The integrity of data generated

Transcription

1 FDA s Focus on Laboratory Data Integrity Part 2 A further look at this current emphasis and a few problems inspectors have identified R.D. McDowall The integrity of data generated by a regulated laboratory can make or break a regulatory inspection or audit. This paper looks at what is required for data integrity from the basis of the GMP regulations and presents examples of non-compliances found in warning letters and a regulatory action from the FDA. It only requires a single adverse non-compliance to cast a shadow over ALL work undertaken by a regulated laboratory. In this second installment of a two-part article, we will look at the background to the current FDA emphasis on data integrity and some of the problems that their inspectors have found when visiting companies. Introduction In the first part of this article 1 we looked at the some data integrity issues from regulated laboratories, as well as the impact of the 2012 change 2 to the Food Drug and Cosmetic Act 3 and its impact on companies inspected. Ranbaxy Consent Decree (January 2012) If you think that the warning letter citations quoted in part 1 of this article were bad, 1 give a thought for another company. In January 2012, the generic drug manufacturer Ranbaxy signed a consent decree of permanent injunction due to falsification of data and fraudulent data contained in a number of their New Drug Applications for generic products and poor GMP manufacturing standards. 4 This covered sites in both India and the USA that had received four warning letters between 2006 and For the purposes of this paper, we will focus only on those deficiencies involving laboratory data integrity. The decree is 60 pages long and written by lawyers, but the main elements of the consent decree, which can be viewed as draconian, are: The injunction covers several named Ranbaxy manufacturing sites in India and the USA, as well as potentially any other site if similar falsification activities are found during an inspection. The company must establish an Office of Data Reliability in the US that is responsible for conducting audits of submissions to ensure integrity of data, including that from Quality Control. The Data Reliability Office is headed by the Chief Data Reliability Officer reporting to the Managing Director of Ranbaxy Laboratories. One of the responsibilities of the Chief is to recommend to the MD that specific staff members be disciplined or terminated for data manipulation activities or that regulatory submissions should be withdrawn due to falsification of data. Existing drug applications will be reviewed by a Data Integrity Expert to see if there is falsification of data, which will be in the form of a written audit trail, i.e. a complete record within a closed system that ensures the integrity, trustworthiness, and reliability of records and raw data within the system. 4 The audit trails need to be reviewed by the Chief Data Reliability Officer to see if any data irregularities have occurred and whether these impact the integrity of the application. A global toll-free number, publicized by ScientificComputing.com 1 August 2013

2 the company to all employees, was established to allow staff members to raise concerns anonymously about working policies and practices that are non-compliant. This is intended to allow staff in the Data Reliability Office to pursue issues to determine if they are true or not and identify individuals who promoted the falsification activities. The company also has to engage an independent GMP auditor for five years to conduct compliance audits in specified Ranbaxy sites, reports of which are submitted to Ranbaxy management and the FDA. As you can see from the highlights above, it is far, far cheaper to comply with the regulations. The consequences of not doing so are being caught and then the major cost of rectifying the problems, which far out-weighs the cost of complying in the first place. New Draft FDA Guidance on Inspections In July 2013, the FDA issued draft guidance for industry on Circumstances that Constitute Delaying, Denying, Limiting or Refusing a Drug Inspection. 9 This guidance was in response to a new law, the Food and Drug Administration Safety and Innovation Act (FDASIA) 2 which added section 501(j) to the Food, Drug and Cosmetic Action (FD&C Act). 3 Section 501(j) deems an adulterated drug as one that has been manufactured, processed, packed, or Topic Delay of Inspections Denial of Inspection Limiting of Inspection Refusal to Permit Entry or Inspection held in any factory, warehouse, or establishment and the owner, operator, or agent of such factory, warehouse, or establishment delays, denies, or Examples of Circumstances Delay Scheduling Pre-announced Inspections A facility will not agree to a proposed inspection start date and does not give a reasonable explanation for its failure to do so. After scheduling an inspection, a facility requests a later start date without giving a reasonable explanation. Delay During an Inspection A facility does not allow the FDA investigator access to an area of the facility until a specific future date or time even though the area is operational. A facility leaves the FDA investigator in a conference room without access to necessary documentation or responsible individuals for an unreasonable period of time Delay Producing Records During an inspection, the FDA investigator requests records within a specific, reasonable timeframe, but the facility fails to produce the requested records without adequate justification. A facility rejects FDA s attempt to schedule an inspection. A facility does not allow the FDA investigator to begin an inspection of a facility, even if it has been pre-scheduled. A facility does not allow the FDA investigator to inspect the facility by falsely alleging the facility does not manufacture drugs. Limiting Access to Facilities and/or Manufacturing Processes A facility states that direct observation of the manufacturing process, in whole or in part, must be limited to an unreasonably short amount of time, thus preventing FDA from inspecting the facility as is usual and customary. Staff at a facility cause the FDA investigator to leave the premises before the inspection is completed. Limiting Photography Limiting Access to or Copying of Records A facility provides some, but not all, of the records requested by the FDA investigator. Limiting or Preventing Collection of Samples The facility bars the FDA investigator from entering the facility or certain areas of the facility. Following FDA s attempt to contact the facility s designated contact(s), the facility fails to respond. Table 1: Circumstances Constituting Delaying, Denying, Limiting or Refusing a Drug Inspection 19 limits an inspection, or refuses to permit entry or inspection. This draft guidance outlines the circumstances that constitute delays, denials and limits to inspection, and some examples are presented in Table 1. For more information and to see all the examples listed, reading ScientificComputing.com 2 August 2013

