AboutOpen | 2022; 9: 21-28

ISSN 2465-2628 | DOI: 10.33393/ao.2022.2401



Guideline proposal for pharma companies to manage pharmacovigilance activities in digital media

1Novartis Farma, Origgio (VA) - Italy

2Bayer, Milan - Italy

3Takeda Italia, Rome - Italy

4Boehringer Ingelheim Italia, Milan - Italy

5Servier Italia, Rome - Italy

6Chiesi Farmaceutici, Parma - Italy

7Teva Italia, Assago (MI) - Italy

8Neopharmamed Gentili, Milan - Italy

9Jazz Pharmaceuticals, Villa Guardia (CO) - Italy

10Janssen-Cilag, Cologno Monzese (MI) - Italy

11Astellas Pharma, Milan - Italy

12Sanofi Pasteur Vaccines Italy and Malta, Milan - Italy

13Biogen Italia, Milan - Italy

14Roche, Monza (MB) - Italy


Internet has become a central part of our everyday lives. Digital media are integrated in our daily routines and play a critical role in the dissemination of public health information and disease prevention guidelines. For this reason, digital activities are becoming more and more impacting in pharma company activities and this is an increasing trend after the pandemic period. Managing digital activities from pharmacovigilance (PV) perspective may have challenges linked to correct assessment of the activities and application of PV rules: this was underlined in recent publications, where the need to have more specific guidelines linked to digital activities management was evidenced.

Considering this scenario and the continuous evolution of the digital activities, the SIMEF PV working group decided to work on a proposal guideline to provide support to PV departments in pharma companies, suggesting a framework to manage sponsored digital activities (i.e., website, web apps, social media webpage, chatbots) impacting potential collection of adverse events (AEs). The purpose of this guideline is to provide useful instructions on how to manage PV requirements for digital activities, suggesting potential solutions for assessing initiatives, creating governance framework, conducting a correct vendor management, and suggesting practical approaches for AEs reporting and follow-up. The aim of this document is also to trigger a broader discussion among relevant stakeholders on which PV guidelines may be useful and appropriate considering this continuous evolving scenario.

Corresponding author:
Lisa Stagi
Viale Stucchi 110
20900 Monza - Italy

AboutOpen - ISSN 2465-2628 -
© 2022 The Authors. This article is published by AboutScience and licensed under Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0). Commercial use is not permitted and is subject to Publisher’s permissions. Full information is available at

Scope and field of application

This guideline proposal applies to company digital activities, including sponsored digital activities (i.e., website, web apps, social media webpages, chatbots) impacting pharmacovigilance (PV) (1).

The purpose of this guideline is to provide useful instructions on how to manage PV requirements for digital activities, including future applications such as digital marketing. If e-commerce activity is conducted, relevant sections of this guideline will apply.

An introduction to digital media

The Internet has become a central part of our everyday lives. In the year 2020, there were over 4 billion Internet users and over 3.5 billion digital media users worldwide. Digital media is integrated into our daily routines and plays a critical role in the dissemination of public health information and disease prevention guidelines. The most striking feature of digital media, compared to static websites, is that of generating socialization among users who can contribute to the content generation by sharing their contributions. For this reason, today the term “digital media” has been almost completely replaced by the term “social media”; however, the two terms are not synonymous and social media must be considered a part of digital media. One thing that changed since the early days of social media is that many platforms used to focus on one function, such as social networking or image sharing. Now, most established social media platforms have expanded to incorporate livestreaming, augmented reality, shopping, social audio, and more (2).

Today, patients compare clinical data on support groups, clinical trials, treatments, and even physicians and thus continue to take an active role in their healthcare. Social media is also a powerful medium to educate consumers about products regarding their benefits as well as side effects. Such awareness often contributes to building trust and acceptance. According to MedData Group, 72% of physicians surveyed were active on Facebook weekly and 38% were active on Instagram and LinkedIn weekly. Via social media, doctors connect with peers from all over the world, extending their network past their in-office or med school colleagues and gaining access to entirely new cohorts. The types of professional content on Facebook that physicians are most likely to engage with include continuing medical education opportunities (37%) and physician online community information (31%). The appeal of getting advice from trusted colleagues or sharing research has attracted millions of physicians worldwide. Of course, all adverse event (AE) data collected in the public posts can be analyzed to identify the key unmet need of the market and help research to identify areas to improve or innovate the products. For these reasons, over the past 5 years, the pharmaceutical and healthcare industry has experienced widespread digitalization. A 2019 survey of over 100 pharma and bioscience companies found that nearly 30% of pharma companies planned to spend over 50% of their marketing budgets on digital channels by 2022. This number is expected to increase thanks to the COVID-19 pandemic. Finally, we must take into consideration that all healthcare sectors are impacted by digital media, and scientific societies, academic institutions, patients’ associations, hospitals, and healthcare institutions are increasing their online presence by generating tons of health-related discussions (3,4).

