Why do we need pharmacovigilance

Efficient design of pharmacovigilance systems

1. Legal Requirements

In the 14th amendment to the German Medicines Act (AMG) from 2005, the German legislator made it mandatory to include a "detailed description of the pharmacovigilance system" with every application for authorization of a medicinal product (module 1.8.1 of the authorization documents; Section 22 para. 2 AMG). This is intended to document that the future authorization holder has or has already established an effective safety system for his medicinal products. Only when registering homeopathic or traditional herbal medicinal products in accordance with Section 39a-d AMG is there no such requirement. At the same time, the competent higher federal authority in AMG was given the opportunity to carry out PV inspections (Section 63b (5a) AMG) in order to check the practice and the content of the implemented systems on site.

While the corresponding regulations appear less unusual for the ethical industry, they are largely uncharted territory for the OTC industry. Serious adverse drug effects occur much less often here. At the same time, the legislature demands the same standard from small and medium-sized companies with OTC products that also applies to large corporations in the Rx area.

The EudraLex Volume 9A of the European Commission, which was finalized in March 2007, provides the current content requirements for these elements introduced in the AMG [1]. It applies to all human medicinal products that are registered in the countries of the EU as well as in Iceland, Liechtenstein and Norway - regardless of the approval (national, MR approval, decentralized, centralized) and regardless of the current approval status. Only the homeopathic medicines to be registered in the simplified procedure are excluded here.

The aim of the “Detailed Description of the Pharmacovigilance System” (DDPS) required by the AMG and formalized in Volume 9A is to describe the security monitoring actually practiced in the company. The requirements for the DDPS can therefore be read as a requirement for daily PV practice in the company. In view of the complexity of the requirements and the associated personnel retention, companies with a manageable number of approvals see themselves at a disadvantage compared to larger competitors in PV: With the support of a larger number of approvals, the wealth of experience and thus the quality and efficiency of drug monitoring increases. At the same time, there are synergy effects in the cost structures. Companies with drugs with a low risk potential are therefore increasingly turning to specialized PV service providers. Volume 9A explicitly enables this practice (Part 1, Point 1.3): “A Marketing Authorization Holder may transfer any or all of the pharmacovigilance tasks and functions, including the role of the QPPV, to another person (s) or organization (.. .) ”. However, the formal responsibility for drug safety remains with the pharmaceutical company.

2. Detailed Description of the Pharmacovigilance System

The DDPS contains the company-wide, product and approval-independent definition of the work structures and procedures established in the company to maintain drug safety. This includes, among other things. the areas of recording, processing, reporting of suspected adverse drug reactions (ADRs), creation and review of Periodic Safety Update Reports (PSURs), signal detection and handling of emergency measures in the company.

The BfArM enables pharmaceutical companies to send this description once as a so-called pharmacovigilance master file. Future applications for approval will then refer to this master file. At the moment, the BfArM does not seem to regard changes in the description of the PV system as a Type II variation, as is actually intended in Volume 9A (Part I, Point 2.2.1). Failure to submit a DDPS or a DDPS with deficiencies will lead to a rejection of an application for formal reasons.

Paradoxically, this often affects those pharmaceutical companies who have a low-risk product portfolio and who have therefore had to deal less intensively with the - also formal - problems of drug safety. Experienced service providers often help these companies to implement a PV system that meets the requirements, including documentation.

The authorization holder must, if applicable, describe the following components of his PV system in detail (see Fig. 1) [2] and also define the cooperation with service providers in each case:

2.1. Qualified Person for Pharmacovigilance

The approval holder is responsible for the safety of his products. He has to commission a pharmacovigilance person (QPPV) to monitor drug safety and to provide him with the necessary resources. The QPPV has z. B. to maintain an overview of the safety profiles and precautions of the medicinal products or to implement them initially. She wears, among other things. Responsible for submitting ADR reports and PSURs, for periodic literature research, for staff training and is the central point of contact for the authorities. In short: It is responsible for ensuring that the PV system in the company complies with the current legal regulations and is fully implemented.

