Anticorruption, data protection, confidential information and intellectual property rights, patient safety, competition and antitrust law, sales and marketing ethics - all among the issues presented here are at the forefront of legal challenges faced by international law firms in the healthcare sector, around the world.

1. Pharma Compliance
The way forward
Michalopoulou & Associates | 40 Ag. Konstantinou st. | “Aithrio” Business Center (Α 16-18) | 15 124 Marousi Athens Greece
T : +30 210 330 52 30 | F : +30 210 330 52 32 | info@lawgroup.gr | www.lawgroup.gr

2. “Why Transparency?
R&D gives room to Creativity.
Transparency is Cheaper!”
Richard Bergstrom, EFPIA General Director
Pharma Law Convention Bucharest 2014
Pharma Compliance: The ONLY Way Forward

3. BASIC TERMS
Pharma Compliance: The ONLY Way Forward
Confidential Information & Intellectual Property Rights
DATA PROTECTION
ANTI-CORRUPTION
Patient Safety
Competition & Antitrust
→ SALES & MARKETING ETHICS

4. Compliance Jargon
To better understand ourselves...

5. Anti-Bribery Laws Globally
Basic Legislation:
 FCPA (Foreign Corrupt Practices Act)
• OECD (Organization for Economic Cooperation &
Development )

6. FCPA

7. FCPA
The US Law (since from 1977 and as amended as of 2002) in
relation to Foreign Corrupt Practices Act criminalizes the
bribery/corruption of foreign officials anywhere in the world
where the purpose of the bribe is to influence an official decision
in order to obtain a business benefit.
The FCPA also requires companies whose stock is traded on a U.S.
exchange to meet certain standards regarding their accounting
practices, books and records, and internal controls.

8. FCPA
Issuer:
• A publicly-held company
whose securities are
registered with the SEC and
which must file periodic
reports, subject to the
requirements of the Securities
Exchange Act of 1934;
• Issuers can be non-U.S.
companies;
• The FCPA also covers any
officer, director, employee,
agent or stockholder of an
Issuer.
Any Person:
• The FCPA’s anti-bribery
provisions also apply to
“any person” who commits
any act in furtherance of a
bribe while in the United
States or its territories.
• “Any person” includes non-
U.S. persons and
corporations.
Why do we care about the FCPA?
ALL employees, distributors, agents, consultants are Bound by the FCPA!
Domestic Concern:
• Any citizen, resident, or
national of the U.S.;
• Any company that is
incorporated in the United
States or that has its principal
place of business in the U.S.
• The FCPA also covers any
officer, director, employee,
agent, or stockholder of a
domestic concern.

9. Some Examples
• Cash or a cash-equivalent
• Travel expenses
• Services
• Golf outings or other entertainment unrelated to
customary entertainment linked to a particular deal
or contract
• Loans
• Company stock options
FCPA

10. ΟECD

11.  The Organization for Economic Cooperation and Development (OECD)
Convention on Combating Bribery of Foreign Public Officials was signed by
OECD members and other trading partners on December 17, 1997.
 Commits over 35 signatory countries to enact laws similar to the FCPA
 Related text ends tax deductibility of bribes to foreign officials
 Entered into force on February 15, 1999
 Levels the playing field for U.S. businesses which operate internationally
OECD

12. Argentina Australia Austria
Belgium Brazil
Bulgaria Canada Chile
Czech Republic Denmark
Finland France Germany
Greece Hungary
Ireland Iceland Italy
Japan Korea
Luxembourg Mexico Netherlands
New Zealand Norway
Poland Portugal Slovak
Republic Slovenia Spain
Sweden Switzerland Turkey
United Kingdom United States
OECD

