Pharmacovigilance Data: challenges for Pharmaceutical Companies

by:
Daniela Rota
PV Unit Manager & GVP Compliance Advisor
@ PQE Group
Marianna Esposito
GCP Unit Manager, GCP Advisor & Auditor
@ PQE Group
Francesco Abbate
CSV/CSA & Data Integrity Advisor @ PQE Group

Pharmaceutical companies are asked every day to collect pharmacovigilance data in a structured format and handling them following a defined workflow in secure and validated environment. The number of data to be collected is ever greater (consider, for example the amount of vaccine ADRs) and the requirements for its handling are increasingly demanding.

Pharmacovigilance database suppliers are evolving more and more to make their products capable, safe and in compliance with such requirements. Data should be structured in a way they can be analyzable in aggregate reports and signal detection activities by the company itself and competent authorities.

The company must therefore have the ability to keep up with the requirements, selecting the tools and suppliers that best meet its internal needs but at the same time keep up with technological and regulatory developments.

Among the biggest challenges facing the pharmacovigilance department in this period regard:

  • data format
  • data location
  • data migration

Data format: to be compliant to ICHE2B (R3) and IDMP standards

As of 30 June 2022 the use of the ISO Individual Case Safety Report (ICSR) standard based on the ICH E2B (R3) modalities will be mandatory for ICSR reporting to/from EudraVigilance. Furthermore, the ISO standard terminology for pharmaceutical forms and route of administration will also become mandatory.

The use of the ICH E2B (R2) format will therefore be phased out. However the company needs to be able to still transmit ICSR in R2 and in other formats according to Extra-EU countries requirements. The questions that torment companies in these months are: how to arrive at the deadline of 30 June 2022 ready to use the ISO/ICH E2B(R3) format of safety reporting? How to be ready to transmit cases in E2B (R3) to Eudravigilance while maintaining the flexibility of reporting in other formats as required by the other regulatory agencies worldwide? Does my safety database guarantee compliance to EU and non-EU reporting requirements?

Another change to enhance patient safety is the link of safety data to medicinal product information and related regulatory documents. The EU IDMP Product Management Services Implementation Guide version 2.0 (EU IG v2) has been released on February 22nd, 2021 as a further step in the direction of a standardization in all ISO countries of the structure and terminology of marketed medicinal products. IDMP is designed to better support Article 57 using ISO standards, instead of the current EMA-developed structure in xEVMPD. The companies should start to develop an implementation plan to be ready in due time to use controlled vocabularies based on the ISO IDMP/SPOR standards. The challenge of collecting and managing the extensive array of data required by IDMP will impact on many company departments at corporate and affiliate level such as PV, Clinical, Regulatory Affairs and Medical Affairs, IT/CSV, Manufacturing/CMC, Operations, etc. All of them should be involved in a coordinated team that analyses the current pool of available data and find the best solution to migrate them in the new structured systems. Is you company in the right direction?

Data location: cloud computing services use

The GxP industry has always been more conservative than others in adopting new technologies, and cloud-based systems are no exception.

In order to protect patient safety, regulated companies (i.e. pharmaceutical and medical device firms) are subject to extensive regulatory oversight and are required to analyse all risks thoroughly before adopting any new technology. Nevertheless, industries are compelled to streamline their business process and reduce costs. One way to optimise complex processes has been the adoption of cloud computing services.
Usually cloud computing services are delivered by a third-party provider that owns the infrastructure. Cloud computing has become in recent times one of the most talked technologies and receives lots of attention in the media, as well as analysts, because of the opportunities it offers.
Potential benefits that apply to almost all types of cloud computing include the following:

  • Cost savings, since companies are able to minimize their capital expenses, replacing them with operational expenses
  • Flexibility of cloud computing allows companies to scale-up IT capabilities in peak times to enable them to satisfy consumer demands
  • Services using multi-redundant sites can support business continuity and disaster recovery
  • Cloud service providers do the system maintenance that does not require applications to be installed onto PCs, minimizing the workload for the internal IT department
  • Mobile workers have increased productivity due to systems accessible in an infrastructure available from anywhere
  • High availability, since additional servers can be added to the provisioned service without interrupting the service or requiring reconfiguration of the application delivery solution
  • Less need for IT knowledge and IT investment

When these electronic services are used to process regulated data in a pharmaceutical company, new risks are also introduced. These risks include:

  • Data and systems implemented in IT infrastructure out of the control of the company
  • No oversight on the software (SW) maintenance (e.g. change implementation) and data center governance (e.g. security controls)
  • Different suppliers working together to provide the SW applications and the IT infrastructure
  • Cybersecurity risks
  • Tailored validation and qualification approach required

How to mitigate these risks?

