Configure MHRA AS2 Connection

Set up a Vault Safety UK MHRA AS2 Connection to support submissions through the MHRA Gateway.

Last Updated

Note Beginning with 24R1 in April 2024 and for all subsequent releases, the new Vault Safety Help site is the official site for all Vault Safety Help content. This site reflects updates until the 23R3 release only. For the latest information, visit the new site.

About AS2 Connection Support for the MHRA Gateway

Vault Safety supports the United Kingdom Medical and Healthcare products Regulatory Agency (UK MHRA) Gateway through AS2 (system-to-system) communication. The UK MHRA Gateway can be used for ICSR submissions to the MHRA in the EMA E2B(R3) file format. Vault Safety defines the Case criteria for these Submissions using the MHRA Rule Set, which is based on the EMA ICSR Reporting Rule Set.

Vault’s integration with the UK MHRA allows you to set up a Gateway Profile to submit ICSRs directly from Vault Safety and receive gateway responses.

Note If your organization is a CRO making Submissions on behalf of clients, you must complete each of the steps on this page separately for each sponsor, including setting up a new MHRA Account and obtaining new certificates.

Note If your Vault currently uses the MHRA Gateway Profile to communicate with the MHRA, we recommend that you create an AS2 Connection to the MHRA as described in this article and then follow the instructions in Replace a Gateway Connection with an AS2 Connection.

Prerequisites

You must perform the following one-time configuration changes before you can set up MHRA Gateway submissions:

Prerequisite: Activate MHRA as a Standard Organization

MHRA is a standard Agency provided with Vault Safety. However, in certain Vaults, an Admin must activate the Agency record.

Complete the following steps if MHRA is Inactive in your Vault:

  1. Go to Business Admin > Objects > Organizations.
  2. Open the MHRA (UK) Agency record.
  3. From the All Actions menu, select Change State to Active.

Note The Change State to Active user action appears only if configured by your Admin. Add User Action to the Organization Lifecycle provides instructions for this configuration.

Prerequisite: Update Country Records

From January 1, 2021, all products authorized in Great Britain must have their ICSRs submitted to the MHRA. ICSRs for products authorized in Northern Ireland should be submitted to the EMA. For more information, visit the United Kingdom’s Guidance on Pharmacovigilance Procedures website.

To ensure all new Cases reference the correct Country and Agency, we recommend updating the existing United Kingdom of Great Britain and Northern Ireland record in your Vault to separate Great Britain and Northern Ireland records.

Complete the following steps to update the Country records:

Step One: Update Existing Country Record to the United Kingdom (Great Britain) Record

  1. Go to Business Admin > Objects > Countries.
  2. Select United Kingdom of Great Britain and Northern Ireland. The Country page appears.
  3. Select Edit.
  4. Under Details, update the following fields:
    • Name: Enter United Kingdom (Great Britain).
    • Code (2-letter): Enter GB.
    • Code (3-letter): Enter GBR.
    • Agency: Select MHRA (UK) from the picklist.
  5. Select Save.

Note We recommend updating the existing Country record as detailed above instead of changing its state to Inactive and creating a new record for Great Britain. Due to an overlap in Code (3-letter) values, creating a new record with the same code will cause E2B imports to fail.

Step Two: Create the United Kingdom (Northern Ireland) Record

  1. Go to Business Admin > Objects > Countries.
  2. Select Create. The Create Country page appears.
  3. Under Details, complete the following fields:
    • Name: Enter United Kingdom (Northern Ireland).
    • Code (2-letter): Enter XI.
    • Code (3-letter): Enter GBR.
    • Agency: Select EMA from the picklist.
  4. Select Save.

Result

Your Vault has two (2) updated Country records:

Updated UK Country Records
Updated Country Records for the United Kingdom

Note Once the Country records have been updated, it is recommended that pre-existing Products and Cases should be reviewed and updated with the correct Country and Agency.
For more information, see the EMA's Northern Ireland Submission Guidelines.

Configure a UK MHRA AS2 Account

Before you can configure the Vault Safety Gateway Profile, you must have an active UK MHRA AS2 account. The MHRA website provides instructions for setting up the gateway registration.

Public and Private Certificates

As part of the registration process, you must obtain a public and private certificate pair and upload the public certificate to your MHRA account. If you need help generating these certificates, contact Veeva Managed Services.

Configure Sender User

For submissions to the MHRA, you must enter full contact details for the Sender User. This user’s information will appear in generated forms and E2B files. The Sender User is assigned on Submission records in the Sender (User) field.

Manage Users provides more information on setting up user contact details.

Your Admin can configure the MHRA Transmission Profile to populate this field with a default Sender User on system-generated Transmissions based on the Transmission Profile.

Configure a Vault Safety AS2 Connection

  1. Go to Admin > Connections, then select Create.
  2. For the Connection Type, select AS2, then select Continue.
  3. Complete the AS2 Connection Fields.
  4. Select Save.

AS2 Connection Fields

Fields marked with a (*) are required.

Field Description
Name* Enter a name for the AS2 Connection.
This name must be unique in your Vault.
API Name* Enter an API Name for the AS2 Connection.
This name must be unique in your Vault.
Description Enter a description for the AS2 Connection.
Contact Email* Enter the Sender’s Email
AS2 Additional ACK Stages Select from the following options:
  • HTTP Handshake: Used primarily for asynchronous requests.
  • PRE-ACK: Used mainly for FDA VAERS, but can be used with synchronous or asynchronous requests.
AS2 Compress Before Sign Select Yes if the system should compress messages before applying the Signing Algorithm.