The AMG places higher demands on such a person than Volume 9A, because for Germany it requires a step-by-step plan officer (Section 63a AMG) who not only - like a QPPV - has "adequate qualifications" and at least "access to a medically qualified person ”. In principle, only doctors, human biologists or pharmacists with at least two years of professional experience can be considered as phased plan officers.

Small and medium-sized companies in particular face these requirements with a major financial and organizational challenge, as a QPPV must be available around the clock. A substitute regulation in the case of vacation, illness or leisure time must be laid down in writing. As with the earlier "traveling" control and production managers, the industry therefore often uses external help (e.g. outsourcing of step-by-step plan officers) - this is also explicitly made possible by Volume 9A. The external contractual partner has to implement quality assurance and control. Audits by the authorization holder are recommended.

2.2. organization

A representation of the organizational structure is also part of the DDPS. For example, the names, locations and internal connections of the parts of the company entrusted with PV as well as a brief description of the activities carried out there must be stated. The organizational structure should also be shown schematically (organizational chart) to clarify the cooperation (internal and with external partners).

2.3. Written procedures

A flow chart should be generated for the DDPS that outlines the central processing steps of an incoming ADR report in the company (see Fig. 2). An inspector from the authority or a commissioned external auditor should be able to use this organizational description to identify potential gaps or unnecessary workload in the PV processes. Product-specific additions, such as the exchange of security-relevant data with a license partner, should be clarified in an appendix.

The following processes are also to be documented in a DDPS in accordance with Volume 9A:

  • Activities of the QPPV, deputy regulation
  • Collection, evaluation and classification of Individual Case Safety Reports (ICSRs)
  • Tracking of ICSRs (follow-ups)
  • Detection of duplicate reports
  • Notification of 7- or 15-day ICSRs, compliance with deadlines, electronic notification
  • PSUR (creation, quality control, submission)
  • Literature research
  • General PV (signal detection, benefit-risk assessment, communication with authorities, health care professionals, etc. regarding changes relevant to drug safety)
  • Dealing with safety risks from product defects
  • Emergency measures, dealing with inquiries from authorities
  • Obligations to authorities
  • Dealing with databases
  • internal audits
  • training
  • Archiving

Standard Operating Procedures

Standard Operating Procedures (SOPs) accompany the DDPS and must be listed. Upon request by the authorities, the SOPs should generally be able to be presented within two days [3]. SOPs are records with which a company defines binding and uniform procedures globally for all employees with specific functions.

From the sum of the procedures laid down in writing, it can be seen whether and where there are gaps or overlaps in the areas of responsibility. The creation and updating of SOPs and accompanying job descriptions, in which processes are described more specifically, is complex. It is important to explain the existing processes, since in particular conformity with the regulatory requirements must be ensured and, on the other hand, work processes should be designed efficiently. Experienced service providers with an “impartial view” can recognize potential for improvement more quickly, because from the in-house perspective of “we've always done this” compliance problems are recognized very slowly or not at all.

Receipt of spontaneous reports

The processing of reports on suspected cases of undesirable side effects is a central topic of every PV system. All employees, from the switchboard to the field service to the legal department, should know and master the company-wide regulations for the receipt of PV-relevant information. In the associated SOP it must therefore be defined which information (minimum criteria) is to be included, how it is to be recorded (document-proof and verbatim) and what is to be done with it (immediate forwarding to the PV person responsible). The reference to a training SOP, on the basis of which all employees concerned are trained in dealing with spontaneous reports, should not be missing.

The acceptance of spontaneous reports by service providers is possible. As in other cases of outsourcing tasks, the license holder is subject to a certain degree of dependency: If the switchboard is assigned to a call center, for example, he should, for example, ensure that these groups of people are instructed and be able to prove with audits that the call center Center agents are trained to receive and forward spontaneous reports. For this purpose, all instructed persons should confirm their training in writing.

