EPHMRA code of conduct certification: What healthcare market research agencies need to know

For healthcare market research agencies operating across Europe, EPHMRA Code of Conduct certification has become a practical pre-condition for working with pharma clients. It is not a regulatory mandate imposed directly on agencies. What it is, in practice, is a contractual expectation embedded in MAH agreements – one that agencies must be able to evidence before recruitment and fieldwork begin.

Understanding what the certification covers, who needs it, how the two test paths work, and when certificates expire is the starting point. Managing it across a team that includes permanent staff, freelancers, and subcontractors – and producing clean evidence of that on demand – is where most agencies find the real complexity. For a full overview of how BHBIA and EPHMRA certification tracking works together, see our guide to healthcare research certification tracking.

What the EPHMRA code of conduct covers

EPHMRA – the European Pharmaceutical Market Research Association – sets the ethical and operational standards for healthcare market research conducted across its 22 member countries. The Code of Conduct establishes how research involving healthcare professionals, patients, and pharmaceutical products should be designed, conducted, and reported. It covers fieldwork standards, data protection, respondent rights, and the obligations agencies carry when working on behalf of Marketing Authorisation Holders.

The Code of Conduct Competency Test is EPHMRA's formal assessment of whether researchers understand these obligations. Passing it – and holding a valid certificate – signals to pharma clients that the people working on their projects understand the rules of the environment they are operating in.

The EPHMRA training platform also covers Adverse Event Reporting (AER) as a separate certification. The two are related but distinct: Code of Conduct covers the broader ethical framework; AER covers the specific obligation to identify and report adverse drug events arising during research. Both carry the same 30 September expiry. Both need to be tracked.

EPHMRA competency test: Complete Test vs Supplementary Test

EPHMRA offers two routes to certification, depending on whether the researcher also holds BHBIA membership.

The Complete Test is for researchers without BHBIA credentials. It covers EPHMRA's full Code of Conduct requirements and is the standalone route to certification for agencies that operate primarily under the EPHMRA framework.

The Supplementary Test is for EPHMRA members who also hold BHBIA membership. Because the BHBIA Legal and Ethical Guidelines Competency Certificate already covers significant shared ground, the Supplementary Test covers only EPHMRA-specific requirements. The two certificates work in combination – BHBIA must be completed first. The Supplementary Test then sits on top of it, and together they meet EPHMRA's full requirements. Two Supplementary Tests exist: one for Code of Conduct, one for AER.

For agencies operating in both the UK and European markets, the Supplementary Test is typically the more efficient path. Staff take the BHBIA test first, then complete the shorter EPHMRA Supplementary Test to cover the pan-European requirements. Both certifications are then in place, and both renewal cycles need to be tracked – which is where the operational complexity begins.

Both test paths are free for EPHMRA member companies, accessible via individual dashboards on the EPHMRA training platform. Certificates can be saved and downloaded directly.

Who needs EPHMRA Code of Conduct certification

The short answer is: everyone who touches the project.

Per the EPHMRA AER Guidelines (revised September 2025), training obligations extend beyond senior researchers to all MRA personnel – including subcontractors, fieldwork agencies, recruiters, interviewers, and analysts. The pharma client's requirements do not stop at the agency's permanent headcount. If someone is working on a project conducted on behalf of an MAH, the expectation is that they are trained and certified.

This scope is confirmed in MAH contractual arrangements. Under the EPHMRA AER Guidelines, PV training requirements – including Code of Conduct compliance – must be agreed between the MAH and the MRA before recruitment and fieldwork start. Not before sign-off. Before recruitment. Certification is a pre-condition for the project beginning, not an administrative item to complete in parallel.

For most agencies, this is manageable for permanent staff. The complication arises at the edges.

The freelancer gap

EPHMRA membership is structured around permanent employees. The agency membership headcount explicitly excludes interviewers, freelancers not permanently employed or on contracts, and staff in secretarial, admin, operations, finance, and field roles. These individuals fall outside the membership and therefore outside the free training platform.

The problem is that MAH compliance requirements do not make the same exclusion. A freelance recruiter calling HCPs on a live project, a subcontracted fieldwork agency, an analyst brought in for a single wave of research – all of these people carry the same certification obligation as a permanent senior researcher. The agency is responsible for evidencing their certification status.

This creates a specific tracking problem. Freelancers and subcontractors need to hold valid EPHMRA certification, but they are not in the agency's membership system, not on the agency's training platform, and not automatically visible in whatever certification tracker the agency uses. Their certificates expire on the same 30 September deadline as permanent staff, but the process for collecting, verifying, and storing evidence of their credentials is entirely separate. EPHMRA does not store certificates centrally – each individual must download and save their own certificate on passing. If they do not, retrieval is difficult. For freelancers outside the membership structure, the agency has no visibility of this at all.

A spreadsheet does not surface this gap. It contains whatever someone remembered to add to it. An audit does not make that distinction.

The affiliate trap

For agency groups operating multiple brands or subsidiaries, EPHMRA membership structure creates a second layer of complexity. Membership is corporate, covering all affiliates under a single company name – but subsidiaries operating under a different company name each require their own EPHMRA membership. Training access, and therefore free certification, does not automatically extend across a group structure if the entities are registered separately.