13. Greek Legislation
LAW 2656/98 (as amended by Law 3090/2002) Ratification of OECD Convention in relation to
Combating Bribery of Foreign Public Officials in International Business Transactions
ΑRTICLE 2
Anyone who during his business activities and intentionally offers, promises or gives any
undue pecuniary or other advantage, whether directly or through intermediaries, to a
foreign public official, within the meaning of the OECD convention that ratified Article 1 of
this law for that official or for a third party, in order that the official acts or refrains from
acting in relation to the performance of official duties and/or obtains or retains business or
other improper advantage in the conduct of business, shall be punished with imprisonment
of at least 1 year.
ΑRTICLE 3
Anyone who facilitates or conceals the commission of an act marriage according to the
second article of the Act:
• Holds accounts outside of books of his business.
• Conducts transactions outside books or inadequately identified them.
• Registers non-existent expenses or incorrectly identifies the subject matter, or uses
documents with untrue content is punished by imprisonment up to 3 years if the act is not
punishable under any other provision heavier

14. Greek Legislation
ΑRTICLE 4
The investigation and preliminary investigation on the criminal acts of this are the
responsibility of the Financial Crime Body (SDOE).
ΑRTICLE 5
If a legal person or company, of culpability of directors, benefited in any way from
offenses of this Act is imposed on it, by decision of the Head of the Regional Directorate
of SDOE: an authority or authorities responsible for making and receiving requests,
which shall serve as channel of communication for these matters for that Party, without
prejudice to other arrangements between Parties.
a) administrative fine up to 3 times the value of the benefit or
b) temporary or permanent disqualification for the exercise of its business activity or
c) temporary or permanent exclusion from entitlement to public benefits or aid SOS

15. Greek Legislation
LAW 3691/2008 (Directive 2005/60/EC of the European Parliament and of the Council) on
the prevention of the use of the financial system for the purpose of money laundering
and terrorist financing
ΑRTICLE 7:
Foundation of the Authority for Combating Money Laundering and the Financing of Terrorism and
Control Assets Declaration Statement
ΑRTICLE 3: Criminal Activities
a) Passive bribery (Penal Code 235)
The official who in breach of his duties asks or receives directly or through an intermediary for himself or for
a third benefit of any nature or accepts a promise thereof to make a future act or omission already done or
going back to duty or contrary to them punished with imprisonment of at least one year, as well as
mandatory penalty equal to 50 times the benefit and up to 150,000 euros. In case of non-quantifiable
benefit in money, the penalty can not be less than $ 10,000 nor more than one hundred and fifty thousand
euro 150,000.
b) Active bribery (Penal Code 236)
Anyone who promises or gives an official, directly or through an intermediary, of any nature benefits for
himself or for a third party to act or omission of the future or already finished, going back to duty or contrary
to, punishable by imprisonment of at least one year, as well as mandatory penalty equal to 50 times the
benefit and to the amount of 150,000 euros. In case of non-quantifiable benefit in money, the penalty can
not be less than $ 10,000 nor more than 150,000 euros.

16. Greek Legislation
CODE OF MEDICAL ETHICS (Dec. 2005)
ARTICLE 6 par. 4
Prohibited the physician to serve, subject to or participate in companies that manufacture
or market drugs or medical supplies or advertise and promote them in any way. These
restrictions do not preclude the award of specific and transparent working relationships
with companies that manufacture drugs or medical supplies to doctors who legally have
that option.
ARTICLE 36
Any violation of the provisions of this disciplinary punished by the competent disciplinary
bodies.
In addition, the physician who violates the provisions of Articles 6 § 4 ....... Is punished by
A) Temporary withdrawal of the license to practice his profession and
B) Temporary cessation of holding any position in government for at least 2 years
C) a Fine of 50,000 to 200,000 Euros.

17. Protection of Personal Data

18. Protection of Personal Data
→ ΕU DATA PROTECTION REFORM
“Data Protection is made in Europe.
Strong Data Protection rules must be Europe’s Trademark.”
Viviane Redding, Vice-President & Justice EU Commissioner
EU Parliament Strasbourg, March 2014

19. Why Reform?
• Effective Control of personal data
on behalf of EU citizens (easier
access to your own data, putting you in
control, data protection first not an
afterthought)
• Easier for businesses to operate
and innovate in the EU market
(one continent-one law, one- stop-shop)
Protection of Personal Data