Individual case safety reports

ICSRs mark an interesting and at the same time sensitive point in the cooperation between pharmaceutical companies and external service providers. Pharmaceutical companies that do not maintain their own electronic reporting system or do not want to set up a new one, outsource this task. At the same time, when the suspected cases are coded and assessed by an independent third party, a high degree of factual and economic independence can be guaranteed. However, spontaneous reports are often received directly by the entrepreneur, at a commissioned call center or via other sources. The interface description between the sources and processors of PV-relevant data is therefore of particular importance in the SOP, especially when service providers are involved on several levels.

Periodic Safety Update Reports

The creation of a PSUR is a prime discipline of external service providers. Since literature research and the creation of PSURs are primarily not related to the product, but rather to the active ingredient, synergy effects arise here. For example, the DiapharmGruppe coordinates corresponding PSUR pooling projects. The synergy potential goes back to the harmonization of the submission deadlines for now well over 800 active ingredients at national and European level.

Whether in individual cases the possibility of participating in PSUR pools for known active substances is decisive or whether the focus is on absorbing additional workloads: The authorization holder often outsources the creation of PSURs to specialized service providers. Especially for medium-sized companies with a small number of approvals, it makes sense not to set up a separate department for the creation of the corresponding PSURs every 6, 12 or 36 months due to the high cost burden. In this case, it should be clearly defined in an SOP for the PSUR creation who will provide the necessary approval-relevant data, ADR reports, sales figures and, if applicable, study data and when. Does the service provider also do the literature research? How is compliance with the time schedule regulated? These points must also be defined in the SOP.

2.4. Databases

The pharmaceutical company must maintain a system - usually a validated database - in order to ensure the recording, classification and, if necessary, worldwide retrieval of all ADRs that are reported to the pharmaceutical company. The aim is loss-proof and forgery-proof handling and storage of the data and the traceability of changes (audit trail). A structure of the recording system is not prescribed, but data protection regulations must be taken into account when handling personal (patient) data.

Since database solutions are usually purchased externally, a clear definition of the responsibilities between the company and the IT service provider must be ensured in the system description. In addition to database structure and data backup, compliance with ADR transmission standards, EudraVigilance registration, updating and validation must also be taken into account.

Alternatively, traditional paper-based recording can be used for companies with a low number of ADRs. However, the DDPS or the accompanying SOPs will then have to explain how the ADRs are systematically processed and documented and how an ADR is reported. To consider is z. For example, serious and unexpected side effect (suspected) cases from non-EU countries must also be sent electronically and by specially trained staff to the EMEA's EudraVigilance database for medicinal products that are only authorized nationally in Germany. If necessary, this is another area of ​​application for PV service providers.

2.5. Connections to other companies

The points to be disclosed in the DDPS also include contractual agreements with people or companies, insofar as they relate to the monitoring of drug safety. This can be, for example, co-marketing contracts in which a contractual regulation of the reporting of spontaneous incidents is made. Contracts with PV service providers, for example for the task of QPPV, for electronic reporting, database maintenance, literature research or the creation of PSUR are included. The authorities expect a brief description of the nature of these agreements with the respective responsibilities.

2.6. Training

Records are to be kept of the regular training and further education of the employees entrusted with PV activities. Job descriptions, résumés, training documentation and, if necessary, tests of the training content must be archived.

2.7. documentation

Of course, the storage of the created documents is also part of the PV system. The DDPS must then explain where and how this happens - if necessary by stating the name and address of a service provider commissioned to do so. A specified retention period is not defined in Germany. In Great Britain the legal situation is similar, there the British authority MHRA recommends: “pharmacovigilance records should be kept indefinitely” [4]. The archiving planning should be designed for the long term.

2.8. Quality management system

A brief description of the quality management system must also be submitted. The main focus here should be on responsibilities. Particular attention must be paid to the quality assurance of the PV system and the auditing of external service providers.

