This blog covers:
- Managing personal data in pharmacovigilance
- Types of personal data
- Legislation governing the handling of personal data
Table of Contents
What is Personal Data?
Personal data refers to any information that pertains to an identified or identifiable living individual, either directly or indirectly.
This data can also include:
- an individual’s preferences
- behaviors, or characteristics, such as health information and demographic details.
Types of Personal Data Involved in Reports
Patient/Consumer Data may include, but is not limited to:
- Patient ID or initials
- Contact details (if the patient is the reporter)
- Date of birth
- Gender
- Age or age group at onset
- Ethnic origin
- Adverse event information:
- Symptoms
- Duration
- Outcome
- Suspect product
- Concomitant medications
- Hospitalization details relevant to the adverse event
- Patient medical history
Healthcare Professional (HCP) Data may include:
- Physician information
- Investigator details
- Other healthcare professionals
Reporter Personal Data may include, but is not limited to:
- Reporter name
- Contact details
- Profession
- Professional qualifications (if the reporter is a healthcare professional)
The purpose and processing of personal data regarding patients or primary sources is essential for
- detecting
- assessing
- understanding, and
- preventing adverse reactions.
These information helps to enhance public safety of using medicinal products.
“Personal data is not just information; it’s a reflection of our identities, and safeguarding it is essential to preserving our privacy and dignity.”
Special Categories of Personal Data
Special categories of personal data are particularly sensitive and require enhanced protection.
Under the General Data Protection Regulation (GDPR), the following are classified as special categories:
- Racial or ethnic origin
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Bio-metric data for uniquely identifying an individual
- Health data
- Data about a person’s sex life or sexual orientation
Handling Personal Data
Collection of data
Maintaining patient confidentiality and adhering to data privacy regulations is crucial. When personal data is received, the organization must follow its internal procedures to ensure that this sensitive information is anonymized and managed appropriately.
The collection and disclosure of personal data will comply with the obligations and laws of the relevant country’s data protection regulations.
Personal data collected for pharmacovigilance purposes is essential to fulfill legal and regulatory requirements for monitoring and reporting adverse events, as well as serving the public interest and safeguarding public health.
We are required to collect and process information that may directly or indirectly identify an individual (“Personal Data”) from various sources.
What is Valid Consent?
Under the Data Protection Act 2018, when consent is relied upon to process personal data, the organization that receives and transfers this data must be identified at the time of collection.
Consent for processing personal data for adverse event (AE), post-marketing commitment (PC), or spontaneous report (SRS) purposes may be obtained at the end of an interview.
It’s important to avoid transferring or storing unnecessary duplicate copies of personal data collected for these purposes.
For more information on what constitutes valid consent, refer to the BHBIA’s ‘GDPR Updates’ on ‘Legal Grounds for Data Processing’ and ‘Consent for Market Research’ available on the BHBIA website.
Principles and Laws
The Data Protection Act 2018 establishes several principles that organizations must follow when processing personal data. It mandates that personal data must be:
- Processed lawfully, fairly, and transparently in relation to individuals.
- Adequate, relevant, and limited to what is necessary for the intended purposes.
- Accurate and, when necessary, kept up to date.
- Retained in a form that allows for the identification of data subjects only as long as necessary for the processing purposes.
- Processed securely, protecting against unauthorized or unlawful processing and accidental loss, destruction, or damage through appropriate technical and organizational measures.
Other legal grounds for processing personal data for drug safety reasons include:
- Compliance with legal obligations, such as pharmacovigilance (Article 6(1)(c)).
- Public interest (Article 6(1)(e) and Article 9(2)(i)).
- Legitimate interests (Article 6(1)(f)), though this cannot be used for special category data.
Data protection requirements do not apply if the patient is deceased.
In the EU, organizations must adhere to relevant data protection legislation (Directive 95/46/EC and Regulation (EC) No 45/2001). Direct identifiers of patients cannot be transferred unless allowed by applicable national legislation.
Challenges in Handling Personal Data
- Difficulty in following up on spontaneous reports with incomplete details. (To learn more in detail..)
- Maintaining confidentiality.
- Preventing data leakage.
- Adapting to varying data protection laws across different countries.
Key Takeaways
Reporter and physician details are collected during the reporting process.
Patient or subject details are subject to restrictions based on national data protection laws.
Subject details should preferably be anonymized or hidden to protect confidentiality, even if included in a report.
All personal data collection will be based on valid consent.
Personal data encompasses more than just names.
Wrap-Up
This comprehensive overview highlights the significant nuances of handling personal data in pharmacovigilance. While we may have missed some important points, we aimed to clarify aspects that might be unclear.
If you have additional insights or suggestions, feel free to share them with us. We are committed to continuous improvement and updates, so don’t hesitate to tag us in your feedback.
Thank you for reading!
Leave a Reply