There are several methods to classify digital media. One of the most useful is based on usage and function:


Blogger, Livejournal, Wordpress are examples of online journals where authors share their opinions and/or experiences on various topics. Blogs can be personal, similar to an online diary, or professional, with opinions related to an area of expertise. Entries vary in length (often 200-1000 words) and frequency (some bloggers post daily or a few times a day, while others post 2-3 times/week) and readers can comment on posts. Entries can include photos, audio/video files. Examples in healthcare are Sharing Mayo Clinic, American Red Cross, Mercy Health System, McLeod Health.

Microblogging and presence applications

A version of the blog. Twitter, Tumblr and Foursquare are examples. Posts are much shorter and more frequent. Twitter limits length to 280 characters and many users post several times a day. Posts can be sent via cell phone, text messaging, and can include images, audio/video files. St. Jude Children’s Research Hospital and Aurora Health Care are two examples of institutions present on the web with a well-done Twitter account.

Discussion forums

Reddit, Quora are used for asking and answering questions, networking, forming communities around niche- and interest-based topics. Colombia Health’s wellness forum, Go Ask Alice!, allows young audiences to pose healthcare questions in an accessible, judgment-free environment. The community forum and casual writing style speak to Colombia Health’s own energy and culture. By attracting young audiences in this vibrant, open community, Colombia builds a loyal readership to draw talent. The blog’s topics range from issues of puberty through adulthood, keeping the audience engaged from a young age and into their adult careers. When these readers seek jobs in the healthcare industry, the stickiness of this blog will keep Colombia at the top of mind.

Social audio platforms and formats

Clubhouse, Twitter space, and Spotify are social audio platforms for listening to live conversations or podcasts on specific topics. They have thrived during COVID-19 lockdowns while people have been at home with more time to join live conversations. The New England Journal of Medicine is, arguably, the most important general medical publication in the world, drawing together stories on research, reviews, and opinion. The weekly podcasts are about 30 minutes long and are available on Apple, Android, and Windows devices. Second Opinion is a 25-45 min regular podcast from celebrity physician Dr Christian Jenner. His sessions take the form of interviews with studio guests on topics like addiction, detection dogs, mental health, death, and more.

Social networks

Facebook, MySpace, LinkedIn are examples of websites where users build online profiles, share updates about themselves, photos, links, etc. and comment on others’ updates. A key function is the linking to other profiles, which builds one’s social network on a site. Phyzforum and Veterans Health Administration on Facebook are clear examples of healthcare social networks.

PatientsLikeMe, as the name indicates, is a social network platform for patients to communicate and interact. The website offers functions such as “find patients like you,” “explore the treatment reports,” “learn about symptoms,” and “check for your conditions.” It is a good platform for patients or even healthy people to do self-checking when encountering health problems, to explore what medicine would be effective for the condition and seek peer mental support from those who suffer the same problems. According to the founder, PatientsLikeMe is committed to putting patients’ rights and needs in the first place. In that way, social media helps the organization to show care and concern for the patients.

Social media livestreams

Twitch, Periscope, YouTube Livestreaming, Instagram Live Rooms, Facebook Live are examples of networks with broadcasting functions. Live video streams can range from one person showing themselves on their screen to professionally organized panels with multiple speakers. Livestreaming’s popularity exploded during the pandemic when people were stuck at home during lockdowns. Livestreams generally offer the opportunity for users to interact live with the hosts. A hospital system in Oklahoma uses its livestream channel to broadcast its own talk show, “OU Medicine Chat.” Each episode has a single topic, geared toward either other medical professionals or laypeople, and ranges anywhere from 10 minutes to half an hour. The simple format (typically two people in a pleasant sitting area talking with each other) is a great place to start for livestream newbies. Added value of this livestreaming is that you can take questions from the livestream audience.