20. Current EU & GR Legal Framework: Impossible to contract out
Law 2472/1997 incorporating amendments (EU Directive 95/46/ΕC Data Protection
Directive on the protection of individuals with regard to the processing of personal data
and on the free movement of such data & ΕU e-Privacy Directive 2002/58/EC concerning
the processing of personal data and the protection of privacy in the electronic
communications sector)
Article 2
a) Personal data: any information (name, age, residence, occupation, marital status, physical
characteristics, education, employment, economic status) who refers to the data subject. Do not
count as personal data aggregated statistical nature of which data subjects cannot be
determined by
b) Sensitive data: data relating to racial or ethnic origin, political opinions, religious or
philosophical beliefs, membership of a trade union, health, social welfare and sexual life,
criminal charges or convictions, and participation in associated with the above associations.
c) Data subject: the natural person to whom the data and whose identity is known or can be
determined directly or indirectly by data subject’s data (physical, physiological, mental, economic,
social status).

21. Current EU & GR Legal Framework: Impossible to contract out
Article 3
The provisions of this Act apply in whole or partly by automatic means, and to the
processing otherwise than by automatic means of personal data which form part of
a filing system or are intended to form part of a filing system.
Article 2
d) Processing of personal data:
Any operation or set of operations which is performed by the State or a legal
person under public law or private law or persons or person with or without the
help of automatic means and apply to personal data, such as collection, recording,
organization, maintenance or storage, alteration, retrieval, use, disclosure by
transmission, dissemination or otherwise making available, alignment or
combination, interconnection, blocking (lock), deletion or destruction.

22. Current EU & GR Legal Framework: Impossible to contract out
Αrticle 4 SOS
3. This Act applies to all processing of personal data, if performed:
a) Since the controller or the processor installed in Greek Territory
b) From a controller not established in the territory of a Member State of the European
Union or a European Economic Area, but a third country for the purposes of processing
personal data makes use of equipment, automated or otherwise, situated in the Greek
Territory, unless such equipment is used only for purposes of transit through the territory of
the Community.
Preamble of ΕU Directive 95/46:
Term 19: a) The installation includes the real exercise of activity through stable
arrangements, the legal form of such an establishment is not the determining factor
b) especially when a single processor is established on the territory of several Member
States must ensure that each of the establishment fullfils the obligations imposed by the
national law applicable to its activities.

23. Current EU & GR Legal Framework: Impossible to contract out
Αrticle 2
g) Processor: any person who determines the purposes and means of processing
personal data, such as a natural or legal person, public authority or agency or any other
organization.
Αrticle 7 & 7Α SOS
1. Prohibited the collection and processing of sensitive data.
2. Except as permitted the collection and processing of sensitive personal data as well
as the establishment and operation of the relevant file with the permission of the
Authority when:
a) The data subject gave his written consent (free, express, specific).

24. Current EU & GR Legal Framework: Impossible to contract out
b) the processing relates to the health and executed by a person professionally
engaged in the provision of health services (physicians or other persons) and is subject
to a duty of confidentiality or relevant codes of conduct provided that the processing
is necessary for medical prevention, diagnosis, care or health service management &
data shall not be transferred or disclosed to third parties.
With NO exemption to hospitals, clinics, recovery centers and detox, pension funds
and insurance companies as well as personal data controller of personal data where
the processing is carried out under programs or telemedicine medical services or
medical services through a network.
g) Processing carried out for research and scientific purposes only and provided
that anonymity is maintained and all necessary measures to protect the rights of data
subjects.
3. The Authority grants permission for collecting and processing sensitive data, and
permits the establishment and operation of the relevant file at the request of the data
processor.

25. Current EU & GR Legal Framework: Impossible to contract out
Αrticle 9
1. The transmission of personal data are free:
a) to EU countries
b) to countries outside the EU after authorization by the Authority which
considers that country ensures an adequate level of protection and
following subject’s consent.
Αrticle 10
1. The processing of personal data is confidential. It is performed exclusively
by persons under the control of the controller.

26. Current EU & GR Legal Framework: Impossible to contract out
Αrticle 11 SOS
Subject's Right to Information
The controller shall at the time of collection of personal data shall inform the data subject in
an appropriate and clear way for:
a) his identity or any representative
b) the purpose of processing
c) the recipients
d) the existence of the right of access
Αrticle 12
Access Right
Everyone has a right to know whether their personal data has been processed and to request
and receive information about.
Αrticle 13
Objection Right
The subject is entitled to object to the processing of data concerning him. The objections are
addressed in writing with specific request (correction, non-transfer, delete) and the
controller must answer in writing within 15 days.

