The EFPIA Disclosure Code requires all member companies of EFPIA, the European Federation of Pharmaceutical Industries and Associations, to disclose payments and other transfers of value made to healthcare practitioners and organizations. Like the Physician Payments Sunshine Act, the 33 EFPIA member companies must track, for example, a grant to a healthcare organization or a consultancy fee for a physician speaking engagement.
At CBI’s Eighth Annual Aggregate Spend Conference, we took notes on a very interesting program that looked at the consent issue from a business practice standpoint entitled Defining The Next Generation HCP Transparency Solution — What it Means to Go Global and How to Leverage US-Based Solutions.
Speakers from Deloitte noted that international transparency is coming fast: “By 2015, 70 percent of pharma sales will likely occur in countries which have HCP transparency regulation.” EFPIA’s Code contributes to a large portion of this trend. The presentation offered insight into the benefits of a “global solution” to tracking pharmaceutical spend. Such a strategy offers companies the benefits of consistent policies across its branches worldwide. A robust aggregate spend system also allows companies to monitor not only compliance issues as they come up globally, but also to assess the business rationale behind the companies’ international spending practices. Furthermore, since companies already spent a great deal of resources setting up their US aggregate spend system, the presenters encouraged companies to leverage those technology investments to a global level.
However, there are important differences between implementing the federal Sunshine laws and the EFPIA Code. A unique and important consideration for EFPIA member companies is how to comply with applicable data protection laws abroad, which may impose limitations on companies’ ability to make disclosures on an individual basis. Disclosures are made based on the national code of the country where the doctor practices or healthcare organization is located. This “principal practice” standard applies regardless of whether the transfer of value occurs within or outside of that country. EFPIA states “[t]his ensures that the patient or interested stakeholder can easily find the information regarding transfers of value to an HCP/HCO he/she has an interest in.” So if a doctor’s principal practice is Austria, the company would have to follow the applicable privacy laws and regulations of Austria.
“Data privacy requirements must in each case be checked at the national level (i.e. the jurisdiction of the HCP/HCO receiving payment or transfer of value) by the member company prior. This must be done prior to any disclosure. Companies are encouraged to obtain consent from HCPs/HCOs prior to disclosure, and EFPIA and its Member Associations and Companies are working together with HCPs/HCOs to prepare for the implementation of the Disclosure Code.”
The onus is still on companies, however, to determine each countries’ stance on privacy. Some companies have not updated their codes to address consent.
The speakers at CBI noted that companies must consider two general scenarios when formulating their plan for managing consent. Scenario 1 involves a relatively straightforward direct payment or transfer of value. To obtain consent, companies would generally have to consider (a) either re-writing contract language and inserting a provision authorizing the company to collect and report this information, or (b) utilizing a separate consent form for healthcare practitioners to sign.
Scenario 2 involves how manufacturers obtain consent regarding indirect payments or transfers of value. As we have seen stateside, tracking indirect payments through third party entities provides its fair share of complexities. Adding a consent requirement intensifies these challenges.
For example, say XYZ Company hires and pays a third party agency to organize a meeting, and the agency pays travel and lodging to Doctor Jones on XYZ’s behalf. Suddenly, XYZ has many more options in terms of how to obtain consent in order to report the indirect payment it has made to Doctor Jones.
To get an idea about trends in the healthcare community, the speakers polled the audience (which was made up mainly of executive-level compliance and legal personnel in some shape or form) about how they would attempt to obtain consent for indirect payments from an operational standpoint.
(1) The third party agency informs the healthcare practitioners about consent
(2) The third party agency collects signed consent documentation
(3) Company XYZ collects signed consent documentation directly from Doctor Jones
(5) Don’t know
The majority of audience members responded that they were unsure about their practices. Pfizer is still debating their strategy, according to one respondent. The speakers speculated that many companies have European colleagues working on EFPIA; US based officers may not be entirely sure of the practice overseas.
The next largest group (18%) said choice (3), that the company itself would be in charge of the consent collection. Given the strict privacy laws in place in many of the the covered countries, a company may be unwilling to put the responsibility to collect the necessary consent on a third party agency. After all, the company would face the penalties, not the third party.
While global transparency is indeed upon us, there are still a lot of questions left to be answered.
Do companies need to ask for consent for each event a doctor attends, or will companies ask consent for any payment made during the year?
What if a doctor refuses to give his consent or retracts it after she has given it?
The consent issue alone makes it difficult to imagine a seamless tracking system, especially when one considers the various languages and differing cultural norms across 33 countries. We will continue to follow announcements from EFPIA and update you on global disclosure initiatives.