Media sharing sites

YouTube, TikTok, Flickr, Instagram, and SlideShare are examples of websites where users share photos, videos, and files. Uploads are searchable and often can be downloaded and spread by linking to them in the other three types of social media. This linking could increase the reach of a video/photo exponentially and make it viral. Wellmont Health System and Duke University Medical Center on YouTube are good examples of this category. Inova Health System, a not-for-profit healthcare system based in Northern Virginia, has a YouTube page, a Facebook home page, and a Twitter account. Its YouTube page is extremely successful among all the three social media tools it has adopted. The YouTube page consists of hundreds of videos. The organization posts all kinds of healthcare-related videos to help users to live a better life, for both healthy people as well as patients.

Closed/private community social media platforms

Sermo, Discourse, Slack, Facebook Groups can create communities, with the possibility of requiring registration or other screening measures for members. Creators can use private groups to bring members of their community together to bond over shared challenges, help answer each other’s questions, and feel a sense of professional belonging. Many groups (especially on Facebook) require members to answer a few questions before joining to screen out spammers. Sermo perhaps is the most popular site for healthcare providers on the web today. Sermo is focused on connecting “verified and credentialed” physicians from around the world in 150 countries, with plans to expand even further globally. Doctors can ask their peers anonymous questions regarding patient care in this “virtual doctors lounge.” Currently, the site has over 800,000 users.

Disappearing content formats

Snapchat, Instagram Stories, Facebook Stories, and LinkedIn Stories are used for sending ephemeral messages such as announcements, limited edition items, or live events privately and publishing timely, in-the-moment content for all followers to view for up to 24 hours. Snapchat has proven to be a good fit for medical professionals who want to tell a story and educate their audience at the same time. One real-world example of this is in plastic surgery. Plastic surgeons are using Snapchat as educational tools about the surgeries themselves (the content of which can be graphic at times). Unlike Instagram, which has a reputation for blocking explicit content, Snapchat users have access to raw surgical content, and they are eating it up. Snapchat also allows medical spas and plastic surgeons to post before and after pictures (with patient consent, of course), giving those physicians another avenue to connect with current and prospective patients.

PV and digital media: regulatory framework

An analysis of the current requirements or guidance on digital activities enacted by the major regulatory agencies worldwide, i.e. European Medicines Agency (EMA), Food and Drug Administration (FDA) and Medicines and Healthcare products Regulatory Agency (MRHA) was conducted.

The PV aspects of digital activities are currently described, although not in details, in the following EU requirements:

Regulation (EU) No 1235/2010 of the European Parliament and of the Council of 15 December 2010 amending, as regards pharmacovigilance of medicinal products for human use, Regulation (EC) No 726/2004 laying down Community procedures for the authorization and supervision of medicinal products for human and veterinary use and establishing a European Medicines Agency, and Regulation (EC) No 1394/2007 on advanced therapy medicinal products

Directive 2010/84/EU of the European Parliament and of the Council of 15 December 2010 amending, as regards pharmacovigilance, Directive 2001/83/EC on the Community code relating to medicinal products for human use

Commission implementing regulation (EU) No 520/2012 of 19 June 2012 on the performance of pharmacovigilance activities provided for in Regulation (EC) No 726/2004 of the European Parliament and of the Council and Directive 2001/83/EC of the European Parliament and of the Council

Guideline on good pharmacovigilance practices (GVP) Module VI – Collection, management and submission of reports of suspected adverse reactions to medicinal products (Rev 2) – 28 July 2017 EMA/873138/2011 – VI.B.1.1.4

FDA guidance, not specifically referred to PV, are:

Guidance for Industry Fulfilling Regulatory Requirements for Postmarketing Submissions of Interactive Promotional Media for Prescription Human and Animal Drugs and Biologics – Draft guidance – January 2014

Guidance for Industry Internet/Social Media Platforms with Character Space Limitations – Presenting Risk and Benefit Information for Prescription Drugs and Medical Devices – Draft guidance – June 2014

Guidance for Industry Internet/Social Media Platforms: Correcting Independent Third-Party Misinformation About Prescription Drugs and Medical Devices – Draft guidance – June 2014