2.9. Supporting documentation

The DDPS can be supplemented by supporting documentation that proves that the PV system is functioning properly and, if necessary, provides information about changes or revisions to the system. This additional information can be particularly important for the assessment or during inspections.

3. Pharmacovigilance inspections

Since the 14th Amendment to the AMG came into force, BfArM and PEI have had the opportunity to inspect the pharmaceutical companies' PV systems on site. This option is increasingly being used. Volume 9A represents the prerequisites on the basis of which the tests are carried out [5]. A competent state authority can accompany the inspection.

A routine inspection is usually announced about 2 months before the appointment. In general, the company to be audited must provide the authority with various additional documents in addition to the DDPS at least 14 days before the audit date. These include, among other things, "more detailed explanations, for example.on the product range, the SOPs, on further training documents or other attachments. ”[6] An overview of the regularly requested documents - without claim to completeness - is available for download from the BfArM [7].

During such a one-day inspection, the pharmaceutical company has the opportunity to present its PV system. The inspectors continue to check individual items such as B. the collection, processing and quality of individual reports, the data collection system or job descriptions of employees who are involved in the creation of PV documents (§ 4 AMWHV).

After the inspection, the entrepreneur receives a draft of the inspection report with points of criticism and identified deficiencies for comment. In the context of the national legal situation, the authorities can impose sanctions if the results are unsatisfactory. In any case, the costs of an inspection are borne by the pharmaceutical company: In Germany, BfArM inspections are charged according to the AMG cost ordinance, which is yet to be revised.

Audits by internal or experienced external auditors are helpful in preparing for official PV inspections. External audits from a non-company perspective enable comparison with an ideal situation, as is usually desired by the authorities. However, any potential for optimization that may be discovered can only rarely be integrated into an existing system in the run-up to official inspections at short notice and without any loss of friction. Regular audits are therefore recommended.


External service and consulting companies can be involved in practically all drug safety processes. The offers of the service providers continue to specialize. A broad portfolio of high-quality offers has established itself in the market, from auditing to the occasional commissioning of electronic ADR reports to the EMEA to the provision of qualified persons for pharmacovigilance or the implementation of complete PV systems. The associations are also active here.

Some companies completely outsource PV tasks in order to immediately ensure a functional PV system. Others only cope with peak loads by integrating service providers for special tasks or use external know-how to ensure compliance with changing legal requirements.

A possible disadvantage of this outsourcing can be identified as a potential dependency on external third parties and on the reliability of their work. It should be noted that the contractual commitment to a service provider does not differ fundamentally from the employment law commitment to (changing) employees. The advantage of outsourcing is, in any case, a continuous quality assurance through the involvement of highly specialized and experienced PV teams.

Specialized service providers can often react more quickly to new developments in the field of legislation and thus offer tailored solutions in a timely manner. In this sense, outsourcing is also an effective and consistent response of the pharmaceutical industry to the continuous pressure to adapt from politics and the market.


[1] EudraLex Volume 9A, Pharmacovigilance for Medicinal Products for Human Use (version April 2007)
[2] Federal Institute for Drugs and Medical Devices (BfArM), "Notice on the submission of documents in accordance with Section 22 (2) No. 5 and No. 6 AMG (pharmacovigilance and risk management system; qualified person for pharmacovigilance)" from January 9, 2007
[3] EudraLex Volume 9A, p. 23
[4] Medicines and Healthcare Products Regulatory Agency (MHRA), "Frequently asked questions for Good Pharmacovigilance Practice" of March 5, 2007
[5] Kroth, Elmar, "Pharmakovigilance - BfArM specifies requirements for pharmacovigilance inspections", Pharm. Ind. 69, No. 3, 311−312 (2007)
[6] Bornern, Mechthild et al., "Pharmacovigilance - internal pharmacovigilance system within the framework of the application for drug approval / proposal for the creation of a system description", Pharm. Ind. 68, No. 10, 1160−1166 (2006)
[7] Federal Institute for Drugs and Medical Devices (BfArM), “Communication on Pharmacovigilance Inspections” from January 15, 2007