27. European Federation of Pharmaceutical Industries & Associations

28. EFPIA -List of Guiding Principles Promoting Good Governance in the Pharma sector
 Code on the Promotion of Prescription-only Medicines to & Interactions with
Healthcare Professionals (HCP Code)
 Code of Practice on Relationships between the Pharma Industry & Patient
Organizations (PO Code)
Its provisions should be incorporated into EFPIA national legislations by June 24th,
2016 for EFPIA pharmaceutical companies’ transactions as of 2015!
EFPIA

29. SFEE Compliance A-Z

30. SFEE’s CODE OF CONDUCT FOR THE PROMOTION OF OTC
(as amended by the General Meeting of Directors on 04.04.2014 effective from
14.04.2014)
Promotion of Scientific Partners (S) ONLY in Healthcare (CR):
• Physicians
• Dentists
• Pharmacists
• Nurses
NOT to the public (radio, TV, press, internet)!
Promotional material = notify EOF (National Organization for Medicines)
Any material containing only scientific information and is addressed to HCPs CR.
ONLY in professional journals to HCPs.
NEW Forms and / or digital materials created for social security institutions’,
hospital supplies procurement offices’ approval and / or pricing are not
considered as promotional materials.
Dos & Don’ts

31. Medical Information:
Use faxes, e-mails etc allowed only after prior consent or request of the recipient.
SOS access to systems and / or sites ONLY with password.
NOT use of unpublished data on the efficacy and safety of the products contained
in the folder (data on file) for promotional purposes.
YES general data i.e. number of patients in clinical studies, their duration.
It is not permitted the use of:
- Superlatives for ex. "THE analgesic", "unique"
- Generalized claims eg “performs miracles"
- Exaggeration as regards pharmaceutical properties ‘only acts where needed'
- Off-label data
- Medicinal products and activities reported in a discrediting manner
- Materials and promotion disguised.
Dos & Don’ts

32. Certification of Promotional Material:
NEW
- Pharma Co Ads
-Press Releases
- Educational Material for Patients
by the Scientific Service integrated in the Medical Affairs Department NEW
Updating Forms: every 2 years max
Medical Samples: ONLY following EOF’s approval.
Dos & Don’ts

33. Dos & Don’ts
Grants to HCPs
Information & Educational Material (as of Jan. 1st 2014):
Any Grant, Sponsorship or benefit in kind IS PROHIBITED to HCPs.
a) Items up to 15 Euros for medical, training devices of HCPs daily activities
• Applications for mobile phones/computers which due to their nature, are not characterized as
medical technology products (e.g. they do not serve diagnostic or dosing purposes etc)
• Anatomy and/or physiology models (physical or electronic eg CD/DVD/locked USB)
• Anatomy charts (physical or electronic)
• Training material for patients via the HCP in the form of supporting material
• Printed or digital publications incl. guidelines from Scientific Companies, therapeutic protocols
b) Educational Material
• HCPs: ≤ 100 Ευρώ!
• Legal person: ≥ 100 Ευρώ ONLY in the form of donation NEW
c) Gimmicks bearing the company’s logo IS NOT PERMITTED.

34. Dos & Don’ts
Grants/Donations to Institutions-Organizations and Scientific Companies
Prerequisites:
• to support R&D
• to be documented & archived
• do NOT constitute a motive for the recipients of the grant
TO: a) Hospital Institutions, NHS Health Centers
b) Medical Companies, Associations or Unions established as non-profitable private law legal
entities
c) Patients Associations
d) Independent scientific and research programs run by Hospital & University Institutions as
well as awards and scholarships to HCPs NEW
HOW: a) in kind (NOT Medicinal Products Donations-only following National Organization for
Medicines ‘ approval-EOF)
b) in cash (on particular purpose: HCPs education, patients, medical instruments, devices and
reagents
YES indication of a pharmaceutical company in items for donation.
NO indication of drug
Full Transparency & Publication (until March 31st each year at SFEE’s site)

