Navigating healthtech regulations in South Korea and Russia

Regulation of medical technologies is boosting service delivery via new drug development in South Korea and telemedicine in Russia

Healthcare update in South Korea

South Korea’s Second Comprehensive National Health Insurance Plan, being implemented from 2024 to 2028, incorporates significant encouragement for new drug development. Along with enhancing essential medical services and improving sustainability of the National Health Insurance (NHI) system – including enhancing financial sustainability and establishing a stable supply system – the second comprehensive plan outlines key initiatives regarding pharmaceuticals.

Importantly, it enhances patient access through fair compensation for innovative drugs by:

• • Providing preferential treatment during pharmacoeconomic evaluations for new drugs recognised as innovative;
  • Expanding eligibility for the risk-sharing agreement (RSA) to include treatments for severe diseases that cause irreversible and significant deterioration in quality of life; and
  • Facilitating prompt drug price increases to address supply instabilities.

The plan also aims to optimise NHI pharmaceutical expenditure, through:

• • Developing a long-term strategic framework to integrate fragmented mechanisms for drug price adjustments;
  • Reviewing price adjustments for off-patent drugs after comparing domestic prices with corresponding prices in select foreign countries;
  • Strengthening post-market management of high-cost treatments for severe diseases, focusing on patient safety and clinical effectiveness; and
  • Restructuring the pricing system for generic drugs; and
  • Improving the price-volume agreement system.

Evaluation criteria

In August 2024, the Health Insurance Review and Assessment Service revised the Detailed Evaluation Criteria for Drugs Subject to Negotiations, Including New Drugs to implement these initiatives.

The key revisions include specifying “innovativeness” for flexible application of the Incremental Cost-Effectiveness Ratio (ICER) threshold. The innovativeness element for flexible application of ICER requires drugs to meet the following three criteria:

• • No alternative or therapeutically equivalent products or treatments exist;
  • Significant clinical improvement based on final outcome indicators, e.g. extended survival, can be recognised; and
  • The drug is approved through the fast-track process by the Ministry of Food and Drug Safety (MFDS), or deemed equivalent by the Drug Reimbursement Evaluation Committee.

RSA eligibility is also expanded under the revision. In practice, the RSA was largely limited to cancer treatments or orphan drugs used for serious, life-threatening diseases with no alternative, or therapeutically equivalent products or treatments.

The revision expands RSA eligibility to include drugs for severe diseases that are difficult to cure, cause irreversible disabilities, organ damage, etc., as they progress, and impose a significant disease burden.

South Korea operates a unified, single-payer NHI system that covers the vast majority of the population, significantly influencing its pharmaceutical industry.

While recent regulatory advancements such as the fair valuation of innovative drugs are encouraging, there remains a clear potential for stronger drug price reduction measures aimed at optimising NHI pharmaceutical expenditure.

Companies are advised to closely monitor these developments and adapt their strategies to respond effectively to evolving policies.

CSO regulations

Under the Pharmaceutical Affairs Act, a contract sales organisation (CSO) refers to entities entrusted by pharmaceutical suppliers to perform promotional activities for pharmaceuticals, including those re-entrusted for such purposes.

Previously, CSOs operated outside the formal regulatory framework, complicating oversight and raising concerns about indirect illegal business practices.

To address these issues, the government amended the act in 2021, subjecting CSOs to the dual punishment system for rebates (imposing criminal liability on both providers and recipients of illegal rebate) and requiring them to prepare expenditure reports detailing economic benefits provided to healthcare professionals.

The amended act, effective since October 2024, introduces a CSO reporting system, mandatory training requirements for CSOs and their employees, and the obligation to formalise entrustment of pharmaceutical promotion to CSOs through written contracts.

Concurrently, the amended enforcement rule of the act took effect. This specifies: the criteria and procedures for CSO reporting; training requirements for CSOs (including training content and methods, and the designation of training institutions); mandatory content of entrustment contracts; permissible scope of economic benefits provided by CSOs; and the standards for administrative sanctions in case of non-compliance.

Key provisions of the amended enforcement rule include:

CSO reporting requirements. (1) CSOs should report their place of business; and (2) Reporting should be filed with the relevant local authority, accompanied by documents verifying compliance with reporting criteria and the absence of disqualifications.

CSO training requirements. (1) CSOs should complete 24 hours of training within three months of obtaining a business registration certificate; and (2) Starting the following year, CSOs should complete eight hours of continuing training annually.

Contractual requirements. Entrustment contracts should include details of the entrusted promotional activities, including the names of the pharmaceuticals involved and commission rates per product, the contractual period, and compliance obligations of the entrusted CSOs.

These amendments impose significant compliance obligations on pharmaceutical companies engaging CSOs. Notably, the lack of exceptions to reporting requirements may even classify certain pharmaceutical companies as co-promotional partner CSOs.

Therefore, companies should assess whether to continue operating as co-promotional partner CSOs, if applicable, and revise existing contracts accordingly.

Also, as permissible economic benefits provided by CSOs have been clarified to include only product presentations and the provision of samples, companies are strongly advised to update their internal guidelines for sales and promotional practices to ensure compliance with these new regulatory standards.

