290 likes | 409 Views
November 16, 2004. Taming the New Clinical System Compliance Requirements. 1.02 Regulatory Issues in Pharmaceutical Product Development. Michael Breggar Global Director Life Sciences Life Science and Health Care Regulatory Practice Deloitte & Touche LLP.
E N D
November 16, 2004 Taming the New Clinical System Compliance Requirements 1.02 Regulatory Issues in Pharmaceutical Product Development Michael BreggarGlobal Director Life Sciences Life Science and Health Care Regulatory Practice Deloitte & Touche LLP
September 2004 FDA released Draft Guidance geared towards CDER CBER CDRH CFSAN CVM ORA Overview
Table of contents hints at what the document contains and how to best understand the document Document deals with: System requirements System features System security and data integrity Data entry and operation Controls (including SOPs) Training Electronic signatures “Part 11 Revisited – Revisited” Reference to 21 CFR Part 11 is made 64 times Take a look:
The 21 CFR Part 11 Regulation – A Bird’s Eye View • Defines specific technical and procedural requirements for the design, use, and implementation of computer systems, devices and instruments that create, modify, maintain, archive and retrieve electronic records in support of our client’s current and drugs and developmental pipeline products • Technical - achieved by the computer hardware or software • Procedural - achieved by people and policies • Scope is any system used for the research, manufacture, packaging, holding or monitoring of any FDA regulated product • Is the “oversight” regulation to already established rules that govern our business (Good Clinical Practices, Good Manufacturing Practices, Good Laboratory Practices)
Electronic Records Any combination of data represented in digital form that is created, modified, maintained, archived, retrieved or distributed electronically The regulation defines the criteria for making electronic records equivalent in FDA’s eyes to traditional paper records Electronic Signatures The act of signing/approving using electronic means instead of traditional handwriting - replaces human signatures Use is voluntary, if used, the regulation defines the criteria for accepting electronic signatures in place of handwritten signatures The system must be able to associate the username/ password with a person and identify the meaning of the signature (approval of a clinical study report for example) Two Components to the Regulation: • Electronic collection of clinical trial data • Data collection from laboratory instruments • Electronic batch record processing • Electronic tracking and disbursement of raw materials Using a unique username and password to approve case report form data, to approve promotional or advertising pieces, or to release raw materials or samples for use.
Part 11--ELECTRONIC RECORDS; ELECTRONIC SIGNATURES Subpart A--General Provisions Sec. 11.1 Scope. 11.2 Implementation. 11.3 Definitions. Subpart B--Electronic Records 11.10 Controls for closed systems. 11.30 Controls for open systems. 11.50 Signature manifestations. 11.70 Signature/record binding. Subpart C--Electronic Signature 11.100 General requirements. 11.200 Identification mechanisms and controls. 11.300 Controls for identification codes/passwords. AUTHORITY: Secs. 201-902 of the Federal Food, Drug, and Cosmetic Act, 52 Stat. 1040 etseq., as amended (21 U.S.C. 301-392).
A challenge of interpretation (Early)… • What are “open vs. closed” systems? • CLOSED SYSTEMS: ... “an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.” • OPEN SYSTEMS: … “an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.”
