Pharmacovigilance Under Scrutiny: Why Companies are Falling Short

Published on: 
Pharmaceutical Technology, Pharmaceutical Technology-09-02-2020, Volume 44, Issue 9

Despite pharmacovigilance legislation being in place for nearly a decade, many companies are still struggling to fulfill obligations.

It is now eight years since current European Union pharmacovigilance (PV) legislation came into force in Europe (1), requiring that pharmaceutical companies targeting the region must put in place a number of formal measures to monitor the safety of products and any issues once products are being consumed in the real world. The measures also mandate that life-sciences companies must run, check, and document their PV activities, so that regulating authorities can be confident that standards are being upheld and that nothing is being missed.

To this end, pharmaceutical organizations must be able to provide evidence of strong standard operating procedures—on demand. Yet, even today, a majority of companies are still struggling to fulfil their obligations, potentially causing marketing authorization holders (MAHs) to fail inspections, incur fines, and see products withdrawn from markets. One of the reasons for common failings in PV process documentation is that the EU has not set out clear guidelines about how or where companies should go about this, which leaves too much room for interpretation and for potential gaps in provision. The following are 10 ways companies are commonly going wrong and what they can do now to reduce ongoing risk.

Quality management system inadequacies

The 2012 EU PV legislation makes clear that quality systems should form an integral part of an organization’s PV system. But although other strong standard operating procedures (SOPs) may have been documented as part of general quality systems, there is often nothing relating specifically to PV. That is, there is no specific information about what is required in terms of procedures for managing deviations, for instance, for what happens if a new qualified person responsible for pharmacovigilance (QPPV) is appointed; for how external service partners are qualified; or for what the business continuity plan is and how this is tested, and so on.

These omissions can result in inadequate integrity and management of pharmacovigilance data, difficulty identifying and implementing corrective actions and preventative actions (CAPAs), and incomplete oversight/compliance management of a PV service provider.

Gaps in training, or associated reporting

Training-related failures can occur because it is not obvious who is responsible for or who actually needs PV training. Depending on the organization, the remit for organizing training could fall to the human resources (HR) department, the quality department leadership, or the PV function itself. What’s less obvious is that everyone in the company will need PV training—from the most senior managers to manufacturing teams. That’s because anyone could find themselves the recipient of safety feedback, which means everyone needs to know what action to take next—and how quickly.

To ensure that no training needs are missed, there should be a clear training plan, and formal records showing which employees have attended which sessions and when. The QPPV in particular must attend regular training and have up-to-date certificates. Quality people who perform audits must have at least some PV training too, yet this is often found not to be the case.


Breaks in supply-chain continuity

Manufacturers as well as MAHs and distributors could find themselves the first port of call for a safety report. A safety data exchange agreement should set out the respective PV responsibilities of each party, who the QPPV is, who will manage actions relating to adverse reactions, and associated reporting. For a distributor, the obligation might simply be to forward all relevant information to the MAH—unless that company also has a remit for local PV activities.

Lesser failings, but nonetheless important to put right, include the omission of special situation reports, and provision for archiving, retention periods, and exchange of information following the termination of an agreement.

Failings with the PSMF

The pharmacovigilance system master file (PSMF) is one of the main documents of the company’s PV system. It should provide a very clear overview of all critical PV processes and procedures for managing adverse events and safety signals; the key stakeholders; full details of the QPPV and their experience and contact details; documentation showing how the organization will manage compliance with the legal requirements; and key performance indicators (KPIs) and the rationale behind these.

The PSMF must be kept up-to-date at all times, so there must be a process for ad-hoc revisions as well as periodical updates. If the competent authority asks to see a copy of the file, the company must be able to deliver a fully updated document within seven days. Failings can be for something as simple as poor formatting or omitting an index to allow easy navigation. If the PSMF preparation is subcontracted, another oversight inviting a penalty might be the lack of MAH involvement in any document revisions.

Inadequate QPPV oversight

If the qualified PV person—who carries personal liability for PV failings, in addition to any company penalties—does not have sufficient oversight of the process for safety variations preparation, submission, and implementation, or over KPIs and adverse event reporting, this could also result in a failed inspection and potential fine.

Insufficient attention to risk management

This is one of the topics with the largest number of critical findings over time during inspections and includes findings related to poor maintenance of product information (routine risk management) or to implement additional risk minimization measures (aRMM), such as educational materials or pregnancy prevention programmes.

Failure to consistently collect and manage safety information

Often the breakdown here is a failure to identify and track all potential sources of spontaneous safety data or to reconcile adverse event monitoring activity with medical information and product quality complaints. This breakdown can lead to safety signals being missed. Failing to properly validate the database for individual case safety report (ICSR) management can also lead to a fine, especially for small-to-medium enterprises (SMEs), which can’t justify the cost of a top-of-the-range PV database.

Using spreadsheets or other tables to manage validation is not acceptable, but there are affordable options to formalize activity here. Failure to transfer safety data from previous MAHs during an acquisition can also catch companies out.

Ongoing gaps in safety evaluation

These gaps concern benefit-risk and signal management and aggregate reports (PSURs). Common mistakes include inaccurate sales and patient exposure figures; the inclusion of unrelated adverse event reports; failure to include relevant cases in the benefit-risk analyses; and late updating of product information. Other issues include failure to discuss all sources of potential signals; and a lack of rationale for the report frequency.

Poor links between departments or with third parties

It’s important to include teams monitoring MAH websites for comments/safety reporting and to keep tabs on any general company email addresses that people might use to report safety data.

Failures in business continuity provision

This issue includes validating controls over access to sensitive patient medical information and, if fireproof/waterproof filing cabinets have been swapped for digital archiving, that such systems meet all required parameters.

Tightening control

With so many factors to get right in the way of systematic information capture and reporting, it is unsurprising that PV departments are getting some of this wrong and are feeling overwhelmed by the responsibility.

One way to alleviate immediate concerns is to pursue unbiased feedback on current provisions from professionals with experience of a diverse range of approaches and systems. They will be able to bring to bear the latest best practice, based on the effective ways other companies are tackling this—or perform a gap analysis that can help target remedial action.

In due course, the EU should clarify and update its guidance, so pharma companies will be better able to understand what they need to aim for. It’s important not to wait until then, however. Competent authorities are starting to perform remote inspections now, which is likely to lead to increased coverage and frequency of these spot-checks as more auditor capacity is freed up.


1. EMA, Commission Implementing Regulation (EU) No. 520/2012 (Brussels, June 2012).

About the Author

Vanessa Fachada Oliveira is a pharmacovigilance manager and EU QPPV at Arriello—a global provider of regulatory affairs and pharmacovigilance solutions and services for pharma and biotech firms primarily in Europe and North America.

Article Details

Pharmaceutical Technology Europe
Vol. 32, No. 9
September 2020
Pages: 37–39


When referring to this article, please cite it as V. Fachada Oliveira, “Pharmacovigilance Under Scrutiny: Why Companies are Falling Short,” Pharmaceutical Technology Europe 32 (9) 2020.