Pharma companies need to fine-tune their security policies and implement best practices to safeguard data integrity By Prathiba Raju
Maintaining data to ensure traceability of a drug batch to its origin is the most important responsibility of a pharmaceutical company. Data integration asserts that medicines are accurate, complete, attributable, legible, intact and maintained within their original context, including their relationship to secondary data records. It is a worrying trend that Indian pharma companies have been regular defaulters. Between 2004 and 2012, there has been a seven-fold rise in issuance of warning letters by the US Food and Drug Administration (US FDA) to Indian companies and the trend continues even now.
The CRISIL analysis of the FDA warning letters reveals that there has been an increase in letters being issued to India which was nearly 70 per cent in 2015 and around 37 per cent till August, 2016. Additionally, 14 per cent of the FDA-approved plants in India were on import alerts. Since January 2010, there have been 65 regulatory actions such as issuance of warning letters and import alerts on domestic drug makers.
Noting that the pharma industry has to strengthen its systems and controls to address data integrity issues effectively, Akshay Chitgopekar, Director, CRISIL Ratings, said, “Analysis of warning letters in the last six years shows that data integrity issues are cited in more than 85 per cent of cases relating to domestic plants compared to less than 25 per cent for Canada and Germany.”
Further, the CRISIL ratings on 283 pharma companies indicated that in past three years, 16 of them have been under regulatory scrutiny. This has reduced their exports to the developed markets, leading to a slowdown in revenue growth and dipped it to single digits in two years from over 20 per cent earlier, resulting in a sharp fall in the operating profitability as well. However, ratings on more than 80 per cent of these pharma companies have remained unchanged.
Apprising that the data integrity is fundamental in a pharma quality system, as it ensures that medicines are of the required quality, Rajiv Joshi, Partner, Fraud Investigation and Dispute Services, EY India, said, “It’s evident from regulatory actions worldwide that the lack of data integrity can have an adverse impact on manufacturers, stakeholders but above all on patients who consume the drugs. Hence, it is of paramount importance to ensure robust and continuous compliance with data integrity norms by the pharmaceutical sector, to boost regulatory confidence and regain patient trust.”
When it comes to pharma, data integrity is a requirement throughout a product’s lifecycle — from R&D to product development, clinical trials, manufacturing, testing and dispatch. A company that is desirous of manufacturing and exporting to any regulated market must comply with data integrity norms, which is an inherent subset of current Good Manufacturing Practices (cGMP), Good Laboratory Practices (cGLP) and Good Clinical Practices (cGCP) norms.
Spelling out the importance of data integrity further, Anil Khanna, Independent Strategic Consultant and Investment Banker, suggested that it impacts the quality, efficacy and safety of the drug that a consumer takes with a blind faith in the company it belongs to.
“When it comes to safety, quality and data integrity issues, before Ranbaxy issue flared up, regulators in the US and Europe accepted the data submitted by an Indian pharma company at the face value. They never questioned it. However, Ranbaxy episode in 2013 changed the scenario. What was euphemistically called as ‘data documentation issue’ was actually a case of systemic manipulation of manufacturing records. Ranbaxy was the tipping point,” Khanna said.
Three years ago India-based Ranbaxy Laboratories had to pay a fine of $500 million for gross violation in methods of testing medicine and for manufacturing substandard drugs in a settlement agreement with the US Department of Justice.
“Though the issue of data integrity is a worldwide issue, Indian pharma is under an increased scrutiny by the regulators, after the Ranbaxy episode,” Khanna informed.
This is a clear indication that increased awareness for data integrity norms is the need of the hour for both regulatory authorities as well as pharma manufacturers. Timely enforcement by Indian regulators will definitely help the Indian pharma sector.
Need of concerted efforts
Improving data integrity requires concerted effort as it’s vital and needs continuous recording of information which is getting generated within the lifecycle of a new discovery, a new cure and its translation from the lab into a patient’s body; be it oral dosage, injectable or otherwise. Hence, the integrity of this record or data is critical to ensure if at a later point there is a need to validate potential gaps. This is evident from the spate of regulatory inspections and resultant regulatory actions that pharma and medical device companies globally are experiencing.
