The US Food and Drug Administration (FDA) has released a draft guidance document on decentralized clinical trials (DCTs) for drugs, biological products, and medical devices. This guidance outlines the FDA’s recommendations for designing, executing, and evaluating these trials and provides guidance on ensuring patient safety and the accuracy of the data generated. Additionally, it includes information on how sponsors of these types of trials can use emerging technologies and remote monitoring methods to conduct the trials while still ensuring the safety of patients and the accuracy of the results.

The post White Paper – FDA Draft Guidance Summary Decentralized Clinical Trials for Drugs, Biological Products, and Devices appeared first on Astrix.

As evidence of its interest in quality metrics, the FDA published an initial draft guidance in July of 2015 encouraging firms foster a culture of quality and continuous improvement, and signaling its intent to establish a quality metrics reporting program requiring the submission of quality metrics data. A year and a half later (November 2016), responding to comments and some pushback by industry stakeholders, the FDA released a revised draft guidance entitled “Submission of Quality Metrics Data: Guidance for Industry.”

In this latest revised draft guidance, the FDA initiates a voluntary reporting phase of the FDA quality metrics reporting program as a prelude to the eventual mandatory requirement for the submission of quality metrics data. Effectively, this revised draft guidance is a gift from the FDA that establishes a “practice” period for companies to get their quality management program and metrics in alignment with what will eventually become FDA rules on quality metric submission. As the FDA states in the revised guidance, “FDA does not intend to take enforcement action based on errors in a quality metrics data submission made as a part of this voluntary phase of the reporting program, provided the submission is made in good faith.”

While the voluntary program is focused on finished drug products and API manufacturing, all manufacturers may report quality metrics data (e.g., atypical active ingredients, excipient manufacturers). The FDA also notes that participation in the voluntary reporting program outlined in the draft guidance provides an opportunity to demonstrate a commitment to transparency and a willingness to proactively engage with the agency. In other words, participation in this “voluntary” program is a good way to create good relations with the FDA.

Pharmaceutical and biologics manufacturers would be well-advised to become familiar with the program outlined in the FDA’s revised draft guidance on quality metrics, so that they can begin to develop and implement appropriate standard operating procedures (SOPs) and quality management system (QMS) solutions. There are a number of important takeaways in the FDA’s revised draft guidance on quality metrics. In this blog, we’ll detail some of the more noteworthy aspects of the guidance that companies and labs should be paying attention to.

Overview of The FDA Quality Metrics Guidance

Some of the key details contained in the FDA revised guidance on quality metrics include:

The FDA’s objectives for the quality metrics program. As stated in the guidance document, the FDA’s goals behind the publication of this revised draft guidance are to:

• Establish a signal detection program as one factor in identifying establishments and products that may pose significant risk to consumers
• Identify situations in which there may be a risk for drug supply disruptions and engage proactively with manufacturers to mitigate the likelihood of their occurrence
• Improve the FDA’s evaluation of drug manufacturing and control operations
• Help prepare for, direct and improve the effectiveness of establishment inspections
• Use the calculated metrics as an element of the post-approval manufacturing change reporting program with an emphasis on encouraging lifecycle manufacturing improvement

Dates for Voluntary Quality Metrics Reporting. As described in the Notice of Availability (NOA) for the revised draft guidance, the FDA intends to open an electronic portal in January 2018 to begin receiving voluntary submissions of quality metrics data that was generated in 2017.

Metrics to be Reported for Voluntary Program. The quality metrics data described in this draft guidance is produced in the course of manufacturing drugs in compliance with cGMP. The metrics that the FDA is asking establishments to report in this voluntary program are:

• Lot acceptance rate (LAR) as an indicator of manufacturing process performance. LAR is the number of accepted lots in a timeframe divided by the number of lots started by the same establishment in the current reporting timeline.
• Product Quality Complaint Rate as an indicator of patient or customer feedback. PQCR is defined as the number of product quality complaints received for the product divided by the total number of dosage units distributed in the current reporting timeframe.
• Invalidated Out-of-Specification (OOS) Rate (IOOSR) as an indicator of laboratory operation and performance. IOOSR is defined as the number of OOS test results for lot release and long-term stability testing invalidated by the reporting establishment due to an aberration of the measurement process divided by the total number of lot release and long-term stability OOS test results in the current reporting timeframe.

Appendix B of the Guidance helps to define these metrics with clarifying examples which will help companies with their internal definitions. Any questions that an establishment may have about their specific situation when gathering this data can be emailed to: OPQ-OS-QualityMetrics@fda.hhs.gov.

Additional Quality Metrics Recommended. The quality metrics requested for the voluntary program are not intended to be all-inclusive. Manufacturers are encouraged to utilize additional quality metrics in their day-to-day QC operations that are deemed necessary to evaluate a product’s or manufacturer’s quality. Additional metrics may be added to the FDA’s future mandatory quality metrics reporting program. Also, additional metrics, or lack thereof, may be evaluated in an FDA inspection of manufacturing facilities.

How to Submit Quality Metrics for the Voluntary Reporting Program. Reporting establishments should submit quality metrics reports where the data is segmented on a quarterly basis throughout a single calendar year. Appendix A of the draft guidance contains a description of the quality metrics data elements that are relevant for different business segments/types. Additionally, a revised version of the Quality Metrics Technical Conformance Guide that describes additional technical details will be released soon. Finally, the FDA expects to publish a Federal Register notice providing further instructions on the submission of voluntary reports no fewer than 30 days before the electronic portal is opened.

Both Product and Site Quality Metric Reports Will be Accepted. The FDA will permit establishments to submit data in this voluntary quality metrics reporting program in two formats – by site segmented by product, or by product segmented by site. This allows companies to submit the data in the way that works best for them. That said, the Agency does prefer data segmented by product, because it demonstrates effective control over the manufacturing process for drugs over the entire the supply chain.

