European Health Care Compliance Challenges (And Solutions)

by Ropes & Gray LLP

Ropes & Gray LLP

Life sciences and health care companies (“health care companies”) rightly invest a significant amount of time and money into ensuring compliance with health care regulations in the countries in which they are based, but global companies must also consider the panoply of compliance challenges posed by the European market. This alert will address the top five health care compliance challenges facing health care companies operating in Europe, as well as simple steps that health care compliance professionals can take to address these challenges. Future alerts will address these topics in greater detail.

1. Government Interactions in Countries with Public Health Care Systems

Health care companies operating in Europe will inevitably face a higher number of government interactions than their counterparts that operate only in the United States, because nearly all of Europe has either publicly sponsored and regulated universal health care or publicly provided universal health care. Due to the public or quasi-public nature of health care in much of Europe, there are a larger number of individuals who regulators may consider government officials and with whom employees may be interacting, including doctors, nurses, and hospital administrators. Enforcement actions against health care companies are often predicated on the fact that health care professionals are government officials, and companies that interact with them regularly must be particularly aware of these risks.

Companies doing business with state-sponsored health care systems will also need to contend with sometimes complex reimbursement regimes and potential obstacles around introducing new or innovative products. Delays caused by the necessity for government approvals or reimbursement can create the incentives for bribes or facilitation payments, and the volume of government interactions increases the odds that a company may violate an anti-corruption law like the U.S. Foreign Corrupt Practices Act (“FCPA”). Health care companies must also be aware of changing local laws, such as Germany’s recent implementation of a revised Act to Combat Corruption in Healthcare which holds self-employed health care professionals (“HCPs”) liable for active and passive bribery, rather than just those at state-owned hospitals who would be classified as “public officials.”1

Solution: Companies can significantly mitigate the risks around government interactions by: 1) having clear policies and procedures around government interactions, including guidance around meals, hospitality, and sponsorship for educational events; 2) training employees who interact with government officials on these policies; and 3) monitoring compliance with these policies.

For additional information, see our Global Anti-Corruption Resources here.

2. Distribution Networks in Diverse Geographic Locations

In addition to risks from its own employees, health care companies must also be aware of the compliance risks associated with their distribution networks and foreign subsidiaries in the fragmented European market. Relying on a suite of different distributors, speaking different languages, using different currencies and with different cultures can create significant compliance challenges for companies across Europe. The actions of third-party distributors have been the basis for many FCPA settlements, sanction-related fines and compliance problems over the years, and companies must ensure that they have appropriate control and oversight of their third parties to limit such risks.

Solution: Companies can protect themselves by ensuring that distributors are carefully controlled, including with regards to issues around export control, sanctions, product registrations, and corruption. These steps include: 1) conducting appropriate risk-based due diligence on third-party distributors; 2) having clear written agreements that contain representations that the distributor will comply with anti-corruption, sanctions, export control and product registration regulations in the jurisdictions in which they operate, as well as limitations on the geographic area in which the distributor operates; and 3) monitoring distributor activities.

For additional information, see our White Papers and Alerts here.

3. Competing Regulatory Regimes in European Countries

Another layer of complexity involved in doing business in Europe is the presence of competing regulatory regimes in the highly regulated European market. Conduct that is legal in one European country, or in the country in which a company is based, may be illegal in another European country. These regulatory regimes are subject to change at any time and keeping current with developing laws may be a challenge.

Companies should also consider ethical guidance published by professional bodies, such as the code of ethical business practices and guidelines on HCP interactions published by the medical device trade association Eucomed and the European Diagnostic Manufacturers Association (“EDMA”), the codes of practice for interactions with HCPs and patient organizations published by the European Federation of Pharmaceutical Industries and Associations (“EFPIA”), the guiding principles published by the International Federation of Pharmaceutical Manufacturers & Associations (“IFPMA”), and the Association of the British Pharmaceutical Industry (“ABPI”) code of practice in the UK, along with many other country-specific laws and sets of guidance. These trade association standards and accompanying guidance are also constantly changing. For example, on June 30, 2016, as required by EFPIA’s code on disclosures of transfers of value, EFPIA’s company members began disclosing payments to European health care providers and organizations in 33 European countries.

Solution: Companies should keep abreast of changes in regulatory regimes, including changes to transparency laws and antitrust regulations; develop a strategic approach to global and local policies that allows for flexibility to address varying and evolving legal requirements and ethical guidelines; and ensure that they seek the advice of competent local counsel in the jurisdictions in which they operate.

4. Data Privacy

Data privacy issues are a challenge for all companies, but they are a particularly tricky issue for health care companies that may be dealing with sensitive information related to patients’ health. It is even trickier in Europe, as stringent European Union (“EU”) data privacy standards will be applied and these may differ in interpretation and enforcement from country to country. Data privacy is an area of law that frequently evolves, as shown by the changes in the last year alone, including the loss of the safe harbor for U.S. companies, and the new General Data Protection Regulation that will come into effect for the EU in 2018 and have implications for all companies providing goods or services in and to European individuals, no matter where in the world the company is located.

Solution: With the focus on the new regime coming into force, any company doing business in or with Europeans should be reviewing its people, policies and procedures to ensure that they will meet the new accountability standards and remain compliant. If necessary, companies should seek advice from data privacy counsel to ensure that they comply with relevant laws in the jurisdictions in which they do business.

For additional resources, see our Alerts and White Papers here.

5. New Supply Chain Disclosure Requirements under the UK Modern Slavery Act

The UK Modern Slavery Act (“MSA”) requires companies that do business in the UK with worldwide annual turnover of £36 million to annually publish a slavery and human trafficking Statement on their websites indicating the steps they have taken during the fiscal year to ensure that slavery and human trafficking are not taking place in their supply chains or in their own businesses. This broad disclosure requirement is applicable to both UK- and non-UK-based companies, including those in the health care and life sciences industries. Compliance is for fiscal years ending on or after March 31, 2016 and the Statement should be published within six months after fiscal year end. The Statement must be approved by the Board and signed by a director. Although the MSA is a disclosure-only statute that does not require companies to adopt policies and related management systems, disclosures will be used by NGOs, socially responsible investors (“SRIs”) and other stakeholders to assess ethical sourcing programs and push for change. Health care and life sciences companies often have complex multi-tier global supply chains of limited transparency. In addition, the raw materials and components in the supply chains of health care and life sciences companies (such as certain agricultural products used in pharmaceuticals and metals used in medical devices) often originate in higher risk locations that can present modern slavery risks.

Solution: If the process has not already begun, companies should start focusing on their first MSA Statements. In preparation for putting pen to paper, companies should assess human trafficking risks and current compliance procedures and determine whether enhancement is warranted. As part of this exercise, companies should benchmark compliance activities against peer companies, existing voluntary compliance frameworks and NGO and SRI expectations. Although the MSA is a simple statute on its face, Statements often take longer to prepare than companies anticipate. Many decisions will go into the approach to be taken and, especially at larger companies, many constituencies will need to weigh in on the Statement and it is likely to go through several rounds of revisions.

For additional resources, see our White Papers and Alerts here and the anti-human trafficking module of our Supply Chain Compliance and Corporate Social Responsibility Resource Center here.

1. Sections 299 et seq. of the German Criminal Act.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Ropes & Gray LLP | Attorney Advertising

Written by:

Ropes & Gray LLP

Ropes & Gray LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.