Data Integrity, Food & Drug Law Institute Update Magazine

AVA I L A B L E O N L I N E F R E E TO M E M B E R S | W W W. F D L I . O R G | E N F O R C E M E N T I S S U E | N O V/D E C 2014
A PUBLICATION OF THE FOOD
AND DRUG LAW INSTITUTE
IN THIS ISSUE
Data Integrity
Recent Trends in Canadian Biologics
Patent Litigation
The Evolving Role of Drug and
Medical Device Company Field-Based
Medical and Scientiic Employees:
New Risks or The Same Old Traps?
The DSCSA One Year Later
Analyzing Risk in Mobile Medical Apps
Evaluating Artiicial Infringement
by ANDA Filing
Data Integrity
By *Kyle Sampson
B
y word and deed, the Food and Drug Administration (FDA) has made clear its intention to increase
its focus on data integrity. In FDA-speak, “data
integrity” refers to the accuracy, reliability, and general trustworthiness of data that is submitted to FDA “to influence
procedures, actions and controls to ensure data integrity.”2
FDA is concerned about data integrity because the agency
cannot adequately protect the public health if it cannot trust
the information it receives from the companies it regulates.
or support an agency decision regarding approval to market
High Stakes
an FDA-regulated product.”1 In recent years, FDA officials
he stakes for drug manufacturers are high. If FDA believes
have touted the agency’s stepped-up scrutiny of conduct by
that a drug manufacturer’s data lacks integrity, then the agency
drug manufacturers that may call into question the reliability
can refuse to review the manufacturer’s pending drug applica-
and integrity of data submitted to the agency. Increasingly,
tions or seek to withdraw its approval of applications already
FDA is taking regulatory and enforcement action against
approved. FDA also can seek an injunction or even open
companies that the agency believes lack the “commitment,
a criminal investigation. For companies seeking to restore
their credibility with the agency and remediate data integrity
problems, FDA frequently will “highly recommend” that the
Kyle Sampson is a partner at Hunton
& Williams LLP. The opinions
expressed in this article reflect his
own views and do not necessarily
reflect the views of his clients.
*Kyle Sampson represents clients in
the drug, biologics, medical device,
cosmetics, and dietary supplement
sectors.
6
UPDATE
November/December 2014
company “hire a third party auditor, with experience in detecting data integrity problems, to assist [the company] with [its]
overall compliance.”3 he expense of hiring a third-party data
integrity expert oten is signiicant.
It is critical that drug manufacturers ensure that their personnel refrain from engaging in the types of activities that may
cause FDA to question the integrity of the company’s data. Because laboratories and factories do not always run perfectly, and
www.fdli.org
Enforcement
gaps frequently are found in data traceability and trustworthiness, it is incumbent on manufacturers and their counsel
to understand data integrity-related legal
standards, as well as the variety of manufacturer conduct likely to result in FDA
action. Manufacturers then can adopt
quality systems and implement training
designed to ensure data integrity.
Data Integrity-Related
Legal Standards
Under the Federal Food, Drug, and Cosmetic Act (FD&C Act), a brand-name
drug manufacturer seeking approval to
sell a new drug must submit a new drug
application (NDA) to FDA that includes
“full reports of investigations which have
been made to show whether or not such
drug is safe for use and whether such
drug is efective in use.”4 Among other
things, the NDA must include information regarding all nonclinical pharmacology and toxicology studies, all human
pharmacokinetics and bioavailability
studies, and all clinical pharmacology
studies of the drug.5 Indeed, the NDA
must provide “full disclosure,” i.e., a
description and analysis of:
“any other data or information relevant
to an evaluation of the safety and efectiveness of the drug product obtained or
otherwise received by the applicant from
any source, foreign or domestic, including information derived from clinical
investigations, including controlled and
uncontrolled studies of uses of the drug
other than those proposed in the application, commercial marketing experience,
reports in the scientiic literature, and
unpublished scientiic papers.”6
A generic drug manufacturer
seeking to sell a generic version of an
approved drug product must submit
an abbreviated new drug application
(ANDA) to FDA that includes information regarding “the bioequivalence
FDLI
study upon which the applicant relies
for approval,” as well as “all other bioequivalence studies conducted on the
same drug product formulation.”7
FDA expects brand-name and
generic drug manufacturers to assure
the quality and integrity of the data
they submit to FDA in support of an
NDA or ANDA. If FDA inds that an
approved “application contains any untrue statement of a material fact,” then
the agency “shall, ater due notice and
opportunity for hearing to the applicant, withdraw approval of [the] application.”8 Indeed, federal law makes it a
crime, in a matter within the jurisdiction of the executive branch, for a person to knowingly and willfully falsify,
conceal, or cover up a material fact; or
make any materially false, ictitious,
or fraudulent statement or representation; or make or use any false writing
or document.9 More speciically, good
laboratory practice (GLP) regulations
establish standards for the conduct
and reporting of nonclinical laboratory
studies that are intended to assure the
quality and integrity of safety data submitted to FDA for new drugs.10 And
current good manufacturing practices
(cGMPs) require manufacturers to
maintain “true copies” (i.e. complete
and accurate copies) of manufacturing
records, including raw data.11
Application Integrity Policy
FDA’s expectations regarding the integrity of data that manufacturers submit to
the agency are highlighted in an agency
policy that is commonly referred to as
the “Application Integrity Policy” (AIP).
