This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Data Integrity: ComplianceAjaz S. Hussain, Ph.D.
KEYNOTE OPENING SESSION
Critical Update — Navigate the
2016 FDA Data Integrity
Compliance Draft Guidance and Other Global Regulations
Since 20o8 FDA has been increasing the number of inspections at foreign facilities; parity (per FDASIA) with frequency of domestic inspections by 2017?
What about ‘rigor of inspections’ -unannounced inspections?
Carmelo Rosa: Data Integrity, Essential Part of a Quality System
DIA Multicenter International Data Integrity Workshop. 13-14, Nov. 2014. Bangalore, India.
“Testing into compliance, data manipulation, data deletion/ record destruction, misreporting, disregarding failing and/or questionable results, all leading to possible breaches in the integrity of critical data, has become one of the most important and relevant topics currently discussed by industry and regulators from around the world.”
"Data integrity [issues] really sounds off alarm bells for us ... if you see data integrity [issues] on the surface, there is likely a lot going on underneath.“
Thomas Cosgrove, FDA on Observations related to Breaches of Data Integrity (BDI)I
Application Integrity Policy Integrity of data and information in applications submitted for FDA review and
approval. AIP List (CDER): Hill Dermaceuticals, Inc., Ranbaxy Laboratories, Ltd.,
Biopharmaceutics Inc.*, Solopak Pharmaceuticals, Inc., Superpharm Corp* (* to the agency's knowledge, the firm is out of business)
Bioresearch Monitoring FDA Debarment List (Drug Product Applications) Good Laboratory Practice (GLP), Amendment, Final Rule, 9/4/1987 Computerized Systems Used in Clinical Investigations Compliance Policy Guides:
Fraud, Untrue Statements of Material Facts, Bribery, and Illegal Gratuities (CPG 7150.09) (July, 1991)
International Memoranda of Understanding (June, 1995) FDA Access to Results of Quality Assurance Program Audits and Inspections
(CPG 7151.02) (January 1996)
Part 11, Electronic Records; Electronic Signatures — Scope and Application March of 1997, FDA issued final part 11 regulations CPG 7153.17: Enforcement Policy: 21 CFR Part 11 Several draft guidance documents Federal Register of February 4, 2003 (68 FR 5645) – withdrawal of draft
guidance,……
Prosecution recommendations, including referrals for criminal investigation
Criminal Prosecution after Section 305 Notice & without Section 305 Notice
Special Procedures and Considerations for Park Doctrine Prosecutions
Our investigator identified significant violations of current good manufacturing practice (CGMP) regulations for finished pharmaceuticals, Title 21, Code of Federal Regulations, Parts 210 and 211.
Your firm (a CMO) failed to ensure that laboratory records included complete data derived from
all tests necessary to assure compliance with established specifications and standards (21 CFR 211.194(a)).
exercise appropriate controls over computer or related systems to assure that only authorized personnel institute changes in master production and control records, or other records (21 CFR 211.68(b)).
to follow written procedures for production and process control designed to assure that the drug products you manufacture have the identity, strength, quality, and purity they purport or are represented to possess, and to document same at the time of performance (21 CFR 211.100(b)).
establish adequate written procedures for production and process control designed to assure that the drug products you manufacture have the identity, strength, quality, and purity they purport or are represented to possess (21 CFR 211.100(a)).
These violations cause your drug products to be adulterated within the meaning of Section 501(a)(2)(B)…..
Your laboratory records did not contain all raw data generated during each test for finished drug products manufactured at your firm. Your quality unit relied on incomplete records to make batch release decisions in support of regulatory submissions to the Agency.
A QC analyst deleted original test method validation data and admitted plans to fabricate sample preparation data.
The trial injection was stored in the “trails” [sic] folder located on a personal computer. The release chromatogram identified injection (b)(4)141119009 as the sample. The trial and release chromatograms for (b)(4)141119009 do not match, and they identify different peaks.
Data falsification in relation to training records
Not routinely recording unplanned deviations
Poor QA oversight
WHO Prequalification Team - Inspection Services
Serious concerns regarding the integrity, reliability and accuracy of the data generated and available at your manufacturing site and on your ability to prevent contamination and cross contamination of your products.