UK references are:

The Human Medicines (Amendment etc.) (EU Exit) Regulations 2020

The Association of the British Pharmaceutical Industry (ABPI) Code of Practice for the Pharmaceutical Industry 2021 by Prescription Medicines Code of Practice Authority (PMCPA) – 1 July 2021

ABPI Guidance notes on the management of safety information and product complaints from digital activities – 27 Apr 2021 shared with MHRA

PMCPA – Informal guidance on digital communications – March 2016

Finally, the following international references contain a mention to digital sources of safety data:

International Council on Harmonisation of Technical Requirements for Registration of Pharmaceuticals for Human Use (ICH) topic E2D: Postapproval safety data management – Step 5 – Note for guidance on definitions and standards for expedited reporting (CPMP/ICH/3945/03)

Council for International Organization of Medical Sciences (CIOMS) 2001 – Report of CIOMS Working Group V – Current challenges in PV: pragmatic approaches – Section IId (p. 55)

General aspects

Digital projects are generally complex in nature and require a structured and multifunctional process, in order to guarantee a holistic approach to regulatory and other legal requirements.

In many circumstances, privacy and PV aspects that are linked to direct contact with end users and to enhanced interactive features need to be considered together with legal aspects. This is mainly due to the involvement of vendors or public administration (e.g., hospitals, research institutes, or other institutions), but also due to the relevant aspects linked to scientific contents that require medical or regulatory evaluation.

Governance aspects

Considering the above, a multidisciplinary approach is much more efficient compared to single-step approvals of each individual aspect: a cross-functional committee with different functions (PV, Legal, Compliance & Privacy, Regulatory, ad hoc like medical, IT, Procurement, depending on the project) should be in place and clearly foreseen by internal procedures for approval of complex digital projects.

An early advice process (e.g., a formal committee, but also less formal approaches can be considered) may be of help to ensure efficacy and agility in approval processes.

Suggested reference to internal Ethical Code of Conduct as principle for the committee approval (e.g., in ethical code of conduct there are principles around patient safety as mandatory requirement to be considered when developing activities) is strongly recommended.

A tracking system is a fundamental instrument for audit and inspection readiness: it is strongly recommended to have a registry/tracking system with project approvals/start date/end date and clear ownership for the digital channel; the tracking system is very important to allow traceability of initiatives and retrospective analysis as needed.

The tracking system may be manual or automated, and the tracking can be shared with Headquarters (in case of multinational companies) for oversight purposes.

Based on PV risk assessment, digital projects are subject to audit/assessment (this consideration applies to all involved vendors, as applicable).

An issue escalation process to quality should be in place (i.e., in case of deviations or non-compliance with the approved project setup). Late AE reporting should be included in the possible escalation topics.

It is strongly recommended to have a Standard Operating Procedure (SOP) describing the governance and approval of digital projects and channels with clear reference of the need of PV risk assessment and early involvement of PV functions.

In the SOP it should be described how the information is captured, how the digital media monitoring is conducted, and the need of periodic reconciliation and checkpoints, based on the specific PV risk assessment of the digital channels.

In the SOP, the assessment of AEs capture and monitoring and the need of PV reassessment in case of relevant changes to the project, like additional new fields for data capture, changes in the intended use, new relevant information available in the area covered (e.g., for website), new digital channels covered (e.g., addition of new social media covered by the digital activity itself) should be required.

Training on this SOP should be provided to all relevant personnel (including marketing/sales/medical/digital functions) in order to allow proper understanding of PV compliance requirements.

Training for vendor personnel involved in digital projects should be foreseen (see specific paragraph).

A Quality Management System covering PV aspects should be in place: this quality system should cover digital activities with PV impact, allowing analysis of trends and issues and the discussion in the periodic management review.

Quality Assurance should be involved in the above-mentioned activities, structuring the process and the SOP to support the approval of digital projects and supporting the risk assessment approach.

Open points and interaction with other departments

A constant alignment with Quality Assurance and the other functions is required to maintain oversight also from a quality perspective, in particular for:

  • checking alignment on documentation and training needs, considering also potential vendor needs (see also other points in this guideline);
  • preparing documentation that needs to be ready in a timely manner in case of audit and inspection.