A challenge of interpretation (Later)… • What systems do I really need to be concerned about? • How do I apply the “predicate rule” • When does a record become an electronic record? Companies need to articulate their own answers to these questions… … build a foundation to support validation and Part 11 … THEN remediate
Compliance and Technology Issues Part 11 Compliance Requirements • Validation of the system • Demonstrate ability to generate accurate and complete copies of record in both human readable and electronic form • Demonstrate that records can be accurately and readily retrieved during the records retention period • Limiting of system access to authorized individuals • Use of secure, computer-generated, time-stamped audit trails to independently record the date and time of operator entries and actions that create, modify, or delete electronic records. (NOTE: the audit trail itself becomes an “electronic record” subject to requirements of Part 11) • Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate • Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand
Compliance and Technology Issues Part 11 Compliance Requirements • Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction • Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks • Written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification • Use of appropriate controls over systems documentation including: • Adequate controls over the distribution of, access to, and use of documentation for system operation and maintenance • Revision and change control procedures to maintain an audit trail that documents time-sequenced development and modification of systems documentation • Approved standard operating procedures around system operation, usage and maintenance -- employees and supervisors trained in the procedures
Clinical System “Principles” • Identify the steps which involve computerized systems • Identify hw/sw being used • System must support requirements in the protocol itself • System must have error “filters” (“…preclude errors in data creation, modification, maintenance, archiving, retrieval, transmission…” • Record retention rules per GCP (“Retaining the original source document…at the site where the investigation was conducted…”) • When data is entered directly into the system, the electronic record is the source document. • Audit trails recommended • Data attributable to the individual subjects • Security measures put in place
Other details… • SOPs • Detail about the system (setup) • Data collection and handling • System maintenance • Backup, archive, disaster recovery (including alternative recording methods) • Security • Change control • System Access and Security • Audit Trails • Date and Time Stamps • Record retention/retrieval • Reliability/validation • Change control • Training
What FDA Investigators may look for: • Record Keeping. Company’s SOPs on providing electronic and paper records upon FDA request • Audit Trails. System’s capability to automatically capture “who, what, when and where” • Security. Record or trace of changes introduced to records • Access and Passwords. Level of sophistication and difficulty to decipher and impost passwords. Screen savers, reentries and other common practices in-site • Training. Proof that IT professionals and all employees have been trained on Part 11, computer system validation in general and other procedural documentation • Administrative Controls. SOPs on system operation and maintenance • Documentation. Functional requirements and specifications, modules interaction and system validation • Internal reviews. Evidence of internal audits from QA/QC staff • Corrective action plans and Validation. Evidence of assessment of existing systems, time frame for corrections, and validation and progress to date
Part 11 magic words: Content, technology and process must be SECURE Must be an AUDIT TRAIL for critical data Must be VALIDATED E-Signatures must have MEANING Bottom Line: Part 11 Compliant and Validated • The Big Five for Validation: • Requirements definition • System design • Testing • Documentation • Change control/maintenance
November 16, 2004 Pre-marketing Risk Assessments:The Future of Clinical Trials 1.02 Regulatory Issues in Pharmaceutical Product Development Gregory V. Page, PhD FDA Life Sciences Practice Leader Life Science and Health Care Regulatory Practice Deloitte & Touche LLP
PDUFA III & Risk Management • On June 12, 2002, Congress reauthorized, for the second time, the Prescription Drug User Fee Act (PDUFA III) under which FDA agreed to meet certain performance goals • One of those goals was to produce guidance for industry on risk management activities for drug and biological products. • As an initial step towards satisfying that goal, FDA issued three concept papers focused on various aspects of risk management, including • (1) conducting premarketing risk assessment, • (2) developing and implementing risk minimization tools, • (3) performing postmarketing pharmacovigilance and pharmacoepidemiologic assessments. • After Public Comment, FDA issued three draft guidance documents on risk management activities: • Premarketing Risk Assessment (Premarketing Guidance) • Development and Use of Risk Minimization Action Plans (RiskMAP Guidance) • Good Pharmacovigilance Practices and Pharmacoepidemiologic Assessment (Pharmacovigilance Guidance)