35. Scientific Events:
Type A:
Purpose: for Scientific Content ONLY
From: State Agencies (laboratories, Hospitals NHS, Univ. Clinics, insurance
agencies, scientific associations & non-profit institutions)
Where: a) Greece
b) Abroad
When: 3 times / year and up to 2 days with grants by pharmaceutical companies
from 2,500 Euro to 10,000 Euro (incl. VAT) Not excl. sponsored by only 1 company
Prior authorization and report to EOF within two months and publication on its
site.
How: by ELKE or PCO
Type B:
Purpose: Scientific Content ONLY
From: Pharmaceutical Companies & Public Entities (Type A)
Where: Greece
Dos & Don’ts

36. Dos & Don’ts
Scientific Events:
Type C:
Purpose: Update to HCPs for medicinal products
From: Pharmaceutical Companies
Where: Greece
Speakers: Private Doctors & Military.
Type D:
Purpose: Specialized for a with scientific content & prestigious speakers
a) From: Pharmaceutical Companies based OUTSIDE Greece
Where: Greece
Number Events: Unlimited
b) Pharmaceutical Companies based IN Greece
Where: Greece
Number of Events: Up to 10 events / year

37. Dos & Don’ts
Promotional expenses:
YES renting space, conference material, audiovisual equipment, hospitality, catering.
Transport Costs and Participation:
NOT be included in the Conference Sponsorship Package.
Honorarium:
- Declaration of Interest for 2 years at the beginning of their speech and in any
subsequent publication
- 5,000 (plus VAT) EUR /year
Hospitality Expenses:
Greece: EUR 140 (incl. VAT)
Abroad: EUR 250 (plus VAT)
Sustenance Expenses:
Greece: EUR 70 (incl. VAT)
Exterior: EUR 70 (plus VAT)

38. Dos & Don’ts
Grants-Conferences:
Global Conferences: number of participants HCPs≥ 5
International Conferences (US & Canada): number of participants HCPs≥ 10
International Conferences (EU): number of participants HCPs ≥ 30
HCPs: Abroad: 3 times/year
Greece: 5 times/year
HCPs excepted in case they are:
- speakers
- participants in clinical trials, educational seminars

39. Dos & Don’ts
Internet-Digital Applications
SOS General Principles:
- Not direct or indirect promotion of pharmaceutical
products
- Texts & Information written in neutral and objective
manner with reference to sources.
- Explicit reference "This information is intended for
general information and public information and in no
way can replace medical advice or other HCP"
- The sources of information will be kept on file at
the pharmaceutical company.
- The text & graphics will bear the signature scientific
officer.
- Disclaimer is NOT permitted for information
contained in the information campaign SOS.
Material should be notified to EOF before the first
transmission, place & movement.

40. Dos & Don’ts
Internet-Digital Applications
 Websites
a) Website of Pharmaceutical Co (corporate website)
YES profiles, history, company’s social activity
NO mention to pharmaceuticals product names, active substances
b) Website of Pharmaceutical Co incl. informative texts
on health prevention-promotion issues
a&b: Texts & Pictures: submission to EOF
c) Website of Medical Co incl. texts for public info on
health prevention-promotion issues & financially
supported by a pharma co:
YES therapeutic options
No direct or indirect promotion of pharmaceutical products
Report the name of the Medical co. and the pharmaceutical company /
sponsor in a secondary position

41. Dos & Don’ts
Internet-Digital Applications
d) Websites for pharmaceutical products
addressed to HCPs:
• to Specific HCP population fully controlled by the pharma co.
• HCP registration at the pharma co’s website
• Personal access via a username and password
• The material should be certified by the pharma co. and be
notified to EOF 8 days following its first post date
• Product’s SPC must be posted in an obvious area of the
website and updated/reviewed.
SOS
• In the case of interactive communication and personal data
collection → prior consent of HCP & record keeping of the
pharma co.
• Special care for pharmacovigilance & copyrights
• HCP clearly informed in case he/she is led away from the
pharma co. site
• Use of Cookies only upon special, express and informed
consent of HCP

