Connect with Us
602 Park Point Drive, Suite 225, Golden, CO 80401 – +1 303.495.2073
© 2025 Medical Affairs Professional Society (MAPS). All Rights Reserved Worldwide.
The following authors contributed to this publication:
- Jonathan Dixon, Head of Medix Consultancy Ltd, Medix
- Jessica Santos, Global Compliance & Quality Director, DPO, Oracle
- Erik Rush, Medical Writer
- Jenna Laybourne, Senior Director, Medical Governance Lead, Kyowa Kirin
- Maureen J. Lloyd, Executive Director, LLOYDMJMC LLC
- Jillian Gillespie, Director, Compliance Business Partner, Research & Development, Pfizer
The views expressed in this paper are those of the authors and do not represent their organizations.
LANDSCAPE
The Pharmaceutical and MedTech industries are highly regulated. Society at large—patients and HealthCare Professionals (HCPs)* in particular—expect companies to act appropriately and to comply with existing laws, regulations, and industry codes. Those in Medical Affairs need to understand these requirements to manage their activities in a legal, compliant, and ethical manner. The objective of this White Paper is to guide Medical Affairs personnel on the key components of the legal, regulatory, and industry codes of practice requirements which are applicable to Medical Affairs in Pharma and Medical Devices industries, and how to identify and mitigate risks. This paper also includes company control frameworks for compliance with the requirements through policies, processes (usually captured in Standard Operating Procedures [SOPs]), systems, training, monitoring, and audit.
Medical Governance and Compliance are underpinned by ethical guidelines for interactions between these industries and HCPs. These ensure that interactions and collaborations prioritise patient welfare, maintain professional integrity, and prevent undue influence or conflicts of interest. Government regulations and industry codes of practice provide the requirements, and Compliance functions use these to shape the advice they provide to staff in key areas such as:
- Transparency and Disclosure
- Independence and Objectivity
- Independent Medical EducatioN and Sponsorship
- Research Collaborations
- Promotion and Marketing
- Conflict of Interest Management
Being aware of areas which can carry potential conflicts of interest, HCPs are thereby encouraged to transparently disclose these conflicts and maintain the integrity of their treatment decisions.
Legal, Regulatory, and Compliance Frameworks
Regulations and the Role of Legal
Regulations are typically established by national and local regulatory bodies such as the Food and Drug Administration (FDA) and Federal Trade Commission (FTC) in the United States; the European Medicines Agency (EMA) covering the EU, Iceland, Norway, and Liechtenstein; and the Medicines and Healthcare Products Regulatory Agency (MHRA) in the UK. These regulatory bodies enforce rules that biopharmaceutical and MedTech companies must adhere to, with noncompliance resulting in penalties such as fines, regulatory audits, reputation damage, or business interruptions.
Corporate Integrity Agreements (CIAs) have been implemented as part of settlements between pharmaceutical companies and the U.S. government to address allegations of fraud and misconduct. These agreements, typically lasting 5 years, require companies to adopt stricter compliance measures, such as enhanced training, regular audits, and independent oversight. CIAs aim to curb unethical practices such as off-label marketing and kickbacks, forcing companies to operate with greater transparency and accountability. As a result, many pharmaceutical companies have improved their adherence to regulations, reducing the likelihood of future violations and fostering a culture of compliance.
Legal departments focus on the broader legal landscape governing the industry and individual conduct within the industry, aiming to minimize legal liability. Legal plays the role of interpreting the law and is involved in contracting and review of materials or business user cases.
Compliance in Medical Affairs
The role of Compliance in Medical Affairs is to manage operational risks, ensuring that the development of drugs, devices, and diagnostics is conducted legally and ethically. Compliance advises on business risk and mitigation and guides business advancement and innovation by identifying measures within the bounds of regulatory, legal, and company standards.
Medical Affairs and Commercial functions are bound by legal and regulatory frameworks that relate to the promotion of prescription medicines as well as data privacy and anti-bribery and anti-corruption measures, with considerations for legitimacy of intent, conflicts of interest, proportionality, and transparency. By adhering to these principles and regulations, the industry can maintain legal compliance and public trust while advancing medical knowledge and patient care.
Medical Governance
In some organizations, Medical Governance operates as a distinct function, while in others, it may be integral with Compliance or Risk Management. When established as a separate entity within the Medical Affairs function, Medical Governance usually collaborates closely with Compliance teams to interpret policies and provide strategic guidance, particularly in areas that lack clear industry standards or company procedures. This partnership is crucial in navigating ambiguous situations and ensuring that the company adheres to ethical and legal standards while continuing to innovate and deliver value to its stakeholders.
