https://www.abpi.org.uk/our-work/library/guidelines/Pages/safety-data-websites.aspx
Background
The Association of the British Pharmaceutical Industry (ABPI) has just released an updated guidance on how companies should handle adverse events (AEs) and product complaints (PCs) derived from social media. This is a very interesting and useful document and, although in many respects specific to the UK (and EU), there are some general concepts that are quite applicable in the US and globally. We will review some of those concepts here.
In the introduction, the ABPI notes that pharma companies are indeed actively using social media for all sorts of things including corporate awareness, clinical trial enrollment, patient support programs, disease awareness and more. They note, very correctly, that the company (Marketing Authorization Holder – MAH) has an obligation to monitor, collect and manage safety and quality issues that arise through the digital media. This guidance was developed by the ABPI’s expert pharmacovigilance (PV) network and “shared” with the UK’s regulatory agency (Medicines and Healthcare products Regulatory Agency (MHRA)). It is, of course, not binding nor a government issued document. It is merely advice – but good advice.
The document goes on to review the historical (CIOMS), UK and EU legal framework and the reader is referred to the document for this information.
Social Media Activities
Next the guidance summarizes the social media activities done by companies:
- Listening: By this the ABPI means the monitoring of what is being said on the internet and in social media about the company and its products. The monitoring may be prospective (real-time) or retrospective and is usually done on non-company sites. Companies may use key words (e.g. their products’ names) to do broad searches on the internet to pick up information. Particular sites may be specifically followed if it is likely that the product will be discussed there.
The ground rules the ABPI proposes are that the company declare its presence if it is in listening mode in a discussion, blog, chatroom etc. Others however, might argue that this will either incite or limit free discussion.
In addition the ABPI suggests that a formal company project plan be in place for this activity.
During such listening at non-company sites, the ABPI recommends that the “relevant” pages be monitored for AEs and product complaints (PCs). This is consistent with EU, MHRA (and FDA) advisories. Most HAs have made it clear that they do not expect companies to search the internet broadly and proactively for AEs/PCs.
- Broadcasting: By this the ABPI means one way communications with the public without the possibility of the audience responding, commenting or having any sort of dialogue. They stress that the company should be very sure that no interaction or comment is, in fact, possible (e.g. via the webmaster or some other area on the website).
If there is a contact us section, the company must document where the contact information goes, that it functions properly, that it is monitored for AEs and PCs and that a process is in place to handle them when received.
- Engaging: By this the ABPI means two way interactive communication with the public, patients, opinion leaders etc. for whatever reason. This may occur on company or non-company websites. As with “listening” there should be a project plan with objectives and specific methodology, a project owner and AE/PC tracking. In non-company websites the company should declare its presence and be transparent.
On company sponsored sites the appropriate disclaimers, permissions and terms and conditions should be noted (author’s note: even if nobody reads them!). Consent should be obtained for follow up with the reporter of AEs and PCs. That is, it should be clear to the reporter/patient that the cases will be reported to health authorities.
On interactive sites, the company must monitor the entire content on an ongoing basis, particularly on message, request information or contact us areas. The author has seen AEs reported (usually inadvertently) on Human Resources websites when people are applying for a job (“I want to work for your company; I love your products, especially XXXX, which was great for my allergies but did give me headaches.”). Such monitoring must be frequent enough to ensure that any possible expedited reports (e.g. 15 day reports) are picked up and handled in a timely manner. Similarly for surveys, there must be clearly defined data gathering, monitoring and AE/PC evaluation. On outside, non-company sites, the company should do this type of monitoring only during the duration of their project or involvement and stop after that.
Project Management
The ABPI makes some excellent recommendations for companies before embarking on a digital media project. Clearly all appropriate stakeholders should be contacted: PV, legal, the Qualified Person for PV, data protection/privacy, compliance, medical information, corporate communications and market research. The author would also add the information technology/webmasters, risk management, sales and, of course, regulatory.
They recommend that a “digital spokesperson” be designated who will manage the site and can escalate any issues in the company if appropriate.
There should be a written, formal project plan covering the objectives, the project owner, the project digital spokesperson, an AE/PC monitoring plan, reconciliation and QC, a review schedule, training as needed, vendor contracts and an exit (closure) strategy. The author would add that legal should review the plan also.
Company Responsibilities and Behavior
The ABPI advises that company involvement must be transparent. If a site is owned or controlled by the company, this should be disclosed. They also recommend that the company state how long the project is intended to run and how it will monitor and use any user-generated content.
The site should have a clear mechanism for the user to report AEs and PCs to the company.
Any interactive, user response area should be removed or locked to prevent further postings after the project is completed but the website remains available.
If there are out-sourced or third party vendors involved there should be a formal contract with defined responsibilities particularly regarding AEs and PCs. The company should maintain the right to audit the vendor.
The company should have a stated policy on the website on how it will handle abusive, obscene, inflammatory or offensive content. That is, if such content is going to be removed or not posted in the first place this should be noted. A publishing policy (use of readers’ comments) should be noted.
All data privacy and protection laws and regulations must be followed.
There must be appropriate training for all those involved particularly on how to identify AEs and PCs and what to do with them. Other training issues include off-label use, pregnancy, lack of efficacy and overdose.
AEs and PCs
The ABPI recommends that companies consider using mechanisms which make AE and PC collection easier such as providing free text fields, AE/PC reporting tools, formal site registration (name & contact information) to allow identification of the reporter and follow up.
The usual validation criteria for an AE apply and the company needs to collect and follow up on AEs and PCs associated/reported with their products. Data collected should be sufficient to make the usual judgments about labeledness, causality etc. Data should be collected rapidly and the date of posting should be captured.
Contact details for the reporter are needed. Usually an email or screen name will suffice and allow contact for follow up. An attempt to identify the country of the reporter should also be made as this is not always evident.
The ABPI recommends that all AEs and PCs identified by the company (or its agents) be captured and sent to the PV department within one business day. Confirmation of receipt should be issued and a screen shot of the data should be saved as the source document. The screen shot is a good point that not everyone thinks of doing.
The company should follow its written procedures on AE/PC handling. Non-valid cases should be included in signal analyses.
For non-company websites, PCs and AEs that are identified by the company or vendors should be forwarded to the company’s PV department within one day.
The ABPI then addresses software apps for smartphones and tablets. They make certain recommendations that may not apply in the US. This is a rapidly changing field and FDA is regulating software/apps with medical applications. Check local regulations to see if anything special is required.
The ABPI notes that if the company becomes aware of an AE or PC on a non-company site, portal, blog etc. where the content can be viewed by other bloggers and users, the company has a responsibility to follow up and report the AEs/PCs as above.
Finally, the ABPI notes special reporting situations where the company must still pay attention, collect and report. These include pregnancies, exposure during lactation, overdose, abuse/misuse, off-label use, lack of efficacy, tampering, counterfeiting, drug-drug, drug-food interactions, transmission of an infectious agent and occupational exposure.
Comments
These are very reasonable proposals from the ABPI. They seem to follow standard practices currently done in North American and Europe. The FDA and other health agencies are struggling with social media both in regard to AEs and PVs but also regarding claims, off-label use, advertising and promotion, fair balance (how can you give fair balance in a 140 character tweet?). This is an evolving field and it is likely that FDA and other agencies will issue regulations, or at least guidelines, at some point. As for now, these guidelines, a conservative policy on safety and common sense are the best way to handle social media.