For large panel providers or research groups with multiple sub-brands, this is easy to miss. An agency may assume its affiliates are covered under the parent membership, only to discover during a client audit that the subsidiary's staff were not entitled to free certification under the group account. The result is either a compliance gap or an unexpected membership cost to resolve it.

How EPHMRA certification renewal works

EPHMRA certificates are valid for the membership year. They expire on 30 September each year – the end of the EPHMRA membership year – regardless of when the test was taken.

This is a fixed annual deadline, not a rolling cycle from date of completion. A researcher who passes the Code of Conduct Competency Test in January and another who passes it in August are both looking at the same 30 September expiry. The renewal window arrives for the entire team at the same time, every year.

For agencies whose staff also hold BHBIA certification, the calendar looks like this: EPHMRA expires 30 September. BHBIA expires 31 October. Both deadlines land in a six-week window in Q3 – at exactly the point when agencies are typically managing active projects and batch BHBIA renewals simultaneously.

The September collision is the operational reality that most compliance leads feel without always naming it clearly. EPHMRA renewals need to be completed by 30 September. BHBIA batch renewals – which typically happen in August and September ahead of the October deadline – are running at the same time. Staff are managing research projects. Freelancers need to be chased separately, outside the membership system. And crucially, EPHMRA issues no automated renewal reminders – the onus is entirely on the individual to remember, retake, and save their certificate before the deadline. If an agency's EPHMRA certificates lapse at the end of September, any staff member who has not renewed is non-compliant for the month of October while the BHBIA renewal window is still open.

EPHMRA certification tracking: Beyond storing certificates

Storing certificates is not the same as evidencing compliance. A pharma client asking for proof of certification before a project starts – or an auditor reviewing the agency's compliance records – is not satisfied by a folder of PDFs. They want to know who holds a valid certificate, when it was verified, who verified it, and whether the record has changed since it was first uploaded. The principle is the same one that underpins ISO competence compliance – documented evidence, not just a record that something exists.

MuchSkills records a timestamped log of every certificate upload and update, including who performed each action. Employees upload their own certificates; managers, HR, or L&D teams verify them. The person claiming the credential is separate from the person validating it – the same integrity principle that regulated industries apply to any evidence used in an audit. Expiry alerts flag approaching 30 September deadlines across the whole team, including freelancers and subcontractors added to the system outside the EPHMRA membership structure.

Sermo, the global HCP network, uses MuchSkills to manage their BHBIA and EPHMRA certification tracking across their compliance team.

For agencies managing both EPHMRA and BHBIA certification cycles, a live view of who has renewed, who has not, and whose freelancer credentials are due to expire in the same September window is the difference between a compliance crunch and a managed process. The tracking problem is structural – two fixed annual deadlines, a month apart, affecting everyone on every project including people who are not in your membership system. The solution needs to match that structure.

Frequently asked questions

What is the EPHMRA Code of Conduct? 

The EPHMRA Code of Conduct sets the ethical and operational standards for healthcare market research conducted across EPHMRA's 22 member countries. It covers fieldwork standards, data protection, respondent rights, and the obligations of agencies working on behalf of pharma clients. The Code of Conduct Competency Test is EPHMRA's formal assessment of researchers' understanding of these requirements.

Who needs EPHMRA Code of Conduct certification? 

Anyone working on a healthcare market research project conducted on behalf of a Marketing Authorisation Holder (MAH). This includes permanent staff, subcontractors, fieldwork agencies, recruiters, interviewers, and analysts. MAH contractual requirements – confirmed in the EPHMRA AER Guidelines – extend the obligation to all project personnel, not just senior researchers or permanent employees.

What is the difference between the Complete Test and the Supplementary Test? 

The Complete Test covers EPHMRA's full Code of Conduct requirements and is for researchers who do not hold BHBIA membership. The Supplementary Test is for EPHMRA members who also hold a current BHBIA Legal and Ethical Guidelines Competency Certificate – it covers only EPHMRA-specific requirements, with the two certificates working in combination to meet EPHMRA's full standards. BHBIA must be completed first.

How long is EPHMRA certification valid for? 

EPHMRA certificates are valid for the membership year and expire on 30 September each year, regardless of when the test was taken. This applies to both the Complete Test and the Supplementary Test.

Do freelancers need EPHMRA certification? 

Yes, if they are working on a project conducted on behalf of an MAH. Freelancers fall outside the EPHMRA membership headcount and do not have access to the free training platform, but MAH compliance requirements apply to them as project personnel. Agencies are responsible for tracking their certification status separately from permanent staff.

Managing EPHMRA certification tracking year-round

EPHMRA Code of Conduct certification is not a one-time administrative task. It is an annual renewal cycle with a fixed 30 September deadline, a scope that extends beyond your permanent team, and a verification standard that a spreadsheet cannot meet.

If you want to see how MuchSkills handles EPHMRA and BHBIA certification tracking – including expiry alerts, the full audit trail, and freelancer coverage – the healthcare research certification tracking page covers the detail, or you can watch the 18-minute compliance demo to see it in practice.