“A proactive approach to assess the quality systems is recommended instead of reactive approach which may involve remediation activities undertaken after possible backlash from regulators. A proactive approach also helps in managing the opportunity cost and unnecessary business distractions, resulting from the remediation efforts,” Joshi said.
Informing that documentation should be clear, accurate and identifying the ‘who-what-when-where-why-how’ along with anomalies, Sudesh Anand Shetty, Partner Lifesciences Head, KPMG, shared that the data integrity should follow ALCOA — attributable, legible long lasting, complete, original and accurate —method as the data integrity needs to be both inherent and explicit.
“Like people mature, so do regulations. Perhaps, we need increased visibility into the coverage and frequency of inspections, as also train our inspectors for focused data integrity checks – which our industry is being beaten up for in the recent past. Indian regulatory bodies like Central Drugs Standard Control Organisation (CDSCO) and Drug Controller General (India) (DCG(I) are now defining clear inspection checklist for inspectors – which will provide guidance on how inspections are to be conducted, which aspects are to be seen, etc. Indian Pharmaceutical Association (IPA) is also in the process of defining data integrity guidance for the Indian pharma industry. So while the impetus and initiative are there, combining these with hands on-trainings conducted by experienced data integrity personnel will bolster our norms and implementation far more than ever before,” says Shetty.
A senior official from CDSCO requesting anonymity informed Express Pharma that data integrity is crucial, but such problems need to be focused. For that they are upgrading the skill of the employees working in pharma manufacturing companies via a certification programme, which will help them to understand the importance of data integrity and IT integration.
“The certification programme developed by Lifescience Skill Sector Development Council will be effective from 2018. The objective of the course will be to enhance and enable organisations to effectively meet quality standards. It will help and improve domestic drug makers to come out with quality pharma products and be aware and comply with the procedures. The course is mandatory as no person can be employed without a formal diploma or degree,” the senior CDSCO official stated.
The EY survey ‘Analyzing the state of Data Integrity Compliance in the Indian pharmaceutical industry’ notes that Government of India is more vigilant and is emphasising on GMP compliance guidelines as it focuses on the ‘Make in India’ initiative, and commitment to battling fraud and corruption, the pharma industry is being watched very closely to recoup and lead the initiative.
“The government is more vigilant and is emphasising on GMP compliance guidelines set by global, central and state regulators. While the pharma industry is committed to gear up on quality and compliance, the remedy for the industry now is to get more proactive in its quality compliance drives. The same can be done by adopting regular internal and external data integrity assessments to identify gaps if any, such as to identify if laboratory test data files have been deleted outside of routine archiving process, monitor data to identify potential trial runs, re-processed files and use of common or shared login ID and password. The company will then have to get into the root cause of these issues and address the gaps without camouflaging or hiding facts, as data integrity essentially is, “do as you say, and say as you do,” the EY report says.
The report further adds that even companies with a good track record with regulators and regardless of the existing or anticipated GMP compliance concerns should initiate periodical proactive data integrity assessments to assess their current state of quality compliance. This not only acts as self-assurance, but may also provide comfort to regulators, customers, investors on the management’s commitment to quality and compliance.
According to Chitgopekar, regulatory mechanisms and regulations differ across regulators as regulations are constantly evolving. He says there is also an increasing talk of greater coordination between regulators of different countries on some key aspects. “Convergence of key regulatory standards across regulators over a period of time can strengthen regulatory oversight, lower cost of compliance for companies and get access to highest quality drugs for patients irrespective of their location,” he said.
Key root causes of data integrity issues
Shortage of manpower: Shortage of staff and excessive work pressure can lead to inaccurate and incomplete documentation.
Quantity over quality: Employees may be forced to compromise the acceptable quality levels in order to meet production targets or dispatch timelines.
Lack of awareness: Often, employees are not trained or inadequately trained to understand GMPs. This causes employees to consider activities as a chore rather than understanding their relevance in light of GMP.
Effectiveness of trainings: While the company may hire the best international trainers, employees mentioned that there were language and accent barriers, which prevented the employees from understanding the content, thereby making the training redundant.
Source: EY survey titled, “Analyzing the state of Data Integrity Compliance in the Indian pharmaceutical industry”
According to CDSCO, there has been a subsequent rise in inspections by local regulatory bodies in India. In December 2014, Maharashtra FDA inspected more than 50 facilities to assess compliance with GMP requirements. It has been reported that representatives of the State FDA have identified 250 companies certified by the CDSCO for conducting surprise checks.