Select No if the system should compress messages after applying the Signing Algorithm.

AS2 Encryption Select the algorithm the system uses to encrypt outbound AS2 messages and decrypt inbound messages. The system supports the following algorithms:
  • Triple DES (3DES)
  • AES-256-GCM
  • AES-256-CBC
AS2 MDN Setting Select whether the Message Delivery Notification (MDN) can be exchanged synchronously (Sync) or asynchronously (Async).
AS2 Partner Certificate Expiry The system automatically populates this field when an Admin uploads the Partner Certificate.
AS2 Partner ID

Enter one of the following MHRA identification codes:

  • For a production account, enter MHRAUK.
  • For a test account, enter MHRAUKTEST.
AS2 Partner URL

Enter one of the following destination MHRA Gateway URLs:

  • For a production account, enter:
    https://mft.mhra.gov.uk:443/as2receiver.aspx?Tag=PV
  • For a test account, enter:
    https://mft-test.mhra.gov.uk:443/as2receiver.aspx?Tag=PVMHRA
AS2 Signature Select the method the system uses to sign outbound AS2 messages. The system supports the following signing methods:
  • SHA-1
  • SHA-256
AS2 Vault Certificate Expiry The system automatically populates this field when an Admin uploads the Sponsor Certificate.
AS2 Vault Gateway State The system populates this field with the current state of the AS2 Vault Gateway.
  • Registered: The AS2 Connection is synchronized with the Gateway.
  • Out of Sync: Changes have been made to the AS2 Connection or its Connection Allowed List since the last time the Sync to Gateway action was run. From the All Actions list, select Sync To Gateway to resync the AS2 Connection with the Gateway.
AS2 Vault ID Enter the sponsor ID registered with the MHRA. This value is the same as the customer's Routing ID you provided when setting up your production or test MHRA account.
AS2 Vault URL This field is read-only. Verify that the DNS configured in your MHRA account exactly matches the URL in this field.

Upload the Partner and Sponsor Certificates

Vault Safety uses the Partner and Sponsor certificates to communicate securely with the Partner.

  • Partner certificate: You will have received the Partner certificate as part of creating your account with the Partner.
  • If you need help generating a Sponsor certificate, contact Veeva Managed Services.

Upload Partner Certificate

  1. From the All Actions menu, select Upload Partner Certificate.
  2. Select Choose, then select the Partner’s Public Certificate.
    Accepted formats: PKCS7 (.p7b or .p7c), DER (.cer or .der) and PEM (.cer, .crt, or .pem)
    Note: Vault checks the expiry date of the certificate. If the certificate is no longer valid, you cannot save the record.
  3. Select Continue.

Upload Sponsor Certificate

  1. From the All Actions menu, select Upload Sponsor Certificate.
  2. Select Choose, then select the Sponsor’s Public Certificate.
    Accepted formats: PKCS12 (.pfx or .p12)
    Note: Vault will check the expiry date of the certificate. If the certificate is no longer valid, you cannot save the record.
  3. Select Continue.

Add Allowed Connections

Specify one (1) or more Allowed Connections for the AS2 Connection. These are Internet Protocol (IP) addresses that the system will allow to connect with this AS2 Connection. Perform the following steps for each Allowed Connection you want to add to the AS2 Connection.

  1. Go to the Connection Allowed Lists section, then select Create.
  2. Enter the Name, (optional) Description, and IP address of the Allowed Connection.
    Ensure the format of the IP address is XX.XX.XX.XX or XX.XX.XX.XX/{subnet mask} where the {subnet mask} is a number between 24 and 32.
  3. Repeat steps 1 and 2 for each Allowed Connection.
  4. When you have added all the Allowed Connections, select Save.

Note By default, Vaults are limited to 512 Allowed Connections. If your organization requires more, contact Veeva Managed Services.

Synchronize the Connection

Once you have entered all the details of the AS2 Connection, the Connection must be synchronized with the Gateway.

From the All Actions menu, select Sync Connection to Gateway.

When the system successfully completes this action, the Connection’s AS2 Vault Gateway State changes to Registered and the system can send and receive messages using this Connection.

Note If the Sync Connection to Gateway action is not successful, ensure the value of each of the AS2 Connection fields is correct before retrying the action again. If the issue perists, contact Veeva Managed Services.

If you make any changes to the Connection object or its Connection Allowed List, the AS2 Vault Gateway State changes to Registered - Out of Sync. The system cannot send or receive any messages using this Connection while it is in the Out of Sync state. You will need to repeat the All Actions > Sync to Gateway action to restore the Connection to the Registered state.

Result

The UK MHRA Gateway Profile is active and available to use to submit case reports to the MHRA.

Configure the MHRA Transmission Profile

Vault Safety comes with a system-provided MHRA Transmission Profile for electronic Submissions to MHRA. You must configure this Transmission Profile as part of the MHRA Gateway setup.

Manage Transmission Profiles provides instructions on setting up Transmission Profiles.

Complete the following steps to set up the Transmission Profile:

  • Origin ID: Enter the ID registered with the MHRA, typically your D-U-N-S number. This value is the same as the customer's Routing ID you provided when setting up your production or test MHRA account.
  • Destination ID: Enter one (1) of the following Destination IDs:
    • For a production account, enter MHRAUK.
    • For a test account, enter MHRAUKTEST.
  • Routing ID: Enter one of the following Routing IDs:
    • For a production account, enter MHRAUK.
    • For a test account, enter MHRAUKTEST.

Once you set up the MHRA Transmission Profile, the system uses the appropriate Transmission Profile to generate Submissions based on your Vault’s MHRA reporting rules.

Related Docs