Pharmacovigilance audits – keeping on the right side of inspectors

Many life sciences companies are still struggling with pharmacovigilance audits and inspections eight years after EU legislation came into force. Vanessa Fachada Oliveira, pharmacovigilance manager & EU QPPV at Arriello, highlights key areas of focus for marketing authorisation holders to achieve an effective audit of their pharmacovigilance systems.

Regulating authorities need to be confident that standards relating to pharmacovigilance (PV) activities are being upheld. It is vital that pharmaceutical organisations can provide evidence of strong standard operating procedures on demand. Yet, although eight years have elapsed since EU legislation on PV came into force, a majority of companies are still struggling to fulfil their obligations, potentially causing marketing authorisation holders (MAHs) to fail inspections, incur fines and see products withdrawn from markets. 

One of the reasons for common failings in PV process documentation is that the EU has not set out clear guidelines about how or where companies should go about this. Here are some of the problems this can cause and what can be done to rectify the situation:

1. Failure to implement an adequate quality management system. EU PV legislation makes clear that quality systems should form an integral part of an organisation’s PV system. But although other strong standard operating procedures (SOPs) may have been documented as part of general quality systems, there is often nothing relating specifically to PV - about procedures for managing deviations; how external service partners are qualified; what the business continuity plan is and how this is tested, etc. 
2. Insufficient or poorly documented training. This can occur firstly because it is not obvious who is responsible for or who actually needs PV training. Depending on the organisation, the remit for organising training could fall to the HR department, the quality leadership, or the PV function itself. There should be a clear training plan, and formal records showing which employees have attended which sessions.
3. Failure to make contractual provision for PV along the supply chain. Manufacturers as well as MAHs and distributors could find themselves the first port of call for a safety report. A safety data exchange agreement should set out the respective PV responsibilities of each party, who the QPPV is, who will manage actions relating to adverse reactions and associated reporting. 
4. Inadequacies relating to the Pharmacovigilance System Master File (PSMF). This should provide a very clear overview of all critical PV processes and procedures for managing adverse events and safety signals; the key stakeholders; full details of the QPPV and their experience and contact details; documentation showing how the organisation will manage compliance with the legal requirements; KPIs and the rationale behind these. The PSMF must be kept up-to-date at all times, so there must be a process for ad-hoc revisions as well as periodical updates. 
5. Inadequate QPPV oversight. If the qualified PV person – who carries personal liability for PV failings, in addition to any company penalties – does not have sufficient oversight of the process for safety variations preparation, submission and implementation, or over KPIs and ICSR adverse event reporting, this could also result in a failed inspection and potential fine.
6. Lapsed attention to risk management. This is one of the topics with largest number of critical findings over time during inspections. It includes findings related to poor maintenance of product information or to additional risk minimisation measures such as educational materials or pregnancy prevention programmes. 
7. Inconsistent or inadequate collection and management of safety information. Often the breakdown here is a failure to identify and track all potential sources of spontaneous safety data, or to reconcile adverse event monitoring activity with medical information and product quality complaints. This can lead to safety signals being missed. 
8. Ongoing safety evaluation failings. These concern benefit-risk and signal management and aggregate reports (PSURs). Common mistakes include inaccurate sales and patient exposure figures; the inclusion of unrelated adverse event reports; failure to include relevant cases in the benefit-risk analyses; and late updating of product information. 
9. Poor integration/interfaces between departments or with external parties to support complete and timely safety information. It’s important to include teams monitoring MAH web sites for comments/safety reporting, and keep tabs on any general company email addresses that people might use to report safety data.
10. Failure to ensure safe archiving/backups and business continuity planning. This includes validating controls over access to sensitive patient medical information.

It is unsurprising that PV departments are getting some of this wrong. It is worth seeking unbiased feedback on current provisions from professionals with experience of a diverse range of approaches and systems, who can bring to bear the latest best practice – or perform a gap analysis that can help target remedial action. As some authorities start to perform remote inspections, increased audit coverage and frequency is likely, as auditors’ capacity is increased. Pharma companies that have been waiting for the EU to clarify and update its guidance can afford to wait no longer.