As per EY reports, recently the US FDA has invited Indian officials, both at Central and State government levels, to accompany its team while inspecting pharma units within the country. This will help Indian regulators mature with respect to conduct inspections, liaise with international regulators, and communicate GMP compliance expectations of international regulators to the Indian pharma industry.
To improve data integrity issues, more senior management intervention, stronger quality culture and strong reporting hierarchy at the plant level is required.
Drug makers vs regulations
Despite scrutiny, drug makers still have been able to hold on to their ratings. Things could change if pharma companies enhanced its capabilities in managing data, processes, and compliance. Remediation time for these regulatory actions should be judiciously completed to avert warning letters and import alerts.
As per CRISIL ratings of the 54 warning letters issued to India between January 1, 2010 and August 9, 2016, only three warning letters were resolved and closed. In the case of Germany, of the 10 warning letters issued, four are already closed and six out of 12 warning letters are already closed for Canada.
“Inadequate data control, data deletion and un-investigated out-of-specification results have been some of the serious observations commonly raised by the US FDA over the past several years. Companies need to regularly invest to stay abreast of cGMP requirements. They need to keep learning from ongoing inspections and regulatory actions and are invest in ramping up their facilities to meet the expectations of the regulators. While companies do maintain and implement their set of Standard Operating Procedures (SOP), what is required is to align them dynamically with the US FDA requirements. The investments towards regulatory compliance warrant a holistic and root-cause based approach rather than a piece-meal approach that only addresses specific regulatory observations,” informed Chitgopekar.
Industry experts also highlight that compliance with essentials of 21 CFR 11 is necessary, as it enables audit trail of laboratory systems, respect unique user ID and password at all times, ensure that administration rights are with the right people and department and computer systems are validated and so on.
“Having an integrated periodical proactive data integrity assessment programme, accompanied by upgraded computer systems in line with 21 CFR 11, will not only aid the progress of Indian pharma companies, but also improve the industry’s tarnished image,” the EY report underlined.
Nevertheless, the heightened regulatory scrutiny and programme by regulators help Indian pharma companies improve quality standards and compliance in long term even though it’s a pain to endure in the short to medium term, particularly for those under scrutiny. And as it spruces up amid regulatory glare in the road ahead, it will emerge structurally stronger.
Smooth road ahead
A majority of the large Indian pharma companies, particularly those exporting to the US, are aware of the prescribed standards. Data integrity is not just an Indian phenomenon, but a global issue many countries grapple with. The compliance with regulatory requirements needs to be bolstered, with India’s share of scrutiny being disproportionately high as its share of US FDA approved plants is high.
Data integrity is a serious infraction, remediation time tends to be longer and there is a risk of future scrutiny unless quality systems are spruced up. Players under scrutiny are likely to see some impact on revenue and profitability. Depending on the severity of issues/ regulatory action, experts opine that it is hurdle which Indian pharma companies would surpass.
Terming data integrity as a global challenge-cum-opportunity, Shetty said, “I say opportunity because it is human behaviour to remain in our comfort zones. If we get pushed beyond that limit we feel uncomfortable – but growth in fact is beyond that zone. Do we need to do a lot of work to become compliant? Yes, I suppose we do. Reports indicate that we have lost trust of regulators and perhaps even of patients. Having said that, I am confident that Indian pharma industry will emerge out of this situation successfully demonstrating to the world that we are most committed and disciplined to our mission. It is a matter of time and with sincere intent. we will be out of the situation of non-compliance,” he said.
Companies should invest in data integrity for survival and growth, the way they do for R&D. Data integrity and compliance is a cycle which will help to win back trust of all stakeholders – patients, regulators, employees and shareholders, eventually yielding immediate benefits. Patient’s preference on the company’s drugs and market share increase will be the immediate outcomes. Employees will feel more confident about their product and perform better with performance bonus. Finally, regulators will be assured of management’s commitment on quality and compliance.
As a result, pending and future application approvals will become more promising. This will boost the management’s morale that doing the right thing and developing safe and effective products only guarantees success. Clearly, it’s a good cycle to be in.