This article will be published in the September 2011 issue of the Drug Information Journal. Copyright © 2011, Drug Information Association.
Large and small pharmaceutical companies alike face a growing and complex set of international regulations designed to protect patient safety and ensure Good Pharmacovigilance Practices. Inspectors from FDA and European regulatory authorities are increasing their efforts to verify that companies comply with these regulations. The penalties for non-compliance can be severe, including revoking a product’s marketing authorization. In my experience, European safety inspections (particularly those conducted by the MHRA) are more thorough than FDA inspections, holding companies to a higher standard of pharmacovigilance. While FDA inspections are very detail-oriented, European inspections tend to look for the big picture, and want to find that companies are taking an integrated, global approach. It is also the case that while FDA inspectors may cover many areas of compliance, European safety inspectors tend to be specialists in this field.
To prepare for an inspection, companies must perform a thorough drug safety and pharmacovigilance audit. This will assess the company’s compliance with applicable worldwide laws, regulations and guidance. Indeed, regulatory inspectors will look for evidence that such an audit has taken place. I recommend that all companies arrange to have an independent audit of their entire safety operations, in order to prepare for a regulatory inspection.
This article is designed to give companies operating in the US and EU the information and insight needed to ensure compliance with global drug safety and pharmacovigilance regulations. It addresses the most recent drug safety regulations from both FDA and EMA.
Here is a matrix of the major global safety regulations:
ICH E2C (PSUR)
The FDA regulation on IND safety reporting is described in 21 CFR 312.32. FDA recently issued a new draft guidance: “Safety Reporting Requirements for INDs and BA/BE Studies” in September 2010. The proposed implementation date is September 29, 2011. FDA requests sponsors to evaluate clinical safety data and only submit to FDA those reports that the sponsor deems of interest. The assessment of causality has been changed from ‘a causal relationship cannot be excluded’ to ‘there is a reasonable possibility that the drug caused the event.' This new regulation differs from the prevailing ICH guideline on safety reporting of investigational products, which recommends that companies report SAEs where the assessment of a causal relationship to the drug cannot be ruled out. Hence companies will need to apply different standards to IND safety reporting in the US to the rest of the world.
These are the current post-marketing FDA regulations:
The situation in Europe is very different to the US. The European Union (EU) comprises 27 sovereign Member States (MS). The EU excludes some well-known countries such as Switzerland and Norway, and includes other parts of the world such as French Guyana in South America. These and other countries not in the EU may also follow EU laws.
An important component of European pharmacovigilance is EudraVigilance. This is a central computer database created and maintained by the EMA containing adverse events for products licensed in the EU. Electronic reporting to EudraVigilance is mandatory.
Drug safety and pharmacovigilance activities in the EU are regulated as follows:
EU regulations are more complex than US regulations. They are more detailed, more comprehensive, and because of the local variations within European countries which are constantly changing, they are more difficult to understand and follow. An essential requirement for companies marketing their products in Europe is the Qualified Person for Pharmacovigilance. The requirements for this key role are described in detail in Volume 9A, and must be in place.
In Europe there are detailed guidelines2 clarifying the requirement for companies to conduct regular signal detection of their safety data. In the US there is guidance3 on this topic but no regulation. Volume 9A, section 8.1 describes the MAH’s requirements for signal detection. The MHRA further stipulates4 that "All MAHs are expected to have in place systems and procedures for systematic signal detection that are adequately documented in formalized procedures." MHRA requires that:
It is interesting to note that the MHRA draws a distinction between its expectations for signaling small companies and its expectations for signaling large companies. While they require companies to have a system in place for signaling, they do not expect that companies with a relatively small safety database (a few hundred or a few thousand cases) would need to use a signaling system that includes complex data mining algorithms.
FDA issued three guidance documents on Risk Management in March 2005:
The recommendations contained in the second of these guidances were incorporated into the FDA Amendment Act (FDAAA), which was signed into law in September 2007. This act requires companies to prepare and submit Risk Evaluation and Mitigation Strategies (REMS) along with their New Drug Application, where it is necessary to ensure that the drug’s benefits outweigh its risks. The third guidance on Good Pharmacovigilance Practices & Pharmacoepidemiology contains some excellent suggestions on how to perform signal detection and data mining, but these concepts have not been issued by FDA as a regulation to date. This third guidance lists three recommended algorithms to use for data mining (MGPS, PRR and BCPNN) and gives detailed instructions on how to perform case series analyses.
