Use the Lexology Navigator tool to compare the answers in this article with those from other jurisdictions.



What post-market monitoring mechanisms are in place to ensure the ongoing safety and efficacy of medicinal products after marketing authorisation has been granted?

A marketing authorisation holder must maintain a positive risk-benefit ratio for authorised medicinal products at all times, in compliance with the pharmacovigilance obligations set out in Title XI of Legislative Decree 219/2006 (the Medicinal Product Code), which mirrors Title IX of the EU Medicinal Products Directive (2001/83/EC), as amended in 2010 and 2012.

The person responsible for pharmacovigilance must meet certain subjective requirements with regard to education and qualification.

The marketing authorisation holder must submit periodic reports on product safeness (PSURs) through the European Medicine Agency’s PSUR repository:

  • every six months during the first two years of authorisation;
  • once per year in the following two years; and
  • every three years subsequently.

PSURs are not required for generic, homeopathic and traditional herbal medicinal products or products based on active substances which have a well-established medicinal use.

PSUR data, along with spontaneous adverse drug reaction data, is collected through the National Network of Pharmacovigilance (RNF), an extensive national network that includes regional authorities, regional centres of pharmacovigilance, local health authorities, hospitals, research institutes, pharmaceutical companies and the AIFA.

The RNF operates in close connection with EudraVigilance, the European network for pharmacovigilance.

Data protection

What data protection issues should be considered when conducting pharmacovigilance activities?

In pharmacovigilance reports, the patient is not identified by his or her full name, but rather by his or her initials. Some personal information is required (e.g., the patient’s date of birth and ethnicity).

Data protection issues may arise, for example, when adverse reaction reporting is done spontaneously by the patient through the pharma company website. The collection and processing of this data by pharmaceutical companies is necessary in order to fulfil the mandatory obligation set out in Article 24 of the Data Protection Code, which constitutes a case where consent is not required. Conversely, patients must be given the minimum information required under Articles 7 and 13 of the Data Protection Code (e.g., the data holder’s name, the type of data to be collected, the type of processing operation and the patient’s right to modification, rectification and cancellation).

Click here to view the full article.