3 the draft guidance is highly recommended. Although this may be draft guidance from the FDA, the law that it references is already on the statute book and is being enforced, as we shall see from a discussion of the next warning letter in the next section. Wockhardt Limited Warning Letter (July 2013) Wockhardt Limited had an FDA inspection in March 2013 and, following the responses from the company, the FDA issued a warning letter in July The first citation in the warning letter states that the company repeatedly delayed, denied and limited an FDA inspection. What, you may ask is the relevance to data integrity, the subject of this article? This is linked to the new guidance and some of the examples listed in 1 concerning availability of records. One of the reasons for delaying the inspection was finding 75 shredded raw data records in a waste area. However, a QA officer produced a different 20 shredded records when the inspector returned to the waste area, the original 75 records were in a different waste bag. Furthermore, a QC analyst poured the contents of unlabelled vials down the sink when an inspector queried what they contained, again limiting the inspection. In the QC laboratory, an inspector asked multiple times to see the records of a particular batch of tablets, which were only produced during the closing meeting, again limiting the inspection. Undeterred by this, the inspectors also found a failure to ensure completed records as, like RPG Life Sciences earlier in Part 1 of this paper, 11 the QC laboratory had been conducting trial HPLC analyses prior to conducting the official tests. The trial analyses were not recorded in the instrument use logs and all data associated with these assays were destroyed. Falsification of results was also mentioned in citation 3 where other samples were used to complete the tests for one product. In addition, data also could be deleted from laboratory data systems both accidentally (citation 4) and deliberately (citation 3). 10 The warning letter highly recommends Wockhardt hires a GMP expert to help address and resolve manufacturing and facility issues, but also a data integrity expert. The functions of the data integrity expert are: Identify any historical period(s) during which inaccurate data occurred at your facilities. Identify and interview your current employees who were employed prior to, during, or immediately after the relevant period the lack of laboratory data integrity following the inspection of an Indian facility of a German pharmaceutical company, Fresenius Kabi. 12 There are common issues with the RPG Life Sciences 11 and Wockhardt 10 warning letters of test HPLC injections to check that the batch was within specification, and then carry out the official test. However, in contrast with the other companies, if a batch of API failed due to impurities, it was combined with a passing batch, retested and released. 12 The pharmaceutical industry appears to have a short or a geographically-limited memory in that retesting was conducted until the batch was within specification. Samples were retested without a record of the reason for the retest or an investigation. Only passing results were considered valid, and were used to release batches of APIs intended for US distribution. 12 This is 20 years after the Barr Laboratories case where the FDA took this company to court over exactly the same issue. 13 This is indicative of a lack of training in basic GMP and data integrity practices for both paper and electronic records. Looking at QC chromatography data systems, the FDA was informed during the inspection that all electo identify activities, systems, procedures, and management behaviors that may have resulted in or contributed to inaccurate data reporting. Identify former employees who departed prior to, during, or after the relevant period and make diligent efforts to interview them to determine whether they possess any relevant information regarding any inaccurate data reporting. Determine whether other evidence supports the information gathered during the interviews, and determine whether additional facilities were involved in or affected by inaccurate data reporting. Use organizational charts and SOPs to identify the specific managers in place when the inaccurate data reporting was occurring and determine the extent of top and middle management involvement in or awareness of data manipulation. Determine whether any individual managers identified in item (5) of this subparagraph are still in a position to influence data integrity with respect to CGMP requirements or the submission of applications; and establishing procedures to expand the internal review to any other facilities determine to be involved in or affected by the inaccurate data reporting. 10 As can be seen this is a wide-ranging review of data integrity in the one plant visited by the inspectors, but in item 3 above can also extend to other facilities. Fresenius Kabi Warning Letter July 2013 The FDA was busy in July 2013, another warning letter focused on ScientificComputing.com 3 August 2013

