Health Issues

Since the beginning of 2025, there have been a flurry of bills introduced at the state and federal level related to genetic privacy, which follows a similar trend over the past several years.  These bills have focused on a range of issues, including general genetic privacy, national security implications of “foreign adversaries” accessing genetic information, the privacy practices of direct-to-consumer (“DTC”) genetic testing companies, and the transfer of genetic data as part of bankruptcy proceedings, among others.  We summarize a subset of such bills moving through state and federal legislatures below.

State Legislation

Montana SB 163

On May 1, the Montana governor signed SB 163 to amend the state’s Genetic Information Privacy Act (“MT GIPA”), which was originally enacted in 2023.  Effective October 1, 2025, there will be several changes to the law, including:

  • Creating Deidentification Exemption: The original version of MT GIPA did not contain an express exemption for deidentified data.  SB 163 amends the law to include an express exemption for the use of deidentified genetic data for certain research purposes.  Specifically, SB 163 includes an exemption for “deidentified genetic data obtained from a third party to the extent that the data is used to conduct internal, medical, or scientific research.”  The deidentification standard is similar to the standard adopted under many comprehensive state privacy laws and other state DTC genetic privacy laws.
  • Waiver of Certain Rights in the Clinical Trial Context: The law provides that consumers’ rights to access and delete data, destroy samples, and revoke consent must be waived in a limited context related to the collection of genetic data as part of a clinical trial if certain conditions are met, including prescriptive requirements for consent.  Specifically:
    • The relevant entity generally must obtain express and informed written consent for participation in a clinical research trial, including the collection and use of any genetic data, which must, among others, be in accordance with the good clinical practice (“GCP”) guideline issued by the international council for harmonisation of technical requirements for pharmaceuticals for home use and include the entity’s biological sample and data retention, sharing, and use policies.
    • The biological sample and genetic data must be utilized for clinical research purposes only.

SB 163 states that these requirements are meant to “supersede all exceptions to, and waivers of” informed consent pursuant to the federal Common Rule.  However, it is not clear how this new limited exemption is meant to interact with the existing exemption for entities that are engaged in collecting, using, or analyzing genetic data or biological samples in the context of scientific or clinical research with express consent of the individual and in accordance with human subject research frameworks, including GCP, the federal Common Rule, or FDA’s human subjects research regulations at 21 C.F.R. parts 50 and 56.Continue Reading Multiple States Enact Genetic Privacy Legislation in a Busy Start to 2025

On May 12, 2025, President Trump issued an Executive Order titled “Delivering Most-Favored-Nation Prescription Drug Pricing to American Patients” and an accompanying “Fact Sheet: President Donald J. Trump Announces Actions to Put American Patients First by Lowering Drug Prices and Stopping Foreign Free-riding on American Pharmaceutical Innovation

Continue Reading Trump Administration Issues Executive Order on “Most-Favored-Nation” Prescription Drug Pricing
Close Up of Test Tubes_CovLibrary-MD-1000px

The UK’s Medicines and Healthcare products Regulatory Agency (“MHRA”) is seeking industry feedback on its new draft guideline on individual messenger ribonucleic acid (“mRNA”) cancer immunotherapies (the “Draft Guidance”).  Building on the success of mRNA vaccine technology in response to the Covid-19 pandemic, the technology is now being adapted to target diseases such as cancer.  The MHRA aims to provide a streamlined robust regulatory framework for the approval of such personalised mRNA-based cancer vaccines without compromising safety.

The Draft Guidance covers the regulatory classification of these novel cancer treatments, product design and manufacture, non-clinical and clinical development, pharmacovigilance and the distribution of information to the wider public.  Notably, the MHRA explicitly acknowledges that the regulatory and scientific principles discussed in the Draft Guidance could broadly apply to other disease indications or technologies that could benefit from personalisation or individualisation.  Therefore, industry should be aware that the scope of the Draft Guidance may be extended in the future beyond mRNA cancer immunotherapies that use lipid nanoparticle delivery systems to other delivery systems and disease areas.  Manufacturers, developers, patient organisations and other stakeholders have until 31 March 2025 to comment on the Draft Guidance.

We explore some of the interesting regulatory considerations arising from the Draft Guidance below.

Regulatory Classification

The classification of a medicinal product is key to determining what requirements and guidelines apply to the development, manufacture and delivery of that product.  For example, advanced therapy medicinal products (“ATMPs”) have specific Good Manufacturing Practice (“GMP”) requirements (see e.g., ‘Guidelines on Good Manufacturing Practice specific to Advanced Therapy Medicinal Products’), strict traceability requirements and additional pharmacovigilance requirements.