The company failed to adequately perform dissolution tests and may have manipulated
dissolution test results
ensure the integrity of data
adequately conduct stability tests in line with stability protocols and commitments:
maintain adequate records of equipment usage and failed to ensure data integrity in production
provide adequate controls of contamination and cross-contamination of the product
maintain adequate standards of housekeeping and hygiene
adequate and true records for in-process controls in production
package products under adequate conditions on blister packaging lines
ensure cleanliness of the air supply to manufacturing areas where the product may have been exposed
The company may have falsified analytical test data
The company failed to adequately perform dissolution tests and may have manipulated dissolution test results
The laboratory was requested to perform, under observation, the dissolution tests for X
During the first test, one of the solution vials inside the auto-injector was switched, without notifying inspectors of what was being done
However, after injection, the refrigerated bracketing solution did not fall within system suitability acceptance criteria (x.xx % RSD) and the run was rejected by the company
Dissolution results were … did not comply …
The run was restarted overnight in absence of the inspectors and passing dissolution results …were obtained
The inspectors requested that the dissolution test be repeated, in front of them
Results of…..were obtained, which differed from the results obtained by the laboratory in the absence of inspectors
Notice of Concern
Inadequate responses
The corrective and preventive actions described in your response, consisted of installing and qualifying one new dissolution tester.
This response is inadequate because it does not address the inability of your current quality management system to detect and prevent intentional and biased influencing of dissolution testing results.
The issues of training and personnel qualification, for instance, are still not addressed. Moreover, you have yet to provide a suitable explanation as to why the xx passed
Your explanations that the dissolution test results may have been affected by calibration, ….. is not substantiated by adequate evidence either.
Your statement that the deviation between the results obtained in the absence of inspectors are within the normal acceptable range is debatable and was not supported by any statistical calculations or scientific evidence.
Tom is right! When issues related to DI are noted - it should sounds off alarm bells …there is likely a lot going on underneath!
Company responses illustrate the lack of appreciation for QMS and inability to undertake effective investigations and CAPA
IT controls necessary but not sufficient – human factors and management accountability specifically need to be addressed to improve QMS and to ensure effective CAPA
US regulations provide more precise context BDI as these relate to QMS deficiencies (some WHO NOC trending similar to US FDA approach)
Different emphasis and actions related to GLP and GMP (infrequent use of AIP by FDA); QC vs. Production records
Remediation expectations differ with respect to the need to account for past and current deviations, in outlining the role of 3rd
Growing cluster of BDI due to improved regulatory awareness of the issue (in part to whistleblowers), increased attention to DI during inspections, improved ability to rigorously audit IT systems and gather information from company staff, and increasing frequency and rigor ( e.g., unannounced visits) of inspections
Effective root-cause investigation; system wide. 5 Whys across the system; including upstream to holes in validation, development, regulatory review and approval. Verification of CAPA effectiveness and sustainability based on objective metrics
Efficient effective remediation (WL close-out) and rapidly declining incidences of WLs & Import Alerts in 2017 on-wards (proactive compliance).
To understand FDA regulations we must take a systems perspective when reviewing
Implicit to Explicit: The role of data integrity
CGMP for drugs, as required in 21 CFR parts 210, 211, and 212
Part 210 CGMP in Manufacturing, Processing, Packing, or Holding of Drugs; General;
Part 211 covers CGMP Finished 19 Pharmaceuticals; and
Part 212 covers CGMP for Positron 20 Emission Tomography Drugs.
Flexible and risk-based strategies to prevent and detect data integrity issues
Strategies to manage data integrity risks based upon their process understanding and knowledge management of technologies and business models.
Electronic signature and record-keeping requirements are laid out in 21 CFR part 11 and apply to certain records subject to records requirements set forth in Agency regulations, including parts 210, 211, and 212.
CGMP record : Any and all data to fulfill CGMP requirements; cannot be excluded from decision-making process without “valid, documented, scientific justification”
Metadata: “structured information that describes, explains, or otherwise makes it easier to retrieve, use or manage data.” All electronic CGMP records must include metadata
Workflow validation: “appropriate controls to manage risks associated with each element of a computer system”
Access control “restrict the ability to alter specifications, process parameters, or manufacturing or testing methods by technical means (for example, by limiting permissions to change settings or data.)”
Audit trails : “secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification or deletion of an electronic record.” Reviewed and approved by quality personnel
Trail Injections: Standard solution (not sample) for system suitability “requirements for precision are satisfied.” If a sample needs to be used “properly characterized (as) secondary standard”
Tips/escalation of issues: Train staff to detect and report. investigated under the documented CGMP quality system to “determine the effect of the event on patient safety, product quality, and data reliability; determine the root cause; and to ensure the necessary corrective actions are taken.”
Remediation expectations mirror those developed for the Application Integrity Policy; “hiring a third party auditor [to] determine the scope of the problem, implement a corrective action plan (globally), and remove at all levels individuals responsible for problems from CGMP positions.”