As a result of FDA’s investigation almost
25 years ago into “illegal gratuities provided to FDA employees and fraud and
discrepancies in data submissions . . . by
some manufacturers of generic drugs,”
FDA issued the AIP in 1991.12 Per the
AIP, the commission of “wrongful acts”
by a drug manufacturer may call into
question the integrity of data submitted
to FDA by that manufacturer. A broad
variety of conduct can be considered to
be a wrongful act, including:
“submitting a fraudulent application, ofering or promising a bribe or
illegal gratuity, or making an untrue
statement of material fact. A wrongful act also includes submitting data
that are otherwise unreliable due
to, for example, a pattern of errors
whether caused by incompetence,
negligence, or a practice such as inadequate standard operating procedures
or a system-wide failure to ensure the
integrity of data submissions.”13
For FDA, concerns regarding data
integrity are implicated when there is
some sort of wrongful act that materially impacts data that is submitted to
the agency.
Recent FDA Statements on
Data Integrity
Statements made by FDA oicials can
clarify the type and variety of “wrongful
conduct” that FDA is likely to conclude
calls into question the integrity of a
manufacturer’s data. Earlier this year,
an FDA oicial spoke about the agency’s intention to increase enforcement
actions related to data integrity.14 he
oicial stated that FDA may determine
that a company’s data lacks integrity if
it believes the data is either “unreliable”
or “inaccurate.” She said that FDA may
deem data submitted by a manufacturer
to be “unreliable” if, for example, the
agency discovers that signiicant data
that is material to the drug approval
process was omitted from an application
or other regulatory iling. Likewise, she
said that FDA may deem manufacturer
data to be “inaccurate” if, for example,
“irst data failed specs, retest data passes
November/December 2014
UPDATE
7
Enforcement
specs, lab investigations are inadequate
or non-existent, but retest data is submitted to the application anyway.”15
Enforcement and
Regulatory Actions
Enforcement and regulatory actions further clarify FDA’s expectations for data
integrity. In recent years, for example,
FDA took enforcement action against
Ranbaxy Laboratories, Ltd. (Ranbaxy)
for alleged wrongful acts that called into
question the integrity of data that Ranbaxy had submitted to the agency. Speciically, Ranbaxy “was found to have
conducted stability testing of certain
batches of . . . drugs weeks or months
ater the dates reported to FDA. In addition, instead of conducting some of
the stability tests at prescribed intervals
months apart, the tests were conducted
on the same day or within a few days of
each other.”16
Ranbaxy’s alleged wrongful acts
also included “retesting raw materials,
intermediate drug products, and inished
[active pharmaceutical ingredient] API
ater those items failed analytical testing
and speciications, in order to produce
acceptable indings, and subsequently
not reporting or investigating these
failures.”17 he Department of Justice
entered into a consent decree with Ranbaxy that, among other things, required
the company to engage an independent
third-party auditor to assess the validity of its data, and FDA “invoked” the
AIP against Ranbaxy, meaning that the
agency “is deferring substantive scientiic
review of one or more of the irm’s applications and/or is proceeding to withdraw
the approved applications.”18
In recent months, numerous warning
letters have identiied data integrity as
an issue. Although not legally binding,
these warning letters have cited a variety
of activities that, in FDA’s view, called
8
UPDATE
November/December 2014
into question the integrity of the manufacturers’ data, including the following:
Not Recording Activities
Contemporaneously
In one warning letter, FDA noted how
investigators conducting an inspection
of drug manufacturer USV Ltd.’s control
laboratory testing facility found that
analysts did not document laboratory activities at the time they were performed.
