Back to the Basics in PV
Since starting these postings we’ve had a lot of questions about some of the basics of drug safety. So our thought is that this would be a good time to review what you need to have and what is nice to have to do drug safety and pharmacovigilance (PV).
So here is a review of the things that a company, CRO, sponsor, investigator (particularly if doing an investigator initiated study or trial without the backing of a big drug company as sponsor) etc. needs to have and might want to have.
We will start of with the “need to have”. These functions must be in place for the sponsor (IND/NDA/BLA/MA/CTC etc. holder) whether in the sponsor’s organization or out-sourced to one or more other organizations such as CROs, business partners etc.
Need to Have
SOPs: There must be written SOPs and procedural documents outlining how safety is done, by whom, what rules and regulations are followed etc. These must cover all regions where the drug is sold or studied since they differ from country to country. In particular, the EU and the US now differ significantly in the post-marketing safety requirements.
Data Collection: The “feeder groups” of serious and non-serious adverse events (AEs) including clinical research doing trials, CROs, sales reps, websites, etc. must have a system in place to send in AEs to the unit handling the AEss.
Electronic databases, IT functions: Every organization really needs some sort of database for safety data – more than an Excel Spreadsheet. Some sort of dedicated, validated safety database is usually needed for preparation of required paper and electronic submissions (MedWatch & CIOMS I forms, DSURs, PSURs, E2B files etc.) to governments.
Other validated databases may include call center software, signaling systems, electronic data capture (EDC), commitment tracking, reporting tools to EudraVigilance over the internet etc. These must also be supported.
People: Someone must have operational responsibility for safety for the sponsor. Usually not a consultant external to the company. In the EU there must be a Qualified Person for PV. If safety is kept in-house then qualified and experienced staff must be in place – both professionals (MDs, RNs, PharmDs, RPhs etc.).
IT folks to support the databases, manage dictionaries (MedDRA, Drug Dictionary, etc.) must also be in place.
Obviously, there must be management responsibility. Somebody (a single person) must ultimately own the responsibility for the safety of the products at a senior level. This person may or may not also be the functional head of drug safety/PV. This is usually someone at a very high level – often but not always a physician. If not a physician a senior, expert physician should be immediately available.
Expedited Reporting: The functionality to submit expedited (alert) reports for trials and post-marketing situations (7, 15 day reports, paper based and E2B) and local variants often in local languages must be present.
Aggregate Reporting: PSURs, DSURs, Annual Safety Reports, white papers, expert reports, IND Annual Reports, PADERs etc. are usually required and this function must be in place.
Regulatory Support: For submissions, tracking changes in requirements, REMS/RMP support, interface with health agencies etc. This is almost always external to the drug safety group.
Life Cycle Risk Management & Signaling/Epidemiology: Now required in the US, EU and many other countries to varying levels of complexity. A formal, documented process done by medical experts needs to be in place throughout the life cycle of the drug. Processes for escalation, action and resolution of safety issues must be in place.
Training: Formal and documented training both of company staff and external organizations involved in safety (business partners, CROs, etc.) is required.
Senior Safety Committee or Equivalent: Someone or some committee that adjudicates and acts on safety issues and crises must be in place and have a written SOP defining their duties and functions. They must be empowered to act immediately for critical safety matters.
Other Safety Committees: For certain studies, though not officially “obligatory”, Data Safety Monitoring Committees/Boards and Adjudication Committees are now frequent.
Archiving and documentation: Whether paper and/or electronic, archiving and record retention with all privacy and data security measures in place.
Medical Literature Review: This is obligatory for safety problems in the US, EU and elsewhere.
Internet & Social Media Coverage: This is a rapidly changing area. At the very least, the company must watch and police its own websites and social media ventures (and adventures). As of now, total scanning of the internet for safety issues with one’s products is not, to my knowledge, yet required. But perhaps someday…
Quality (Management) System: A set of procedures and systems must be in place to ensure that quality is maintained throughout all processes at all times with QA, QC, SOPs, training etc.
Compliance: Personnel handling compliance including audits, inspections, corrective action plans (CAPAs) must be in place.
Business agreements regarding safety: If the company has any external contracts such as out- or in-licensing, distribution, co-development agreements etc. these must have the appropriate safety exchange sections included. A procedure and staff to ensure this must be in place. This includes the legal department and business development but may involve others in the company.
Safety monitoring in clinical trials & other special situations: Safety functions must be ensured during clinical trials (monitoring, source document review etc.) consistent with GCP and GPVP. Special situations such as compassionate use, named- patient use, investigator initiated trials all have certain requirements in place that must be followed.
Labeling: There must be a system in place to ensure that the drug’s reference documents/labeling – both clinical trial investigator brochures as well as post-marketing labeling is in place and up to date.
Interaction with manufacturing quality: Tracking potential product quality issues, medication errors etc. is obligatory.
Communication with the public & health care community: Another area that is hazy but is, in practice, obligatory. This includes call centers, the ability to warn patients and health care practitioners of acute safety issues etc.
This, in a nutshell, largely covers what drug safety functions must be in place for a company to remain in compliance with the legal requirements to investigate or sell product. More specifically, these must be in place if an IND, NDA, BLA or such is in place but no active trials are underway and no drug is being sold or distributed.
Nice to Have
Many organizations have other functions in place which are not obligatory but which they find useful. These things include:
Liaison to external international and national organizations: CIOMS, ICH, MedDRA, HL-7, IT user groups etc. Very useful for regulatory and safety intelligence gathering.
External training: Training must be done and some companies out-source their training by having external groups or trainers come in to do courses or sending their staff out to scheduled training courses. Some of these courses are given by private organizations, CROs and sometimes by health agencies (FDA, EU) or NGOs (Uppsala Monitoring Centre).
Language skills: Although English is now largely the language of drug safety (if not all of pharmaceuticals), that often does not suffice in a particular country. Knowledgeable medically trained personnel speaking the local languages may be needed.
Internal consultation & assistance: This broad category can include helping others in the organization with Rx to OTC switches, writing integrated safety summaries (ISSs) which are usually not done by the drug safety group.
There are doubtless other functions that are need to have or nice to have that are specific to particular organizations. In small companies one or two people may handle all of the functions. In others one person may handle relations with CROs who have been contracted to handle some or all safety matters. This list then is probably/surely not complete for your particular situation and you should obtain continuous legal and regulatory consultation to ensure that you are doing everything you must be doing. Remember the environment is continually changing with new regulations and requirements being put in place almost daily. There are also multiple interpretations of the regulations and requirements. Some may feel that a “need to have” is really (at least for them) a “nice to have”. This should be discussed and documented internally at the company for all situations.
The sponsor (holder of the IND/NDA/BLA/MA/CTC etc.) must always keep in mind that it is the sponsor itself who maintains ultimate legal (and ethical/moral) responsibility for safety. That cannot be out-sourced.