Another important point to be considered is the need to keep in mind that sometimes different regulations should be applied at the same time and to the same project (e.g., app as Software as Medical Device: in this case, there is the possibility of applying the medical device regulation, in addition to PV regulation for the risk of collection of AE on the Marketing Authorization Holder (MAH) products through the APP).

It is therefore very important to have a holistic approach to complex healthcare projects/solutions and to promote an evaluation in a multifunctional way from the beginning.

For sure, some aspects are still under discussion and will evolve with the technology evolution itself, leading to the need of a constant increase and update of the companies’ internal competencies in this matter.

A training/development plan should be internally developed (including not only safety but also quality assurance) to build the new competencies required in the digital area, which is quite new for all functions and constantly evolving.

Internal PV processes for management of digital projects

Setup, risk assessment, and approval processes

It is really important to have PV function involved since the very beginning to identify the right project setup and to guarantee full oversight of PV requirements and the most appropriate way to cover them, in terms of:

  • Due diligence (that leads also to the vendor selection)
  • Contract PV clause and relevant trainings
  • Reconciliation and quality monitoring (when applicable)
  • Pharmacovigilance System Master File (PSMF) relevance (when a vendor is involved)

Each project is evaluated according to:

1) National legislation and requirements

2) Company relevant procedures

3) Local operating company internal process, at least for approval flow with PV evaluation and relevant documentation to prepare and maintain

The project owner should provide all the functions and especially PV with at least the following information:

  • Classification of the proposed digital project: that is, company websites; social media pages; app(s) for patients with or without wearables; app(s) for physicians, telemedicine pages, webinars;
  • Scope of the proposed digital project: disease awareness; patient support program or service; virtual interviews; virtual room for physicians roundtable;
  • Company involvement: sponsorship with logo visibility; owner of social media pages for disease awareness; support for increasing company reputation; online service for Q&A (via e-mail or phone calls with consultants on therapeutic areas of interest);
  • Level of interactions with the audience: listening; broadcasting; engaging.

Listening: performed mainly on non-company-sponsored sites, may be described as a process of learning from public conversation, blog entries, virtual communities, just to provide some examples. The relevant pages of the site should be monitored for AEs for the period of the listening only (the company should declare its presence by registering on the site with the company name where possible). The monitoring could be done manually or electronically (i.e., via e-learning machines with established keywords to be reviewed periodically to ensure an appropriate level of sensitivity). Both methods have pros and cons and need to be evaluated case by case.

Broadcasting: digital activities may allow sharing messages/information with the audience in only one way, usually from the company to the audience. It is important to verify the site doesn’t allow for interactive dialogue or the creation/uploading of user-generated content.

Engaging: this action is performed to interactively communicate with the audience. Bloggers, influencers, and celebrities can be contacted for certain activities that require a dedicated contract to cover PV responsibility when the activities are conducted on their digital sites. When engaging is conducted via company digital sites, the monitoring should be performed on an ongoing basis when the audience may leave a message or request information (for instance, on a daily basis).

  • Data collection: the project has high/low probability to collect data, including AEs, Special Situations Information (SSI), Product Quality Complaints (PQC) (audience comments are allowed; there is a direct contact between consultants and the audience; the digital sites are on a therapeutic area where the company has/is developing treatments).
  • Company access to data collected and stored, also via vendors with access for technical reasons: this implies not only PV responsibilities and monitoring for AEs but also compliance with privacy laws and discussion with the legal department should be carried on.
  • Project duration: to establish reconciliation schedule (on a monthly basis, on a yearly basis, or just at the end of the activity) and training assignment schedule (just before the project starts or to be repeated after 1 year).

Program risk assessment

This is applicable before starting the Digital Program: administering the Program Risk Assessment for the assessment of risk of AE reporting associated with program activities is key and it is based on the above-described information.

Program risk assessment is important to understand the level of control that MAH needs to apply for PV processes: PV function may increase the frequency of any of the AE reporting associated activities if required by local processes or to address compliance issues.

Based on the information collected, a risk assessment can evaluate the project to take the most appropriate approach to cover PV requirements when needed:

  • If low risk, no or low oversight required.
  • If moderate/high risk: PV Clause in Agreement, Training, Reconciliation (Quantitative mandatory, and Qualitative if feasible), Audit (risk based, may not be required if the site is not generating safety data and qualitative reconciliation has been performed to confirm this).

