Cross Border, Unique Country Identifiers & Consent … 1_Sharma_Rodriguez...France Netherlands...

0

Priyanka SHARMA

Director, Global Compliance and MDM

Maria Gracia RODRIGUEZ

Product Manager, Global Compliance

CBI Transparency, Washington DC

August 17-19, 2015

Cross Border, Unique Country Identifiers & Consent Management

1

Global Landscape for Disclosure Reporting

Individual and Aggregate Data

Donations and Grants

Fees and Expenses for

Service and Consultancy

Research and Development

Contribution to costs related

to events:

• Registration fees

• Sponsorship agreements

• Travel and accommodation

industry code in 35

countries - (33 members)

Transparency

Reporting Law

Transparency

Reporting Code

USA Federal Australia

USA States: D.C.,

Minnesota, Vermont,

etc.

Japan

France Netherlands

Greece United Kingdom

Romania USA States:

Massachusetts

Portugal

Slovakia

Denmark

Estonia

2

Considerations for Global Transparency

Reporting Fields and Formats

Data Privacy and Data Protection

Cross Border Transactions

Consent Management

Different Timelines

33 IMS Health Confidential

Navigating the Transparency Maze

• Different choices for Unique Country Identifiers (UCIs)

• Different Recipient Types

4

Cross Border

IMS Health Confidential


Living with Global Regulations

State & National Laws

National/ Regional Codes

Company Policies

6

Cross-Border – EFPIA Recommendation

Yes

No

No Yes

When a consultant is used

in another country,

where should this be

disclosed?Transfers of Value to a HCP/HCO

whose practice, professional address or

place of

incorporation is in Europe, are required

to be disclosed in the country where the

Recipient has

its principal practice…

Life

Science

s

7

Cross Border Example-1

Reportable in Sweden

8

Cross-Border Example-2

Reportable in Italy

9

Cross-Border Example-3

Reportable in US

10

Cross border - Common Global Framework

Data Management

• Aggregating transforming and storing data

• Matching payment transactions to customer master data

• Application of business rules as per reporting requirements

Stewardship

• Delivery of ‘in scope’ data reports for verification

• Mechanisms for performing stewardship of local country data

Reporting

• Delivery of final reports to comply with EFPIA

• Multiple reporting increments supported including quarterly, annually or monthly

Disclosure

• Delivery and management of covered recipient spend preview

• Posting of final data pubic disclosure

Global Customer Master based on External Trusted Source

•Covered recipient unique identification•Customer data enrichment (local Ids, multi addresses; affiliation)


11

Unique Country Identifier

(UCI)


12

UCIs as part of the EFPIA template

13

UCI Analysis: EFPIA Position

HCPs at the individual level

Companies should, wherever possible,

identify and publish on an individual basis for each clearly

identifiable Recipient at the HCP rather than HCO level as

long as this can be achieved with accuracy, consistency and

compliance with applicable law.

HCOs at the individual level

• No EFPIA standard ID

• Discretion left up to national industry associations to decide

14

UCIs : Different Flavors

Not

SpecifiedOptional Code

Interpretation

Law

15

Unique Country Identifiers

Number of Countries by UCI Category Required by law3 Countries

9%

Required by code4 Countries

12%

Subject to interpretation5 Countries

15%

Optional8 Countries

24%

Not specified 13 Countries

40%


16

UCI Analysis: Required by Law

UCI DENMARK FRANCE PORTUGAL

HCP NEM ID to

access the

website

RPPS, Medical

order number

or other

Email address

HCO Tax ID SIREN or

Finess ID

VAT/Tax ID

17

UCI Analysis: Required by Code

BELGIUM GREECE NETHERLANDS SPAIN

HCP RIZIV/INAMI or

National Register

Number

VAT/Tax

Reg. No.

BIG Documento

Nacional de

Identidad (DNI)

HCO enterprise number

KBO/BCE (same as

VAT number)

VAT/Tax

Reg. No.

