Last updated on April 25th, 2022
Ensuring patient safety is of paramount importance to Maths in Health and we take the safe use of our clients’ products (meaning and including medicinal products, medical devices and nutritional supplements) seriously.
WHY WE COLLECT INFORMATION
Information on adverse events is very important for public health and will be used for the detection, assessment, understanding and prevention of adverse effects or any other products-related problem. A pharmacovigilance system, including safety databases, is used to fulfil MiH’s legally binding obligations in relation to pharmacovigilance and to monitor the safety of products (meaning and including medicinal products, medical devices and nutritional supplements) and detect any change in their risk-benefit balance. The purpose for processing the personal data about you, provided to document information on adverse events through the MiH patient safety reporting channels, is to enable MiH to maintain its pharmacovigilance system as required by applicable pharmacovigilance legislation (e.g. by the European Medicines Agency [EMA] and the US. Food and Drug Administration [FDA]) where MiH provides services for clients making medicinal products, devices, and nutritional supplements.
INFORMATION WE COLLECT ABOUT PATIENTS (SUBJECT OF THE REPORT)
We collect personal data about you when you, or a third party, provide us with information about you in relation to an adverse event that affected you. Where you are reporting the adverse event yourself, please also refer to the section below.
The personal data that we may collect about you when you are the subject of an adverse event report is: name or initials; age and/or date of birth and/or age group; gender; weight and height; details of the product causing the event, including the dosage you have been taking or were prescribed, the reason you have been taking or were prescribed the product and any subsequent change to your usual regimen; details of other products or remedies you are taking or were taking at the time of the event, including, as necessary and/or known, the dosage you have been taking or were prescribed, the period of time you were taking that product; details of the adverse event you suffered, the treatment you received or any measure taken for that event, any long‐term effects the event has caused to your health; and other medical history considered relevant to document the, such as lab reports, medication history and patient history.
Some of this information may be considered by law to be “special categories of personal data” (formerly known as sensitive personal data) about you. This includes any information that tells us about your health and may be ethnicity, religion, and sexual life, when strictly necessary.
This information is only processed where relevant and adequate to document your adverse event properly and for the purpose of meeting our pharmacovigilance requirements. These pharmacovigilance requirements exist to allow us and Health Authorities to diagnose, manage and prevent such adverse events from occurring in the future.
INFORMATION WE COLLECT ABOUT REPORTERS
As a service provider for clients in the pharmaceutical industry, MiH is legally required to ensure that adverse events are traceable and available for follow-up. As a result, we must keep information about the reporter (i.e. the person reporting the occurred adverse event) to allow us to contact him/her once we have received the report. The personal data that we may collect when you report an adverse event is your: name; contact details (which may include your address, e‐mail address, phone number or fax number); profession, and in case of healthcare professionals it may be asked also the clinic/institution name and address. All this information may determine any other further questions you could be asked about when you report an adverse event. It must be eventually defined the relationship between you and the subject of the adverse event.
LEGAL BASIS FOR PROCESSING
The legal basis for processing of the personal data is observance of MiH legal obligations in order to comply with specific pharmacovigilance legislation, in conjunction with the EU General Data Protection Regulation 2016/679 (“GDPR”) as well as any legislation enacted either by the European Commission or any European country for the purpose of implementation or adaptation of the GDPR; the Swiss Federal Act on Data Protection of 19 June 1992 and/or other country regulations in that are similar, equivalent to or that are intended to or implement and/or modify the laws that are identified in above.
HOW WE SHARE YOUR PERSONAL DATA
Also, personal data may be disclosed to a third party such as a Health Authority, in case we are required to do so because of an applicable law, court order or governmental regulation, or if such disclosure is otherwise necessary in support of any criminal or other legal investigation or proceeding here or abroad. MiH will never disclose the collected data for commercial purposes.
TRANSFERS OF PERSONAL DATA OUTSIDE THE EEA
RETENTION OF PERSONAL DATA
MiH is required to store all information including the personal data regarding safety of products for at least ten years after the end of the expiration of the marketing authorisation or longer if required by local legislation.
INFORMATION REGARDING YOUR RIGHTS
Individuals in the EEA have certain data subject rights which may be subject to limitations and/or restrictions. These rights may include the right to: (i) request access to and rectification or erasure of their personal data; (ii) obtain restriction of processing or to object to processing of their personal data; and (iii) the right to data portability.
If you wish to exercise one of the above-mentioned rights, please send us your request via email to: email@example.com. Individuals may also lodge a complaint about the processing of their personal data with their local data protection authority, according to the applicable law.
MiH takes precautions to ensure that personal data collected for pharmacovigilance purposes is protected and that the processing is in accordance with applicable data protection rules, consistent with generally accepted industry standards, including technical, administrative and physical safeguards to protect the personal data submitted to us from loss, misuse and unauthorised access, disclosure, alteration, and destruction.
Access to safety data systems is restricted to named individuals and any changes to data can be identified.
Any hard copies of documents are stored in a secure and robust area such as fireproof cupboards or archives to which access is limited.