Level of acceptable risk should be described in a company document/procedure, to allow objective evaluation from PV function.

An implemented tool would be useful to have the same parameters to evaluate all the company projects in the same, consistent way.

It would be useful to perform a regular review of the project to check if the original evaluation was correct and PV requirements are still duly covered. Otherwise, some corrective measures may be required, also in alignment with other company departments.

Vendor due diligence/assessment

This activity is recommended if a vendor is involved in the digital activity (5).

It is an activity to be planned before the vendor has been selected to conduct a digital program, before the starting of the program and with a periodic reassessment, in order to evaluate the risk associated with the PV vendor.

It is suggested to administer the vendor due diligence questionnaires for AEs identification and collection in order to evaluate the Quality Management System and PV procedures for managing of AEs/training of the vendor. The vendor selection could be facilitated for instance using a customized checklist including the main characteristics a vendor should have.

The checklist should be available and applicable to all the vendors to guarantee consistency in the evaluation and approval process.

The local PV function can use an algorithm for Vendor Risk Assessment, based on the answers received and other available information (meetings done with the vendor during the selection/available information from other programs/experiences, etc.).

The vendor evaluation may involve at least the activity owner, business quality, and PV.

Each company may have a different approach and different SOPs and processes, but generally speaking a vendor has to be evaluated and approved considering for instance:

  • the activity and the expertise and experience in the required area;
  • the business continuity plan;
  • the Quality Management Systems (including non-conformance/deviations, CAPA, change control);
  • SOPs in place: vendor’s ones or company’s ones;
  • Quality system: quantitative Key Performance Indicators (KPI) and qualitative KPI: risk-based approach;
  • Vendor’s audit and involvement in company’s audits;
  • the results of previous audits (if any);
  • the records management;
  • the computer system validation, if applicable;
  • use of subcontractor.

Note: In case there is an option for the vendor to use subcontractors, this has to be covered in the main or PV agreement.

A proper documentation should be prepared and maintained, also in view of future audits or inspections.

Vendor management

Once the vendor is selected and approved, the company prepares a contract to be signed by the relevant functions for both the company and the vendor.

PV has to be consulted for potential PV language to be included in the contract depending on the vendor activities. Each company may have global template including at least:

  • training and training record retention;
  • collection and reporting of AEs/SSI and other safety information;
  • timeframe for reporting;
  • responsibilities for Follow-up activities;
  • reconciliation and reconciliation frequency (based on the project duration/chance to collect AEs);
  • record retention;
  • audit rights;
  • list if contacts at both parties;
  • termination activities.

During the agreement discussion consider:

  • Discussion and alignment on vendor’s tasks and obligations, agreement on reconciliation timeline and modality (secure e-mail? Fax?): Who starts the reconciliation? Who is involved?
  • The level of interaction with the audience and the chance to collect AEs/safety information
  • Who is in charge of the training? Content administration, test execution, proof maintenance
  • How to describe roles and responsibilities of potential subcontractors

If the same vendor is already working for the company, the training could have been already completed and been still valid (according to the company requirements).

The vendor responsible and PV should establish a way to maintain training records and the reconciliation schedule oversight, for compliance with the company requirements.

Contractual agreements and relevant PV clauses need to be available, duly signed before the start of the activity and inspection.

A periodic check of the vendor activities should be performed as routine review and appropriate assessment confirmation.

Maintenance activities during the program


Reconciliation is aimed to ensure that all appropriate information has been correctly identified from the dataset and transferred to PV and is performed with internal functions/external parties required to record and file incoming information, which may also contain safety-related information that is forwarded to PV.

Reconciliation process is well described into a dedicated section of pharmacovigilance agreement (PVA) with the service provider.

Reconciliation might be:

Case by case: This type of reconciliation is required usually if smaller numbers of source documents are involved. PV function of MAH and service provider should archive acknowledgment of Individual Case Safety Report (ICSR) receipt.

Periodic reconciliation: it is required usually if larger numbers of source documents are involved and is performed using a reconciliation form, which is attached to the PVA.

Reconciliation is performed considering the number of cases, which have been exchanged in the reference period and the reconciliation process might be started both from vendor and from PV function of MAH.

