More so than in the recent past, today’s sales and marketing management must balance the desire for better access to healthcare providers (HCPs) and their patients, with the regulatory challenges that dictate what data and processes are compliant. So says Mark Jara, managing director of RxS LLC, a Manalapan, NJ firm that specializes in physician sample management, multichannel marketing and commercial operations support. These days, however, sample management is just one step in a larger process of managing commercial data with compliance.
The first recent change was the adoption of the Physicians Sunshine Act, which led to regular reporting on reimbursements and “items of value” (as the rule states) to HCPs. At the federal level, this doesn’t include sample distribution, but some states have incorporated sample accountability into their regs. Additional local regulations, ranging from states (Ohio, Vermont) to individual cities (Washington, DC, and Chicago, IL are two examples) now include licensing and registration fees for sales reps.
A broader-impact change coming very soon, says Jara, is California’s Consumer Privacy Act (CCPA), which is scheduled to go into force in January. Somewhat modeled after the General Data Protection Regulation (GDPR), which went into effect in 2018 in the European Union, CCPA has a broad scope. In general, CCPA addresses companies of greater than $25 million in annual sales (whether inside or outside of California) that handle information “that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer.”
Sale of such data can be restricted, and consumers will have the right to request any such information held by a pharma company (or its information providers) to delete that information. There is a double whammy, of sorts: companies that have data breaches can be penalized for not having sufficient safeguards in place for data security; at the same time, companies must be able to respond to requests from consumers to find out what personal information is being held by that company. Managing HCP data is no different.
The upshot of this, says Jara, is that pharma companies need to be better organized in how they handle HCP data, starting with consolidating data repositories so that there is a way simply to identify what information is being held. “Companies need to understand what data they have, and how they protect it,” he says.
CCPA is already being looked at by other states, reportedly Alabama, Colorado, Oregon, Louisiana, Vermont, and Virginia, have passed, or are looking at, similar regulation. “All companies should be looking at enterprise-level solutions for their data privacy and security policies,” says Jara. “We work with our clients first to manage compliance and then to mine relevant HCP data.