Optimizing an Electronic SAE Workflow in a Cloud-Based Safety Database

• Chiltern

Pharmaceutical drug development occurs in one of the most dynamic environments - an environment that is always seeking new and innovative methods to increase efficiency and reduce timelines while improving patient safety, ensuring data integrity and complying with all regulatory requirements. With investigational medicinal products, some therapeutic indications continue to require larger and more complex trials with increasing amounts of data. Other studies involve smaller numbers of patients but seek specific genetic mutations that can be targeted by the investigational products. Furthermore, those agents that involve gene therapy may require very long periods of follow-up, up to 15 years, to detect delayed adverse events.¹

All these scientific advancements have resulted in data collection from subjects across widespread geographic locations as well as possibly cell and/or tissue collection for genetic analysis, laboratory processing of pharmacokinetic/pharmacodynamics parameters and biomarkers, together with inputs from new technologies (e.g., patient reported outcomes). After the drug has gained marketing authorization, the data collection continues and may increase with even larger post-marketing safety or efficacy studies being required to maintain the product in the market. Pharmacovigilance teams collect all adverse event information reported to the manufacturer/marketing authorization holder, and this data is reviewed for emerging signals and any newly identified risk factors for specific adverse events (e.g., through rapid or slow hepatic metabolic pathways, drug-drug interactions). As a result, the relevant product data continues to grow.

Doherty et al² have projected that the advances in digital technologies and cloud computing, along with the increasing use of smartphones, will prompt shifts toward continuous, contextual data - affecting clinical trials, their review by regulatory agencies, and post-marketing follow-up. As a consequence, data standards and quality approaches will continue to evolve.

Implications of Expanding Safety Data

The importance and relevance of pharmacovigilance is therefore expanding, serving an essential role in drug development through the collection, monitoring, and analysis of safety data. The World Health Organization defines pharmacovigilance as “the science and activities relating to the detection, assessment, understanding and prevention of adverse effects or any other drug-related problem.”³ Pharmacovigilance teams monitor this data across the life cycle of the medicinal product as part of the manufacturer/marketing authorization holder’s obligation to comply with the respective requirements of regulatory agencies.

As might be expected in this data-driven environment, the Food and Drug Administration (FDA) has reported continued growth in the numbers of adverse event reports received. Figure 1 presents the number of adverse event reports received by the FDA from health care professionals and consumers between 2006 and the first quarter of 2015. For 2014, the total number of reports exceeded 1.5 million, and the volume of reports received from consumers was observed to have surpassed those from health care professionals.⁴

 Figure 1. Volume of Adverse Event Reports Submitted to FDA Between 2006 and First Quarter (Q1) 2015 by Health Care Professionals (HCPs) and Consumers⁴

This trend is likely to continue, as patients become more engaged in their health, are more computer literate and become more engaged with data reporting. In an emerging area under investigation, regulatory agencies and companies are reviewing the data available from social media posts. Pierce et al⁵ reviewed 935,246 posts from Facebook and Twitter between March 2009 and October 2014 through a semi-automatic approach. This yielded 13 product-event associations, seven of which were excluded after review by the WHO-Uppsala Monitoring Centre because of causality classification of unlikely, unclassified, or unassessable. Of the six remaining certain, probable or possible cases, two warranted additional investigation. In one case, the social media posting occurred prior to signal detection from the FDA Adverse Event Reporting System (FAERS), and in the second, it occurred after FAERS signal detection. The authors concluded that new approaches may allow social media to provide early insights into certain adverse events, but more work is needed.

Companies are appreciating the need for new and improved systems and processes to facilitate the retention and timely review of product safety data. One solution is to have a single centralized safety database for both pre- and post-marketed data, the advantage of which is that it optimizes the ability to identify trends and potential safety signals as a part of life-cycle management.

Emergence of Cloud-Based Systems

Cloud-based safety database systems now offer state-of-the-art capabilities for handling product safety data. Cloud computing is defined by the National Institute of Standards and Technology (NIST) as “a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”⁶ The NIST further lists five essential characteristics: on-demand self-service, broad network access, resource pooling (using a multi-tenant model), rapid elasticity, and measured service. Additional benefits for cloud-based safety databases include the following:

• Hardware maintenance and data back-up managed by the cloud provider
• Security, through a designated enterprise and encryption
• Facilitation of electronic workflows
• Ease of direct access to data and ability to collaborate
• Rapid scalability
• Availability of systems upgrades
• Multiple standard reports/outputs

According to Deloitte’s 2017 Technology Industry Outlook, cloud adoption “will give small-to-medium sized enterprises access to sophisticated capabilities once only available to huge multinationals….”⁷