Speciically, “sample weights used in
calculations were created ater the chromatographic runs. he analyst admitted that the sample weights that were
represented as raw data from the analysis
actually were backdated balance weight
printouts produced ater the analysis
and generated for the notebooks. hese
sample weights were used to calculate related compounds and impurities used in
support of method validations submitted
in FDA drug applications.”19
Likewise, FDA cited API manufacturer Zhejiang Jiuzhou Pharmaceutical
Co., Ltd., for “belated data entry” in its
manufacturing records—leaving lines
blank in a use, cleaning, and maintenance logbook “to later add information
about cleaning events that may have
occurred during a previous shit.”20 For
both companies, FDA said that “the
record-keeping deiciencies described . . .
raise doubt regarding the validity of [the
irms’] records.”21
Backdating
Similar in kind to the failure to record
activities contemporaneously, backdating documents also has been identiied
in several recent warning letters as an
activity that calls the integrity of a irm’s
data into question. For example, during
FDA’s inspection of the pharmaceutical
manufacturing facilities of RPG Life Sciences Ltd. (RPG), the investigator identiied a “backdated QC worksheet in the
analytical report of [an] API raw material
batch.” In its warning letter to RPG,
FDA noted that the company’s “analyst
acknowledged during the inspection that
he backdated this worksheet . . . . [he
company’s] response stated that . . . there
was no intention to deliberately backdate
the document. However, [this] response
contradicted [the] analyst’s backdating
admittance [sic] during the inspection.”22
Fabricating Data
API manufacturer Canton Laboratories
Private Ltd. recently was cited for fabricating results reported on certiicates of
analysis (CoAs). FDA speciically said:
“Your irm reported microbial limits
results on CoAs for three API batches
without performing these tests. Specifically, your irm has no raw data for the
microbial limits tests reported on the
CoAs . . . . Your quality unit approved the
release of these API batches without data
to support that release speciications were
met. While your CoAs state that microbial limits conformed to speciications,
the inspection found that no testing was
done. Multiple personnel conirmed that
your irm did not perform the microbial
tests reported on the CoAs.”23
Another API manufacturer, Smruthi
Organics Ltd., was similarly cited when
FDA “investigators identiied . . . records
that were not authentic in that the persons that signed each record as having
performed the activity were not at work
on the day the work was accomplished.”24
FDA has called these types of data fabrication violations “fundamental deiciencies in laboratory data integrity.”25 he
diference between fabricating data and
outright fraudulent conduct may only be
a matter of degree.26
Re-Running Samples
Another practice that is sure to
call into question the accuracy and
www.fdli.org
Enforcement
reliability of data submitted to FDA
is the practice of repeatedly testing
samples until acceptable results are obtained. Such practices, as identiied in
FDA warning letters, can be manifest
in various forms:
• In the context of nonclinical
laboratory studies, FDA issued a
warning letter to histopathology
company Colorado Histo-Prep
for re-running samples in
violation of GLPs. FDA found
that “samples were repeated, and
the second result was reported
without justiication in the inal
report of study.”27
• In the manufacturing context,
FDA cited Wockhardt Ltd.
(Wockhardt) for manipulating
data by re-running samples.
Speciically, agency “investigators identiied the practice
of performing ‘trial’ sample
analysis for High Performance
Liquid Chromatography (HPLC)
analyses prior to collecting
the ‘oicial’ analytical data for
stability testing. . . . hese trial
runs were not recorded in the
equipment use log, and sample
preparation data associated with
these analyses was destroyed,
preventing any calculation or
analysis of the resulting data.”28
he problem of samples being tested
and failing speciications and then being
retested until they pass speciications,
and the company then reporting the
subsequent results without conducting an investigation (or conducting an
inadequate investigation) into the initial
failures, is one that repeatedly has resulted in FDA enforcement action.29
Discarding Data
A related practice that raises data integrity concerns for FDA is the practice of
FDLI
deleting data. In its warning letter to
RPG, for example, FDA took the company to task for deleting an out-of-speciication (OOS) result that the company
did not like, stating: “Your irm did not
report or investigate this OOS result, and
deleted the related electronic records.