Currently, individual mRNA cancer immunotherapies are classified under the Human Medicines Regulations 2012 (as amended) (“HMRs”) as ATMPs and are sub-classified as gene therapies.  However, current mRNA therapies do not fit neatly under the ‘gene therapy’ umbrella because, unlike conventional gene therapies, which are designed to edit a person’s genome to treat or cure a disease, mRNA therapies do not involve integration into the host genome.

The Draft Guidance reveals that “a new ATMP sub-classification for nucleic acids that do not edit the patient’s genome is being considered.”  A practical advantage of a new sub-classification would be the opportunity to create bespoke and risk proportionate requirements and guidelines for mRNA therapies.  This would avoid overburdensome risk mitigations for these products as compared to similar products such as COVID-19 vaccines.

The Draft Guidance also predicts that mRNA therapies could be chemically synthesised (i.e., not manufactured by biotechnology).  Such therapies would fall outside the scope of the current definition of a gene therapy as they would not be a biological product.  The MHRA is considering the classification of relevant chemically synthesised mRNA therapies as ATMPs.Continue Reading MHRA Consultation on Individualised mRNA Cancer Immunotherapies – Unique opportunity for a streamlined risk based regulatory framework?

On 23 January 2025, we hosted the 2025 edition of the Covington European Life Sciences Symposium. The Symposium brought together colleagues from London, Brussels, Frankfurt and Dublin with our industry connections to explore the evolving challenges and opportunities facing the European life sciences sector.

Throughout the day our speakers shared their perspectives on a range of legal, regulatory, and business trends, including the evolving regulatory frameworks in the EU and UK; information exchange in ongoing collaboration; investigations and whistleblowing; key ESG topics, and the complexity of options to acquire in pharma deals.

We have set out some of the discussion from the sessions below.

European Life Sciences – The Changing Landscape for Pharma and Biotech

Grant Castle, Head of Covington’s European Life Sciences Regulatory Practice, Peter Bogaert, Marie Doyle-Rossie and Anna Wawrzyniak kicked off with a discussion about the Changing Landscape for Pharma and Biotech.

The UK and EU both aim to deliver access to innovative and transformative medicines and foster international competitiveness in the life sciences industry. Despite the practical challenges faced by the UK Medicines and Healthcare products Regulatory Agency (MHRA) in recent years, it has emerged as an ambitious regulator and is establishing innovative regulatory frameworks, including an international reliance scheme (see our update here), point of care manufacturing regulations, and the relaunch of the Innovative Licensing and Access Pathway (ILAP).

The EU is also pursuing a wave of legislative reform, including wide ranging revisions to the EU’s pharmaceutical legislation, the EU’s supplementary protection certificates (SPC) rules, and proposals for a compulsory licensing scheme.

There can sometimes be a tension between the UK’s and EU’s aims and the practical impacts of regulatory reform, especially in the early stages of implementation.Continue Reading The Covington European Life Sciences Symposium 2025

On 15 January 2025, the European Commission published an action plan on the cybersecurity of hospitals and healthcare providers (the “Action Plan”). The Action Plan sets out a series of EU-level actions that are intended to better protect the healthcare sector from cyber threats. The publication of the Action Plan follows a number of high-profile incidents in recent years where healthcare providers across the European Union have been the target of cyber attacks.

Whilst the Action Plan primarily focuses on healthcare providers including hospitals, clinics, care homes, rehabilitation centres and others, the plan identifies interdependence between those providers and the healthcare industry. Therefore, some of the measures proposed address risks affecting the broader healthcare supply chain and ecosystem, and will potentially have implications for pharmaceutical and biotechnology industry players as well as medical device manufacturers.

The action that will be of most significance for industry is the plan for Member States to request that entities subject to the NIS2 Directive, including healthcare organisations, must report on ransom payments when reporting significant incidents to the competent authority under the NIS2 Directive (section 3.3, p.14). The Action Plan rationalizes this proposal by stating that the collection of further data is needed to understand the effectiveness of measures taken against ransomware attacks, and noting that such reporting would support the effective investigation of incidents. Reporting of ransomware payments is not required by the NIS2 Directive, so this would represent a significant change for in-scope entities. While this is titled a ‘national action’ to be implemented by Q4 2025, it is not immediately clear from the Action Plan if the proposal would take the form of a new EU law that imposes the obligation on Member States or otherwise.Continue Reading European Commission Publishes Action Plan on Cybersecurity of Hospitals and Healthcare Providers

Despite a lead plaintiff with unique injuries, the Northern District of Indiana recently certified a class seeking economic damages under Indiana’s consumer protection statute in a case challenging contaminated hand sanitizer manufactured by 4e Brands North America, LLC.  Callantine v. 4e Brands North America, LLC, 2024 WL 4903361 (N.D.