Reconciliation form must contain unique ICSR(s) identifier(s) and should be archived by PV function of MAH.

Quality check

Quality check has to be performed regularly, at a defined periodicity, and is aimed to verify if ICSRs have been properly identified by service provider when carrying out the activities. Quality check process, as well as periodicity, are well described into a dedicated section of PVA with the service provider.

The sample to be involved in quality checks might be defined at the beginning of the activity or each time the quality check is conducted according to the amount of the activities conducted by the service provider (i.e., published post on Facebook/ Instagram, screened comments etc.). In both scenarios, an acceptance number of not identified ICSR must be defined at the beginning of the project and will support the PV function of MAH to evaluate if quality check should be tightened or not during the next quality check.

Quality check activity must be documented, preferably in a dedicated form.

Based on the number of not identified ICSR and on frequency of when it occurs, preventive actions might be requested to service provider.

In case the service provider has established quality measures to ensure complete ICSR identification, quality check activity is not deemed necessary and might not be performed.

In addition to the above-described periodic quality checks, PV function of MAH might perform random checks aimed to verify if service providers properly identify and forward ICSR, as per PVA. Random checks can be performed generating a fake ICSR.

Compliance with reporting timeline (KPI)

The agreement with the service provider must have a PV section. In this section monitoring requirements, monitoring frequency and monitoring duration should be described. In addition, the reporting timeline for AE and other special situations should be described. KPI can ensure the safety profile of the products and comply with regulatory/health authorities requirements. Quantitative indicators are used for measuring both timeline reporting and service provider quality. In case of non-compliance with the requirement of the agreement, the service provider should communicate these findings to the company and discuss corrective and preventive action.

Program closure

The service provider agrees to cooperate with the MAH for record retention as detailed in the main agreement or in the PVA. During the agreement and for other years (to be established by the company) following the expiration an appropriate confidentiality agreement should be in place. For audit/inspection processes document retention with respect of safety information.

AE reports management

The MAH or third party working on behalf of the MAH should regularly screen the Internet or digital media under their management or responsibility, for potential reports of suspected adverse reactions (6).

The frequency of the screening should allow for potential valid ICSRs to be submitted to the competent authorities within the appropriate regulatory submission time frames.

Unsolicited reports of suspected adverse reactions from the Internet or digital media should be handled as spontaneous reports. The same submission time frames as for spontaneous reports should be applied.

Collection of reports (considering also setup of IT tools)

Safety information can come from various digital sources:

sites of the medical-scientific societies where exchanges of views between patient and medical specialist take place;

newspaper column;

open sites for exchanging information among patients;

app, web site, web page, blog, vlog, social network, Internet forum, chat room, health portal;

“listening,” “broadcasting,” and “engaging” activities—artificial intelligence (AI) system.

If the AI is operated by a third party, there would need to be assurances that the third party doesn’t renege on any of the responsibilities of the sponsor and that the tool could be inspected by regulators.

The AE screening of all incoming information should be performed for all websites and social media channels and accounts controlled or sponsored by the MAH.

It is also essential that the responsible person captures the date the information was posted on the site and the date that anyone from the company or working on behalf of the company first becomes aware of the information.

All safety information (SI)/product complaint (PC) identified by company employees or any individual representing or acting on the company’s behalf need to be captured and reported to the company’s PV department. It is recommended that this is within one business day of receipt. A confirmation of receipt may be issued.

The following information should be collected, if possible:

an identifiable patient

a suspect drug

an AE

an identifiable reporter

The MAH is not required to routinely monitor a non-company-sponsored web site and digital medium, but if a report of suspected adverse reaction described in any non-company-sponsored digital medium is identified by the MAH or third party working on behalf of the MAH, it should be assessed to determine whether it qualifies for submission as ICSR. As there is no legal requirement to monitor non-company-sponsored digital activities, Day 0 is the day the MAH first becomes aware of the SI/PCs.

The screenshot of the page containing the potential ICSR, together with the link to the page, will be the source document.

The transcription of the report received through tools that capture the voice, such as AI, is used as a source document.

MAH may also consider the use of their websites to facilitate the collection of reports and follow-up management of suspected adverse reactions by providing adverse reaction forms for reporting or appropriate contact details for direct communication.