Data migration for M&A and safety upgrades

Pharmaceutical companies are moving towards mergers and acquisition (M&A) for potential business expansion in various countries, by either acquiring companies or increasing revenues by acquiring products. The related MAH is responsible to maintain the safety data. This implies sometimes that a large amount of data need to be transferred from one company to another. Moreover the safety database are periodically upgraded with new technologies that implies migration of all data from the legacy database to the new one. With these activities, the need arises for managing products legacy safety data. Sometimes data migration activity becomes a challenge based approach with many iterative phases that need to be channelized in one sync for the best result. Main factors that can lead to migration failure can be:

  • Inappropriate data migration planning
  • Lack of system knowledge or functions
  • Wrong interpretation of business rules or logic applied in the safety DB architecture
  • Improper data structure design
  • Improper data mapping across both the system
  • Inadequate data checking and validation

How to guarantee the integrity, completeness, readability of the data during the data migration?

Pharmaceutical company is the ultimate responsibility to ensure the integrity of regulated data

Nowadays companies have at their disposal several commercial solutions that allow them to minimize the time required in the daily work of receiving, assessing, transmitting cases and at the same time to ensure high levels of compliance with data integrity requirements.

Technological development makes available to companies not only on premises solutions but also web-based, on cloud or even multi-tenant solutions. In the latter one, a single instance of the software is provided by a supplier, it runs from a server and is used by several organizations, each one with its own environmental peculiarities that conceptually constitute a specific tenant. In addition, the advent of wearable devices and social media providing real-time data constituted new sources of information and potentially new PV obligations and thus the need to have system with advanced and up-to-date capabilities, systems that allows quickly to be adapted to changes and/or new requirements with little impact on the management processes. These systems among other should help to avoid duplicate storage, reducing the risk of non-compliance due to late submission, of unexpected serious adverse reactions to competent authorities, allowing the preparation of aggregate reports and regulatory documents that need to be prepared using data originating from the databases, without using additional tools or external applications that may high the risk of data integrity breaches.

It is therefore critical that the systems and their assets for receiving, managing and transmitting cases ensure that the entire process complies with the data integrity requirements of ALCOA+, in this regard it is important and required by regulatory standards that the systems is validated following international guidelines for a proper validation process (e.g. GAMP5). The use of cloud or multi-tenant systems has the advantage of lowering validation and management costs due to an important involvement of the supplier, which provides the service or the system. On the other hand, for multi-tenant systems for example, it is essential to have a good change control management process to deal and identify the impact on the systems and managed processes due to periodic updates the system may require and/or scheduled by the supplier.

Safety data management system may need high level of configurations (or even customization) to adhere to the customer processes. This is an important factor that need not to be underestimate during the implementation of the system but it requires a careful initial analysis, even with standard and pre-validated system provided by suppliers, to fulfil customer requirements, company policies assuring the compliance with regulatory agencies expectations, and finally minimizing the risk of deviations during the validation phase and on the on-going process.
Moreover, the use of queries and external tools widely used for data extraction and analysis are also other important aspects that may have impact on regulatory decision and data quality, which should require highly attention and validation by the Company.

In conclusion changes on Regulatory Agency expectations, the growing of the AE cases due to disease complexity, the increased regulatory scrutiny on the data integrity, the request of Company in reducing cost, new sources of information and potentially new PV obligations, need for advanced safety data analytics tools focused on risk/benefit analysis and signal management, to deal with higher number of data and in a shorter time.

All these factors are a challenge for pharmacovigilance in its daily activity of monitoring the pharmaceutical products placed on the market and the continuous interaction with the regulatory agencies in charge of control.

Want to know more?

PQE Group staff comprises experienced and skilled experts in multidisciplinary teams, available to support your company in Pharmacovigilance Computer System Validation, and Data Migration projects at both local and global scale.

Visit our Compliance services page or contact us to find the most suitable solution for your company.

Related Articles