Special Considerations for Products Imported/Manufactured Outside the United States. The FDA recognizes that it may be extremely difficult to identify started lots, rejected lots, and OOS results that are manufactured by CMOs that are not in the United States. The FDA therefore allows voluntary reports to contain data from lots not imported with the data from lots that are imported, provided that the manufacturing process for both uses the same process and controls data. Product quality complaint rate (PQCR) data, however, should be collected only for drugs that are imported, intended for import or manufactured in the United States.

Optional Comment Field Within Quality Metrics Report.  Reporting establishments can submit a comment of up to 300 words with their quality metrics report in order to explain anomalous data or report any plans for quality improvement. As the guidance explains, comments “may describe special situations, such as natural disasters, the use of emerging technology, or describe the manufacturing supply chain or a plan for improvement.” The FDA “may refer to the comments if unusual data trends are identified, or in preparation for an on-site inspection.”

Mandatory Quality Metrics Reporting Will Eventually be Implemented. After data collection in 2018, the portal accepting voluntary submissions of quality metrics data will be closed and the FDA will begin data analysis. Once this analysis is complete, the FDA will share on its website what it has learned from the voluntary phase of the reporting program, and also initiate notice and comment rulemaking to develop it’s mandatory reporting program.

Quality Metrics Reporters List Will be Published. Upon completing analysis of the data from the voluntary quality metrics reporting program, the FDA will publish a list of the companies that participated in this voluntary reporting phase on its website. The reporting establishments in this list will be broken down into product and site report categories, and then tiered based on how much quality metric data was reported. The FDA feels this list may be useful for:

• Establishments within the pharmaceutical manufacturing industry as one element of a robust outsourcer or supplier selection process.
• Healthcare purchasing organizations, healthcare providers, patients, and consumers in sourcing drugs.

Key Quality Management System Takeaways for Manufacturers

In order to submit data that is in alignment with this new revised quality metrics draft guidance, product owners will need to choose between submitting data organized by product or site. While the FDA prefers data organized by product, gathering the metrics by product across the entire supply chain will be more involved than by site. Manufacturers will likely need to redesign their quality metrics dashboards and management review process to be able to facilitate consistency in quality practices across the enterprise and partners. The following recommendations may be helpful in adjusting quality management systems to meet the new guidelines:

• Appropriate dashboard KPIs need to be determined and defined prior to implementing system that aggregates data for the dashboard.
• The quality system should contain policies and procedures that validate that information is funneling to the dashboard as intended and assure the appropriate level of data visibility by management provided by the dashboard.
• KPIs in the dashboard should align with requirements outlined in the FDA revised draft guidance, and include clear definitions that include data standards.
• Individuals manually entering source data should receive proper training on proper policies and procedures.
• Review of KPI targets should occur on a regular basis. Assessments should be regularly conducted to identify poor performance in order to drive corrective action plans.

Conclusion

With the release of this revised guidance document of the submission of quality metrics data, the FDA continues to encourage pharmaceutical manufacturers to implement a modern, risk-based quality management system as part of its mission to protect public health. The FDA’s grand vision is for the pharmaceutical industry to shift from a culture of compliance and rules to a culture of quality, where quality protocols are built into every process. While this revised guidance outlines a voluntary program for submission of quality metric data, a mandatory program is coming. Manufacturers would therefore be wise to utilize this voluntary phase to take a hard look at their quality systems maturity and begin to focus on how quality metrics are defined, collected, organized, verified and reported. Manufacturers will need to review their quality metrics management and reporting systems, identify any gaps in data collection, and take steps to bring systems into alignment with the metrics program guidelines. Manufacturers who take these steps now will avoid the hassle of being forced to make these changes under accelerated timelines later, and will reap the financial and customer loyalty benefits that come with producing quality products

The post What the FDA’s Quality Metrics Reporting Program Means for Your Lab appeared first on Astrix.

In the years following the creation of Part 11, there was much discussion and confusion in the pharmaceutical industry regarding what it meant and how it would be enforced. Additionally, concerns were raised by many in the industry that the new regulation would significantly increase the cost of compliance and discourage innovation and technological advances. In response to these issues, the FDA released a guidance document in 2003 entitled “Part 11, Electronic Records; Electronic Signatures – Scope and Application,” which was intended to provide a practical interpretation of Part 11 and clear up industry confusion around its interpretation and enforcement. This guidance document clarified that the Agency intended to interpret the scope of part 11 narrowly and exercise enforcement discretion with regard to part 11 requirements for validation, audit trails, record retention, and record copying.

In the years since the 2003 guidance document was issued, there has been significant technological advances (e.g., cloud computing, mobile devices, etc.), and a proliferation of third-party vendors offering services for electronic systems. In order to address some of the questions that have arisen regarding Part 11 regulations due to the ongoing digitization of data in clinical trials, the FDA issued a draft guidance for industry titled “Use of Electronic Records and Electronic Signatures in Clinical Investigations Under 21 CFR Part 11 – Questions and Answers” in June of 2017.

This most recent draft guidance on electronic records and signatures clarifies, updates and expands upon the recommendations related to clinical trials in the 2003 guidance, and provides information to sponsors, institutional review boards (IRBs), clinical investigators, and clinical research organizations (CROs) on the use of electronic records and signatures in clinical trials conducted under 21 CFR parts 312 and 812. Let’s examine this new guidance document in detail in order to determine what it means for those involved in generating and signing electronic records in clinical investigations.