Third party auditor with experience in detecting data integrity problems
Identify any historical period(s) during which inaccurate data reporting occurred at your facilities.
Identify and interview your current employees who were employed prior to, during, or immediately after the relevant period(s) to identify activities, systems, procedures, and management behaviors that may have resulted in or contributed to inaccurate data reporting.
Identify former employees who departed prior to, during, or after the relevant periods and make diligent efforts to interview them to determine whether they possess any relevant information regarding any inaccurate data reporting.
Third party auditor with experience in detecting data integrity problems (contd.)
Determine whether other evidence supports the information gathered during the interviews, and determine whether additional facilities were involved in or affected by inaccurate data reporting.
Use organizational charts and SOPs to identify the specific managers in place when the inaccurate data reporting was occurring and determine the extent of top and middle management involvement in, or awareness of, data manipulation.
Third party auditor with experience in detecting data integrity problems (contd.)
Determine whether any individual managers identified in item (5) above are still in a position to influence data integrity with respect to CGMP requirements or the submission of applications; and establish procedures to expand your internal review to any other facilities determined to be involved in, or affected by, the inaccurate data reporting.
Third party auditor with experience in detecting data integrity problems (contd.)
As part of this comprehensive data integrity audit of your laboratory, your audit report also should include any discrepancies between data or information identified in approved applications (including Drug Master Files), and the actual results, methods, or testing conditions submitted to the Agency. Include an explanation of the impact of all discrepancies. Provide a corrective action operating plan describing the specific procedures, actions and controls that your firm will implement to ensure integrity of the data in each application currently submitted to the Agency and all future applications. This should not only cover methods validation, but any other testing (e.g., stability tests, release tests) or operations you have performed for customers that may have been used to support a drug application-related submission to the agency.
US FDA: Remediation expectations(Progress reports)
Provide an update on the status of your on-going review of data generated from your chromatographic systems that have XXX installed.
Provide a detailed description of the process followed by 3rd Party during their review of batch production and electronic laboratory records and the batch certification process.
Provide your third party assessment and certification of the integrity of data in previously approved drug applications.
US FDA: Remediation expectations(Progress reports –extended to applications)
Provide details on the following items in your response (note these elements requested are the baseline expectations for each application and we may request additional clarification or information to support the review of your applications):
Should you decide to commercialize any of your terminated products that are affected by this data integrity issue, we expect you to provide the analysis consistent with the expectations listed above (Part A) for these applications.
For already approved applications affected by data integrity breaches, we expect you to provide an analysis consistent with the expectations listed above (Part A) for these applications.
You may provide this package for selected priority applications in advance of a follow up inspection to allow FDA to prepare for possible outcomes following the re-inspection.
US FDA: Remediation expectations(Progress reports)
Provide verification that metadata files not identified by the algorithm were correctly rejected.
For the metadata files that the algorithm did not flag, split the data into two groups for data integrity review.
One group should be a random sample of records from analysts previously identified as involved in questionable laboratory practices.
The second group should randomly sample records from analysts not previously identified as involved in questionable practices. Provide the protocol, the sample size, and justification of the proposed sampling plans.
Note that the FDA will refuse to approve an abbreviated application for a new drug under section 505(j) of the act for any of the following reasons: the methods used in, or the facilities and controls used for, the manufacture, processing, and packing of the drug product are inadequate to ensure and preserve its identity, strength, quality, and purity; i.e. if any pertinent xxx facility is named in the application, the application cannot be approved as long as it has an unacceptable compliance status.
David H. Freedman (August 1, 2010). "The Streetlight Effect". Discover magazine
Why Is The Placebo Effect Exploding In The U.S. But
Nowhere Else?Forbes |Pharma & Healthcare
OCT 7, 2015
We are finally beginning to understand that
irrationality is the real invisible hand that drives human decision making.The End of Rational Economics.
HBR July-August 2009
Humans are predictably irrational; some are capable of deliberately poisoning others to make money
Daniel Kahneman and Amos Tversky. Prospect Theory: An Analysis of Decision under Risk. Econometrica, 47(2), pp. 263-291, March 1979
Losses have a bigger emotional impact than an equivalent amount of gain. People often make decisions to avoid a loss (short-term) at the expense of gains (often long-term)
Company finances are allocated differently – R&D is a “Gain” or “Investment” whereas Operations are “Costs” or “Losses”
Amos Tversky and Daniel Kahneman. The framing of decisions and the psychology of choice. Science. 1981 Jan 30;211(4481):453-8
The psychological principles that govern the perception of decision problems and the evaluation of probabilities and outcomes produce predictable shifts of preference when the same problem is framed in different ways. Reversals of preference are demonstrated in choices regarding monetary outcomes, both hypothetical and real, and in questions pertaining to the loss of human lives.