Medical Governance can play an integral role in shaping how a company conducts itself both internally and externally. It establishes a comprehensive governance framework that guides both Medical and Commercial teams. This ensures that teams make ethical, informed decisions that align with external requirements and adhere to the company’s core values. By doing so, Medical Governance helps to safeguard the integrity of business operations while meeting the needs of key external stakeholders, including HCPs, decision-makers, patients, and the broader public. Additionally, a robust governance structure strengthens a company’s focus on achieving its business objectives, addresses challenges with clarity, mitigates risks, and fosters trust within the industry. It also encourages a culture of compliance, guiding behaviors in a way that upholds ethical standards and regulatory mandates.
Regulations and Requirements for Key Areas of Risk
Promotion of Prescription Medicines
The following are examples of key regulatory agencies and do not necessarily reflect all existing regulations.
1. FDA
The U.S. Food and Drug Administration regulates prescription drug promotion to ensure that advertisements are not false or misleading and that they provide a fair balance of information about the benefits and risks. Since the FDA is one of the leading regulatory bodies aiming to protect public health by ensuring the safety, efficacy, and security of human and veterinary drugs, biological products, and medical devices, its policies and regulations are widely referenced by other codes and regulatory frameworks.
2. EMA
The European Medicines Agency regulates promotional activities similarly, with a strong focus on the accuracy of information and prohibiting the promotion of prescription-only medicines to the general public.
3. MHRA
The Medicines and Healthcare products Regulatory Agency regulates medicines, medical devices, and blood components for transfusion in the UK. The MHRA is an executive agency, sponsored by the Department of Health and Social Care.
Data Privacy
The following are examples and do not necessarily reflect all existing regulations and requirements.
- The Health Insurance Portability and Accountability Act (HIPAA) in the U.S. sets national standards for the protection of individually identifiable health information.
- The General Data Protection Regulation (GDPR) provides comprehensive data protection and privacy rules in Europe, including for medical and health-related information.
Key Considerations
- Legitimacy of Intent: Data collection and processing must have a clear, lawful purpose, such as improving patient care or conducting legitimate medical research.
- Conflicts of Interest: Data privacy practices should avoid conflicts that could compromise the integrity or security of patient information.
- Proportionality: Data collection should be limited to what is necessary for the intended purpose.
- Transparency: Patients must be informed about how their data will be used, and consent must be obtained where required.
- Protection of data and subjects’ rights: Ensure that subjects have the right of access to their data, the right to rectification, the right to erasure, the right to restrict processing, the right to data portability, the right to object, and the right not to be subject to a decision based solely on automated processing. Companies should have procedures on breach notification and a privacy policy in place.
Anti-Bribery and Anti-Corruption Measures
The following are examples and do not necessarily reflect all existing regulations and requirements.
- The Foreign Corrupt Practices Act (FCPA) in the U.S., prohibits bribery of foreign officials and mandates accurate record-keeping.
- The UK Bribery Act includes provisions against bribery in both the public and private sectors, imposing strict penalties for violations.
Key Considerations
- Legitimacy of Intent: Interactions between Medical Affairs staff and HCPs and officials must be for legitimate purposes, such as scientific exchange or medical education, and not for influencing purchasing decisions.
- Conflicts of Interest: Relationships between pharmaceutical companies and HCPs must be managed to avoid any actual or perceived conflicts of interest. Ensure that hospitality or other benefits (sometimes referred to as inducements) do not create conflicts of interest.
- Proportionality: Any financial support or benefits provided must be reasonable and not excessive.
- Transparency: Full disclosure of all payments, sponsorships, and benefits to HCPs and institutions is required to avoid any perception of impropriety.
Specific Requirements for Medical Affairs
The following are examples and do not necessarily reflect all existing Medical Affairs requirements.
1. Continuing Medical Education (CME):
- The Accreditation Council for Continuing Medical Education (ACCME) sets standards for the independence of CME activities in the U.S., requiring that these are free from commercial bias.
- Good CME Practice (gCMEp) ensures that CME activities in Europe are independent, evidence-based, and designed to improve medical practice.
- Education activities that are not considered CME (e.g., HCPs providing educational content, unaccredited education programs, grants, sponsorships, patient education programs) are governed by the codes of practice and other regulations.
2. Scientific Exchange:
Medical Affairs teams are often involved in scientific exchange activities, which must be clearly differentiated from promotional activities and adhere to guidelines ensuring that they are nonpromotional, evidence-based, and conducted with scientific rigour.
3. Scientific Publications:
The International Committee of Medical Journal Editors (ICMJE) has established standards for the conduct, reporting, editing, and publication of scholarly work in medical journals. The ICMJE expects authors to ensure that they have met the requirements of their funding and regulatory agencies regarding aggregate clinical trial results.
4. Research Activities:
GxP is a collection of quality Good Practice guidelines and regulations created to ensure that bio/pharmaceutical products are safe, meet their intended use, and adhere to quality processes during clinical development, manufacturing, storage, and distribution. GxP includes Good Clinical Practice (GCP), Good Manufacturing Practice (GMP), and Good Laboratory Practice (GLP).
