Guidelines for Pharmacovigilance Data Privacy and Confidentiality

1) Purpose

The purpose of this SOP is to outline the procedures for ensuring the privacy and confidentiality of data collected and processed during pharmacovigilance activities, in compliance with regulatory requirements and company policies.

2) Scope

This SOP applies to all pharmacovigilance personnel involved in the collection, processing, storage, and dissemination of pharmacovigilance data.

3) Responsibilities

The Data Privacy Officer is responsible for overseeing data privacy and confidentiality measures. The Pharmacovigilance (PV) Manager ensures that all PV personnel are trained and comply with this SOP.

4) Procedure

4.1 Data Collection

1. Collect only the minimum necessary data required for pharmacovigilance activities.
2. Inform individuals about the purpose of data collection and obtain their consent where required by law.
3. Ensure that personal data is collected in a secure manner to prevent unauthorized access.

4.2 Data Processing

1. Process data in a way that ensures its accuracy, integrity, and confidentiality.
2. Apply pseudonymization or anonymization techniques to personal data where possible to protect individual identities.
3. Limit access to personal data to authorized personnel only.

4.3 Data Storage

1. Store data in secure systems with appropriate access controls, such as passwords and encryption.
2. Regularly review and update data storage systems to ensure continued compliance with security standards.
3. Maintain an inventory of data storage locations and ensure that data is stored only in approved locations.

4.4 Data Sharing and Dissemination

1. Share data only with authorized parties and for the purposes specified at the time of data collection.
2. Ensure that data shared with third parties is protected by data sharing agreements that specify confidentiality and security measures.
3. Redact personal data from reports and publications unless necessary and legally permitted to include.

4.5 Data Retention and Destruction

1. Retain data only for as long as necessary to fulfill the purposes for which it was collected, in accordance with legal and regulatory requirements.
2. Establish and follow data retention schedules that specify retention periods for different types of data.
3. Securely destroy data that is no longer needed, using methods such as shredding, degaussing, or secure deletion.

4.6 Training and Awareness

1. Provide regular training to all PV personnel on data privacy and confidentiality requirements and best practices.
2. Ensure that new employees receive data privacy training as part of their onboarding process.
3. Conduct periodic refresher training and awareness programs to reinforce the importance of data privacy and confidentiality.

4.7 Monitoring and Auditing

1. Regularly monitor data privacy practices to ensure compliance with this SOP and regulatory requirements.
2. Conduct periodic audits of data processing activities and data protection measures.
3. Document and address any findings from monitoring and auditing activities promptly.

5) Abbreviations, if any

PV – Pharmacovigilance, SOP – Standard Operating Procedure

6) Documents, if any

Data collection forms, data sharing agreements, data retention schedules, training materials, audit reports.

7) Reference, if any

General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), ICH Guideline for Good Clinical Practice, EU Guidelines on Good Pharmacovigilance Practices (GVP) Module I – Pharmacovigilance Systems and Their Quality Systems.

8) SOP Version

Version 1.0