Scope of the FDA Guidance

In this new guidance document, the FDA affirms that it will continue to support a narrow and practical interpretation of Part 11, while at the same time reminding sponsors that electronic records must be maintained or submitted in a manner which satisfies all predicate rules. Additionally, this guidance clarifies and expands upon the policy announced in the 2003 part 11 guidance that encourages a “risk-based approach to the validation of electronic systems, implementation of electronic audit trails, and archiving of electronic records.”

This guidance document applies to electronic records and signatures in the following categories:

• Records kept in electronic format in lieu of paper that are required for clinical investigations of medical products. This includes all records that would be necessary for the FDA to reconstruct a study.
• Electronic records that are relied on to perform regulated clinical study activities.
• Records pertaining to clinical investigations that are submitted to FDA in electronic format under predicate rules, even if these records are not explicitly identified in FDA regulations.
• Electronic signatures required for clinical investigations that are intended to be the equivalent of handwritten signatures executed on paper.

The following electronic systems used in clinical investigations are addressed by the guidance in terms of their applicability to Part 11 requirements:

• Electronic systems, whether commercial off-the-shelf (COTS) or customized, that are owned or managed by sponsors and other regulated entities
• Electronic services that are outsourced by the sponsor or other regulated entities
• Electronic systems that are primarily used in the delivery of medical care
• Mobile technology and telecommunications systems

Overview of the FDA Guidance

The information communicated in this guidance document is extensive. The guidance provides 28 questions and answers (Q&A) detailing how sponsors, IRBs, clinical investigators, and CROs can ensure that electronic records and signatures are equivalent to paper ones and thus meet agency requirements. The bulk (24) of these Q&A cover the scope and application of Part 11 requirements in clinical investigations and are organized into 5 topics – Electronic Systems Owned or Managed by Sponsors and Other Regulated Entities, Outsourced Electronic Services, Electronic Systems Primarily Used in the Provision of Medical Care, Mobile Technology, Telecommunication Systems. A final section contains 4 Q&A that are dedicated to clarifying the appropriate use of Electronic Signatures.

Let’s look at some of the key expectations communicated by the guidance:

Electronic Systems Owned or Managed by Sponsors and Other Regulated Entities

The FDA lists a number of electronic systems used in clinical investigations that are owned or managed by sponsors or other regulated entities (e.g., CROs, IRBs) include: electronic case report forms (eCRFs), electronic data capture (EDC) systems, electronic trial master forms (eTMFs), electronic Clinical Data Management System (eCDMS), and others. Requirements and recommendations specified in this guidance for these systems include:

• Risk-Based Approach to Validation – Electronic systems should be validated if they are used to process/produce critical records that are submitted to the FDA. The FDA suggests a risk-based approach to validation, where the extent of validation varies from that which is defined by “internal business practice and needs” for off-the-shelf business tools in general use (e.g., word processors, spreadsheets, etc.), to “user acceptance testing, dynamic testing, and stress testing” for customized tools that have been developed to meet a unique business need. When determining the level of validation for a given system, sponsors and other regulated entities should consider the purpose and significance of the record (i.e., the extent of error that can be tolerated in the record without compromising its reliability and utility), and the attributes and intended use of the electronic system used to produce the record.
• FDA Inspections of Electronic Systems – The FDA will focus on documentation of system validation for both the implementation of these electronic systems, as well as any changes made (e.g., upgrades, security patches, new instrumentation, etc.) to the system once in use. Migrations of source data to other systems or formats will be checked to ensure that the data is not altered in value or meaning in the process. Additionally, the FDA will review standard operation procedures (SOPs) and support mechanisms (e.g., training, technical support, audits, etc.) to ensure that the system is being used and functioning in the manner intended.
• Vendor Audits – Sponsors and other regulated entities should use a risk-based approach in determining whether or not to perform vendor audits. To minimize time and cost burdens, the FDA suggests sponsors and other regulated entities consider “periodic, but shared audits conducted by trusted third parties.”
• Security Safeguards – In order to assure compliance with 21 CFR Part 11.10 and 11.30, sponsors and other regulated entities must ensure that procedures and processes are in place to limit access to the electronic systems utilized in clinical investigation to appropriate, authorized users. Additionally, external security safeguards (e.g., firewalls, anti-spyware, antivirus, etc.), need to be in place to prevent, detect and mitigate the effects of computer viruses, worms and other harmful software code on study data and software.
• Electronic Storage for Archiving Study-Related Records – Using a durable electronic storage device to archive a study-related record at the end of a clinical study is acceptable. Sponsors and other regulated entities should ensure that the content and meaning of the record and the integrity of the original data are preserved. If these records are archived in such a way that they can be searched, sorted, or analyzed, sponsors should provide electronic copies with the same capability to the FDA during an inspection if it is reasonable and technically feasible.
• Investigative Sites Outside the United States – The FDA states that if a non-U.S. site is conducting a clinical trial under an investigational new drug application (IND, then both the sponsor and the site must follow FDA regulations – Part 11 requirements will apply to any required records kept in electronic format.

Outsourced Electronic Services

When outsourcing electronic services (e.g., data management services, cloud computing services), sponsors and other regulated entities are ultimately responsible for ensuring that all regulatory requirements are met. As such, sponsors and other regulated entities need to ensure:

• the authenticity, reliability and security of any data used to support a marketing application for a medicinal product.
• that regulated records and data are available to FDA during an investigation or an inspection.
• that outsourced electronic services are validated when appropriate – documentation of SOPs and results for validation testing should be obtained from the outsourced electronic service vendor.

Sponsors and other regulated entities should form service agreements with any outsourced electronic service vendor, but before entering into such an agreement, the sponsor or other regulated entity should evaluate and select an electronic service vendor based on their ability to meet part 11 requirements and data security safeguards.