Pharmacovigilance Considerations With Electronic Workflows

To fully realize the capabilities and efficiencies from a cloud-based safety database, implementation of a cloud-based safety database involves careful planning. The following steps should be considered, at a minimum:

Define system requirements. Although cloud-based safety databases provide standard capabilities to store and report data, there are multiple decision points and workflow options to consider to fully utilize the safety database, such as whether to implement electronic reporting through a gateway to regulatory agencies, what ad-hoc reports will be needed or whether to link the safety database to EDC systems being utilized for data capture. Companies benefit from formal definition of requirements and specifications for the safety database at the start of such projects. Functional requirements generally include interface, business, regulatory, and security requirements. Examples of these database requirements include the ability to continuously monitor the safety data (minimal downtime); accessibility from within offices and remote locations; compliance with 21 CFR Part 11 (electronic records, with audit trails and security); acceptance of various types of data (both serious and nonserious adverse events, potentially with drugs, biologics, medical devices); generation of various types of outputs including Form FDA 3500A (MedWatch), CIOMS I, MEDDEV reports and line listings; an efficient workflow process with defined user roles; and ability to apply standard coding dictionaries and their upgrades, etc.

Engage stakeholders. Key team members include:

• Pharmacovigilance and medical team members who enter, process, provide assessment, review, quality check, and close cases within the safety database;
• Database administrators and members of the information technology department who support the system;
• Quality assurance/compliance representatives who assist with system validation and change control as well as periodic pharmacovigilance system and project audits;
• Training representatives;
• Management; and
• Any other departments impacted by the system (e.g., regulatory affairs for submissions, data management with SAE reconciliation between the clinical and safety databases, medical writing if it is involved with adverse event narrative writing, and clinical endpoint committees if using data from the safety database).

The importance of a detailed communication plan cannot be over emphasized, especially in relation to stakeholders whose safety data may be impacted by the revisions of the plan. For marketed products within Europe, the Good Pharmacovigilance Practice Module II states that the pharmacovigilance system master file shall provide information on how records are held (e.g., safety database) as well as changes in the safety database (through a change control system), and it also states that the qualified person responsible for pharmacovigilance must be kept informed of these changes. Having a defined project plan with target timelines will help move the project forward and help stakeholders understand how each step will contribute to the overall project objectives and final deliverables.

Lead the safety database changes. Adopting a cloud-based safety database requires a joint effort between the vendor and the company. Experience dictates that it is critical for a designated lead to be assigned within the company to manage and direct the internal project team. The adoption of the project team approach with members having the appropriate experience and defined roles allows work on multiple, concurrent workstreams to be undertaken and helps ensure the project deliverables remain on track. The designated lead also keeps internal management updated on project progress, milestones, etc., and, where appropriate, the financial health of the project.

Integrate updates into standard procedures. A new safety database, especially involving a revised workflow, will usually require updates to existing procedures. Performance of a gap analysis will identify where changes are required. New procedures introduced as a result of the gap analysis, or if system capabilities are expanded, may also be required. The goal should be to utilize an electronic workflow as much as possible and to fully utilize system capabilities within the safety database. Specification of the new and/or updated processes within standard operating procedures (SOPs) will ensure a standardized approach and facilitate training.

Validate the new workflow/system capabilities. Safety database systems require careful validation, in compliance with 21 CFR Part 11, and testing. Each company needs to have standard operating procedures that define the validation process and responsibilities. Use of a cloudbased safety database from a commercial vendor generally is less complex than company-hosted systems, but the company needs to have a documented supplier assessment to assess vendor procedures, security, and data integrity, and to determine whether the vendor’s life-cycle management activities can be leveraged to reduce sections of the full validation activities, specifically with respect to installation qualification. A risk-based approach may be taken with operational qualification of cloud-based databases to confirm security, data integrity, audit trails, electronic signature, and higher risk requirements. Performance qualification activities should focus on confirmation of the agreed workflow and business requirements decided with the vendor as part of the validation process. Then maintenance of the validated state must continue to follow defined change control processes with retained documentation conforming to the policies of the vendor and those of the company adopting the cloud-based safety database.

Ensure robust training. Optimal use of the safety database depends on users to enter data consistently and correctly, and this requires training on such topics as data entry conventions, medical coding, workflow management, and quality control. Managers also benefit from training on the available standard reports and data outputs used in expedited and periodic safety reporting, etc. Safety database administrators require training in additional areas such as enterprise setup, granting and revoking user access, data exports, ad hoc reporting, and case/ project closure.