While the amendments enhance regulatory clarity and operational standards for CSOs, additional legislative measures may be forthcoming to further promote orderly sales and promotion practices in the pharmaceutical sector. Companies are encouraged to closely monitor regulatory developments and proactively adapt their practices accordingly.

New data protection

A new Pharmaceutical Data Protection System is designed to safeguard clinical trial data submitted for marketing authorisation applications and restrict the approval of follow-on drugs during the protection period. Korea formally introduced this system in February 2024, through an amendment to the Pharmaceutical Affairs Act (article 31-6). This system is set to take effect on 21 February 2025 – replacing the post-market re-examination programme that has been in operation since 1995.

The post-market re-examination system has functioned as a mechanism to ensure post-market drug safety and protect pharmaceutical data.

Key provisions of the new system are:

1. 1. Drug manufacturers or distributors are prohibited from newly applying for marketing authorisation or filing notifications (including notification modifications) based on clinical trial data (excluding bioequivalence test data) submitted for marketing authorisation (including modification approvals) of any of the following “protected drugs” during their respective protection periods:
      1. orphan drugs: 10 years from the date of marketing authorisation, extendable by one additional year if pediatric indications are added;
      2. new drugs: six years from the date of marketing authorisation;
      3. previously approved drugs requiring new clinical trial data due to significant modifications (such as changes to active pharmaceutical ingredients) for improved safety, efficacy or utility: six years from the date of marketing authorisation based on the new clinical trial data; and
      4. other drugs requiring new clinical trial data where data protection is deemed necessary, as prescribed by the Ordinance of the Prime Minister: four years from the date of marketing authorisation based on the new clinical trial data.

The above-mentioned prohibitions do not apply if the applicant independently prepares and submits equivalent or superior data (clinical or non-clinical trial data regarding safety and efficacy).

1. 1. Marketing authorisation applications or notifications during the data protection period are permitted:
      1. where the marketing authorisation holder for the protected drug consents to other drug manufacturers or distributors using its clinical trial data for such applications or notifications; and
      2. where the commissioner of the MFDS deems it necessary to respond effectively to public health emergencies under the Special Act for Promotion of the Development and Emergency Supply of Medical Products in Response to Public Health Crisis.

This new Pharmaceutical Data Protection System is expected to solidify the framework for protecting pharmaceutical intellectual property rights, safeguarding the interests of new drug developers and simultaneously enhancing the R&D capabilities of Korea’s pharmaceutical industry.

SHIN & KIM
23F, D-Tower (D2), 17 Jongno 3-gil,
Jongno-gu, Seoul 03155, Korea
Tel: +82 2 316 4114
Email: [email protected]
www.shinkim.com

Back to top

---

Navigating the legal landscape of healthtech in Russia

Russia’s healthtech sector is undergoing rapid transformation, driven by advances in digital technologies and increasing demand for accessible and efficient healthcare. As new opportunities emerge, so do challenges – particularly in navigating legal and regulatory frameworks. This article offers an in-depth analysis of telemedicine, data protection, liability and regulatory challenges – key legal aspects influencing healthtech in Russia.

Telemedicine

Telemedicine, or the use of digital technologies to deliver remote medical services, has been a cornerstone of global healthtech development. In Russia, this domain is governed by the Federal Law on the Fundamentals of Public Health Protection and various decrees by the Ministry of Health. Telemedicine is defined as an interaction between healthcare professionals and patients using information and communication technologies for medical consultations and observations.

Russian legislation permits healthcare providers to offer telemedicine services only if they hold a state medical licence, ensuring compliance with medical standards. Telemedicine platforms must also meet security and technical standards approved by regulators. Notably, initial consultations must occur in person, limiting the full potential of telemedicine in reducing physical healthcare barriers. Current regulations also prioritise doctor-to-doctor consultations over direct doctor-patient interactions, presenting a significant gap for the sector’s growth.

Despite these limitations, telemedicine has witnessed growth, particularly during the covid-19 pandemic. Regulatory amendments allowed remote issuance of prescriptions and consultations for non-emergency cases, highlighting potential for further modernisation of telemedicine laws in Russia. Many stakeholders emphasise a need for comprehensive legislative reform to enable broader adoption of telemedicine solutions, particularly in rural areas.

Another challenge is integrating telemedicine into Russia’s existing healthcare infrastructure. This requires not only regulatory changes but also significant investments in digital tools, training for healthcare professionals, and public awareness campaigns that build trust in remote healthcare services.

A potential step forward could involve pilot programmes that allow initial telemedicine consultations for specific conditions, paving the way for broader legislative changes. Further incentives such as tax benefits or grants could encourage private investment in telemedicine infrastructure, accelerating its growth and adoption.

Data protection

The protection of personal data, particularly sensitive health-related information, is one of the most critical legal considerations for health tech. Russia’s Federal Law on Personal Data governs the collection, processing and storage of personal data, including health data. While the law does not explicitly define health data as a separate category, its sensitivity places it under stricter regulatory oversight.

Some of the key obligations for healthtech companies are set out below.

