Editor’s Note:This article was published in Pharmaceutical Technology Europe’s September 2020 print issue.
OR WAIT null SECS
Despite pharmacovigilance legislation being in place for nearly a decade, many companies are still struggling to fulfill obligations.
It is now eight years since current European Union pharmacovigilance (PV) legislation came into force in Europe (1), requiring that pharmaceutical companies targeting the region must put in place a number of formal measures to monitor the safety of products and any issues once products are being consumed in the real world. The measures also mandate that life-sciences companies must run, check, and document their PV activities, so that regulating authorities can be confident that standards are being upheld and that nothing is being missed.
Editor’s Note:This article was published in Pharmaceutical Technology Europe’s September 2020 print issue.
To this end, pharmaceutical organizations must be able to provide evidence of strong standard operating procedures—on demand. Yet, even today, a majority of companies are still struggling to fulfil their obligations, potentially causing marketing authorization holders (MAHs) to fail inspections, incur fines, and see products withdrawn from markets. One of the reasons for common failings in PV process documentation is that the EU has not set out clear guidelines about how or where companies should go about this, which leaves too much room for interpretation and for potential gaps in provision. The following are 10 ways companies are commonly going wrong and what they can do now to reduce ongoing risk.
The 2012 EU PV legislation makes clear that quality systems should form an integral part of an organization’s PV system. But although other strong standard operating procedures (SOPs) may have been documented as part of general quality systems, there is often nothing relating specifically to PV. That is, there is no specific information about what is required in terms of procedures for managing deviations, for instance, for what happens if a new qualified person responsible for pharmacovigilance (QPPV) is appointed; for how external service partners are qualified; or for what the business continuity plan is and how this is tested, and so on.
These omissions can result in inadequate integrity and management of pharmacovigilance data, difficulty identifying and implementing corrective actions and preventative actions (CAPAs), and incomplete oversight/compliance management of a PV service provider.
Training-related failures can occur because it is not obvious who is responsible for or who actually needs PV training. Depending on the organization, the remit for organizing training could fall to the human resources (HR) department, the quality department leadership, or the PV function itself. What’s less obvious is that everyone in the company will need PV training—from the most senior managers to manufacturing teams. That’s because anyone could find themselves the recipient of safety feedback, which means everyone needs to know what action to take next—and how quickly.
To ensure that no training needs are missed, there should be a clear training plan, and formal records showing which employees have attended which sessions and when. The QPPV in particular must attend regular training and have up-to-date certificates. Quality people who perform audits must have at least some PV training too, yet this is often found not to be the case.
European Union pharmacovigilance legislation, which came into effect in July 2012, was the biggest change to the regulation of human medicines in the region since 1995. It had significant implications for applicants and holders of EU marketing authorizations, as well as for patients, healthcare professionals, and regulators.
The development of the pharmacovigilance legislation was based on the observation that adverse drug reactions (ADRs), ‘noxious and unintended’ responses to a medicine, caused around 197,000 deaths per year in the EU. As a result, the European Commission began a review of the European system of safety monitoring including sponsoring an independent study, as well as extensive public consultation through 2006 and 2007.
This process resulted in the adoption of a Directive and Regulation by the European Parliament and Council of Ministers in December 2010, bringing about significant changes in the safety monitoring of medicines across the EU (1). The legislation amended existing pharmacovigilance laws and was accompanied by the implementing regulation (2), a legally binding act published by the European Commission in June 2012 that provides details on the operational aspects for the legislation.
In October 2012, the pharmacovigilance legislation was amended once more, to further strengthen of the protection of patient health by allowing prompt notification and assessment of safety issues (3).
Practical measures to facilitate the performance of pharmacovigilance in accordance with the legislation are available in EU guidance on good pharmacovigilance practices (GVP) (4).
The legislation affects marketing authorization applicants and holders in the following ways, aiming to clarify their roles and responsibilities, minimize duplication of effort, free up resources by rationalizing and simplifying reporting on safety issues, and establish a clear legal framework for post-authorization monitoring.