During our inspection, your analyst
admitted that he also deleted other
uninvestigated failing and/or OOS electronic data from the laboratory database
. . . prior to our inspection.”30 FDA’s
warning letter to Wockhardt similarly
was critical of the company because its
“quality control HPLC raw data iles can
be deleted from the hard drive using
the common [personal computer] PC
login used by all . . . analysts,” and FDA
“investigators found that several of the
HPLCs had the audit trail functions
disabled.”31 FDA has said that in these
types of circumstances—where “laboratory analysts [have] access to delete and
overwrite [an instrument’s] raw data”
and the “instrument [does] not have
suicient controls to prevent unauthorized access to, changes to, or omission of
data iles and folders”—the consequence
is that all “testing results for which no
raw data exists are in doubt.”32 his is
a wrongful act that recurs repeatedly in
data integrity cases.33 Such manipulation
and fabrication of data raise classic data
integrity concerns.
likely to cause FDA to call into question
the integrity of its data—and then take
action to protect their credibility with
the agency by ensuring that company
personnel do not engage in such conduct.
Companies must be able to show FDA
that they have the “basic capability”35 to
prevent the fabrication or manipulation
of data, the deletion of records, and other
GLP and cGMP violations that undermine data integrity. FDLI
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
Conclusion
No company wants to receive a communication from FDA that says that the
“lack of reliability and accuracy of data
generated by your irm’s laboratory [or
manufacturing operations] is a serious
CGMP [or GLP] deiciency that raises
concerns with all data generated by your
irm.”34 To prevent such a calamity, drug
manufacturers should know and understand the types of laboratory and manufacturing activities and practices that are
15.
16.
FDA, Notice, Fraud, Untrue Statements of Material Facts, Bribery, and
Illegal Gratuities; Final Policy, 56 Fed.
Reg. 46,191, 46,192 (Sep. 10, 1991)
[hereinafter “AIP”].
Warning Letter from Steven Lynn,
Director, Ofice of Manufacturing and
Product Quality (“OMPQ”), Ofice of
Compliance (“OC”), Center for Drug
Evaluation and Research (“CDER”),
FDA, to Eaga Purushotham, Chairman
& Managing Director, Smruthi Organics Ltd. (Mar. 6, 2014), at 3 [hereinafter
“Smruthi Warning Letter”].
See id.
FD&C Act § 505(b)(1)(A).
See 21 C.F.R. § 314.50(d)(2)-(3), (5).
Id. § 314.50(d)(5)(iv).
Id. § 314.94(a)(7)(i).
FD&C Act § 505(e); see also 21 C.F.R.
§ 314.150(a)(2)(iv).
See 18 U.S.C. § 1001(a).
See generally 21 C.F.R. pt. 58.
See id. § 211.180(d).
See AIP, 56 Fed. Reg. at 46,192.
FDA, Application Integrity Policy Procedures § 1-1-3(9) (Mar. 5, 1998).
See Alicia M. Mozzachio, Branch
Chief, Division of International Drug
Quality, CDER, FDA, Slide Presentation, “The Nuts & Bolts of CGMPs:
Recent Guidances for Industry and
Inspectional Trends,” FDLI Conference
on Understanding CGMPs—What
Attorneys Need to Know (July 15, 2014),
at 15, available at http://www.fdli.org/
conferences/conference-pages/2014-cgmps/agenda-slides.
See id.
Department of Justice, News Release,
Generic Drug Manufacturer Ranbaxy
Pleads Guilty and Agrees to Pay $500
Million to Resolve False Claims Allegations, cGMP Violations and False
Statements to the FDA (May 13, 2013),
November/December 2014
UPDATE
9
Enforcement
17.
18.
19.
20.
21.
22.
23.
available at http://www.justice.gov/opa/
pr/2013/May/13-civ-542.html.
FDA, News Release, FDA prohibits
Ranbaxy’s Toansa, India facility from
producing and distributing drugs for
the U.S. market: Another Ranbaxy facility added to existing consent decree
(Jan. 23, 2014), available at http://www.
fda.gov/newsevents/newsroom/pressannouncements/ucm382736.htm.
FDA, Application Integrity Policy List
(updated Oct. 12, 2011), available at
http://www.fda.gov/iceci/enforcementactions/applicationintegritypolicy/
ucm134453.htm.
Warning Letter from Steven J. Lynn,
Director, OMPQ, OC, CDER, FDA,
to Prashant Kumar Tewari, Managing
Director, USV Ltd. (Feb. 6, 2014), at 2
[hereinafter “USV Warning Letter”].
Letter from Thomas Cosgrove, Acting
Director, OMPQ, CDER, FDA, to Hua
Lirong, CEO, Zhejiang Jiuzhou Pharmaceutical Co., Ltd. (July 9, 2014), at 3.
