Uppsala Reports editor
@UMCGlobalSafety
Data sharing lies at the heart of pharmacovigilance. From the inception of the World Health Organization Programme for International Drug Monitoring (WHO PIDM), it has been recognised that sharing of data by programme members is critical to safer use of medicines and vaccines for everyone everywhere. A new Data Access Conditions document released by WHO provides greater clarity and assurance to all stakeholders about how shared data is protected and the levels of access that may be granted for effective and responsible use.
The WHO VigiBase Data Access Conditions document, released on 13 March 2025, describes the basis under which members of the WHO PIDM share data to VigiBase, the levels of data access that may be granted to programme members and other stakeholders, and the acceptable uses of the data.
“This new Data Access Conditions document reflects the growth and evolution of the WHO PIDM, both in the number and diversity of the stakeholders involved,” said Shanthi Pal, Team Lead for Pharmacovigilance at WHO.
“Originally, we worked primarily with the national regulatory authorities, but now the range of stakeholders is growing, and we need to provide greater clarity about who those stakeholders are and what level of access they should have to the data,” Pal said.
Reliance [on VigiBase] ultimately requires confidence in the quality of data and how data and work are shared.
Given the nature of the data at stake and the complexities of the programme membership – which now stands at 159 full members and 23 associate members – developing the document necessarily involved a lengthy period of broad consultation.
“It has been a stepwise consensus,” said Pal. “We started by sharing these ideas at annual meetings of the WHO PIDM members, and we have encouraged all members to provide detailed input on the drafts. WHO has also worked intensively with UMC throughout, and as the draft progressed, we involved higher levels of WHO management and legal review.”
“Global pharmacovigilance practice involves recognising that no country can or should do everything themselves,” said Pal. “A smart strategy, especially for smaller pharmacovigilance centres, is to rely on each other and not unnecessarily duplicate work that has already been done. ‘Reliance’ is inherent to VigiBase. It’s a platform for countries to lean on, share data, and learn from their combined efforts. But such reliance ultimately requires confidence in the quality of data and how data and work are shared.”
The WHO VigiBase Data Access Conditions document, does not make any fundamental changes to how global safety data is used, but it does take account of evolving pharmacovigilance systems around the world by explicitly providing for the involvement of entities such as national immunisation programmes, official nominees of national authorities, and other stakeholders outside the programme, such as marketing authorisation holders, academia, and the general public.
“The Data Access Conditions document sets out in clear terms multiple levels of access to the data, all the way from aggregated summaries through to full datasets,” said Pinelopi Lundquist, Head of WHO Liaison at UMC.
“Those access levels are mapped to the applicable stakeholder groups, along with a statement of the permissible purposes for data access and conditions for use. Importantly, the access levels are also reflected in the technical implementation of UMC's tools used to access VigiBase data. Internal UMC work processes for handling VigiBase data requests have been reviewed and are being updated to align with the new WHO document.”
The Data Access Conditions document sets out in clear terms multiple levels of access to the data, all the way from aggregated summaries through to full datasets.
The WHO VigiBase Data Access Conditions document is now implemented, and members are not required to take any specific action. However, Lundquist recommends that members do take this opportunity to ensure that their own internal processes are consistent with the conditions.
“While no immediate action is needed, we do hope this document will be a primary reference document for all WHO PIDM members, informing their standard operating procedures on how they access, use, and share safety data.”
WHO VigiBase Data Access Conditions – Frequently asked questions
What are the Data Access Conditions for?
The WHO VigiBase Data Access Conditions document describes the understanding under which members of the WHO PIDM share data to VigiBase, the levels of data access that may be granted to members and other stakeholders, and the acceptable uses of the data.
Why have these conditions been updated now?
This document has been created to clarify the conditions for accessing VigiBase data. It was also necessary to take account of how pharmacovigilance systems around the world have evolved, in particular, the growth of sub-national agencies or the inclusion of vaccine surveillance bodies into national pharmacovigilance structures.
What are the main differences between the Data Access Conditions and the data protection processes that have been in place up to now?
The essential elements of VigiBase data protection remain substantially unchanged. This document, however:
- includes specific reference to the role of officially designated National Immunisation Programmes
- clarifies the roles of the entities that officially participate in the WHO PIDM and the nominees that they appoint as their PIDM focal points, and
- adds additional levels of access for clearer decision making.
What was the process to develop the current set of Data Access Conditions?
Over several years, preliminary drafts of the new conditions have been shared and discussed between Uppsala Monitoring Centre, WHO, and other stakeholders. During 2023, an updated draft of the conditions was sent to all members of the PIDM for their detailed review and inputs. The draft was revised on the basis of those inputs and has since been reviewed by the legal staff of both UMC and WHO.
When do the new Data Access Conditions take effect?
The Data Access Conditions were sent to PIDM members on 13 March 2025, with immediate effect.
How are these conditions applied?
The access levels described in the Data Access Conditions are reflected in the technical implementation of UMC's tools and systems to ensure users are only able to access data in line with their official authorisation. Furthermore, when UMC receives requests from stakeholders to access VigiBase data, those requests will be evaluated according to the access levels and other provisions of the Data Access Conditions.
Are there other conditions for the access to and use of VigiBase data?
The Data Access Conditions govern access to the data and outline the conditions under which PIDM members and other stakeholders can access data in VigiBase. The requirements for use of VigiBase data are governed by the Caveat document, which also covers publication of the data, and has recently been being updated. In addition, UMC publishes guidelines for the use of VigiBase data in studies.
Do members need to take any action in relation to this release?
PIDM members should make their staff familiar with the Data Access Conditions and ensure that their own systems and processes are consistent with the conditions. Otherwise, there is no specific action required to adopt this document.