42. Dos & Don’ts
Internet-Digital Applications
 Promotional Material (eDetailing) to HCPs via Web,
CD, Video, Τablets, Smartphones
Certification by the scientific department of the company
SOS
• In the case of interactive communication and personal data
collection → HCPs prior consent & record keeping of the pharma co.
• Special care for pharmacovigilance & copyrights
• HCP clearly informed in case he/she is led away from the pharma
co. site
• Use of Cookies only upon special, express and informed consent of
HCP
• Up to 15 EUR when considered as a promotional gift
• Ensure that electronic equipment "locks" to prevent online
electronic devices EF and the exchange of any unauthorized
material.
SOS Ex-officio & unscheduled audits by EOF

43. Dos & Don’ts
 Newsletters/Emailing to HCP
At the initiative of the pharmaceutical company:
• Prior HCP written or digital consent kept in file
• Compliance with the provisions on personal data
• The emails contain the resignation option (opt-out)
• HCP clearly informed that he/she receives the email following his/her consent
 Facebook & Twitter
• Pharma co. Logo
• Approval process by the special team (Medical, Pharmacovigilance, Marketing, Compliance,
Legal, E-business, Contact) to ensure the quality & accuracy of the information.
• Communication with consumers or HCPs: Only by authorized personnel (& alternate)
• Informed, special & express consent in case of collection of private data
• Specific Terms of Use
• Checking pages 24 hours 7/7 for possible adverse event reporting
• Pages Facebook & Twitter: For professional use (not personal)
• Ongoing maintenance of content (non-renewal ≥ 6 months → Deactivated)

44. Apps Compliance – legal issues
 User’s consent
 New Relations between app developers
and patients
 Different local laws
 When an app is considered to be a medical
device?
 Legislation and app stores
Case-by-case enquiries, high risk for
the non-compliant!

45. EXAMPLES...

46. 1. Pharmaceutical company still has old
accumulated debts of Public Hospitals and
decides to stop waiting for “responsible”
promises for immediate repayment. Following
instructions from the Manager, outstanding
invoices have been identified which among
other elements also indicate the name of the
individual patient. The Manager organizes a
company’s salesforce meeting and inform them
that starting from tomorrow Scientific
Associates should identify these patients and
contact them directly in order to collect on their
behalf or their families the same amount of
invoices.
True or False?
Why?
Examples

47. 2. Scientific Associate in charge of promoting a
particular pharmaceutical product visits a HCP
employed by a hospital; the latter informs him a
request for a donation of medical instrument in
order to better serve patients. The Scientific
Associate promises that he will notify the
company on condition that the medical
instrument will indicate the name of the
pharmaceutical product he promotes.
True or False?
Why?
Examples

48. 3. Pharmaceutical company announces
that it will release a new
pharmaceutical product X.
In pharma co’s press release such
product is characterized as "unique",
“irreplaceable" and "the best" in
comparison with the product Z of
another competitor which has the
same healing indications and placed on
the market for years.
True or False?
Why?
Examples

49. 4. A pharma co. employee finds an evening at
the company’s photocopy machine the dossier
of a new pharmaceutical product to be filed at
EOF deposit of pharmaceutical formulation
that has left alone. Without much of thought
he takes the dossier and gives it to his best
man working in a competitive company. The
next day two similar dossiers are filed at EOF.
What Compliance principles the said
employee has violated?
Examples

50. 5. The headquarters of a U.S. pharmaceutical
company (with non-EU subsidiaries / branches)
manufactures a phone app that allows users (EU
& Non EU) suffering from heart disease to enter
their personal data such as name / date of birth/
date of birth, their medical record, weight,
medications taken, blood pressure, their diet /
food they consume, whether exercised or smoke
in order to get:
a) specific recommendations as for their diet and
exercise and
b) a reminder to take their treatment.
The data is connected to the phone identifier and
communication server in the US where it is
stored.
Examples
What would be the
applicable
legislation?

51. 6. Pharmaceutical company
manufactures an app that informs HCP
for specific medical diseases. This
application is not interactive i.e. not
allowing them to enter their personal
data or their patients’.
Their consent is needed or not before
installing this app?
Yes or no?
Why?
Examples

52. CONCLUSION...

53. The future is bright.
Pharma Compliance: The ONLY Way Forward
compliance@lawgroup.gr
Everything changes.