Id.; accord USV Warning Letter at 2.
Warning Letter from Michael D.
Smedley, Acting Director, OMPQ, OC,
CDER, FDA, to Ajit Singh Chouhan,
Managing Director, RPG Life Sciences
Ltd. (May 28, 2013), at 4 [hereinafter
“RPG Warning Letter”].
Warning Letter from Michael Smedley
acting for Steven Lynn, Director,
OMPQ, OC, Center for Drug Evaluation and Research, FDA, to Bhailalbhai
Nathabhai Patel, Managing Director,
Canton Laboratories Private Ltd. (Feb.
27, 2014), at 1 [hereinafter “Canton
Warning Letter”].
24. Smruthi Warning Letter at 2; see also
Letter from Thomas J. Cosgrove, Acting Director, OMPQ, OC, CDER, FDA,
to Bhavesh Patel, Managing Director,
Marck Biosciences Ltd. (July 8, 2014),
at 1-2 (“Our inspection revealed ‘unoficial’ visual inspection records, signed
by production personnel, with data
that is different from the oficial batch
records reviewed by your irm’s quality
unit.”) [hereinafter “Marck Warning
Letter”].
25. Canton Warning Letter at 1.
26. See Marck Warning Letter at 3 (senior
manager falsiied documents to show
effectiveness of cGMP training
by “pre-illing out the answers to
post-training comprehension assessment questions and entering the names
of employees on these documents.”).
27. Warning Letter from Sean Y. Kassim,
Ph.D., Acting Director, Ofice of Scientiic Investigations, OC, CDER, FDA,
to Rajan S. Bawa, Ph.D., President, Colorado Histo-Prep (Mar. 11, 2014), at 4.
Pfizer is proud to support
The Food and Drug Law Institute’s
Conference on Europe v. U.S.
Food, Drug, Device & Tobacco Regulation & Policy
Warning Letter from Michael D.
Smedley, Acting Director, OMPQ, OC,
CDER, FDA, to Habil Khorakiwala,
Chairman & Group CEO, Wockhardt
Ltd. (July 18, 2013), at 4 [hereinafter
“Wockhardt Warning Letter”]; see
also Warning Letter from Michael D.
Smedley, Acting Director, OMPQ,
OC, CDER, FDA, to Mats Henriksson,
President & CEO, Fresenius Kabi AG
(July 1, 2013), at 1-2 (“Our review .
. . found that your irm was testing
samples unoficially, and not reporting
all results obtained.”).
29. See, e.g., Letter from Thomas Cosgrove, Acting Director, OMPQ, OC,
CDER, FDA, to Jeremy B. Desai,
President & Chief Executive Oficer,
Apotex, Inc. (June 16, 2014), at 3
(“The inspection revealed that batch
samples were retested until acceptable
results were obtained.”); Warning
Letter from Michael Smedley, Deputy
Director, OMPQ, OC, CDER, FDA, to
Subramanian Kalyanasundaram, Chief
Executive Oficer, Sun Pharmaceutical
Industries, Ltd. (May 7, 2014), at 2
(“Failing or otherwise atypical results
were not included in the oficial laboratory control records, not reported,
and not investigated.”) [hereinafter
“Sun Warning Letter”]; RPG Warning
Letter at 2 (“[Y]our irm repeated these
assays, and selectively reported only
the passing retest values in the inal assay results, then disregarded the initial
[out of speciication] OOS data without
conducting investigations.”).
30. RPG Warning Letter at 5; see also
Smruthi Warning Letter at 1 (“There
was no written explanation for deletion
events observed on audit trails for your
standalone HPLC units.”).
31. Wockhardt Warning Letter at 4.
32. Canton Warning Letter at 1-2.
33. See, e.g., Sun Warning Letter at 2
(“The software . . . on the computers
used to control the . . . instruments
allowed your analysts to delete iles
from the computer’s hard drive with
no audit trail or other adequate form of
traceability in the operating system to
document the deletion activity.”).
34. Canton Warning Letter at 3.
35. Id.
28.
This article presents the views of the author and do not necessarily reflect those of Hunton &
Williams LLP or its clients. The information presented is for general information and education
purposes. No legal advice is intended to be conveyed; readers should consult with legal counsel
with respect to any legal advice they require related to the subject matter of the article.
10
UPDATE
November/December 2014
www.fdli.org