Managing U.S-EU Trade Relations through Mutual Recognition and Safe Harbor Agreements:"New" and "Global" Approaches to Transatlantic Economic Governance?

governance; regulation; regulations; regulatory competition; directives; implementation; WTO

Biobanks in Europe: Prospects for Harmonisation and Networking

Biobanks (i.e. the organised collections consisting of biological samples and associated data, have gained great significance for research and personalised medicine) are increasingly recognised as a crucial infrastructure for research. However, at the same time the widely varied practices in biobanking regarding for example collection, storage and consent procedures may also pose a barrier to cross-border research and collaboration by limiting access to samples and data. In this context, a recent study indicates that the limited sharing and linkage of samples is a key barrier for research, such as pharmacogenetics. Wide variation is observed in the implementation of relevant existing regulation, which may add further burden to harnessing the public health benefit of these collections. Therefore, it has been suggested that there is a strong need for a harmonised approach on biobanking practices and improved networking of existing and new collections. This Report shows information on the extent of biobanking in Europe, collected through a survey of existing European biobanks regarding both technical aspects (e.g. storage conditions) and aspects of governance and ethics (e.g. sample and data sharing, consent procedures, collaborations etc.). In total, 126 biobanks from 23 countries in Europe were surveyed. Significant lack of harmonisation has been found, especially in the legal aspects (e.g. data protection, consent). This may be partly attributed to the varied interpretation and implementation of EC directives covering aspects of biobanking by national authorities. One of the main complications is that, although the field of data protection is harmonised through the EC directive on data protection, the collection, storage, and sharing of samples is not. Furthermore, in countries that have introduced special biobanks acts it is not always clear where the borderline lies between the scope of these acts and that of the Directive. Indeed, according to the survey, biobanks within the same country reported different practices, suggesting that the problems of harmonization might be higher than expected and claimed. Not only are there different national laws, but apparently within EU member states biobanks do not implement homogenous practices on privacy and data protection issues. Desk research and expert interviews were done to complete the picture presented by the survey. Experts widely recognised the need to improve collaboration and networking among the numerous existing biobanks, as well as new initiatives in Europe (and world-wide). Efficient organisation of these resources through the development, for example, of an infrastructure would potentially facilitate financial sustainability and greatly contribute to the rapid progress of research and development of better diagnostic and therapeutic approaches. The most favoured model involved the development of a virtual biobank that would allow networking of biobanks across different countries and centralisation of data rather than samples. However, several organisational challenges (wide variation in biospecimen collection, storage techniques, data comparability, etc.) may hamper such an effort. The lack of uniform regulatory and ethical requirements and/or practices may pose an additional barrier. The European Commission has already recognised the importance of international biobank projects and many of them have been funded and established in the context of the EU Framework Programmes. To help promote networking of biobanks and thus maximise public health benefits, at least some degree of harmonisation must be achieved. Whether this should be achieved solely at the level of legal/regulatory requirements and practices and/or by technical standardisation requires further investigation. Experts suggested the establishment of an international (rathen than just a European) umbrella (or network) organization, which would establish common operating procedures.JRC.DDG.J.2-The economics of climate change, energy and transpor

Globalization and Social Protection: The Impact of EU and International Rules in the Ratcheting Up of U.S. Privacy Standards

Contemporary critiques of globalization processes often focus on the potential leveling of regulatory standards and the export by the United States of neoliberal norms of deregulation and market facilitation. This Article, in contrast, examines the extrajurisdictional impact of EU data protection policy on the behavior of private parties in the United States, leading to a ratcheting up of U.S. privacy standards. The Article takes a socio-legal approach, exploring the many ways in which the EU Directive on the Processing of Personal Data affects U.S. practice through changing the stakes of US. players-including regulators, businesses, privacy advocates, lawyers, and privacy service providers-and thereby changing the playing field in the United States on which competing interest groups clash. In examining the interaction of EU law, US. practice, and international trade rules, the Article finds that WTO law, rather than constraining the Directive\u27s extra-jurisdictional impacts, provides the EU with a shield against U.S. retaliatory threats, thereby further facilitating a trading up of data privacy standards. The Article concludes by examining the conditions under which cross-border exchange can lead to a leveraging up of social protections such as data privacy standards. These include: the desire for firms to expand their markets, subjecting themselves to foreign regulatory policy; European states\u27 ability to enhance their bargaining power by acting collectively, using the large EU market as leverage to change foreign standards; the nature of data privacy protection as a luxury good demanded by residents of relatively wealthy, more powerful jurisdictions; the externalities of U.S. under-regulation of privacy protection, legitimizing EU intervention; and the constraints of WVTO supranational trade rules on U.S. unilateral retaliatory threats. While the Article focuses on the issue of data privacy, its analysis applies to broad areas of law affected by economic globalization

