“Identifiability” in Safety Data from Social Media: Challenges and Potential Solutions

Supriya Desai

Biopharmaceutical companies operating in the social media space have a responsibility to monitor any potential adverse events (AEs) communicated through these forums in line with the applicable regulatory guidance from both EMA and US FDA (1-4). Data obtained from several surveyed companies shows that companies are already receiving 32% of their total adverse event volumes via social media reporting channels (5).

Social media platforms, by design, can work to increase connections between companies and consumers. The recent five-year deal signed by AstraZeneca with PatientsLikeMe will give the pharmaceutical company access to real-world data and experience(obtained directly from patients and consumers) through the social network’s 325,000-plus members and thereby help bring patient-centric evidence right into the heart of drug discovery and development.

Similarly, social media platforms can be used to encourage safety reporting and follow-up through direct patient and consumer connect and engagement. This presents the biopharmaceutical companies and service providers operating in the PV space with numerous opportunities to leverage social media as AE reporting channel by expanding its existing use and unlocking its potential as a value-add for companies’ PV strategies.

However, verifying safety data reported via social media poses multiple challenges since the common practice of confirmation of the AEs by physicians or other healthcare professionals cannot be followed. Adverse events received through social media may contain less and/incorrect information, often in fragments and reported in non-standard terminologies/local slang and require additional follow-up. Another key challenge is the ability of PV teams to confirm the “identifiability”of both the reporter and the patient in the safety data obtained via social media.

What does “identifiability” mean in the context of safety data reported via social media?
“Identifiability” refers to confirmation of the identity of the reporter and the patient in an individual case safety report and ascertains two of the four criteria required to confirm case validity and hence determination of reportability of the received case report.

Patient and reporter “identifiability” is important to avoid case duplication, detect fraud, and facilitate follow-up of appropriate cases. The term identifiable in this context refers to the verification of the existence of a patient and a reporter. One or more of the following should automatically qualify a patient as identifiable: age (or age category, e.g., adolescent, adult, elderly), gender, initials, date of birth, name, or patient identification number. Local data privacy laws regarding patient and reporter “identifiability”would apply. All parties supplying case information or approached for case information should be identifiable: not only the initial reporter (the initial contact for the case), but also others supplying information. In the absence of qualifying descriptors, a report referring to a definite number of patients should not be regarded as a case until the minimum four criteria for case reporting are met. For example, “Two patients experienced…” or “a few patients experienced” should be followed up for patient-identifiable information before regulatory reporting (6).

GVP module VI (Section VI.B.2, page 12) states: “When collecting reports of suspected adverse reactions via the internet or digital media, the term “identifiable” refers to the possibility of verification of the existence of a reporter and a patient (see VI.B.1.1.4).” The “identifiability” of the reporter refers to the existence of a real person, that is, it is possible to verify the contact details of the reporter (e.g., an email address under a valid format has been provided). If the country of the primary source is missing, the country where the information was received, or where the review took place, should be used as the “primary source country” (1).

What are the expected challenges in this area?
The challenges in confirming “identifiability” of reporter and patient in data from social media are manifold. In a social media setting, patients are likely to be the reporters themselves, without any confirmation of data from health care professionals (HCPs). Credibility and origin of these self-generated reports are key issues. For example, there is concern that social media with no appropriate checks on provenance can open the avenue to unscrupulous attacks from “pseudo-reporters”. Further, the absence of oversight of the social media means that consistency is likely to be less well achieved if these media are used for reporting adverse reactions. Consequently, companies may struggle to integrate adverse event reports received through social media with other standard safety reports.

Another concern is around the fact that PV data obtained via social media would contain personal data personal data related to the patient, who is the subject of the case and personal data related to the reporter (patient’s healthcare provider, family member or the patient themselves). A patient’s age/age group, sex, weight, height, ethnicity, medical history and status are required for effective safety data analysis. A patient’s initials or an assigned ID and/or date of birth are important to identify duplicates and the reporter’s name and contact details are needed in order to perform effective follow-up to ensure that complete and accurate data are collected. Thus, in PV, patient identifiers and other adverse event data may amount to personal data (7).

Overcoming these hurdles for confirmation of “identifiability” of both patient and reporter and thereby validation of incoming safety data, obtained via social media requires concerted efforts of PV teams.

What are the potential solutions?
Firstly, companies will need to prioritize and focus on company-managed social media websites to potentially help decrease chances of receiving incomplete and/duplicate adverse event reports from different online reporting channels and help maintain the reliability of incoming data.

Further, validation of the reported information in a credible and identifiable way is possible by allowing posts/shares on company monitored websites only after registration and record of basic user data. This can help PV teams to verify the reported data with respect to the 4 minimal criteria for confirming case validity (identifiable patient, identifiable reporter, adverse event and suspect product). Further, it will allow PV teams to follow up with any additional questions or concerns surrounding the report. User registration also allows companies to confirm that a patient exists within each potential reporting scenario and further ensure the reporter’s identity.

This confirmation however needs to be done, whilst keeping within the applicable data privacy laws. Data protection notice should be given on company-sponsored sites that user-generated information deemed to be an adverse event (AE) or product complaint(PC) will be collected by the company in order to meet legal obligations. It is advisable to explain why such information is beneficial for the protection of public health. It should also be noted that the company may follow-up directly with the individual who generated the AE/PC information in order to gain more information. Companies need to comply with the applicable data protections laws, when processing personal data for PV and also have transparent and robust processes in place to ensure personal data is protected. Regular training in data protection requirements is recommended for all company staff involved in PV activities (7).

What other ways can help confirm the “identifiability” of the reporter and patient in social media data? What other safeguards need to established against faulty adverse event reporting? How will companies be able to effectively leverage safety data from social media platforms while ensuring compliance to data privacy laws?

References and links
1. Good pharmacovigilance practices Module VI, Section VI.B.1.1.4. (European Medicines Agency, 2013).
2. Guidance for Industry Internet/Social Media Platforms with Character Space Limitations—Presenting Risk and Benefit Information for Prescription Drugs and Medical Devices (FDA Draft Guidance, June 2014).
3. Guidance for Industry Internet/Social Media Platforms: Correcting Independent Third-Party Misinformation About Prescription Drugs and Medical Devices (FDA Draft Guidance, June 2014).
4. Guidance for Industry Fulfilling Regulatory Requirements for Post-marketing Submissions of Interactive Promotional Media for Prescription Human and Animal Drugs and Biologics (FDA Draft Guidance, Jan 2014).
5. Cutting Edge Information report, “Driving Pharmacovigilance Success: Risk Management Plans and Adverse Event Reporting”.
6. www.ema.europa.eu/docs/enGB/document…/WC500002807.pdf
7. Guidance on UK data protection in post-marketing pharmacovigilance (ABPI Guidance, 2013).