Manufacturers as well as MAHs and distributors could find themselves the first port of call for a safety report. A safety data exchange agreement should set out the respective PV responsibilities of each party, who the QPPV is, who will manage actions relating to adverse reactions, and associated reporting. For a distributor, the obligation might simply be to forward all relevant information to the MAH—unless that company also has a remit for local PV activities.
Lesser failings, but nonetheless important to put right, include the omission of special situation reports, and provision for archiving, retention periods, and exchange of information following the termination of an agreement.
The pharmacovigilance system master file (PSMF) is one of the main documents of the company’s PV system. It should provide a very clear overview of all critical PV processes and procedures for managing adverse events and safety signals; the key stakeholders; full details of the QPPV and their experience and contact details; documentation showing how the organization will manage compliance with the legal requirements; and key performance indicators (KPIs) and the rationale behind these.
The PSMF must be kept up-to-date at all times, so there must be a process for ad-hoc revisions as well as periodical updates. If the competent authority asks to see a copy of the file, the company must be able to deliver a fully updated document within seven days. Failings can be for something as simple as poor formatting or omitting an index to allow easy navigation. If the PSMF preparation is subcontracted, another oversight inviting a penalty might be the lack of MAH involvement in any document revisions.
If the qualified PV person—who carries personal liability for PV failings, in addition to any company penalties—does not have sufficient oversight of the process for safety variations preparation, submission, and implementation, or over KPIs and adverse event reporting, this could also result in a failed inspection and potential fine.
This is one of the topics with the largest number of critical findings over time during inspections and includes findings related to poor maintenance of product information (routine risk management) or to implement additional risk minimization measures (aRMM), such as educational materials or pregnancy prevention programmes.
Often the breakdown here is a failure to identify and track all potential sources of spontaneous safety data or to reconcile adverse event monitoring activity with medical information and product quality complaints. This breakdown can lead to safety signals being missed. Failing to properly validate the database for individual case safety report (ICSR) management can also lead to a fine, especially for small-to-medium enterprises (SMEs), which can’t justify the cost of a top-of-the-range PV database.
Using spreadsheets or other tables to manage validation is not acceptable, but there are affordable options to formalize activity here. Failure to transfer safety data from previous MAHs during an acquisition can also catch companies out.
These gaps concern benefit-risk and signal management and aggregate reports (PSURs). Common mistakes include inaccurate sales and patient exposure figures; the inclusion of unrelated adverse event reports; failure to include relevant cases in the benefit-risk analyses; and late updating of product information. Other issues include failure to discuss all sources of potential signals; and a lack of rationale for the report frequency.
It’s important to include teams monitoring MAH websites for comments/safety reporting and to keep tabs on any general company email addresses that people might use to report safety data.
This issue includes validating controls over access to sensitive patient medical information and, if fireproof/waterproof filing cabinets have been swapped for digital archiving, that such systems meet all required parameters.
With so many factors to get right in the way of systematic information capture and reporting, it is unsurprising that PV departments are getting some of this wrong and are feeling overwhelmed by the responsibility.
One way to alleviate immediate concerns is to pursue unbiased feedback on current provisions from professionals with experience of a diverse range of approaches and systems. They will be able to bring to bear the latest best practice, based on the effective ways other companies are tackling this—or perform a gap analysis that can help target remedial action.
In due course, the EU should clarify and update its guidance, so pharma companies will be better able to understand what they need to aim for. It’s important not to wait until then, however. Competent authorities are starting to perform remote inspections now, which is likely to lead to increased coverage and frequency of these spot-checks as more auditor capacity is freed up.
1. EMA, Commission Implementing Regulation (EU) No. 520/2012 (Brussels, June 2012).
Vanessa Fachada Oliveira is a pharmacovigilance manager and EU QPPV at Arriello—a global provider of regulatory affairs and pharmacovigilance solutions and services for pharma and biotech firms primarily in Europe and North America.
Pharmaceutical Technology Europe
Vol. 32, No. 9
When referring to this article, please cite it as V. Fachada Oliveira, “Pharmacovigilance Under Scrutiny: Why Companies are Falling Short,” Pharmaceutical Technology Europe 32 (9) 2020.