‘Digital pills’ for mental diseases: an ethical and social analysis of the issues behind the concept

Recently, the US Food and Drug Administration has given a landmark approval to the very first digital pill with a sensor embedded in the inside. These are complex systems that include a drug and an electronic tracker that is activated when the patient takes the pill. Accordingly, they might be an excellent tool for monitoring and potentially improving patients’ adherence to prescriptions. This would serve well to avoid unnecessary healthcare costs and reduce the anxiety of patients and their relatives. However, digital pills might also diminish patient autonomy, reduce privacy, or promote inadequate use of pharmaceutical resources. This article is aimed at contributing to adequate use of this new tool by showing the main ethical and social issues they involve and proposing measures meant to address them. Finally, we conclude by defending the idea that these new systems should be seen as means of complementing traditional strategies to promote adherence to treatment, and not as substitutes.Iñigo de Miguel Beriain’s work received funding from the EU Commission, H2020 SWAFS Programme, PANELFIT Project, research grant number 788039. Marina Morla’s work received funding from the Programa Propio de Investigación de la Universidad de León

Electronic Signatures in E-Healthcare: The Need for a Federal Standard

Healthcare, like many industries, is fast embracing the benefits of modern information technology ( IT ). The wide range of available publications on the use of IT in healthcare indicates that IT provides the promise of faster and more comprehensive information about all aspects of the healthcare delivery process, to all classes of its consumers - patients, doctors, nurses, insurance adjudicators, health inspectors, epidemiologists, and biostatisticians. But the drive towards electronic information in health care is not rooted merely in efficiency; more recently, significant emphasis has been placed on patient safety issues raised by the Institute of Medicine\u27s ( IOM ) year 2001 quality report on the subject. It is believed that the deficiencies indicated in that report can be substantially overcome by the use of IT in health care. However, to make this transition successful and complete, all aspects of health care delivery, information management, and business transactions, have to be logically migrated into the electronic world. This includes the function and use of the signature. The use of signatures in business contexts has traditionally provided two functions of legal significance: 1) evidence that can attribute documents to a particular party, and 2) indication of assent and intent that the documents have legal effect. In the recent decades, state and federal statutes have substantiated these functional attributes to digital or electronic signatures. Many of these statutes derive from model codes, such as the Uniform Electronic Transactions Act ( UETA ), that attempt to standardize use and technology surrounding electronic signatures. Subsequent sections will attempt to identify gaps in the standards which prevent true transaction portability. Lack of portability defeats one of the fundamental goals of health care IT solutions - improved efficiency. The discussion will end with a proposal for a uniform federal statutory scheme for standardized electronic signatures for health care

International transfers of health data between the EU and USA: a sector-specific approach for the USA to ensure an 'adequate' level of protection.

International health research increasingly depends on collaboration and combination using medical data to advance treatment and drug discovery. The European Union (EU), through its General Data Protection Regulation, has tightened the rules for sharing data across borders to protect individual privacy. These new rules threaten cooperation between the EU and the USA, the two largest public funders of biomedical research. This article analyzes the primary pathway for sharing research data with the USA, the US-EU Privacy Shield, and argues that the Shield is ill-suited to support complex health studies. Its legitimacy is in question under both EU and US law, and its terms are too restrictive for the variety of exchanges underlying research, treatment, and care. As an alternative, we propose that the USA seek an additional sector-based adequacy determination based on the existing US health privacy law, the Health Insurance Portability and Accountability Act. A sector-specific approach to adequacy for health would avoid many of the most contentious issues that divide the USA and EU on data protection. It could also serve as a model for other third-party jurisdictions and facilitate international harmonization of health research practices

Blockchain in EU e-health - blocked by the barrier of data protection?