Sponsors and other regulated entities should be able to provide the following information to the FDA upon request at each of their regulated facilities that utilize outsourced electronic services:

• Specified requirements of the outsourced electronic service
• A service agreement defining what is expected from the electronic service vendor
• Procedures for the electronic service vendor to notify the sponsor or other regulated entity of changes and incidents with the service

Mobile Technology

The guidance document addresses the use of mobile devices in clinical trials, whether the device is provided by the sponsor or brought by the study participant. Mobile technology in this guidance document refers to portable electronic technology used in clinical trials that enables off-site, remote data capture from study participants – mobile platforms, mobile applications, wearable biosensors, and other portable, implantable and ingestible electronic devices. Requirements and recommendations specified in this guidance for mobile technology include:

• Access Controls – Sponsors should implement user access controls (e.g., ID code, username and password, electronic thumbprints, other biometrics) for mobile technology used by study participants in clinical trials to ensure that data entrees come from study participants. In cases where these controls are not practical, sponsors should obtain a signed declaration from study participants confirming that they will be the only ones using the device.
• Source Data – As mobile technology typically only stores data collected from study participants for a very short period of time before being transmitted to the sponsor, the FDA indicates that “…the first permanent record is located in the sponsor’s EDC system or the HER, and not in the mobile technology.”
• Validation of Mobile Technology – The guidance suggests a risk-based approach to validation of mobile technology. Sponsors should validate mobile technology before use in a clinical trial to ensure that a measured value is reliably captured, transmitted and recorded in the sponsor’s EDC system. Note that validation is specific to Part 11 and does not address performance of the mobile technology, which should follow standard medical device validation requirements.
• Audit Trails – When mobile technology is used to transfer data to the sponsor’s EDC system (or to the EHR and then the sponsor’s EDC), the audit trail begins at the time the data enters the sponsor’s EDC system. The EDC system should capture the date and time the data entered, as well as the data originator (study participant, mobile technology or EHR).
• Security Safeguards – Data transmitted wirelessly from a mobile device to a sponsor’s EDC must be encrypted both at rest and in transit to ensure confidentiality and prevent access by malicious parties. In addition to encryption and user access controls, sponsors should implement remote wiping and disabling of devices, firewalls, and procedures for wiping all stored health information on mobile devices before reusing or discarding to ensure confidentiality.
• Training – The FDA expects sponsors, clinical investigators, study personnel, and study participants to be adequately trained on the use of any mobile technology that is used in a clinical trial.

Electronic Signatures

To be considered the equivalent of handwritten signatures, electronic signatures must comply with Part 11 requirements. Nevertheless, in this guidance document, the FDA communicates flexibility in terms of the methods it will accept for the creation and verification of electronic signatures and biometrics.

• Methods of Creating Electronic Signatures – The Agency states that Part 11 allows for a wide variety of methods for creating electronic signatures – computer-readable ID cards, biometrics, digital signatures, and username/password combinations. All signatures on electronically signed documents need to be accompanied by a computer-generated, time-stamped audit trail.
• Verification of Identity of Those Who Create Electronic Signatures – Part 11 requires that organizations “verify the identity of an individual before the organization establishes, assigns, or otherwise sanctions an individual’s electronic signature or any element of such electronic signature.” However, the FDA does not specify any particular method for verifying the identity of an individual. Methods suggested include: birth certificate, government-issued passport, driver’s license, security questions.
• Biometrics – The FDA defines biometrics as “a method of verifying an individual’s identity based on measurements of the individual’s physical features or repeatable actions where those features and/or actions are both unique to that individual and measurable.” The FDA does not specify any particular biometric method upon which an individual’s signature should be based. Examples given as possible options include: fingerprints, hand geometry (i.e., finger lengths and palm size), iris patterns, retinal patterns, or voice prints.

In addition, the FDA provides important guidance regarding electronic signatures by an individual during a period of controlled system access: “When an individual logs into an electronic system using a username and password, it is not necessary to re-enter the username when an individual executes a series of signings during a single, continuous period of controlled system access. After a user has logged into a system using a unique username and password, all signatures during the period of controlled system access can be performed using the password alone.”

Conclusion

The information contained in the FDA’s new guidance document on electronic records and signatures is extensive, and signifies that the Agency is increasingly focused on data integrity in the electronic records submitted in support of new drug approvals. While this guidance is focused on electronic records and signatures in clinical trial documents, the concepts and recommendations outlined are applicable for any operational system that must conform to Part 11 requirements. Organizations would therefore be wise to consider the information communicated in this guidance document when implementing electronic records and signatures across the product lifecycle.

Additionally, partnering with a quality informatics consulting firm that specializes in data integrity and computer system validation in order to assess the status of your organization’s 21 CFR Part 11 compliance may be an effective path forward. Such a firm can help you define your  needs/requirements, and then determine the best business solution(s) that will bring your organization into regulatory compliance.

The post What the New FDA Guidance on Electronic Records and Signatures Means for Clinical Trials appeared first on Astrix.

All of the data integrity principles that were developed for the paper and ink era still apply to electronic systems and data capture. However, there are several trends in the pharmaceutical industry that make data integrity compliance especially challenging for today’s laboratories:

• increased utilization of electronic technologies
• increased availability and usability of data
• evolving data integrity regulations around electronic technologies
• evolving business models (e.g., globalization)

Regulatory agencies worldwide are increasingly focusing their efforts on data integrity in GxP laboratories. This increased focus has led to a number of guidance documents being published recently on data integrity, including:

• The World Health Organization (WHO) published its final version of “Good Data and Records Management Practices” guidance document in 2016
• The European Medicines Agency (EMA) issued good manufacturing practice (GMP) guidance to ensure the integrity of data in August of 2016
• The Food and Drug Administration (FDA) issued a “Data Integrity and Compliance With cGMP” guidance document in April of 2016
• MHRA published ‘GXP’ Data Integrity Guidance and Definitions in March of 2018

With the spotlight of global regulatory inspections shining on data integrity in Manufacturing and GMP areas, you need to know what’s new and what the impact is on data integrity in GxP. Astrix Technology Group recently sponsored a webinar conducted by Joseph Franchetti, FDA Regulatory Compliance Specialist, that highlighted the current thinking of regulatory agencies on data integrity. In this blog, we will provide a summary of some of the most important points made by Mr. Franchetti in this webinar for your review.