Continue Reading Unique Injuries No Bar to Class Certification Pursuing Economic Damages

The European Union has just published a new (recast) Urban Wastewater Treatment Directive (“UWWTD”) in the EU’s official journal.  The UWWTD imposes important new Extended Producer Responsibility (“EPR”) obligations that will have a significant financial and administrative impact on companies marketing human medicines and cosmetic products in the EU.  Member States must implement the new UWWTD by July 31, 2027 and must apply the new EPR obligations to in‑scope companies by December 31, 2028. 

In a previous blog, we discussed the new EPR obligations in detail.  In this blog, we outline the key financial provisions of the EPR obligations and raise different questions concerning Member States’ discretion when transposing the EPR obligations into their national laws.

Extended Producer Responsibility under the UWWTD

The UWWTD requires Member States to ensure the treatment of urban wastewaters to remove micropollutants (so‑called fourth stage, or “quaternary” treatment).  Article 9 of the Directive also requires Member States to ensure that producers that market products listed in Annex III (i.e., human medicinal products and cosmetic products) have EPR obligations and pay, via producer responsibility organizations (“PROs”), for the costs of the quaternary treatment of urban wastewater, for data collection, and for other costs required to exercise their EPR. 

Specifically, Article 9 requires that producers subject to EPR obligations must cover:

  • At least 80% of the costs associated with quaternary treatment of wastewater to remove micropollutants.  This includes both capital investments for building or expanding urban wastewater treatment facilities and operational expenses for the treatment facilities.
  • 100% of the costs for gathering data on the products they place on the market.
  • 100% of other costs (e.g., administrative) required to exercise their EPR.

As noted above, Annex III currently lists human medicines and cosmetics as the product groups covered by the EPR obligations.  However, the UWWTD requires the Commission to assess the possible expansion of that list and to make the related legislative proposals by December 31, 2033.

National Implementation: Some Questions

The EPR obligations of the UWWTD will only apply to producers once Member States implement them into their national laws.  The Directive requires Member States to adopt their national implementing laws by July 31, 2027 and to apply the EPR obligations not later than December 31, 2028.  Member States may choose to apply the EPR obligations earlier.

The UWWTD leaves Member States with some discretion as to how they implement the EPR obligations, and also allows Member States to impose stricter and broader requirements.  Recital 3 of the Directive makes this clear, as it states that “[i]n line with Article 193 of the [TFEU] Member States can go beyond the minimum requirements set out in this Directive.  Member States could consider for instance […] imposing additional requirements for, or broadening the spectrum of the application of, their national extended producer responsibility systems.” Continue Reading The EPR Obligations of the New Urban Wastewater Treatment Directive Key Questions and Next Steps for Member States

Last month we provided an update on the UK Government’s draft post-market surveillance statutory instrument (“PMS SI”) and the UK Medicines and Healthcare products Regulatory Agency’s (“MHRA’s”) intention to run a further public consultation on proposed changes to pre-market medical device regulation under an upcoming statutory instrument (“Pre-Market SI”).

On 14 November 2024, the MHRA launched a consultation on proposed pre-market regulatory changes for medical devices and in vitro diagnostic (“IVD”) devices (the “Consultation”).  The MHRA intends to incorporate the feedback from the Consultation in drafting the Pre-Market SI.

The Consultation, which is open until 5 January 2025, addresses four areas of the future regulatory framework for medical devices in Great Britain (“GB”):

  1. International Reliance Scheme
  2. UK Conformity Assessment (“UKCA”) Marking
  3. In Vitro Diagnostic Devices
  4. Assimilated EU Law

It builds on the MHRA’s previous consultation in November 2021 (see our update here) and the responses to that consultation.

In the Ministerial Foreword to the Consultation, the Government makes clear that its reforms to the regulatory framework for medical devices in GB are focused on improving “timely access to high-quality healthcare”.  However, the Government recognises that this aim must be balanced with ensuring confidence in the safety and effectiveness of “groundbreaking medical devices”.

We discuss the four areas of the Consultation below.Continue Reading MHRA Consults on New UK Pre-Market Medical Device Measures