Print page Resize text Change font-size Change font-size Change font-size High contrast

Home > Standards & Guidances > Methodological Guide

ENCePP Guide on Methodological Standards in Pharmacoepidemiology


9.1. Patient and data protection

In Europe, both EU and national legislation determines what is acceptable with regards to patient data access, data linkage and consent issues, including domains such as human rights and duty of confidentiality. Therefore, while individual data custodians may have differing requirements related to what approvals are needed before data can be released, studies conducted in Europe must meet all applicable EU and national legislation.


The provisions of the legislation on the protection of individuals with regard to the processing of personal data and on free movement of such data, as laid down in Directive 95/46/EC and Regulation (EC) No 45/2001 of the European Parliament and of the Council, need to be followed in the EU. For interventional research, the Directive 2001/20/EC and the Guidelines for Good Clinical Practice (Commission Directive 2005/28/EC) apply.  Directive 2001/20 EC will be repealed on the day of entry into application of the new Clinical Trials Regulation (Regulation (EU) No 536/2014). In addition, marketing authorisation holders (MAHs) and investigators must follow relevant national legislation and guidance of those Member States where the study is being conducted (Directive 2001/83/EC and Directive 95/46/EC).


Article 36 of the Commission Implementing Regulation (EU) No. 520/2012 specifies that for post-authorisation safety studies (PASS) imposed as an obligation, MAHs shall ensure that all study information is handled and stored in a way that ensure the confidentiality of the study records. The GVP Module VIII - Post-authorisation safety studies recommends that these provisions should also be applied to PASS voluntarily initiated, managed or financed by a MAH.


The ISPE Good pharmacoepidemiology practice provides recommendations on the protection of human subjects and refers to the ISPE guidelines on Data Privacy, Medical Record Confidentiality, and Research in the Interest of Public Health. It also recommends that the plans for protecting human subjects should be described in a stand-alone section of the study protocol.



Individual Chapters:


1. Introduction

2. Formulating the research question

3. Development of the study protocol

4. Approaches to data collection

4.1. Primary data collection

4.1.1. Surveys

4.1.2. Randomised clinical trials

4.2. Secondary data collection

4.3. Patient registries

4.3.1. Definition

4.3.2. Conceptual differences between a registry and a study

4.3.3. Methodological guidance

4.3.4. Registries which capture special populations

4.3.5. Disease registries in regulatory practice and health technology assessment

4.4. Spontaneous report database

4.5. Social media and electronic devices

4.6. Research networks

4.6.1. General considerations

4.6.2. Models of studies using multiple data sources

4.6.3. Challenges of different models

5. Study design and methods

5.1. Definition and validation of drug exposure, outcomes and covariates

5.1.1. Assessment of exposure

5.1.2. Assessment of outcomes

5.1.3. Assessment of covariates

5.1.4. Validation

5.2. Bias and confounding

5.2.1. Selection bias

5.2.2. Information bias

5.2.3. Confounding

5.3. Methods to handle bias and confounding

5.3.1. New-user designs

5.3.2. Case-only designs

5.3.3. Disease risk scores

5.3.4. Propensity scores

5.3.5. Instrumental variables

5.3.6. Prior event rate ratios

5.3.7. Handling time-dependent confounding in the analysis

5.4. Effect measure modification and interaction

5.5. Ecological analyses and case-population studies

5.6. Pragmatic trials and large simple trials

5.6.1. Pragmatic trials

5.6.2. Large simple trials

5.6.3. Randomised database studies

5.7. Systematic reviews and meta-analysis

5.8. Signal detection methodology and application

6. The statistical analysis plan

6.1. General considerations

6.2. Statistical analysis plan structure

6.3. Handling of missing data

7. Quality management

8. Dissemination and reporting

8.1. Principles of communication

8.2. Communication of study results

9. Data protection and ethical aspects

9.1. Patient and data protection

9.2. Scientific integrity and ethical conduct

10. Specific topics

10.1. Comparative effectiveness research

10.1.1. Introduction

10.1.2. General aspects

10.1.3. Prominent issues in CER

10.2. Vaccine safety and effectiveness

10.2.1. Vaccine safety

10.2.2. Vaccine effectiveness

10.3. Design and analysis of pharmacogenetic studies

10.3.1. Introduction

10.3.2. Identification of generic variants

10.3.3. Study designs

10.3.4. Data collection

10.3.5. Data analysis

10.3.6. Reporting

10.3.7. Clinical practice guidelines

10.3.8. Resources

Annex 1. Guidance on conducting systematic revies and meta-analyses of completed comparative pharmacoepidemiological studies of safety outcomes