New Articles

WHAT TODAY’S USMCA DEBATE HAS TO DO WITH THE DRUGS OF TOMORROW

drugs

WHAT TODAY’S USMCA DEBATE HAS TO DO WITH THE DRUGS OF TOMORROW

The political winds seem to be blowing in favor of a Congressional vote on the U.S.-Mexico-Canada Free Trade Agreement (USMCA) yet this fall. But before they vote, some Members of Congress want to talk over a few issues with the Trump administration’s negotiators. They are pressing the administration to lower intellectual property protections for the U.S. biopharmaceutical industry because they say the agreement’s provisions protecting original data generated by pharmaceutical inventors will drive up the price of prescription drugs.

Their arguments strike a political nerve but don’t offer a complete picture of this complex and evolving industry. The USMCA debate reflects a domestic difference in views. While the United States works to develop its regulatory framework for newer drugs, many other markets are further behind. As important as it is, the issue of data protection for biologic drugs is not well understood. We’ll try to cover the top lines.

Pieces of the Intellectual Property Puzzle

For American innovators of biopharmaceuticals, gaining access to overseas markets requires not only securing regulatory approvals; the policy environment must also be conducive to marketing their products, which includes a value-based approach to pricing, procurement, reimbursement policies – and intellectual property protections.

There are various facets to the intellectual property (IP) protections needed to incentivize massive investments in pharmaceutical innovation and to enable the recovery of those costs once a drug is commercialized. Patents are part of the package and so is the protection of proprietary data, the issue at the fore in discussions about USMCA.

These protections are particularly important to American companies. The intellectual property attached to 57 percent of the world’s new medicines was created in the United States. That’s no accident. Research and development activities flourish in countries where IP frameworks are well developed and enforced.

70% drug dev

What is Data Protection?

To achieve marketing approval from a regulatory oversight agency such as the U.S. Food and Drug Administration and its counterparts in other countries, innovator pharmaceutical companies submit data on the outcomes of their research and years of clinical trials demonstrating the drug is effective and safe. The cost and risks of developing the original data and product fall to the inventor.

When a generic producer or producer of a “biosimilar” seeks approval, they are often afforded the short cut of relying on the inventor’s data. To ensure a balance between incentivizing drug discovery and development while also providing opportunities for lower-cost copies to become available, the inventor’s data may be protected for a period of time against disclosure to generic or biosimilar producer. During this time, any competitor is free to undertake their own data and seek marketing approvals on that basis.

For How Long?

Provisions on data protection are not new in domestic regulations or in trade agreements. Since the Agreement on Trade-Related Aspects of Intellectual Property Rights (TRIPS Agreement) in 1995, World Trade Organization (WTO) members have agreed not to disclose clinical data submitted to regulatory authorities to obtain marketing approval for pharmaceutical products, thereby protecting such data “against unfair commercial use”.

Negotiators of the TRIPS Agreement contemplated specifying that data protection should be no less than five years, but ultimately refrained from including a specific timeframe, leaving it to the discretion of WTO members in their national regulations. NAFTA, which took effect in 1994, provides a minimum of five years.

Enter a New Type of Drug

The timing of these provisions is relevant to the debate today. The TRIPs and NAFTA provisions apply to new “chemical entities,” meaning small molecule drugs – that is, most drugs on the market to date. These types of drugs are capable of being replicated through chemical synthesis to make generic drugs. For this reason, regulators tend to agree that requiring duplicate data from generics would be an inefficient use of resources and unnecessary testing of patients, as long as the generic product is proven “bioequivalent” to its reference product.

Biologics are newer medicines. They are large, complex molecules that are made from living cells to produce the required proteins. This manufacturing process is vastly more complex. A follow-on product is not identical, but rather structurally similar and thus called a “biosimilar”. An exact replica is not possible, and patients cannot automatically be switched from a biologic to its biosimilar without risk of adverse effects.

Given the differences between biologics and small molecule drugs, they are regulated differently, and the IP protections have been applied differently. Biologics are largely defined by their manufacturing processes and regulatory approval of biosimilars does not require identity with the reference product, so biologics must often rely only on process patents versus a product patent. Innovator companies argue a longer term of data protection is needed to bridge the differences in patent protection or to offset the lack of patent protections in some countries, while allowing them to recover the increased cost of generating the original data.

New Trade Provisions for Biologics

Given the longer innovation cycle and the increased cost and complexity of biologics, many governments have provided longer periods of data protection for biologics than for small molecule drugs.

In the United States, the Biologics Price Competition and Innovation Act signed into law by President Obama in 2016, provides for a 12-year period of regulatory data protection for biologics. American companies have sought the same standards from trading partners.

With new agreements in the WTO largely stalled, the focus of trade negotiations over the last decade has shifted to bilateral and regional trade agreements where provisions are often more detailed and tailored. In negotiations toward the Transpacific Partnership Agreement (TPP), the United States pushed for 12 years, but agreed to eight years for biologics from the date of first marketing approval and allowed flexibility in how data protections could be administered. When the United States withdrew from the TPP, the remaining members suspended the relevant provisions.