Premarketing Risk Assessment –Agency Focal Points • I. INTRODUCTION • BACKGROUND • PDUFA III Guidance Performance Goal • Overview of the Risk Management Guidances • III. THE ROLE OF RISK ASSESSMENT IN RISK MANAGEMENT • IV. GENERATING RISK IINFORMATION DURING CLINICAL TRIALS • Size of premarketing safety database • Considerations for development of premarketing safety database • Detecting unanticipated interactions as part of safety assessment • Developing comparative safety data • SPECIAL CONSIDERATIONS FOR RISK ASSESSMENT • Risk Assessment During Product Development • Safety Aspects That Should Be Addressed During Product Development • Risk Assessment and Minimizing the Potential for Medication Errors • DATA ANALYSIS AND PRESENTATION • Describing Adverse Events to Identify Safety Signals • Analyzing Temporal or Other Associations • Analyzing Dose Effect as a Contribution to Risk Assessment • Role of Data Pooling in Risk Assessment • Using Pooled Data During Risk Assessment • Rigorous Ascertainment of Reasons for Withdrawals from Studies • Long Term Follow-up • Important Aspects of Data Presentation
What Is Risk Assessment? • Risk assessment is the process of • Identifying, • Estimating, and • Evaluating the nature and severity of risks associated with a product. • Risk assessment consists of identifying and characterizing the nature, frequency, and severity of the risks associated with the use of a product • Risk management is an iterative process designed to optimize the benefit-risk balance for regulated products • Requires ongoing review and evaluation • The Premarketing Risk Assessment Guidance document focuses on risk assessment during clinical development, particularly in phase 3 studies Deloitte POV: The Agency views risk assessment as a continual process of reviews, evaluations and re-assessments – Industry must adapt
What Is Risk Assessment? • Risk assessment occurs throughout a product's lifecycle, • Beginning with the early identification of a product as a candidate, through the premarketing development process, all the way thru to post-marketing studies • To develop arisk management plan and perform post-approvalpharmacovigilance, it is important to have as good an idea as possible of the product's underlying risks and benefits prior to approval • This process entails ensuring that the body of evidence generated by the clinical trials not only defines the product's effectiveness, but also comprehensively describes its safety (as required by the FD&C Act, which calls for the conduct of all tests reasonably applicable to evaluate a drug's safety) Deloitte POV: A critical component of FDA approval process will now include an evaluation how well the pre-marketing/phase 3 studies define that product’s safety profile within a risk/benefit framework
Generating Risk Information During Clinical Trials • Providing detailed guidance on what constitutes an adequate safety database for all products is impossible • The nature and extent of safety data that would provide sufficient information about risk for purposes of approving a product are individualized decisions based on a number of factors • Decisions on approvability will be based upon both existing risk information and safety questions as part of a product’s risk assessment. If the product offers no new benefits, the risk levels must be low • FDA recommends that sponsors pay careful attention to safety issues from the outset of the product development cycle • Investigate potential problems that may be suspected from preclinical data • As experience accrues, refine or modify a products safety evaluations Deloitte POV: FDA’s focus on risk/benefit data requires continual review, evaluation and documentation of pre-market safety data
Considerations for Developing a Premarketing Safety Database • Although the characteristics of an appropriate safety database are product-specific, some general principles can be applied • Efforts to ensure the quality and completeness of a safety database should be comparable to those made to support efficacy • If data from multiple trials is used when assessing safety, it is critical to examine terminology, assessment methods, and use of standard terms to be sure that information is not obscured or distorted • Evaluation of the reasons for leaving a study (deaths, dropouts, etc) are particularly important to understanding a product’s safety profile Deloitte POV: FDA views safety as the critical component leading to product approval – If your product isn’t a blockbuster – you must have data to support it’s safety (good safety data doesn’t hurt with blockbusters either)
Development of a Premarketing Safety Database – Specific Issues • Size of the Premarketing Safety Database • Even large clinical development programs cannot reasonably be expected to identify all risks associated with a product. Some risks become apparent only when a product is used in tens of thousands or even millions of patients in the general population. However, the larger and more comprehensive a preapproval database, the more likely it is that serious adverse events will be detected. • The appropriate size of a safety database supporting a new product will depend on a number of factors specific to that product, including: • Its novelty (i.e., whether it represents a new treatment or is similar to available treatment) • The potential advantages of the product over existing therapy • The intended population • The intended duration of use
Development of a Premarketing Safety Database – Specific Issues • Long-Term Controlled Safety Studies • It is common clinical practice for much of the long-term patient exposure data to come from single-arm or uncontrolled studies • It may be preferable to develop controlled, long-term safety data • A Diverse Safety Database • Phase 3 safety databases should include a diverse population • FDA recommends that, to the extent feasible, only patients with obvious contraindications be excluded from study entry in phase 3 trials. • Inclusion of a diverse population allows for the development of safety data in a broader population that includes patients previously excluded from clinical trials, such as the elderly, patients with concomitant diseases, and patients taking multiple medications. • Broadening inclusion criteria in phase 3 studies enhances the generalizability of study findings and may, therefore, allow the product to be labeled for broader use.