KvK (Chamber of

Commerce)

Certificado de

Identificación

Fiscal (CIF)

Bulgaria requires UCI by excluding “optional” in the template

CODE

18

UCI Analysis: Subject to Interpretation

Language such as:

• “required if available”

• “where available”

• “to facilitate the process

but not to be published

on database”

Austria

Cyprus

Czech Republic

Germany

United Kingdom

19

UCI Analysis: optional

Standard EFPIA template: Article 3

Ireland Norway Poland Romania

Sweden Switzerland Turkey

20

UCI Analysis: not specified

• Undefined

• No national ID known

CroatiaEstoniaa FinlandHungaryy Italy

LatviaLithuania Malta Russia Serbia Slovakia

Slovenia

Ukraine

21

Data Protection

Belgium

National Register Number

Portugal

Email address

Spain

DNI


Take Home Messages for UCI

There is no standard EFPIA UCI database.

The EFPIA position is that the UCI is optional

according to national laws.

UCIs need to be managed at the individual country level and may be

linked to your customer database for Transparency.

REQUIREMENTS BY LAW

• Denmark• France• Portugal

REQUIREMENTS BY CODE

• Belgium• Bulgaria• Greece• Netherlands• Spain

ALL OTHER

• Where available• Optional• Not applicable

23

Consent Management


24

Codes require

consent collection

prior to individual

disclosure


The Need: Consent for Individual Disclosure

Consent Required Consent Not Required

Codes recommends

consent collection prior to

individual disclosure

Local data privacy laws

should be checked prior

disclosure

Laws require

individual disclosure

therefore consent is

not required

Data Privacy Laws Transparency Laws

Industry Codes - Autoregulation


Consent Geographical Scope

Codes require

consent collection

Codes recommend consent

collection & refer to data

privacy laws

Consent - not required

Austria Bulgaria Denmark

Belgium Croatia France

Germany Cyprus Greece

Italy Czech Republic Netherlands

Norway Estonia Portugal

Poland Finland Romania

Slovakia Hungary US

Spain Ireland

Sweden Latvia

Turkey Lithuania

United Kingdom Malta

Australia Russia

Japan Serbia

Slovenia

Switzerland

Ukraine

26 IMS Health Confidential Consent

ConsentRevoke Dispute

Management


Consent Management Impact

In the geographies where consent is required: No consent would

translate into low transparency level


… So , Practically,

what do we need

to consider?


Consent Request Timelines

When Contracting?

At the pre-disclosure time?

Any time in the period?

Consent Prior Disclosure

NORWAY

For health personnel, it follows from the Norwegian Personal Data Act that consent must be obtained from

recipients before individual reporting can take place. If consent does not occur, the transfer of value shall

be reported aggregated. For health personnel and health organizations, it is a prerequisite for individual

reporting that there not be any legal impediment to publication on an individual level.

EFPIA

(Section 3.01) and, in this connection, the following recommendation is made to the pharmaceutical

companies in a footnote to Art. 4, Section 4.01: [the pharmaceutical companies] should make provision

with a view to the granting of pecuniary benefits to HCPs or HCOs in their written agreements with

such recipients to ensure that the latter consent to the disclosure of the pecuniary benefits granted to

them in compliance with the EFPIA HCP/HCO Disclosure Code. In addition, the companies must renegotiate

existing agreements as soon as possible in order to include consent to disclosure.


Consent Scope

Per Contract?

Per Activity Type?

Per Period?

No Cherry Picking in Transparency

UK

Companies are encouraged to include in a contract involving a transfer of value provisions

regarding the consent of the recipient to its disclosure. In addition, companies are encouraged to

renegotiate existing contracts at their earliest convenience to include such consent to disclosure.

Companies must ensure that they have appropriate arrangements in place to lawfully disclose information

about transfers of value.

EFPIA … to stress that the proposed measures should be considered as a whole rather than individually or

‘a la carte’ (i.e. ‘cherry picking’). The proposed set of key ideas should therefore be considered as part of

a comprehensive strategy focused on ensuring that only safe products reach the

patient


Who Should Consent

HCPs?

HCOs?

Other organizations?