Pharma patterns suggestive of ‘intentional holes’“….records not
completed contemporaneously”
“…observed analyst back-date logbooks”
“…trial injections…..”
“…results failing specifications are
retested until acceptable results are
obtained….”
“…over-writing electronic raw data…..”
“…OOS not investigates per XYZ SOP”
“…appropriate controls not established….”
Each additional observation
adds reasons to confirm that
this is very likely a system with
intentional ‘holes’ in its
defenses.
A pattern suggestive of ‘intentional disregard’: Cheating by Design
Predictably irrational: Cognitive biases,…..
The cGMP issues with BDI currently being noted “new”? Not likely – rigor and frequency of US FDA inspections is changing;
more “unannounced” inspections at foreign facilities
Improving ability & capacity to conduct a thorough DI & IT system audit; Large “regulator heterogeneity” reducing (slowly)
Incorrect organizational assumptions – “FDA Approved”, “Process Validated”; push for “speed” and uninformed “Lean” programs to improve efficiency – ineffective management focus/support
Additionally, lax local regulatory norms (foreign facilities) providing reasons to rationalize deviations from cGMPs with a preferred narrow interpretation of “adulteration” to analytics
Systemic weakness in QMS – inadequate systems thinking A general disregard for the intrinsic (as opposed to just satisfy FDA)
value of documentation and assurance of data integrity; Quality by Design - much misunderstood & “file first and figure it out later” business model
Peer Involvement: It is essential that all functions recognize that “Quality is everyone's responsibility”.Employee Empowerment:However, class discussions suggested that the level of empowerment is variable within functions. This may be a ‘blind-spot’. Perhaps the high attrition rate in certain functions may be suggestive of this variability. High attrition rates (> 35%), in and of itself, is a reason for concern.
Why Culture of Pharmaceutical Quality (CPQ)?
FDA inspections are
Periodic, of limited duration, face information asymmetry, are heterogeneous,..
• Environment facilitates human behavior to do the right thing when no one is looking
• Effective QMS
• Compliance to GXP
CPQ
Safeguard for Pre-conditions to Malice or Disregard
• Attitude & Rationalization
• Pressure & Incentive
• Opportunity – “holes” in QMS, supervision, policies,…
Connect to CultureConnect to Practice Quality by Design
Creating a Culture of Quality: Financial incentives don’t reduce errors. Employees must be passionate about eliminating mistakes. Ashwin Srinivasan and Bryan Kurey. Harvard Business Review, April 2014.
Creating a Culture of Quality: Financial incentives don’t reduce errors. Employees must be passionate about eliminating mistakes. Ashwin Srinivasan and Bryan Kurey. Harvard Business Review, April 2014.
Specific considerations for ‘Pharmaceuticals’Sector-wide issues
Market failure and information asymmetry
Two products – API or medicinal product and documented evidence of compliance; any non-compliance = adulterated under the US FD&C Act
State of control of manufacturing process often not quantified (e.g., via control charts and statistical process control) and right-first-time (i.e., without SOP deviations and/or out of specification results) for dosage form manufacturing at about 60-70%
Investigation predominantly end in “root cause unknown”; often confusion between common and special cause
Likelihood of incorrect assumption of a simple or complicated process for which “Good” practices such as SOP’s, project management are reliable tools; i.e., given a specified starting conditions adherence to SOP will reliably deliver expected results
Market standards (Pharmacopeia tests) predominantly used as “release test”; posing many challenges with respect to method validation (particularly of test methods for physical attributes) and root-cause investigations
Variable interpretation of US FDA comments in 483 and Warning Letters; work-flow often targeting to achieve minimal regulatory requirements
Lack of verifiable knowledge bases and knowledge sharing between R&D and operations
Common usage of “this is FDA approved” or “the process is validated” or “we have not received any complaints” to justify that all is well
Connect to CultureConnect to Practice Quality by Design
CPQ: Founded on Quality by Design
We do our best to develop medicines and the evidence needed to satisfy the needs of patients – we develop these products consciously, recognizing that quality cannot be tested into our products .
We know that nothing is perfect and there will be some errors in our design, systems and procedures, or we may make mistakes in following set procedures.
It is normal, easy and rewarding to work within our quality management system, without fear, to detect, correct and to learn from our mistakes.
In doing so we act consciously in the interest of patients – especially when no one else is looking, and we continually improve our quality by design and aim for right first time.