Data Integrity Regulations

Important GMP regulatory requirements were described in 21 CFR Part 211:

• Instruments must be qualified and fit for purpose
• Software must be validated
• Any calculations used must be verified
• Data generated in an analysis must be backed up
• Reagents and reference solutions should be prepared correctly with appropriate records
• Methods used must be documented and approved
• Methods used must be verified under actual conditions of use
• Data generated and transformed must meet the criterion of scientific soundness
• Test data must be accurate and complete and follow procedures
• Data and reportable value must be checked by a second individual to ensure accuracy, completeness, and conformance with procedures
• Laboratory control records should include complete data derived from all tests conducted to ensure compliance with established specifications and standards, including examinations and assays.

In this last point, “complete data” refers to raw data/observations generated in the course of an analysis, the associated metadata which helps to provide the proper context, and the audit trail when using computerized systems that shows how and why the data has been modified and who it has been modified by.

Recent Guidance Documents on Data Integrity

While companies in the United States typically look to the FDA for guidance on data integrity regulations, it can also be valuable to stay up to date with regulatory guidance published by agencies in other parts of the world, as regulatory agencies worldwide are all moving in the same direction with respect to thinking on data integrity. Towards that end, the Medicines and Heathcare products Regulatory Agency (MHRA) in the United Kingdom published a guidance document in March 2015 entitled GMP Data Integrity Definitions and Guidance for Industry.

This guidance document made a number of helpful suggestions for systems (both electronic and paper-based) designed to ensure data integrity. These systems should include:

• Access to clocks (synchronized) for recording timed events
• Accessibility of batch records at locations where activities take place so that ad hoc data recording and later transcription to official records is not necessary
• Control (free access) over blank paper templates for raw data recording
• User access rights which prevent, or audit trail, data amendments
• Automated data capture or printers attached to equipment such as balances, pH meters, etc.
• Proximity of printers to relevant activity
• Control of physical parameters (time, space, equipment) that permit performance of tasks and recording of data as required
• Access to sampling points (e.g., for water systems)
• Access to raw data for staff performing data checking activities

This guidance document also defined an acronym ALCOA+ which helps to define important characteristics the principles necessary for data integrity:

ALCOA

Attributable – Data must contain information about who performed an action and when? If a record is changed, who did it and why? This information should be linked to the source data.

Legible – Data must be recorded permanently in a durable medium and be readable.

Contemporaneous – The data should be recorded at the time the work is performed and the date/time stamps should follow in order

Original – Recorded data records should be the original record or a certified true copy.

Accurate – Any data errors or editing of data are recorded with documented amendments.

ALCOA+

Complete – Data records should contain all data including repeat or reanalysis performed on the sample (21 CFR 211.194)

Consistent – There should be consistent application of data time stamps in the expected sequence.

Enduring – Data should be recorded in a permanent, maintainable form for the useful life.

Available – Data should be available/accessible for review/audit for the life-time of the record.

This document also sets the expectation that pharmaceutical companies, importers and contract labs will review the effectiveness of their data governance systems to ensure data integrity, and that companies outsourcing activities should verify the adequacy of comparable systems at the contract acceptor.

Two other recent guidance documents that contain valuable information and are worth going through are MHRA’s ‘GXP’ Data Integrity Guidance and Definitions published in March 2018 and the FDA’s Data Integrity and Compliance With cGMP published in April 2016.

Meeting Regulatory Expectations

Data integrity issues happen for a number of reasons. Some of the more common include:

• Ignoring SOPs to meet deadlines.
• Insufficient education & understanding amongst personnel
• Insufficient data integrity controls built into informatics systems
• Improper or nonexistent instrument qualification and computer system validation procedures
• Cutting corners to save money.
• Lack of regular internal and/or external data integrity audits
• Lack of a culture of quality – difficult to fix, as it involves people.

It is important to develop a data integrity strategy to mitigate risks across the full data lifecycle. This strategy should contain the following elements:

• Predict Violations – Predict the most likely data integrity breaches by identifying vulnerabilities within the organization.
• Prevent Violations – Train employees, design & validate systems, add security to systems, focus on external sources (e.g., contractors, vendors, etc.), establish Good Documentation Practices (GDPs), educate and enforce good behaviors.
• Detect Violations – Monitor and identify issues not predicted or prevented to provide rapid response through data and audit trail review, system administrative audit trail review, and internal and/or external audits.
• Respond to Violations – Efficient management of efforts to develop policy, address audit findings and produce corrective actions.

Most companies are not proactive with regard to data integrity (predict, prevent, detect) and are thus mostly responding to data integrity violations.

With respect to data governance, the PIC/S 2016 draft guidance document sets the expectation that organizations will design systems that “ensure that data, irrespective of the process, format or technology in which it is generated, recorded, processed, retained, retrieved and used will ensure a complete, consistent and accurate record throughout the data lifecycle.” Pharmaceutical companies should consider the design, operation and monitoring of each of the following processes to comply with the principles:

• Data development
• Database operations management
• Data security management
• Reference and master data management
• Data warehousing and business intelligence management
• Document and content management
• Metadata management
• Data quality management
• Data architecture management

The PIC/S document recommends a risk-based approach to data governance, where “Manufacturers and analytical laboratories should design and operate a system which provides an acceptable state of control based on the data integrity risk, and which is fully documented with supporting rationale.”