In the USMCA, American biopharmaceuticals again did not get everything they wanted. Canada and Mexico do not have to match the United States in providing 12 years but agreed to increase the duration of data protection to 10 years from the current standard of five years in Mexico and eight years in Canada.

10 years in USMCA

Why Push Trading Partners to Increase Data Protections?

Beyond North America, the so-called “pharmerging” markets (generally the large developing countries) are growing faster than the stable developed markets. China is by far the largest emerging market for pharmaceuticals. In many developing countries, patent systems are weak or poorly enforced. Regulatory data protection provides some buffer against IP exposure, making it viable and more attractive for companies to introduce their products in that market.

Less data protection and lack of enforcement diminish the potential for U.S. exports. It also leaves the door open for competitors to access unprotected U.S. data without the originator’s authorization. Trade agreement obligations help guard against the unfair commercial use of proprietary data and expand the degree of IP protections in global markets, which is a precursor to greater diffusion of innovative drugs to patients worldwide.

Back to the Core Concerns – Availability and Costs to Patients

Critics of USMCA’s provisions argue data protections keep the prices of biologics high by delaying the introduction of biosimilars. The first biosimilar product was approved in the U.S. market in March 2015. By March 2019, 18 had been approved. Many experts suggest biosimilars have lagged in the U.S. market due to slower changes to the U.S. regulatory system and patent litigation as the industry goes through the same growing pains it did with generic regulation.

As well, drug development is an inherently expensive and risky business, characterized by high failure rates. On average, the process of discovery and commercialization takes 10-15 years at a cost of $2.6 billion. Less than 12 percent of drug candidates make it all the way from lab to patient.

Because of the complexity and high fixed costs required to develop the capacity to manufacture biosimilars, it takes eight to 10 years for biosimilars to come to market, there are fewer entrants than is the case with generics, and the cost savings realized are 10 to 30 percent off the brand, versus an average of 80 percent achievable by generics. Considering the length of time normally required to achieve safe and reliable production of biosimilars, the data protection period in USMCA is unlikely to be a cause of undue delay in getting them to market. Data protection terms are also often less than the remaining patent term.

Your Loss is My Gain

The prominent healthcare research firm, IQVIA, forecasts the biopharmaceutical industry stands to lose $121 billion between 2019 and 2023 as periods of market exclusivity end. Eighty percent of that impact, or loss for innovators, will be in the U.S. market as nearly all of the top branded drugs will have generic or biosimilar competition.

IQVIA says competition among biosimilars is on a path to grow three-times larger in 2023 than it is today. If that’s so, savings over branded biologics could produce approximately $160 billion in lower spending just over the next five years, even as overall spending on biologic drugs grows.

This is part of the business cycle of the pharmaceutical industry and why the innovators maintain strong pipelines because they have limited exclusive time in the market before competitors arrive. That’s good for patients. The data protections in USMCA are not likely to materially impact this cycle or spending. When Canada and Japan lengthened their duration of data protection, drug spending as a percentage of GDP remained nearly flat.

ME losses

Reason for Optimism

Biologics are called the drug of tomorrow. They comprise nearly 70 percent of the innovation pipeline which includes some 4,500 drugs in development in the United States and another 8,000 globally.

Breakthrough products are expected for cancer treatments, autism and diabetes. This is great news, but specialty and niche products tend to come at a higher price so spending may increase as these new drugs enter the market. According to IQVIA, average spending on the brand versions will nonetheless decline from 8.2 percent of the U.S. market to 6.7 percent, a demonstration there’s a healthy market for originals and copies.

There would be no copies without the originals, which is why pharmaceutical regulatory and legal frameworks are full of public policy trade-offs to strike a balance that will support return on innovation while not impeding the availability of affordable drugs. As we make scientific progress, the systems that include IP protections must evolve to accommodate new types of drugs, new capabilities in data analytics and clinical practices, and even changing business models. Not doing so can imperil the pace of progress at precisely the moment when breakthroughs are on the horizon.

___________________________________________________________

Andrea Durkin is the Editor-in-Chief of TradeVistas and Founder of Sparkplug, LLC. Ms. Durkin previously served as a U.S. Government trade negotiator and has proudly taught international trade policy and negotiations for the last fourteen years as an Adjunct Professor at Georgetown University’s Master of Science in Foreign Service program.

This article originally appeared on TradeVistas.org. Republished with permission.

How to Survive the Coming Data Privacy Tsunami

Just as we have gotten used to the idea that the EU’s General Data Protection Regulation (GDPR) is a fact of life and have made modifications in our data collection procedures, the Brazil General Data Protection Law (LGDP), the California Consumer Privacy Act (CCPA), and waves of proposed new data privacy laws are swirling in the calm forewarning of a privacy tsunami heading our way. In the middle of such deep acronym swirls, it could be easy to be overwhelmed. However, all the privacy regulations share a number of commonalities and by addressing these now, you will be on high ground as the waves begin to pound.

