The Cordery team has considerable experience of compliance issues in healthcare including setting up policies, training and remediation work; for example, assisting with conducting internal investigations and dealing with security breaches.
The type of projects we handle include:
- Internal investigations (including supporting a client’s own investigatory team)
- Data protection advice including advice on:
- Clinical trials
- Marketing
- Key opinion leaders & clinicians
- Patient data
- Compliance monitoring
- Anti-bribery, gifts & hospitality – policies & training
- Supply chain due diligence and management, including advice on modern slavery laws
- Cyber security and security breach
- Product recall
- Social media policies, disclosures and training
- Product labelling
- Reputation management
- Safe Harbor/Privacy Shield
Experience
Recent projects members of our team have completed include:
- Dealing with a major data breach for one of the world’s leading pharma companies. We led the investigatory team including a technical team from a Big 4 consultancy appointed by the client. We assisted in a detailed remediation and mitigation plan and led the interaction with regulators. The breach was contained and regulators decided on no further action.
- Conducting on-site data breach training for a number of healthcare companies. Sessions have been conducted over half a day, a full day and two days. Scenarios were tailored to specific situations the organisations may encounter after a risk assessment process. Individuals trained have included data breach response teams in Europe, Asia and North America.
- Leading a full GDPR compliance project for a well-known multinational organisation involved in clinical trials.
- Led a GDPR-compliance project for a major US provider of technical services to healthcare providers. The included extensive training programs involving all EU-based employees both face to face and by video.
- devising an internal audit methodology for a leading global healthcare company to assess its liability as a data processor under GDPR. This methodology is used by the organisation’s corporate internal audit team to assess subsidiaries around the world.
- Dealing with a series of subject access requests in the health sector which involved proceedings being issued in the UK to enforce the subject access right. Those proceedings were settled on what our client believes to be acceptable terms.
- Rapid response to a security breach for a well-known healthcare organisation including a detailed risk assessment and advice on remedial measures.
- Advice in connection with the marketing of healthcare related services including a Data Protection Impact Assessment for moving some data to a cloud provider.
- Risk audit for a medical devices company including data protection, bribery & corruption, transparency & data security.
- Safe Harbor/Privacy Shield registration for a US based clinical research organisation.
- Support to a US pharma company on compliance issues relating to its clinical trials program in Central & Eastern Europe.
- Work on outsourced key opinion leader programs using Indian researchers for a European based pharma company.
- Social media training and policies for a leading European based pharma business including face to face sessions for key management at their HQ.
- Complex issues around transferring medical records and outsourcing an occupational health scheme in 5 European countries.
- Advice regarding CRO (Clinical Research Outsourcing) and offshore statistical analysis.
- Advice regarding the structuring of an online marketplace for healthcare-related services.
- Advising on data protection contractual provisions in healthcare contracts with NHS trusts.
- Advising a medical devices producer on data protection implications of their devices, including remote diagnosis and data transfer.
- Competition law advice to a leading medical device company.
- Assisting a medical technology provider in a project to secure preferred supplier status to a national health service.
- Support to an internal investigation after whistleblower complaints were received by a US pharma business.
- Risk and compliance advice to a new market entrant using technology to remotely monitor hospital hygiene standards.
- Research and advice for a Japanese company on draft EU legislation on quality and safety standards for human blood and blood components.
- Advice to a pharmaceutical company on the possible secondary impact of the EU REACH legislation on the company’s pharmaceutical products.
- Data protection registrations for healthcare providers
On reputation management issues we have worked with leading crisis and brand management agencies. Our relationship with LexisNexis UK allows us to do enhanced due diligence on third parties, such as suppliers, and to use LexisNexis’ social media monitoring tools to try and get advanced notice when a story is about to break.
There are news items on healthcare-related topics including on new audit powers in healthcare in the UK here. There is a short film on some aspects of compliance in healthcare here.