Finally, there are a number steps that are important for organizations to take in order to ensure compliance with data integrity regulations:

• Embed verification activities into internal audit processes.
• Enforce Good Documentation Practices
• Train your internal auditors to understand what to look for when detecting data integrity deficiencies.
• Create an awareness among staff so they can assist with this endeavor, and report concerns before they become full-fledged issues
• Seek quality external support to assure completely unbiased, third-party investigations and/or to enhance your internal investigation program.

Why Astrix

Astrix Technology Group is a laboratory informatics consulting, regulatory advisory, and professional services firm focused on serving the scientific community since 1995. Astrix professionals have the skills and expertise necessary to architect, implement, integrate and support best in class solutions for your organization’s laboratory environment.

Our professionals can also help to ensure that your laboratory systems and staff comply with the FDA’s data integrity mandates. We provide experienced professionals knowledgeable about FDA regulations to conduct a thorough data integrity assessment of your laboratory informatics environment to identify data integrity risks. Working with an external consultant that has expertise in data integrity evaluations to audit your laboratory environment is best practice, as an expert with fresh eyes will be able to effectively locate issues you missed.

Conclusion

Regardless of the regulatory authority, all guidance documents have the same flavor around the foundational terminology and information on technology controls. Compliance with electronic data integrity requires a fairly complex design that not all out-of-the-box systems have in place. All organizations utilizing electronic systems must implement risk-based controls for data integrity, as these controls serve to both prevent and detect data integrity issues.

Data integrity is maintained through processes and procedures, training and vigilance:

• Detailed system use and maintenance procedures with data integrity discipline built-in.
• Strict, verified adherence to procedures.
• Regular training for applicable personnel focusing on data integrity topics

The post Navigating Global Regulations and Guidance Around Data Integrity Guidance appeared first on Astrix.

Over the last decade, a new technology known as next generation sequencing (NGS) has been paving the way for precision medicine (PM) – a more personalized approach where disease prevention and treatment is tailored to the individual based on their genetics, environment and lifestyle. The goal of PM is to be able to prescribe the right treatments to the right patients at the right time.

Unlike traditional diagnostics which measure a limited number of analytes, NGS can identify millions of DNA variants in a single test, allowing scientists to identify or ‘sequence’ large sections of a person’s DNA in just a couple of hours. Access to human genetic profiles is allowing researchers to identify disease-causing variants and develop treatments, and clinicians to match patients to suitable treatments with increasing precision. Advances in PM have already led to a variety of FDA-approved treatments that are tailored to an individual’s genetic profile, or the genetic profile of a tumor.

Over the past several years, the FDA has been working with stakeholders from across the genomics community to develop regulations that encourage innovation and ensure that genetic tests provide accurate and meaningful results for patients. On April 13, 2018, the FDA issued two separate finalized guidance documents related to next-generation sequencing (NGS):  

• Use of Public Human Genetic Variant Databases to Support Clinical Validity for Genetic and Genomic-Based In Vitro Diagnostics
• Considerations for Design, Development, and Analytical Validation of Next Generation Sequencing (NGS) – Based In Vitro Diagnostics (IVDs) Intended to Aid in the Diagnosis of Suspected Germline Diseases

These guidance documents provide NGS test developers with recommendations for designing, developing and validating tests, as well as using genetic variant databases to support clinical validity.

With these new guidance documents, the FDA has laid out a flexible and adaptive regulatory approach that accommodates the rapidly evolving nature of NGS technologies, streamlined the regulatory pathway for NGS-based tests, and provided a reasonable assurance of testing safety and effectiveness. Let’s take a look at some of the key parts of these guidance documents.  

Guidance on Public Genetic Variant Databases to Support Clinical Validity

Increasing use of NGS technologies in both research and clinical settings is supporting the identification of many new genetic variants that can hold much clinical significance. Unfortunately, this information is often stored in a manner that is not accessible to researchers. The new FDA guidance encourages the creation of FDA-recognized public genetic variant databases to promote data sharing of evidence that supports the clinical validity of genetic and genomic-based tests. Such databases will aggregate and curate reports of human genotype-phenotype relationships to a disease or condition and include publicly available documentation of evidence supporting such linkages.

To become an FDA-recognized publicly available human genetic variant database that can be used to support clinical validity of genetic variant assertions, the database must meet the following criteria:

• Operates in a manner which provides sufficient information and assurances to assess the quality of its source data, evidence review, and assertions regarding variants
• Provides transparency regarding its data sources, how it operates, and how it evaluates variant evidence
• Collects, stores, and reports data and conclusions in compliance with all applicable requirements regarding protected health information, patient privacy, research subject protections, and data security
• Contains genetic variant information generated using validated methods.

The new Guidance outlines a three-step process for genetic variant databases to gain recognition from the FDA:

• Voluntary submission of detailed information (outlined in the Guidance) about the database to the FDA
• FDA reviews genetic variant database policies and procedures for maintaining data and making variant assertions
• The database must be maintained in a way that satisfies FDA standards for recognition and undergoes regular reviews.

Once a genetic variant database is recognized by the FDA, its assertions can be relied on in a premarket submission without requiring any additional scientific evidence. For companies developing genetic tests, being able to rely on the vast information available in public databases to verify clinical validity of the test means a faster path to FDA marketing clearance. The FDA hopes that this guidance will encourage crowdsourcing of clinical evidence, curating and data sharing in order to advance the development of high-quality PM treatments and diagnostics.

