By Luke Wilson 
Social media research brings many opportunities for finding unique, unprompted customer insights and business intelligence. But uncertainty about implementing good pharmacovigilance practice can make social media research seem risky.
Several key topics were highlighted in a Q&A session following a webinar we hosted for the BHBIA, Pharmacovigilance in Social Media Research, which covered the implications of pharmacovigilance guidelines. Below are eight questions, with answers provided by Daniel Ghinn (DG), CREATION’s CEO, as well as comments from the BHBIA Ethics Advisor (BHBIA EA).
Q1: Where does a patient become hearsay?
DG: If there’s a comment regarding “my friend” for example I would say for reporting, a reference to “my friend” is a specific patient, whereas for example “apparently this happens” would be hearsay and does not refer to a specific patient. The patient does not need to be named, for the event to be reportable but there must be a reference to a specific patient or specific patients. And always remember that if in doubt, report.
Q2: If patient adverse events are spotted (even if the purpose is not to look for adverse events) during a social listening project do these need to be reported if they relate to the pharma company’s product?
DG: Yes if patient adverse events are spotted they do need to be reported if they relate to the pharma company’s product.
Q3: If an AE is mentioned by a consumer then do you need to know the identity of the reporter/patent or is an alias sufficient (patient and reporter are the same)?
DG: If the reporter / patient name is immediately evident (such as on their profile) then I would include that in the report.
BHBIA EA: But only if you have a lawful basis in place for this data processing.
DG: If not I would report the alias and in any case I would include a link to the original source, if it is in the public domain (such as a link to a Tweet or blog post).
BHBIA EA: You don’t have to be able to identify the reporter but you have to be sure that it is an actual individual(s) and that this is verifiable.
Q4: Does the AE/PQC get reported to the PV dept in the country that are doing the listening or the country in which the reporter is based?
DG: I would look to agree this with the pharmaceutical company prior to the research. In my experience, usually in the country where the reporter is, if known.
Q5: If a tweet is posted with a reportable event and this is then retweeted by hundreds, if not thousands of people do you need to report every single retweet? Or just the original tweet?
DG: Just the original Tweet. But if somebody retweets it or replies and adds a comment that includes a reportable event, then that would also be reported. For example somebody replies “Same happened to me” then there is another patient, so that is also reportable as a separate event.
Q6: When working with a small pharma company, with only have 1 or 2 heads in their PV department, they are put off because of the potential influx of AE reports being unmanageable. Can you offer any solutions / compromise to managing this?
DG: Yes my recommendation here is to agree a threshold that the PV department is comfortable with – say 5 reportable events – and agree to stop the research if that threshold is reached, before deciding on further research (perhaps refining parameters or focus).
Q7: If you’re conducting an online listening project for a pharma company (e.g. HCP and patient views on a competitor product or a previous product to give them insights into their product/new product). As you’ll be presenting the company with qualitative data (snippets of tweets etc) is a statement needed to accompany this information, in order to comply with GDPR?
DG: Yes, GDPR is a factor so a legal basis for processing the data will be necessary. Also, I have found that different companies take different positions re what their legal basis may be, such as legitimate interest, or consent in cases where the individual has consented to their data being processed via accepting permissions in a social media platform. But I would say this is a complex issue still being proven in the post-Facebook – Cambridge Analytica environment. Some companies simply ask us to anonymise everything.
BHBIA EA: If any personal data is collected and shared GDPR/DPA requirements come into force the data simply has to meet the definition of personal data, which put very simply means if it could potentially identify an individual. It is not entirely clear what is meant by a ‘statement’ in the question, but there has to be a lawful basis in place for any data processing. If the basis is consent, then a consent agreement is required, and there has to be an accompanying privacy policy (irrespective of the lawful basis used) that is easy to access and understand.
Q8: How is GDPR abided by? When reporting the adverse event, my assumption is that we would need to contact the reporter to ask for their permission to collect and forward their details?
DG: See above re GDPR. In the case of social listening I would not reach out to the individual prior to reporting, since we would then be engaging an individual on behalf of the pharmaceutical company which would open up new compliance requirements. I would leave that to the PV team. If the individual’s details are in public domain, I would forward them.
BHBIA EA: This should only be done if you have a lawful basis in place.
DG: If in a closed network (such as a closed physician-only network) my experience is that such data is only ever made available on an anonymised basis.
BHBIA EA: Forwarding an individual’s personal data in association with an AE/PC/SRS would depend what’s in the network’s terms and conditions with regard to further/other data processing and what you are using for your lawful basis.
For more information on staying compliant and to understand what is possible through Social Media research you can review the BHBIA’s Guidelines & Legislations and our Resources.
Responses given are not legal advice and if a legal opinion is required this should be sought separately. The information given in the response is for information purposes only. Whilst every reasonable effort is made to ensure the information is accurate, no responsibility for its accuracy or for any consequences of relying on it is assumed by the authors.
