No Patient must ever be identifiable from an adverse event report sent using the AE Reporter App, and only anonymised data are ever asked for in relation to Patients.
The AE Reporter App can be used to supply, where appropriate, information identifying the Reporter of an adverse event, and the Sender of the adverse event report (ie, the User of the App).
Reporter details must only be supplied with the permission of the Reporter, and some regions may be subject to regulations that require reporters to be kept anonymous.
Sender details (set up in the App’s Settings Tab) are voluntary, except that the Sender’s organisation must (in principle, anyway) be supplied, being an expectation of the E2B data standard used to transmit reports. When a Sender sends a live report, their centrally issued username will be sent with the report (this username may take an anonymous form, depending upon customer requirements). Either the Sender’s employer and/or Virtual PV Limited will be able to identify the Sender from their username.
The App contains prominent warnings, and other guidance, to remind the User (Sender) of those details that must not be supplied, need not be supplied, or for which permission to supply must first be obtained.
A Sender’s (User’s) employer organisation may, of course, set specific policies for their staff in regard to Sender and Reporter (and other) data to be supplied in reports.
The production database assigned to a Sender (User) to receive any live reports they may send will be Validated to regulatory GxP standards, which include a need for appropriate system and data security measures. The AE Reporter App stores and transmits all data in encrypted form, with authentication of the Sender by the database and of the database by the App.
When sending practice reports, all Sender data is redacted from the report sent to the practice database.
The simulated report data in the practice database is publicly viewable, and no live, sensitive or offensive data must be sent to it. Virtual PV Limited reserves the right to delete or modify any inappropriate content sent to the practice database, and to delete data for maintenance purposes as may be necessary and without prior notice.
Virtual PV Limited will not use any data sent to a live or practice database for any purpose not connected with the business purpose for which the data have been supplied.
Virtual PV Limited is registered under the UK Data Protection Act. Clients on whose behalf we process data also may be expected to have appropriate data protection registrations.
Virtual PV Limited reserves the right to update this policy from time to time as may be appropriate.