Guidance on Design, Development and Validation of NGS-Based In Vitro Diagnostics

This guidance document is part of the FDA’s efforts to create a flexible and adaptive approach to regulation of next generation sequencing (NGS)-based tests that will serve to foster innovation and also assure that the tests are accurate and meaningful. In this guidance, the FDA outlines important considerations for designing, developing and establishing the analytical validity of NGS-based tests intended to aid in diagnosis of germline diseases (conditions arising from inherited or de novo germline variants). This guidance does not apply to NGS-based tests designed for other purposes.   

The FDA intends the recommendations in this guidance to assist test developers directly. Additionally, given that the FDA has a widely used standards recognition program that facilitates use of consensus standards to meet premarket submission requirements for devices, and since standards can more rapidly evolve with changes in technology, the FDA intends the recommendations in this guidance to inform and hopefully spur the development of consensus standards by experts in the genomics community.

The FDA believes the recommendations in this guidance may serve to reasonably assure the safety and effectiveness of these tests, which would allow NGS-based tests intended to aid in the diagnosis of suspected germline diseases to be candidates for classification as Class II (moderate risk) devices via the de novo process. If classified as class II, subsequent NGS-based tests would be reviewed through the 510(k) program, significantly streamlining the review process. The hope is that, with adherence to the recommendations in this guidance (or consensus standards that address them), along with the utilization of FDA-recognized publicly available human genetic variant databases as described in previous section, the FDA can consider exempting these kinds of NGS-based tests from premarket review in the future.

The specific recommendations in this guidance for NGS-based germline tests are extensive. Some of the aspects addressed include:

• Test Design Considerations – design standards to ensure a test consistently meets performance metrics appropriate for the indications for use of the test (e.g., define the specific indications for use for a given test, document specific test features that are needed to assure development of a test that meets users’ needs, document acceptable specimen types to be used for the test, etc.)
• Test Performance Characteristics – set of performance metrics that should be assessed when analytically validating NGS-based tests intended to aid in the diagnosis of suspected germline diseases (e.g., test accuracy, test reproducibility and repeatability, limit of detection, analytical specificity, etc.)
• Quality Metrics – suggested test run quality metrics used to determine if tests should be accepted (e.g., coverage thresholds, performance thresholds, specimen quality, strand bias, etc.)
• Recommendations for Performance Evaluation Studies – features to incorporate when evaluating test performance (e.g., perform validation studies, evaluate and document accuracy by comparison to a method identified as appropriate comparator by FDA, use specimens that reflect actual specimen type and population test is indicated for, assess test limits, etc.)
• Presentation of Test Performance in Labeling – describes what information should be included in labeling to document test performance (e.g., aspects of test design, specimen type, results for test accuracy and precision/reproducibility, probability of test failure, limitations, etc.)
• Test Reports – describes information that should be included in test reports (e.g., relationship between reported variants and the clinical presentation, description of genomic and chromosomal regions detected by the test, performance study summary, etc.)
• Modifications – provides guidelines for documentation, validation and resubmission when modifications are made to approved 501(k) devices)

Conclusion

The new field of genomic testing and research is experiencing dramatic growth due to a rapidly evolving technology base. The new FDA guidance documents described above provide a flexible framework to generate the data needed to facilitate the FDA’s review of NGS-based tests. As such, these guidance documents help to ensure that NGS-based tests provide accurate and meaningful results, while at the same time lowering the barrier to innovation by giving developers new tools that support efficient test development and validation. Ultimately, it is patients who will benefit, as these FDA recommendations will be utilized to speed the development of high-quality precision medicine treatments and diagnostics that will improve patient outcomes.

About Astrix

For over 25 years, Astrix has been a market-leader in delivering innovative solutions through world class people, process, and technology that fundamentally improves scientific outcomes and quality of life everywhere. Founded by scientists to solve the unique challenges life sciences and other science-based business face, Astrix offers a growing array of strategic, technical, and staffing services designed to deliver value to clients across their organizations.

The post FDA’s Guidance on Genetic Testing: What You Need to Know appeared first on Astrix.

The FDA first identified failures in data governance and data integrity in the year 2000 with a warning letter issued to Schein Pharmaceuticals that cited lack of proper controls over computerized laboratory systems. In the years since, the FDA focus on compliance with data integrity regulations in facility inspections has increased significantly. We have written extensively about how the FDA defines data integrity and the current FDA regulations and guidance in this area. For more information on these subjects, see here and here and here.

Enforcement actions by the FDA due to failure to comply with data integrity regulations can result in serious financial consequences for an organization due to facility shutdown, product recalls, import and/or distribution bans, delayed or denied drug approvals, substantial remediation costs, and loss of customers due to a damaged reputation. In addition, manufacturers who are found in violation of data integrity regulations may lose the trust of the FDA and face more frequent and in-depth inspections in the future.

As such, it is critical for organizations to take appropriate steps to ensure compliance with applicable data integrity regulations governing the production of pharmaceutical drugs. In this blog, we will discuss recent trends in FDA warning letters and 483s in the pharmaceutical industry with regards to data integrity, and also highlight the importance and benefits of incorporating independent data integrity assessments into your organization’s quality management system (QMS) as part of cGMP audit programs.

FDA Form 483s and Warning Letters

The FDA conducts all inspections of regulated products, research sites and manufacturers through its Office of Regulatory Affairs (ORA). When the FDA inspects a pharmaceutical company’s facility, they can either show up unannounced or alert the company ahead of time. Once the inspection is complete, the inspectors can communicate any observed conditions and/or practices that may be in violation of FDA requirements through a Form 483 or a warning letter. While both of these documents serve to inform sponsors and principal investigators of issues that require corrective action, there are important differences in terms of the seriousness of the infraction(s) being highlighted:

FDA Form 483

An FDA Form 483 is essentially a list of identified regulatory deficiencies that an ORA inspector provides to company management at the end of an inspection. As the FDA expects that these deficiencies will be remediated, it is important to respond thoughtfully to the FDA within 15 days detailing your plan for corrective actions in order to avoid a warning letter. A Form 483 response will usually require input from many different aspects of your organization, so it should be all hands on deck upon receiving the 483 to facilitate a good response detailing a comprehensive plan of action within 15 days.

