Data privacy is integral when monitoring safety signals. Patient data must be deidentified to protect the privacy of the individual, but also to meet regulatory requirements. Protecting personal data requires several detailed measures, including going through vast amounts of data as well as several manual activities required for protecting personal data can best be managed through automation.

In the European Union, the General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, harmonizes European data privacy laws, delivering greater data privacy protection to EU citizens, which includes protection for health-related data. In the U.S., the Health Insurance Portability and Accountability Act (HIPAA) requires the protection of sensitive patient information. However, EU regulation goes a step further, giving significant authority to the data subjects on their personal data. Companies will have to find ways to address the rights of subjects, such as the right to access their personal information, the right to have any inconsistencies rectified, the right to have their data erased, the right to restrict processing, and the right to data portability.

It’s common for pharmacovigilance data to include information that identifies the patient and the reporter, for example through information such as age, weight, height, ethnic origin and health status. Personal identification and contact details may also be collected if there is a follow-up to the adverse events required. All this information falls under the category of “personal data.”

The penalties for noncompliance with GDPR are severe, so it’s vital that companies can redact or anonymize data to ensure the subject can’t be identified. All appropriate security measures should be taken to protect the personal data collected for pharmacovigilance purposes, and this means the pharmacovigilance database should be able to track all changes to personal data and should be able to create an audit trail of the same.

Redacting Personal Data

This is where automation comes into its own. To start with, an advanced automation tool would identify essential versus non-essential data and redact all non-essential personal data. If any data is breached, a notification report can be automatically generated to advise stakeholders and enable action to be taken.

Automation also makes it easier to adhere to pharmacovigilance data storage requirements. According to Article 12, record management and data retention, of EU regulation 726/2004, “pharmacovigilance data and documents relating to individual authorized medicinal products shall be retained as long as the product is authorized and for at least 10 years after the marketing authorization has ceased to exist.” Having tools that automatically indicate the duration of data retention and automation alerts for personal data storage expiry can ease the burden for manually tracking all such incidences.

Adherence to data privacy and security requirements also requires companies to demonstrate GDPR compliance. The automation tools can:

  • Generate an audit trail of the flow of personal data
  • Create reports to demonstrate that the personal data collected is used for pharmacovigilance purposes only and is not processed for any other purpose, unless data subjects have been notified and agreed to the use of their data
  • Enable metrics and gap analysis to be performed in the data to ensure they meet regulatory standards.

Over the coming weeks, we will share insights on the role AI already is playing and its future potential in PV. Find out more about the role automation plays in pharmacovigilance by listening to the webcast, “Productivity, Compliance and Quality: The Holy Grail in Pharmacovigilance.”

 [poll id=”5″] [poll id=”5″] Data privacy is integral when monitoring safety signals. Patient data must be deidentified to protect the privacy of the individual, but also to meet regulatory requirements. Protecting personal data requires several detailed measures, including going through vast amounts of data as well as several manual activities required for protecting personal data can best be managed through automation.

In the European Union, the General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018, harmonizes European data privacy laws, delivering greater data privacy protection to EU citizens, which includes protection for health-related data. In the U.S., the Health Insurance Portability and Accountability Act (HIPAA) requires the protection of sensitive patient information. However, EU regulation goes a step further, giving significant authority to the data subjects on their personal data. Companies will have to find ways to address the rights of subjects, such as the right to access their personal information, the right to have any inconsistencies rectified, the right to have their data erased, the right to restrict processing, and the right to data portability.

It’s common for pharmacovigilance data to include information that identifies the patient and the reporter, for example through information such as age, weight, height, ethnic origin and health status. Personal identification and contact details may also be collected if there is a follow-up to the adverse events required. All this information falls under the category of “personal data.”

The penalties for noncompliance with GDPR are severe, so it’s vital that companies can redact or anonymize data to ensure the subject can’t be identified. All appropriate security measures should be taken to protect the personal data collected for pharmacovigilance purposes, and this means the pharmacovigilance database should be able to track all changes to personal data and should be able to create an audit trail of the same.

Redacting Personal Data

This is where automation comes into its own. To start with, an advanced automation tool would identify essential versus non-essential data and redact all non-essential personal data. If any data is breached, a notification report can be automatically generated to advise stakeholders and enable action to be taken.

Automation also makes it easier to adhere to pharmacovigilance data storage requirements. According to Article 12, record management and data retention, of EU regulation 726/2004, “pharmacovigilance data and documents relating to individual authorized medicinal products shall be retained as long as the product is authorized and for at least 10 years after the marketing authorization has ceased to exist.” Having tools that automatically indicate the duration of data retention and automation alerts for personal data storage expiry can ease the burden for manually tracking all such incidences.

Adherence to data privacy and security requirements also requires companies to demonstrate GDPR compliance. The automation tools can:

  • Generate an audit trail of the flow of personal data
  • Create reports to demonstrate that the personal data collected is used for pharmacovigilance purposes only and is not processed for any other purpose, unless data subjects have been notified and agreed to the use of their data
  • Enable metrics and gap analysis to be performed in the data to ensure they meet regulatory standards.

Over the coming weeks, we will share insights on the role AI already is playing and its future potential in PV. Find out more about the role automation plays in pharmacovigilance by listening to the webcast, “Productivity, Compliance and Quality: The Holy Grail in Pharmacovigilance.”

 

Share on LinkedIn

Related Posts

Discover NavaX

the latest automation from LifeSphere