On 24 June 2015, the European Medicines Agency (“EMA”) delivered an update on the implementation of its policy concerning the publication of clinical data.
It is recalled that the EMA Disclosure Policy concerning the publication of clinical data was adopted on 2 October 2014. The EMA Disclosure Policy could enable access by interested third parties to clinical reports and individual patient data submitted as part of a marketing authorisation or post-marketing authorisation for an existing centrally authorised medicinal product. Clinical data that were submitted under the centralised marketing authorisation procedure for a medicinal product after 1 January 2015 could be disseminated to interested third parties. On 1 July 2015, the scope of the policy was expanded to include clinical data submitted as part of an application for an extension of a therapeutic indication or a line extension of a centrally authorised medicinal product.
The update provides stakeholders with information concerning procedural requirements and guidance on the redaction of commercially confidential information and the anonymisation of personal data.
Timeframe for submission of redacted clinical reports
Under the EMA Disclosure Policy, pharmaceutical companies are required to submit their proposals for redaction between Day 181 and Day 220 of the marketing authorisation procedure. Proposed redactions of applications concerning an extension of an indication must be submitted between thirty (30) calendar days pre-opinion and ten (10) calendar days post-opinion. If a marketing authorisation application is withdrawn, the report must subsequently be submitted within thirty (30) calendar days of the notification of withdrawal.
Companies are required to certify that the redacted clinical report reflects the version submitted for scientific review. This declaration may be presented in a cover letter to the EMA. It must confirm that the only difference between the two reports is the proposed redactions.
Issuance of an advance “warning”
Companies could receive up to three (3) notifications as a “warning” to submit a redaction proposal in accompaniment with their marketing authorisation application or line extension application. Such warning could come following receipt of the following letters during the scientific review process; (i) the validation letter from the EMA; (ii) the list of outstanding issues on Day 180 of the marketing authorisation application; and (iii) the opinion letter from the Committee for Medicinal Products for Human Use (“CHMP”). For an extension of a therapeutic indication to a marketing authorisation, companies could receive a “warning” to submit a redaction proposal following receipt of: (i) the validation letter from the EMA; (ii) a request for supplementary information; and (iii) the opinion letter from the CHMP. Finally, in the case of withdrawn applications, a notification could be received following: (i) the validation letter from the EMA; and (ii) the withdrawal letter to the marketing authorisation application.
In view of the update provided by the EMA, companies can determine their own methods for redacting proposed commercially confidential information. The final redacted version of the clinical report must however demonstrate conformity with the requirements of the EMA. This includes the requirement to ensure that the text is searchable by providing documents in PDF format. Only text that is not redacted must be retrievable in a search. Redacted text must be clearly provided. Redaction codes which are agreed with the EMA must be identifiable and form part of the document. The final redacted document may be submitted as a separate sequence denoting “Supplemental Information” as part of a separate document in the electronic Common Technical Document format (eCTD) to the EMA. This sequence must be separate from the sequence under which the proposed documents where submitted. A cover letter must be attached with the final redacted version of the clinical report which verifies that it contains the requisite documents for publication.
Companies will have the opportunity to engage in only one round of redaction consultation exchanges. Based on the outcome of the assessment on the proposed redacted information, companies will be expected to update the redacted document to reflect the proposals agreed by the EMA.
Publication of final redacted reports
Publication of the final redacted version of the clinical report could occur within sixty (60) calendar days following the issuance of a European Commission Decision granting or refusing the marketing authorisation application. The timeframe for the publication of a final redacted report submitted as part of an extension of a therapeutic indication or line extension will be sixty (60) calendar days following the outcome of the European Commission Decision. Where an application is withdrawn, publication of the final redacted report could be issued within one-hundred and fifty (150) calendar days of the notification by the company to the EMA. The above timeframes take into account an interim relief period of twenty (20) calendar days in cases where a disagreement arises with the EMA.
Redaction of commercially confidential information
As a general principle, the EMA will not disclose trade secrets or commercially confidential information. However, information contained in clinical reports will only be viewed as commercially confidential information in limited circumstances. The update outlines the conditions which must be satisfied by companies in order to justify the redaction of alleged commercially confidential information contained within the following documents: (i) clinical overviews; (ii) clinical summaries; and (iii) clinical study reports (“CSR”).
A justification table detailing the proposed commercially confidential information to be redacted must accompany the submission of every clinical report. This table must list all the proposed redactions concerning purported commercially confidential information. It may be noted that this tool is also intended by the EMA to facilitate communication with companies. Subsequently, this table will not be subject to publication. Three categories of information are described that will be excluded from the scope of commercially confidential information. This includes: (i) existing information that is available in the public domain, such as clinical trial registries or a patent application; (ii) information that does not contain innovative features and falls within the public knowledge, such as scientific and regulatory guidelines and guidance documents; and (iii) certain general or administrative information, quality related information, non-clinical and clinical related information.
The EMA highlights that the required level of detail must be “specific, pertinent, relevant, not overstated and appropriate” to the proposed justification for redacting the information. The EMA also mentions certain conditions that must be must be satisfied by companies who wish to protect commercially confidential information. The following information must be demonstrated:
• Clear identification of the proposed information to be redacted;
• The innovative features within the context of public knowledge;
• The concerned information constitutes part of an on-going development programme; and
• How the disclosure of the concerned information could undermine the economic interest or competitive position of the owner of the information.
A request for additional information could be prompted by the EMA if the proposed justification is not considered to be sufficiently supported. If the justification is ultimately rejected by the EMA a specific justification code will be provided in the justification table.
Anonymisation of clinical reports
Anonymisation methodologies such as masking, randomisation and generalisation could be deployed by companies in the anonymisation of personal data. Although the EMA does not require a specific technique for the purposes of the anonymisation of clinical reports it does recommend “randomisation and generalisation techniques […] in order to optimise the clinical usefulness of the information published”. Companies must however demonstrate that anonymisation is achieved and that: (i) singling out, linkability or inference after anonymisation is no longer possible; or (ii) an analysis on the re-identification of risk could be conducted.
The EMA also recommends steps that companies could follow in order to develop an anonymisation process. This includes:
1. Determination of direct identifiers and quasi-identifiers in the dataset (i.e the clinical reports);
2. Identification of possible adversaries and plausible attacks on the data;
3. Data utility considerations;
4. Determination of the risk of re-identification threshold;
5. Evaluation of the actual risk of re-identification;
6. Anonymisation methodology;
7. Documentation of the anonymisation methodology and process.
A report detailing the steps to be taken to achieve anonymisation must accompany the submission of the anonymised clinical reports. This report must outline the company’s approach to the anonymisation of personal data.
Companies that fail to comply with the EMA Disclosure Policy could be subject to remedial action which is yet to be fully determined by the EMA.