GVP Module VI Addendum II: Masking Personal Data in ICSRs – A Vital Step Toward Privacy
Pharmacovigilance plays a crucial role in safeguarding public health. However, as data flows through systems like EudraVigilance, protecting personal data becomes equally essential. The EMA’s Addendum II to GVP Module VI focuses specifically on how to handle identifiable information in Individual Case Safety Reports (ICSRs) — making clear what should be masked and what should be excluded entirely.
Why Mask Personal Data in ICSRs?
ICSRs contain sensitive details about reporters, patients, and healthcare providers. To ensure compliance with EU data protection regulations (GDPR) and protect personal privacy, certain data elements must be masked or omitted before submission.
ICH-E2B(R3) data elements to be masked
The 13 data elements are provided below. The sender of the ICSRs should determine if the use of nullFlavors is applicable, in accordance with the ICH-E2B(R3) guideline (see Annex IV ICHE2B(R3)) and the EU Individual Case Safety Report Implementation Guide Implementation Guide. These 13 data elements are not required for signal management, duplicate detection or ICSR processing. These data elements should therefore be set with the nullFlavour MSK, provided that data are available to the sender of the ICSR to EudraVigilance. Other nullFlavours may be applicable when the data is not available to the sender (e.g. ASKU, NASK, UNK) and should be used accordingly.
These elements include:- Reporter’s full name (Title, Given, Middle, Family)
- Reporter’s Organisation (Department, Address, Postcode, Telephone)
- Patient Medical Record Numbers (GP, Specialist, Hospital)
- Parent Identification
Note: If unmasked data is submitted, the EMA will mask it automatically before making data accessible to users.
Data elements to be left blank
Data elements provided below are also not necessary for signal management, duplicate detection or ICSR processing. Since the use of nullFlavors is not supported by the ICH E2B(R3) guideline, the sender of the ICSRs should leave these 11 data elements blank when submitting ICSRs to EudraVigilance.
- Name (Title, Given, Middle, Family)
- Address (Street, City, State/Province, Postcode, Country Code)
- Telephone
- Fax.
ICH-E2B(R3) data elements that may contain personal data and are required for pharmacovigilance processes
The data elements may contain personal identifiers or quasi-identifiers and are required for signal management, duplicate detection and ICSR processing. When available, data related to these data elements should not be masked or not to be left blank by the senders of the ICSR to EudraVigilance.
Eg:-- Sender’s (case) Safety Report Unique Identifier
- Documents Held by Sender
- Included Documents
- Worldwide Unique Case Identification
- Other Case Identifiers in Previous Transmissions
- Source(s) of the Case Identifier
Conclusion:
Protecting personal data in pharmacovigilance is not optional — it is a legal and ethical obligation. GVP Module VI Addendum II ensures consistent, privacy-compliant reporting of ICSRs in Europe. All stakeholders must align their systems and processes accordingly to uphold both data integrity and privacy standards. Compliance is mandatory for all senders submitting ICSRs to EudraVigilance.
Guidance: https://www.ema.europa.eu/en/documents/regulatory-procedural guideline/guideline-good-pharmacovigilance-practices-gvp-module-vi-addendum-ii-masking-personal-data-individual-case-safety-reports-submitted-eudravigilance_en.pdf