Local legislation and codes differ in the definition who should consent

JAPAN

“…member companies will begin public disclosure of such information in fiscal year 2013 with the consent of

healthcare professionals, medical institutions, etc. Similarly, with respect to relationships with patient

organizations…”

SPAIN

Personal data protection legislation in Spain applies exclusively to individuals. For this reason,

pharmaceutical

companies must disclose the payments or Transfers of Values made to Healthcare Organizations on an

individual basis.

Note the definition of HCPs & HCOs varies from geography to geography!


Consent Documentation

AUSTRALIA

Companies must comply with Australian Privacy legislation (Privacy Act 1988 (Cth)) in regard to the

reporting of individual healthcare professional data. Each company must establish a means to ensure

informed consent and maintenance of records which comply with Australian Privacy legislation.

Documents are required?

In which format digital vs paper?

Prove of consent & consent request procedure

ITALY

Pharmaceutical Companies are expected to store, also in electronic format as an alternative, for a

minimum of 3 years, proper documentation indicating that the Consent to data disclosure as been

asked for from the Professional.

An inspection check on existing procedure oriented to systematically retrieve the consent

mentioned above, will be performed yearly within the Certification activity as Article 1.13 on general

principles of this Code states.


Revoke Considerations

At the Pre Disclosure

Any time any channel

Assess Impact of revoke is needed

Revocation can happen any time & impact assessment will be required

EFPIA

Disclosures shall be made by each Member Company within 6

months after the end of the relevant Reporting Period and the

information disclosed shall be required to remain in the

public domain for a minimum of 3 years after the time such

information is first disclosed in accordance with Section 2.04,

unless, in each case, (i) a shorter period is required under

applicable national data privacy or other laws or regulations, or

(ii) the Recipient’s consent relating to a specific disclosure, if

required by applicable national law or regulation, has been

revoked.


Experience

sharing


Consent Request Positioning

EFPIA Conference

May 2015

“If codes are not

accepted by the

different stakeholders

there will be no

effective

transparency”

Most companies have the

guidelines to be pro transparency

in front of HCPs

National associations actively run

educational campaigns

Templates to request consent

exist in most country associations

36

Culture & Taxes?IMS Health Confidential

Consent Blocks in the Road to Transparency


Consent Request Channels

Consent

• Push - Higher response rate

• Guided, service, education for

HCP

Company Employee

Driven

Stakeholder Driven

• More rep admin- productivity?

• Rep influence is difficult to

control

• Eliminates reps admin

• Better control of the

messaging to HCPs

• Independent on going HCP

Management of consent

decisions including revoke

• Pull – Uncertain about

response rate

• Requires having the

infrastructure (i.e. and e-mail

and the permission to use it)

Pros Cons

Revoke Capture

Companies need to be prepared to take note of Consent Revoke at any time

through any channel and ensure reporting systems take it into consideration

38

Not to proceed with

collaboration implying ToVs

Proceed with the current

collaboration until next reporting

period only

Continue work with HCP


No-Consent Position

Codes only specify the expense should be done aggregate, there is a

debate on what to do in the non consent cases

39

•Poland – Infarma

–January 2015: 12% Consent

–February 2015: 19% Consent

–March 2015: 21% Consent

•Germany- Vfa

–April 2015 – Around 50-55 % Consent

•Spain – Farmaindustria

–April 2015 – Around 10% Consent

Where are we, where we want to be?

No official figures have been published globally but some associations

shared numbers

EFPIA Target

No number has been

provided by the EFPIA

members as a good figure

on consent.

Only the VFA

representative mentioned

that above 50% of German

HCPs consent would be

considered a good result

for this first year of

collection

40

Thank you For questions, please contact:

For questions, please contact:

Priyanka SHARMA

Director, Global Compliance & MDM

IMS Health | 1425 Route 206 South, Bedminster, NJ 07921, US

Maria Gracia RODRIGUEZ

Product Manager, Global Compliance

11 Francisca Delgado, Alcobendas, Madrid 28108 Spain

Cross Border, Unique Country Identifiers & Consent … 1_Sharma_Rodriguez...France Netherlands...

Documents

Transcript of Cross Border, Unique Country Identifiers & Consent … 1_Sharma_Rodriguez...France Netherlands...