Review key performance indicators. To measure the performance with the pharmacovigilance function, key performance indicators (KPIs) or service level agreements (SLAs) should be defined and measured at routine intervals. The best KPIs/SLAs are meaningful and will result in change if outside the target range. KPIs should also be objective, quantifiable, and easily measured. Pharmacovigilance KPIs commonly assess that defined processing and/or reporting safety timelines are met.

Seek continual improvement with adjustments and refinements. As with any set of processes, it is helpful to request feedback and to seek improvements that will reduce cycle times, improve quality and efficiency. Tracking of incident or system help tickets can constitute a source of information for potential improvements. Some improvements may be rapidly implemented if procedural revisions and/or re-education is involved. Others involving change control and retesting/validation may be longer term projects.

 Figure 2. Recommended Actions in Implementation of a Cloud-Based Safety Database

Additional Considerations

Each company will identify additional considerations for their own optimal implementation of a safety database to comply with their respective business requirements. Some specific decision points in relation to electronic workflows in a cloud-based system may include the following:

Will source documents be uploaded and attached to individual cases? The advantage is that a medical reviewer or team member performing quality checks can access all the required information in one location, and there is no requirement to send data outside the system and beyond the database’s audit trail. If source documents are uploaded, it is important to clearly define the process for ensuring the information is shared with the trial master file or pharmacovigilance file for longterm maintenance.

Will queries be tracked within the database? It is advisable to consolidate tracking as much as possible within the same system. A key consideration is to determine if reminders be sent and/or reports generated to identify when follow-up is needed with the reporter. Why would you not use a data clarification/query management system if it exists within the cloudbased safety database?

Will regulatory intelligence information be maintained within the safety database? A single repository for this information allows consistent application of reporting requirements across project teams. However, as with all repositories, regular updates are needed for the information contained in the repository to remain current.

Will a list of expected adverse events be maintained in the safety database? Some companies have chosen to include a list of expected adverse events from the reference safety information within the database. However, if different versions are used in different countries as a result of a different regulatory approval status, complexities quickly arise tying in the event to the corresponding country of approval. Furthermore, event severity and specificity also need to be considered, and medical assessment is still needed to confirm whether expedited reporting criteria are met for individual cases.

In summary, companies are now faced with increasing amounts of data derived from investigational and marketed products. The volume of safety cases reported to regulatory authorities is increasing 10- 20 percent per year. New and innovative approaches are needed to effectively identify the most important safety trends and potential signals, as recently recognized by TransCelerate in its announcement of the Value of Safety Information Data Sources Initiative.⁸ Cloud-based safety databases offer state-of-the-art, validated systems for a fully electronic, efficient workflow. They are capable of containing safety data across the life cycle of the medicinal product, facilitate regulatory reporting, offer scalability and reliability, and more importantly, with the appropriate modules, allow efficient management of the safety data contained within them. As a result, the use of cloud-based safety databases is expected to rapidly increase over the next few years.

References

1. Food and Drug Administration, Center for Biologics Evaluation and Research. Guidance for Industry: Gene therapy clinical trials – Observing subjects for delayed adverse events. November 2006.
2. Doherty M, Myers NB, McNickle AP. The impact of innovation: How the changing nature of data will challenge FDA’s regulatory framework. Ther Innov Regul Sci 2017:1-3. e-pub doi: 10.11772168479017700680.
3. WHO. Essential medicines and health products: pharmacovigilance. URL: http://www.who. int/medicines/areas/quality_safety/safety_efficacy/pharmvigi/en (accessed April 26, 2017).
4. Food and Drug Administration. FAERS reporting by healthcare providers and consumers by year. URL: https://www.fda.gov/drugs/guidancecomplianceregulatoryinformation/ surveillance/adversedrugeffects/ucm070456.htm (accessed April 26, 2017).
5. Pierce CE, Bouri K, Pamer C, Proestel S, Rodriguez HW, Van Le H, et al. Evaluation of Facebook and Twitter monitoring to detect safety signals for medical products: An analysis of recent FDA safety alerts. Drug Saf 2017;40:317-31.
6. Mell P, Grance T. The NIST definition of cloud computing. U.S. Department of Commerce, National Institute of Standards and Technology: NIST Special Publication 800-145, September 2011.
7. Deloitte. 2017 Technology Industry Outlook. URL: https://www2.deloitte.com/content/ dam/Deloitte/us/Documents/technology-media-telecommunications/us-tmt-2017- technology-industry-outlook.pdf (accessed April 26, 2017).
8. TransCelerate. Press release: TransCelerate identifies Pharmacovigilance as an operational challenge in need of transformation. 29 Mar 2017. URL: http://www.businesswire. com/news/home/20170329005444/en/TransCelerate-Identifies-Pharmacovigilance- Operational-Challenge-Transformation (accessed April 26, 2017).