Compliance with data protection requirements is always a tricky business and even more intricate when it comes to cutting-edge technologies such as distributed ledger technology (DLT), better known as Block Chain Technology (BCT). These difficulties increase even more when the personal data concerned is accorded a special level of protection, as is the case with health data. The following article aims to describe and analyze the legal issues associated with this scenario. The focus here is on the European Union's (EU) General Data Protection Regulation (GDPR) 1, which took effect on May 25, 2018. Furthermore, the functionality of BCT and its possible fields of application in healthcare will be outlined

Marketing Strategies During the Product Life Cycle in the Pharmaceutical Industry

Development and implementation of effective marketing strategies during various stages of product life cycle in the pharmaceutical industry are critical to an organization\u27s successful performance in the marketplace in the 21st century. Guided by the general systems theory developed by Bertalanffy and the evolutionary systems theory developed by Laszlo and Laszlo, the purpose of this single case study was to explore best practices among marketing managers within pharmaceutical companies related to marketing strategies during various stages of product life cycle. Data were gathered via semistructured interviews with 3 purposefully selected managers who have successfully developed marketing strategies in a central Ohio pharmaceutical company in business for more than 10 years. A review of secondary data included company documents, such as annual reports, news releases, and websites, in addition to government databases. Member checking was conducted to ensure accuracy of the interpreted data and trustworthiness of the research findings. Yin\u27s 5-step process and thematic analysis were used to analyze the data. Four themes emerged from data analysis: marketing function, product life cycle phases, factors influencing the decision-making process, and strategic activities in executing business strategies. Findings may have implications for positive social change such as assisting organizational leaders to understand the challenges and business practices in implementing marketing strategies to successfully deliver products that improve patients\u27 health

ELSI issues of Precision medicine - Comparison of US, South Korea, China and Mongolia focusing on informed consent and privacy

This study aims to review current precision medicine, analyze ELSI issues and compare legal and regulatory framework of informed consent and privacy issues in countries, namely US, South Korea, China and Mongolia. This has been conducted through analysis of current situation and challenges that four countries are facing in terms of informed consent and privacy issues in precision medicine. The purpose of this study is to develop recommendation for Mongolia based on three countries experiences and pros during development of precision medicine regarding informed consent and privacy. In order to carry out this study, mainly two study methods are applied. First, the literature review was performed with academic articles and reports on precision medicine and its ELSI research including informed consent and privacy issues, and officual documents from each government website. Secondly, the comparative analysis of the legal and regulatory frameworks that relate to informed consent and privacy on prevision medicine was conducted in four countries. Through the analysis, it has clearly revealed that Mongolia need to improve regulation related to informed consent, including appropriate language and terms, evaluation questions and approval of electronic version. But in Mongolia, special contemplation should be discussed in order to develop electronic informed consent due to nomadic life, lack of infrastructure, like internet, computer in remote areas, and low computer and health literacy, especially in non-capital areas. Since Mongolia is taking first step in privacy protection in context of personal information and sensitive information including genetic and biometric, several updates and recommendation could be proposed based on described approaches and solution ways from respective countries. This includes official implementation of PIPL, development of guideline for de-identification of personal information and building capacity for human resources and technology. Moreover, experience from developed countries can help improvement but approach need to be naturalized accordance with Mongolian background. Even though Mongolian government is started to focus on biomedical researches and related issues to enhance quality of research field and open more gates to researchers, infrastructure preparedness has developed very slowly. Recommendations arise from this study, may provide some opinions in building better frameworks targeting informed consent and privacy issues in Mongolian situation. Furthermore, detailed analysis from expert’s perspective will need to be conducted for achieving successful results with improvement from international experts’ experiences and support.open석