If the country of the primary source is missing, the country where the information was received, or where the review took place, should be used as the primary source country.

Identification of the reporter

The identifiability of the reporter refers to the possibility of verification of the existence of a real person based on the information available, for example, an e-mail address under a valid format has been provided.

A reporter who has registered through an app is considered valid if an e-mail address under a valid format has been provided during registration.

Follow-up and privacy

After the MAH has identified the suspected adverse reaction, and managed the report, MAH can request further follow-up information.

The owner of the website or digital platform should identify and provide the MAH with an internal contact point that can manage follow-up requests in compliance with privacy in line with the applicable law.

Notice should be given on company-sponsored sites that user-generated information deemed to be a SI or PC will be collected by the company in order to meet legal obligations.

It is advisable to explain why such information is beneficial for the protection of public health. It should also be noted that the company may follow-up directly with the individual who generated the SI/PC information in order to gain more information. Please consider the General Data Protection Regulation (GDPR) approved by the EU Parliament on April 27, 2016, and enforced on May 25, 2018, the PIPA guidance notes on UK data protection in postmarketing PV, and the applicable national data protection legislation.


Conflict of interest: The authors declare no conflict of interest related to this article. They are employed by pharma industries as follows:

DB: Novartis Farma, Country Patient Safety Head & GDD Coordinator; IB: Bayer, Pharmacovigilance Country Head Deputy; SB: Bayer, Pharmacovigilance Country Head; DB: Takeda Italia, Digital Health & Education Head, Customer Excellence & Innovation; VC: Boehringer Ingelheim Italia, Local Pharmacovigilance Manager; CC: Servier Italia, Pharmacovigilance Manager; GNC: Chiesi Farmaceutici, Head of Global Pharmacovigilance & EU-UK QPPV; CC: Teva Italia, Associate Director Pharmacovigilance; SD: Neopharmamed Gentili, Pharmacovigilance Specialist; IG: Jazz Pharmaceuticals, Executive Director, Head of EU/International PV & Risk Management – EEA QPPV; AM: Janssen-Cilag, – Pharmacovigilance Manager Cross Sector Country Safety Lead; GP: Astellas Pharma, Pharmacovigilance Manager; SR: Sanofi Pasteur Vaccines Italy and Malta, Vaccine Safety Officer (VSO), Country Safety Head (CSH) Back-up; GS: Biogen Italia, Sr Manager, Drug Safety; LS: Roche, Patient Safety and Quality Lead.

They declare that there is no conflict of interest related to this article. All authors are active members of the SIMeF PV working group “Ernesto Montagna”.

Financial support: This research received no specific grant from any funding agency in the public, commercial, or not-for-profit sectors. Authors contribution: All authors contributed equally to this article.


  • 1. Stagi L, Bocchi I, Bianco S, et al. Pharmacovigilance and the digital world in Italy: presentation of the results of a national survey. Ther Adv Drug Saf. 2021;12:2042098620985991. CrossRef PubMed
  • 2. Audeh B, Bellet F, Beyens MN, Lillo-Le Louët A, Bousquet C. Use of social media for pharmacovigilance activities: key findings and recommendations from the Vigi4Med Project. Drug Saf. 2020;43(9):835-851. CrossRef PubMed
  • 3. Convertino I, Ferraro S, Blandizzi C, Tuccori M. The usefulness of listening social media for pharmacovigilance purposes: a systematic review. Expert Opin Drug Saf. 2018;17(11):1081-1093. CrossRef PubMed
  • 4. Sloane R, Osanlou O, Lewis D, Bollegala D, Maskell S, Pirmohamed P. Social media and pharmacovigilance: a review of the opportunities and challenges. Br J Clin Pharmacol. 2015; 80(4):910-920. CrossRef
  • 5. De Carli G. Quality assurance e farmacovigilanza. Parte II – Quality Assurance in Pharmacovigilance (ii). Giornale Italiano di Farmacoeconomia e Farmacoutilizzazione. 2015;7(1):27-35.
  • 6. Brosch S, de Ferran AM, Newbould V, Farkas D, Lengsavath M, Tregunno P. Establishing a framework for the use of social media in pharmacovigilance in Europe. Drug Saf. 2019;42(8):921-930. CrossRef PubMed