Development of a Premarketing Safety Database – Specific Issues • Exploring Dose Effects Throughout the Clinical Program • Currently, it is common for only one or two doses to be studied beyond phase 2. • FDA believes that a number of characteristics common to many phase 2 studies limit the ability of these trials to provide definitive data on exposure-response, or adequate data for definitive phase 3 dose selection including; • Shorter durations of exposure • Common use of pharmacodynamic (PD) endpoints, rather than clinical outcomes • Smaller numbers of patients exposed • Narrowly restrictive entry criteria • Deloitte POV: • The agency is recommending expanding Phase 3 studies • Bigger, longer, more comprehensive, more diverse clinical studies will become the norm • Added time and costs do not appear to enter into the FDA’s thinking , despite the agency’s stated goals of getting products to market faster • These proposed study designs present serious challenges to the industry
Development of a Premarketing Safety Database – Specific Issues • Detecting Unanticipated Interactions as Part of a Safety Assessment • No clinical pharmacology program can guarantee a full understanding of all possible risks related to product interactions. • Risk assessment programs should address a number of potential interactions during controlled safety and effectiveness trials, including: • Drug-drug interactions • Product-demographic relationships — increased study population diversity (gender, age, and race, etc) • Product-disease interactions — by ensuring sufficient variability in disease state and concomitant diseases • Product-dietary supplement interactions — for commonly used supplements that are likely to be co-administered Deloitte POV: Expanded studies to define previously unknown and unstudied interactions will become more prevalent
Data Analysis and Presentation • Premarketing Clinical studies must now endeavor to: • Accurately & consistently describe Adverse Events to identify safety signals • Analyze and report temporal associations as related to Adverse Events • Analyzing dose effect and it’s contribution to risk assessment • Use of pooled data during risk assessments • All placebo-controlled studies in a clinical studies should be considered and evaluated for appropriateness for inclusion • Rigorous ascertainment of reasons for withdrawals from studies • Long-term follow-up Deloitte POV: The safety & efficacy data requirements for pre-marketing trials, from pre-clinical development through phase 3 and post-marketing, continue to expand and become more complex – HOW DOES THE INDUSTRY RESPOND???
Dr. Michael M. Breggar Global Director Life Sciences Life Science and Health Care Regulatory Practice Deloitte & Touche LLP mbreggar@deloitte.com (610) 479-3848 Dr. Breggar leads the Life Sciences Regulatory segment for Deloitte. He has over twenty-five years of professional experience in health care consulting. He is a recognized industry leader and speaker in the fields of, technology optimization in R&D, computer-related system compliance, pharmaceutical e-Business, quality systems and product development issues. His strong background in drug development, regulatory and industry affairs complements years of hands-on experience of analyzing pharmaceutical operations and processes for compliance with pragmatic business drivers and relevant regulatory bodies. Gregory V. Page, PhD FDA Life Sciences Practice Leader Life Science and Health Care Regulatory Practice Deloitte & Touche LLP gregpage@deloitte.com (516) 918-7092 Dr. Page is the FDA Life Sciences Practice leader. He has over 20 years experience in both the Pharmaceutical and Biotech life sciences industries focusing on Quality Systems, Validation and FDA Regulatory Compliance. He has extensive experience in new business/product development, project management and QC/QA/RA issues. Greg has extensive FDA audit experience (annual audits, licensing inspections & product meetings) and 483/warning letter/consent decree response & remediation program development. He has led compliance risk assessment and remediation projects for a number of pharmaceutical and medical device companies.