FDA Warning Letter

An FDA warning letter is issued by ORA inspectors for more serious compliance deficiencies, often involving previous Form 483s that have not been effectively remediated. Warning letters should be taken very seriously and answered in a timely fashion within the required time frame. A comprehensive remediation plan needs to be developed, implemented and adhered to, along with consistent communication with the FDA during the process to avoid further enforcement actions.

Trends in Pharmaceutical Company Form 483s and Warning Letters Citing Data Integrity Violations

The Big Data and AI Analytics firm Govzilla found that, regardless of company size, roughly 50% of all global drug 483s that have been issued over the 5 year period from 2014-2018 cite data integrity concerns. Data integrity violations are even more prevalent in warning letters, with 79% of global drug warning letters during this period citing data integrity issues. Additionally, the total number of FDA warning letters referencing data integrity deficiencies has increased significantly in recent years.

While 21 CFR Part 11 is known as the data integrity rule, deficiencies in Part 11 are rarely cited in 483s or warning letters – almost all deficiencies cited are failures to comply with cGMP predicate rules (specifically, 21 CFR Parts 210, 211 and 212). Two predicate rules that are frequently cited are Parts 211.68 and 211.194.

Part 211.68 specifies requirements for “Automatic, Mechanical and Electronic Equipment.” Common citations in this area include:

• The company did not implement effective computer system controls to ensure only authorized individuals had access to the systems.
• Access was not consistent with appropriate roles and responsibilities. For example, laboratory analysts could delete or modify data, change configuration settings (e.g., disable audit trails), could adjust date and time stamps for electronic data to falsify the date/time when data was initially acquired.
• Data was not backed up appropriately to allow data reconstruction activities in future.
• Audit trail data did not match data in printed chromatograms.

Part 211.194 is cited when companies do not review and include all relevant data when making lot release decisions. Common citations in this area include:

• Companies fail to review critical data and/or metadata that would allow them to identify out of specification (OOS) events that require investigation in lot release decisions.
• The company falsifies test results, destroys data, or does not have the data necessary to support a test result.
• Laboratory analysts reprocess or manipulate data, or delete OOS data, so the result will meet acceptance criteria.

Other recently cited deficiencies include:

• Utilizing “pre-injections” of product samples outside of full sample sets to determine if results pass acceptance criteria, and then deleting/ignoring results if they fail.
• Disabling audit trails intermittently to obscure results
• Deletions or modifications of results
• Use of integration suppression settings to minimize data that would likely cause an OOS result
• Aborting test runs with no justification

One common theme in recent warning letters to pharmaceutical companies has been the clear and consistent encouragement by the FDA to employ “independent” data integrity assessments as part of the strategy for remediating identified issues. A few examples include:

• On August 10^th, 2018, a warning letter was issued to the manufacturing facility of Kyowa Hakko Bio Co., Ltd. in Japan that stated: “We recommend that a qualified third party with specific expertise in the area where potential breaches were identified should evaluate all data integrity lapses.”
• On March 26^th, 2019, a warning letter was issued to the manufacturing facility of Winder Laboratories, LLC in Georgia that stated: “Your quality system does not adequately ensure the accuracy and integrity of data to support the safety, effectiveness, and quality of the drugs you manufacture…. We strongly recommend that you retain a qualified consultant to assist in your remediation.”
• On June 13^th 2019, a warning letter was issued to the manufacturing facility of Akorn Inc. in Illinois that stated: “Your quality system does not adequately ensure the accuracy and integrity of data to support the safety, effectiveness, and quality of the drugs you manufacture…. We acknowledge that you are using a consultant to audit your operation and assist in meeting FDA requirements.”

Conclusion

Data integrity is a growing focus of the FDA, and it is therefore critical for organizations to ensure compliance with applicable data integrity regulations governing the production of pharmaceutical drugs. While this blog specifically highlights FDA trends in Form 483s and warning letters for pharmaceutical drug manufacturers, the recommendations communicated are also applicable to biotech companies, clinical research and CROs, medical device manufacturers, R&D laboratories, etc.

In order to ensure compliance, working with an external consultant that has expertise in data integrity evaluations to audit your laboratory environment is best practice, as an expert with fresh eyes will be able to effectively locate data integrity issues you missed. A data integrity assessment performed by a qualified team of regulatory experts provides a number of important benefits for your organization:

• Strengthens Your Organization’s Data Integrity Focus – Helps reinforce the fact that your organization is committed to data integrity compliance for all company employees.
• Provides Peace of Mind – You know that your data integrity issues have been identified and are being addressed.
• Reduces Costs – The cost of remediating data integrity issues identified by the FDA is generally much more significant than when the issues are proactively identified and corrected internally.
• Stay Focused on Your Core Business – Proactively identifying and correcting data integrity issues allows your organization to spend less time on compliance issues so you can stay focused on your core business.

Astrix Technology Group has an experienced team of expert informatics consultants that bring together technical, strategic, regulatory and content knowledge to provide the most effective solutions to problems faced by scientific organizations. Astrix provides experienced professionals knowledgeable about FDA regulations to conduct a thorough assessment of your laboratory informatics environment to identify data integrity risks. If you have any questions about Astrix Technology Group service offerings, or if you would like have an initial consultation with someone to explore how to reduce your compliance risk around data integrity, don’t hesitate to contact us.

The post Trends in FDA Data Integrity 483s and Warning Letters for Pharmaceutical Companies appeared first on Astrix.