Pharmacovigilance in the European Union

Pharmacovigilance Data and EU Data Privacy Regulations

Like any data within the EU, access to pharmacovigilance data must always be considered in respect of EU laws which protect the patient’s rights to personal privacy.

Clinical data is essential for the identification and analysis of Adverse Reactions which could be caused by taking a particular drug. Whilst this endeavour ultimately aims to protect the patient, by law it must not over-ride any privacy concerns. This page provides a brief outline of some of the key issues around personal privacy and the use of clinical information for drug safety purposes.

The Effect Of EU Data Privacy Laws

The 1995 Directive 95/46 EC allowed EU member states three years to enact appropriate national laws and regulations in accordance with the principles of that Directive. It concerns itself with all forms of personal data, including information related to health. Information held by doctors, hospitals, pharmacies and so on must comply with national laws which exist at the very minimum to comply with the Directive. They apply irrespective of whether the information is held on a computer or in any other electronic form, or whether it has been stored in a ‘manual format’ (for example, on paper, as an X-Ray, as a handwritten form, etc). In order to process any personal information, the person to whom the information relates must give their consent and the treatment of the data must be necessary to fulfil:

  • a contract or legal obligation
  • activities which serve to protect the person’s vital interests
  • activities which serve the public interest
  • activities performed in the exercise of official authority

Since the Directive was introduced, those laws and regulations are variable between countries to the extent where some provide greater protection for patient’s privacy than was required by the original Directive. This may mean adequate drug safety follow up and data collection is more complex and pharmaceutical companies may need professional guidance.

For regulatory agencies, such as the European Medicines Agency, and other European institutions, there is additional privacy legislation in the form of Regulation (EC) No 45/2001 Protection of Individuals with regard to the Processing of Personal Data by the Community institutions and bodies and on the Free Movement of such data.

The Impact On Practice

The impact of the Directive on drug safety work has not been to prevent accurate reporting or the flow of information from clinical trials, studies, etc. Contemporary pharmacovigilance has responded with various strategies to ensure that either the above conditions are adequately fulfilled, or the data the work generates is used in an anonymous manner. Nonetheless, the laws throughout the EU are subject to change and pharmaceutical companies therefore continue to need expert advice on the current regulations. There are also instances where advice is required to export data to countries outside the EU in a legally compliant manner. Non-anonymized data cannot be moved from within the EU to countries which are not considered to have adequate data privacy laws. However, pharmaceutical companies and regulators may need to quickly access information across continents. One such example is the movement of data from the EU to the USA, although many practices have been adopted across the industry to facilitate these transfers.

Please note this brief introduction cannot be considered as an exhaustive description and is not any form of professional advice.