The compliance life raft

While you will need to pay attention to the details of individual data regulations as they arise, whether already adopted, pending adoption, or only proposed, all the regulations share certain commonalities that you should consider addressing as part of ongoing operations.

1. Accountability and governance

At the heart of data privacy requirements is the aim to have organizations develop a plan to self-manage data in a way that respects end users. To address accountability and governance requirements in your organization, consider, have you:

-Reviewed the applicability and risk to the organization from data privacy issues, and considered alternatives, including insurance, in case you are fined?

-Mandated that data privacy become part of the policy program, including staff training, measurement, and compliance reporting?

-Clearly documented roles, responsibilities, and reporting lines to embed privacy compliance?

2. Consent and processing

A fundamental privacy regulation concept is that end users are aware when and why their data is collected, and what happens to it once it’s given. To address these requirements, ask yourself whether you have:

-Reviewed that the data being collected and used is necessary and for the benefit of completing a desired action by the user?

-Identified sensitive data and ensured it is treated as such through the use of special encryption or by validating vendor storage practices for sensitive data, etc.?

-Confirmed that user consent for data collection is clearly captured and documented, and that user data can be modified or erased?

3. Notifications and data rights

Gone are the days of legalese or simply taking data from users because we can. Data privacy regulations require transparency, user awareness, and forthright behavior by businesses. To ensure you get this right, ask yourself whether the organization has:

-Written user notices clearly so they can be easily understood—properly targeted to children where relevant—and are reflective of specific data collection and usage purposes?

-Updated the internal organization’s data privacy policy to clearly state the rights of prospects and customers regarding the collection and processing of their personal data?

-Created and tested processes to correct and delete all user data if needed?

Developed a solution to give users their data in a portable electronic format?

4. Privacy design

Organizations that treat privacy as a core design principle will always be in alignment with data privacy regulations. In my consulting experience, I see many self-disciplined organizations that have historically had good privacy practices and have little to address with each new law. To get to that state, ask whether you have:

-Created or updated the policy and associated process to embed privacy into all technology and digital projects, including those outsourced to vendors and partners?

5. Data breach notification

For many organizations, the question nowadays isn’t whether the organization will have a breach, but rather when will it happen and how will they respond. To address regulatory breach aspects, ask whether the organization has:

-Created (or reviewed and updated an existing) data breach policy and response plan to reflect detection, notification, and the actions to mitigate loss?

-Considered and obtained insurance for a possible data breach and regulatory penalties that the organization may face but not be able to handle on its own?

-Incorporated data breach terms and requirements into all vendor and third-party contracts?

6. Data localization

New data privacy regulations state where data physically must be stored, and if transferred to another country, what are the requirements for doing so. Your organization will be well positioned to meet this requirement if it can answer:

-Have we identified and updated all cross-border data flows from the country where the data is collected, and reviewed data export for on-premise and cloud solutions?

7. Children’s online privacy considerations

Data privacy regulations are concerned with end users, but  are even more strict about children and their online data protection and rights. It is best to get ahead of these issues by asking whether the organization has:

-Defined what data it collects from children, whether as a business practice or through efforts like “take your child to work day”?

-Are user notifications and online privacy statements written in a way that a child could understand them, and do they state that parental consent is required?

8. Contracting and procurement

Most businesses may struggle to understand exactly what personal user data is collected via websites, mobile applications, and other digital platforms, especially through third-party software solutions and vendors. To make sure that your organization isn’t caught out, ask whether you have:

-Reviewed and ensured that all vendors, customers, and third-party agreements reflect data regulatory requirements?

-Defined procurement processes such that privacy is integrated into all products and services the organization buys, including regarding data minimization, the visibility of onward data flows, and data ownership?

The bottom line

After years of collecting as much data as we could, we are starting to realize that all of that data has an evil twin: risk. In addition, consumers have become more aware that their data is a valuable resource, and they’re asking more questions about how it’s used and who has access to it. Governments, too, are starting to pay attention. Make sure that you get ahead of the coming data privacy regulatory waves before it becomes an unimaginable problem.

KRISTINA PODNAR is a digital policy innovator. For over two decades, she has worked with some of the most high-profile companies in the world and has helped them see policies as opportunities to free the organization from uncertainty, risk, and internal chaos. Podnar’s approach brings in marketing, human resources, IT, legal, compliance, security, and procurement to create digital policies and practices that comply with regulations, unlock opportunity, strengthen the brand and liberate employees.

Podnar speaks regularly at industry conferences, contributes articles to publications, and delivers masterclasses on digital policy. Podnar is the Principal of NativeTrust Consulting, LLC. She has a BA in international studies and an MBA in international business from the Dominican University of California and is certified as both a Change Management Practitioner (APMG International) and a Project Management Professional (Project Management Institute).

The Power of Digital Policy: A practical guide to minimizing risk and maximizing opportunity for your organization is available on Amazon and through other fine booksellers. For more information, visit Kristina @ www.kpodnar.com and on LinkedIn and Twitter.