Healthy Data Protection

Modern medicine is evolving at a tremendous speed. On a daily basis, we learn about new treatments, drugs, medical devices, and diagnoses. Both established technology companies and start-ups focus on health-related products and services in competition with traditional healthcare businesses. Telemedicine and electronic health records have the potential to improve the effectiveness of treatments significantly. Progress in the medical field depends above all on data, specifically health information. Physicians, researchers, and developers need health information to help patients by improving diagnoses, customizing treatments and finding new cures. Yet law and policymakers are currently more focused on the fact that health information can also be used to harm individuals. Even after the outbreak of the COVID-19 pandemic (which occurred after the manuscript for this article was largely finalized), the California Attorney General Becera made a point of announcing that he will not delay enforcement of the California Consumer Privacy Act (“CCPA”), which his office estimated imposes a $55 billion cost (approximately 1.8% of California Gross State Product) for initial compliance, not including costs of ongoing compliance, responses to data subject requests, and litigation. Risks resulting from health information processing are very real. Contact tracing and quarantines in response to SARS, MERS, and COVID-19 outbreaks curb civil liberties with similar effects to law enforcement investigations, arrests, and imprisonment. Even outside the unusual circumstances of a global pandemic, employers or insurance companies may disfavor individuals with pre-existing health conditions in connections with job offers and promotions as well as coverage and eligibility decisions. Some diseases carry a negative stigma in social circumstances. To reduce the risks of such harms and protect individual dignity, governments around the world regulate the collection, use, and sharing of health information with ever-stricter laws. European countries have generally prohibited the processing of personal data, subject to limited exceptions, for which companies have to identify and then document or apply. The General Data Protection Regulation (“GDPR”) that took effect in 2018 confirms and amplifies a rigid regulatory regime that was first introduced in the German State Hessen in 1970 and demands that organizations minimize the amount of data they collect, use, share, and retain. Healthcare and healthtech organizations have struggled to comply with this regime and have found EU data protection laws fundamentally hostile to data-driven progress in medicine. The United States, on the other hand, has traditionally relied on sector- and harm-specific laws to protect privacy, including data privacy and security rules under the federal Health Insurance Portability and Accountability Act (“HIPAA”) and numerous state laws including the Confidentiality of Medical Information Act (“CMIA”) in California, which specifically address the collection and use of health information. So long as organizations observe the specific restrictions and prohibitions in sector-specific privacy laws, they may collect, use, and share health information. As a default rule in the United States, businesses are generally permitted to process personal information, including health information. Yet, recently, extremely broad and complex privacy laws have been proposed or enacted in some states, including the California Consumer Privacy Act of 2018 (“CCPA”), which have a potential to render compliance with data privacy laws impractical for most businesses, including those in the healthcare and healthtech sectors. Meanwhile, the People’s Republic of China is encouraging and incentivizing data-driven research and development by Chinese companies, including in the healthcare sector. Data-related legislation is focused on cybersecurity and securing access to data for Chinese government agencies and much less on individual privacy interests. In Europe and the United States, the political pendulum has swung too far in the direction of ever more rigid data regulation and privacy laws, at the expense of potential benefits through medical progress. This is literally unhealthy. Governments, businesses, and other organizations need to collect, use and share more personal health information, not less. The potential benefits of health data processing far outweigh privacy risks, which can be better tackled by harm-specific laws. If discrimination by employers and insurance companies is a concern, then lawmakers and law enforcement agencies need to focus on anti-discrimination rules for employers and insurance companies - not prohibit or restrict the processing of personal data, which does not per se harm anyone. The notion of only allowing data processing under specific conditions leads to a significant hindrance of medical progress by slowing down treatments, referrals, research, and development. It also prevents the use of medical data as a tool for averting dangers for the public good. Data “anonymization” and requirements for specific consent based on overly detailed privacy notices do not protect patient privacy effectively and unnecessarily complicate the processing of health data for medical purposes. Property rights to personal data offer no solutions. Even if individuals - not companies creating databases - were granted property rights to their own data originally, this would not ultimately benefit individuals. Given that transfer and exclusion rights are at the core of property regimes, data property rights would threaten information freedom and privacy alike: after an individual sells her data, the buyer and new owner could exercise his data property rights to enjoin her and her friends and family from continued use of her personal data. Physicians, researchers, and developers would not benefit either; they would have to deal with property rights in addition to privacy and medical confidentiality requirements. Instead of overregulating data processing or creating new property rights in data, lawmakers should require and incentivize organizations to earn and maintain the trust of patients and other data subjects and penalize organizations that use data in specifically prohibited ways to harm individuals. Electronic health records, improved notice and consent mechanisms, and clear legal frameworks will promote medical progress, reduce risks of human error, lower costs, and make data processing and sharing more reliable. We need fewer laws like the GDPR or the CCPA that discourage organizations from collecting, using, retaining, and sharing personal information. Physicians, researchers, developers, drug companies, medical device manufacturers and governments urgently need better and increased access to personal health information. The future of medicine offers enormous opportunities. It depends on trust and healthy data protection. Some degree of data regulation is necessary, but the dose makes the poison. Laws that require or intend to promote the minimization of data collection, use, and sharing may end up killing more patients than hospital germs. In this article, I promote a view that is decidedly different from that supported by the vast majority of privacy scholars, politicians, the media, and the broader zeitgeist in Europe and the United States. I am arguing for a healthier balance between data access and data protection needs in the interest of patients’ health and privacy. I strive to identify ways to protect health data privacy without excessively hindering healthcare and medical progress. After an introduction (I), I examine current approaches to data protection regulation, privacy law, and the protection of patient confidentiality (II), risks associated with the processing of health data (III), needs to protect patient confidence (IV), risks for healthcare and medical progress (V), and possible solutions (VI). I conclude with an outlook and call for healthier approaches to data protection (VII)