4 tronic raw data files are automatically stored on a central server that is inaccessible by QC staff, and that no data would be found on personal computers (PCs) associated with laboratory equipment. Later in the inspection, FDA found that raw data was being stored in several folders on PCs. Unacceptable practices in the management of electronic data also were noted. The management of electronic data permitted unauthorized changes, as digital computer folders and files could be easily altered or deleted. Senior and local management were cited as failing to have a quality system able to prevent or detect the poor data integrity practices. The warning letter explicitly states This responsibility starts with designing computerized systems with appropriate security features and data audit trails, as well as many other elements that assure proper governance of your computerized systems. 12 Some of the other issues that Fresenius Kabi has to address with respect to laboratory data integrity are: Please provide your assessment of the electronic audit trail information that describes the circumstances surrounding the collection of this (chromatographic) data (citation 3). we expect your firm to extend your data integrity investigation to all relevant lots and data. The investigation should identify any data found in your electronic record repositories (or other locations) that is not also described in your product release files and/or batch records. Also, it should include a review of all chronological records that clarify which equipment was used for the testing of the API batches. Finally, it should include a review of the audit trail from the software that describes surrounding events for each piece of extra data identified that represents a finished API batch (citation 3). In addition, your response should address all laboratory equipment, process-related equipment, and any related software that may be affected by the lack of adequate controls to prevent data manipulation (citation 4). As you can see there is a large amount of work required to find the scope and depth of the problems at the site that would have been avoided if the working practices were honest and ethical. Fresenius Kabi was also warned that their actions during the inspection repeatedly delayed, denied and limited the inspection, or that they refused to provide information to the FDA investigators, which meant that their drugs were adulterated under the new section of the FD&C Act. 2,3 Examples cited in the warning letter were (it just goes to show that you cannot make this stuff up!): Providing misleading information Lying to the inspector about working practices Refusing to provide requested information Attempting to hide manufacturing-related records in a pocket Similar to Wockhardt, Fresenius Kabi was recommended to hire an expert in data integrity to identify the extent of the problems and send a copy of their report to the FDA. Out Through the In Door? With the globalization of the pharmaceutical supply chain, the answer to any problem has been typically India or China when outsourcing research, development or manufacturing. So much so, that now India and China account for 80 percent of active pharmaceutical ingredient (API) production. However, with the increasing number of falsification and fraud cases, one suspects that it may be cheaper for companies to in-source many activities, as the cost of monitoring to ensure compliance may outweigh the savings made when out-sourcing. Moreover, if poor data integrity practices are found during an inspection, the cost of remediation far, far outweighs the cost saving. In a recent blog, Uday Shetty goes into more detail about the lack of data integrity in Indian companies and suggests the practices discussed in this paper are prevalent in Indian pharma companies of all sizes, and that they are actually condoned by senior management as a means of reducing costs. 14 The common thread which can be seen is the data integrity or data reliability issues in large, medium and small Indian companies. Not reporting failing results, conducting unofficial analysis, deleting electronic data, disabling audit trails in electronic data capture systems, fabricating training data, having unofficial batch sheets and analytical reports, trial analysis out of quality system, reanalyzing failing samples till passing results are obtained, back-dating data, not reporting stability failures appear to be common. This is not related to training or understanding a particular technical or quality concept, but mainly related to honesty and ethical issues. Further, what is more disturbing is that senior management and company owners appear to either support such practices covertly or overtly and in many instances encourage them, Shetty says. Quo vadis for outsourced pharmaceutical activities? Conclusions The integrity of data generated by any regulated laboratory is a prime factor in determining the credibility of that laboratory. The finding of a single instance where data integrity is compromised casts a shadow over the whole of the data generated. Remember that inspections and audits can only sample, finding one instance of ScientificComputing.com 4 August 2013

5 falsification raises the question of how many more instances of non-compliances exist? Therefore, ensuring data integrity is of major importance to analytical scientists, managers and quality assurance of any organization, as the consequences of getting it wrong are very costly and it will take a long time to rebuild regulatory trust. We can see this from the remedial work that has to be undertaken with the examples quoted here. A little training for FDA inspectors in data integrity has gone a long way, with the increased incidence of lack of laboratory data integrity controls being found as evidenced by the warning letters presented in this article. The extended FDA regulation and draft guidance now also impact the laboratory data integrity issue, as failure to provide complete records means that any drugs are now classified as adulterated under the new extension of the Food Drug and Cosmetic Act as amended in References 1. R.D.McDowall, Scientific Computing 2013 Part 1 of this paper 2. Food and Drug Administration Safety and Innovation Act (FDASIA), Public Law , July Food, Drug and Cosmetic Act (FD&C Act) 1938 and subsequent amendments including US District Court for the District of Maryland, 25 th January 2012, Ranbaxy Inc and named individuals, Consent Decree of Permanent Injunction, Civil Action number JFM12CV Ranbaxy Laboratories Limited, FDA Warning Letter, June Ranbaxy Laboratories Limited, FDA Warning Letter, September Ranbaxy Laboratories Limited, FDA Warning Letter, September Ohm Laboratories Limited, FDA Warning Letter, December Draft Guidance for Industry, Circumstances that Constitute Delaying, Denying, Limiting or Refusing a Drug Inspection, FDA, July Wockhardt Limited, Warning Letter, July RPG Life Sciences Ltd, Warning Letter, May Fresenius Kabi, Warning Letter, July United States District Court for the District of New Jersey, United States of America v Barr Laboratories, Civil Action No , Judge Alfred Wolin, 4 th February Uday Shetty, /07/can-data-from-indiancompanies-be.html (accessed 5th Aug 2013) Bob McDowall is Principal, McDowall Consulting. He may be contacted at editor@scientificcomputing.com. ScientificComputing.com