions from AMDD and MDD to MDR for traditional device makers as well as makers of software as a medical device
- Emerging cybersecurity and privacy related issues
No time to watch the video?
Here are key points made by the all general counsel panel on various topics.
Key Points: Physician remunerative relationships, OIG Special Fraud Alert on Speaker Programs, & Virtual Interactions
- The panel anticipates lower risks with virtual settings given that interactions are more scripted and there are fewer opportunities for providing remuneration, e.g., meals..
- Companies are still trying to figure out how the OIG Special Fraud Alert on Speaker Program impacts the provision of alcohol at company meetings.
- Changes with the PhRMA and AdvaMed codes have not been fully implemented and therefore experienced by industry.
Key Points: Addressing problematic competitive behavior
- Companies not experiencing a level playing field may consider lodging complaints with competitors or going to regulators with concerns.
- Industry trade meetings often include companies exhibiting that are not subject to federal laws (e.g., tech companies that do not have FDA-regulated products or products that are reimbursed) and therefore play by different rules, which creates a challenge for regulated industry.
- Competing companies may be regulated by FDA differently, e.g., Section 361 HCT/Ps, and are willing to take on more risk. Some companies choose to differentiate themselves from such companies thorough clinical research and "taking the high road". A "compliance first attitude" can prove to be a competitive advantage for sophisticated manufacturers.
Key Points: Navigating EU transitions from AMDD and MDD to MDR for traditional device makers as well as makers of software as a medical device
- The transition is significant. Regulators are understaffed. There is no way to push the process along faster. Deadlines are often missed by notified bodies. The process is especially difficult for software medical device makers because of the constant changes necessary for software.
- There is a lack of notified body capacity and there are challenges working with competent authorities. One strategy is to attempt to take pressure off of the notified body by assisting them with the competent authority.
- Attack early and often, although it is getting late in the game. Get in line with your notified body. The industry is still trying to figure out what the evidence requirements are to get into Europe with different types of devices. Consider whether there is an opportunity to meet evidentiary requirements where competitors cannot.
Key Points: Emerging cybersecurity and privacy related issues
- There are benefits associated the IT and Legal departments (among others) working together closely on cybersecurity and privacy matters. Consider your governance model and cadence to report to the audit committee and the board. Outline what information that the board needs. Put metrics and dashboards in place to gauge progress and status. Use external auditors to periodically assess overall compliance, find gaps, and assist with remediation planning and execution. There is no "checking the box" when it comes to cybersecurity and privacy. Ongoing monitoring and auditing is necessary. Especially considering new privacy laws.
- Regarding insurance coverage and premiums, pull in risk management and insurance resources to the process. There are ways to save money on insurance costs by revisiting cybersecurity representations, for example. The more robust the process, the lower the premiums.
- In addition to day-to-day and operational cybersecurity and privacy, product manufacturing is also impacted. See, e.g., FDA's new cybersecurity guidance. Given the "three-legged stool" of cybersecurity and privacy, consider period meetings on the subject, e.g., weekly, to ensure on-going compliance. Take a cross-functional approach.