Consent. Companies must obtain explicit and informed consent from individuals before processing their health data. Consent forms must be clear, easily accessible and comply with local standards.

Localisation rules. Russian law mandates that all Russian citizens’ prsonal data is stored on servers within the country. This presents challenges for healthtech companies utilising cloud services or international data-sharing platforms.

Security. Organisations must implement robust technical and organisational measures to protect data from breaches. This includes encryption, access control and regular security audits.

Crossing borders

Cross-border data transfers are strictly regulated; companies must ensure recipient countries provide adequate data protection. In practice, this means obtaining regulatory approval for data transfers to jurisdictions not recognised as providing adequate protection, such
as the US.

Challenges specific to data localisation include the added costs of establishing local data centres and ensuring compliance with divergent legal frameworks when operating in multiple jurisdictions. However, some companies have turned this into an opportunity by partnering with local service providers to enhance data security while fostering trust from regulators and consumers. Additionally, developing localised solutions for secure data processing can position companies as industry leaders within Russia.

Common challenges

Penalties. Breaches of data protection laws can result in significant fines, operational restrictions and reputational damage. Recent actions by Roskomnadzor demonstrate an increasing focus on enforcing compliance from the health tech sector.

Data breaches. Given the sensitive nature of health data, breaches can lead to significant legal and financial repercussions. Healthtech companies must invest in cybersecurity infrastructure to mitigate risk.

The importance of data protection in healthtech cannot be overstated. As digital solutions continue to transform healthcare, companies must navigate complex regulatory landscapes to build trust with users and ensure compliance. Developing best practices for data protection and engaging in ongoing dialogue with regulators will be crucial to fostering innovation in the sector.

Liability

Healthtech introduces unique liability challenges. While traditional healthcare providers are accustomed to medical malpractice laws, the integration of digital solutions creates new questions
of accountability.

Healthcare providers. Healthcare professionals remain responsible for the medical services they provide, even when using digital tools. For instance, if a diagnostic error occurs due to faulty software, the professional may still bear legal responsibility unless it can be demonstrated that the software provider’s negligence was the primary cause.

Software developers. Developers of digital health tools must ensure their products meet standards for safety and reliability. Any defects in software that lead to harm may expose developers to liability claims. For example, an application that provides incorrect medication dosages could result in both legal and reputational consequences for the developer.

Product laws. In addition to healthcare-specific regulations, general product liability laws apply to healthtech products. Companies must conduct thorough testing and quality assurance to minimise risk and demonstrate compliance with legal standards. This includes obtaining certifications for medical devices and ensuring interoperability with other healthcare systems to avoid complications.

Future directions

Despite progress, significant challenges remain in the regulatory landscape for Russia’s healthtech sector. Key areas for improvement include:

Integration of AI. The use of artificial intelligence (AI) in diagnostics and treatment planning requires a regulatory framework that balances innovation with safety. This includes ensuring transparency in AI algorithms and addressing concerns about potential biases in decision-making processes.

Patient access. Patients currently face barriers to accessing their health records. Simplifying these processes through digitalisation and centralisation could enhance patient autonomy and engagement. However, this raises additional concerns about data security and the need for robust systems to prevent unauthorised access.

Initial diagnoses. Regulations limiting initial diagnoses to in-person consultations hinder the growth of telemedicine. Modernising these rules could unlock the full potential of digital health, especially in remote areas. Pilot programmes could help demonstrate the safety and efficacy of remote initial consultations for specific conditions.

Fostering PPP. Collaboration between government and the private sector can accelerate innovation in healthtech. Public-private partnerships could focus on developing shared infrastructure, funding research and streamlining regulatory processes. These partnerships may also facilitate knowledge sharing and foster a more cohesive approach to tackling common challenges in the sector.

Education. Investing in educational programmes for healthcare professionals and developers is essential to bridge knowledge gaps and equip stakeholders with skills to navigate the evolving landscape of digital health. Establishing partnerships with academic institutions to create specialised healthtech courses could be a game-changer for fostering a well-trained workforce.

International collaboration. While Russia’s regulatory frameworks emphasise data localisation and strict compliance, collaboration with international organisations could bring valuable insights and innovation. Establishing joint research projects or technology exchanges could bridge gaps and support the development of cutting-edge solutions.

Conclusion

The healthtech sector in Russia is at a crossroads. While the legal framework provides a foundation for innovation, significant gaps and challenges must be addressed to foster sustainable growth. Enhanced data protection measures, streamlined telemedicine regulations and clarified liability provisions will be pivotal in unlocking the sector’s potential.

With the right regulatory changes and strategic investments, Russia has an opportunity to become a global leader in digital healthcare. Collaboration between regulators, healthcare providers and technology developers will be essential to building a future-ready healthcare ecosystem that benefits all stakeholders. The inclusion of international best practices and a focus on public trust will further strengthen the sector’s resilience and capacity for innovation.

KP MOSCOW
Korobeynikov per. 22 str. 3, 119034 Moscow
Tel: +7 495 6443123
Email: [email protected];
[email protected]
www.kpmoscow.ru/en/

Back to top