A pharmacovigilance audit is an examination and verification of processes, data and documentation relating to drug safety by a non-governmental agency (such as a business partner, contractor, internal QA group, etc.) These are conducted so as to prepare for an inspection by a government body (FDA, MHRA, EMA etc.)
Entities that can be audited include:
In order to prepare for a pharmacovigilance inspection, companies should conduct an audit in order to obtain a diagnostic overview of the company’s pharmacovigilance activities. This will allow a rapid understanding of the current position versus best practices and applicable drug safety regulations. As a result, gaps and risks will be identified, and priorities established for moving forward to ensure company compliance.
The pharmacovigilance audit should include a review of:
Specific audit items for each of the elements of the following process model are described below:
Audit Items - Collect Data:
Audit Items - Assessment
Audit Items - Reporting
Audit Items - Analysis
Additional Audit Items
Having conducted a comprehensive audit as described above, the company can establish the Pharmacovigilance Risk Profile, showing which gaps to close:
The green line shows perfect compliance with regulations and adherence to best practices. If this is achieved then the company is probably spending too much money on drug safety! The red line shows the company’s actual score and points to where companies need to concentrate on remediation efforts.
The following is a list of common inspection findings in the EU and US:
Commercial penalties from market withdrawal (due to safety reasons) are highly damaging, including loss of revenue, drop in shareholder value, the cost and penalties of litigation and the loss of goodwill by both the public and regulators. Some examples of the cost of failure:
Regulators can impose penalties following an inspection. In the US the possible sanctions are as follows:
FDA can also impose civil monetary penalties for violations of the REMS provisions in FDAAA. Penalties may not exceed $250,000 per violation, or $1 million for all violations adjudicated in a single proceeding. If a violation continues after the sponsor receives written notice, the penalty is $250,000 for the first 30-day period (or any portion thereof) that the violation continues, not to exceed $1 million for any 30-day period and not to exceed $10 million for all violations adjudicated in a single proceeding.
In Europe, financial penalties to MAHs were introduced in 2007 in respect of infringements associated with non-compliance for centrally authorized products of up to 5 percent of total EU annual turnover per annum.
The first step is to prepare for a regulatory inspection before it occurs! If your company markets products in Europe, then it is worthwhile to prepare a Summary of Pharmacovigilance Systems5 document, even if you have no MHRA inspection planned. In the US, you should review the FDA Compliance Program Guidance Manual.6 You should also seek an independent, unbiased evaluation of your drug safety organization---just as a sanity check!
Ideally, it is important to keep track of all audit- and inspection-related findings in a Corrective and Preventive Actions (CAPA) system. All findings should be monitored by the group responsible for quality and action should be taken to fix the problems once they are identified. If prior findings have not been corrected it's not a good thing (obviously) but in the event of an inspection, the findings should, at the very least, be in the process of being tracked within a CAPA system. Tracking findings will mitigate—to some extent—the failure to resolve the issue.
Systematic failures in a PV system cannot be fixed overnight. Companies must be prepared to invest time and effort to get things on track. This is a worthwhile investment however. Some regulators have an institutional memory and once a company has committed a significant transgression it will be regarded (sometimes forever) with suspicion.
In order to ensure compliance, companies should establish and conform to industry best practices; ensure awareness of all applicable regulatory standards; perform ongoing self-monitoring and self-correction of pharmacovigilance; provide corporate support to ensure resource allocation; conduct audits; and ensure complete and timely response to any findings of non-compliance either by regulatory authorities or by an auditor.
Steve Jolley is a subject matter expert in all areas of global safety compliance and signal detection, and is a frequent speaker at leading industry events with FDA and MHRA on the topics of auditing and signaling.
Steve has 25 years of experience in drug safety & pharmacovigilance and has worked with over 50 clients in the US, Europe and Japan. He holds degrees in mathematics and computer science from Cambridge University, England. Steve was recently elected chairperson of the DIA Clinical Safety and Pharmacovigilance steering committee for North America.
tel: 973 543 0622cell: 973 294 8118SJ Pharma Consultingwww.sjpharmaco.com