Taming the New Clinical System Compliance Requirements

©2004 Deloitte Development LLC. All rights reserved.

2004 Pharmaceutical Regulatory and Compliance Congress

Taming the New Clinical System Compliance Requirements1.02 Regulatory Issues in Pharmaceutical Product Development

Michael BreggarGlobal Director Life SciencesLife Science and Health Care Regulatory PracticeDeloitte & Touche LLP

November 16, 2004

Copyright © 2004 Deloitte Development LLC. All rights reserved. 2Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 2

2004 Pharmaceutical Regulatory

and Compliance CongressOverview

• September 2004 FDA released Draft Guidance geared towards– CDER– CBER– CDRH– CFSAN– CVM– ORA



and Compliance CongressTake a look:

• Table of contents hints at what the document contains and how to best understand the document

• Document deals with:– System requirements– System features– System security and data

integrity– Data entry and operation– Controls (including SOPs)– Training– Electronic signatures

• “Part 11 Revisited – Revisited”– Reference to 21 CFR Part 11 is

made 64 times



and Compliance Congress

• Defines specific technical and procedural requirements for the design, use, and implementation of computer systems, devices and instruments that create, modify, maintain, archive and retrieve electronic records in support of our client’s current and drugs and developmental pipeline products– Technical - achieved by the computer hardware or software– Procedural - achieved by people and policies

• Scope is any system used for the research, manufacture, packaging, holding or monitoring of any FDA regulated product

• Is the “oversight” regulation to already established rules that govern our business (Good Clinical Practices, Good Manufacturing Practices, Good Laboratory Practices)

The 21 CFR Part 11 Regulation – A Bird’s Eye View




– Electronic Records• Any combination of data

represented in digital form that is created, modified, maintained, archived, retrieved or distributed electronically

• The regulation defines the criteria for making electronic records equivalent in FDA’s eyes to traditional paper records

– Electronic Signatures• The act of signing/approving

using electronic means instead of traditional handwriting - replaces human signatures

• Use is voluntary, if used, the regulation defines the criteria for accepting electronic signatures in place of handwritten signatures

• The system must be able to associate the username/ password with a person and identify the meaning of the signature (approval of a clinical study report for example)

Two Components to the Regulation:

Electronic collection of clinical trial data

Data collection from laboratory instruments

Electronic batch record processing

Electronic tracking and disbursement of raw materials

Using a unique username and password to approve case report form data, to approve promotional or advertising pieces, or to release raw materials or samples for use.




Part 11--ELECTRONIC RECORDS; ELECTRONIC SIGNATURES

Subpart A--General Provisions

Sec.

11.1 Scope.

11.2 Implementation.

11.3 Definitions.

Subpart B--Electronic Records

11.10 Controls for closed systems.

11.30 Controls for open systems.

11.50 Signature manifestations.

11.70 Signature/record binding.

Subpart C--Electronic Signature

11.100 General requirements.

11.200 Identification mechanisms and controls.

11.300 Controls for identification codes/passwords.

AUTHORITY: Secs. 201-902 of the Federal Food, Drug, and Cosmetic Act, 52 Stat. 1040 et seq., as amended (21 U.S.C. 301-392).



and Compliance CongressA challenge of interpretation (Early)…

•What are “open vs. closed” systems?

– CLOSED SYSTEMS: ... “an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.”

– OPEN SYSTEMS: … “an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.”



and Compliance CongressA challenge of interpretation (Later)…

•What systems do I really need to be concerned about?

•How do I apply the “predicate rule”•When does a record become an electronic

record?

Companies need to articulate their own answers to these questions…

… build a foundation to support validation and Part 11… THEN remediate



and Compliance CongressCompliance and Technology Issues

• Validation of the system • Demonstrate ability to generate accurate and complete copies of

record in both human readable and electronic form• Demonstrate that records can be accurately and readily retrieved

during the records retention period• Limiting of system access to authorized individuals• Use of secure, computer-generated, time-stamped audit trails to

independently record the date and time of operator entries and actions that create, modify, or delete electronic records. (NOTE: the audit trail itself becomes an “electronic record” subject to requirements of Part 11)

• Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate

• Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand

Part 11 Compliance Requirements



and Compliance CongressCompliance and Technology Issues

• Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction

• Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks

• Written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification

• Use of appropriate controls over systems documentation including:– Adequate controls over the distribution of, access to, and use of

documentation for system operation and maintenance– Revision and change control procedures to maintain an audit trail that

documents time-sequenced development and modification of systems documentation

• Approved standard operating procedures around system operation, usage and maintenance -- employees and supervisors trained in the procedures

Part 11 Compliance Requirements



and Compliance CongressClinical System “Principles”

• Identify the steps which involve computerized systems• Identify hw/sw being used• System must support requirements in the protocol itself• System must have error “filters” (“…preclude errors in data

creation, modification, maintenance, archiving, retrieval, transmission…”

• Record retention rules per GCP (“Retaining the original source document…at the site where the investigation was conducted…”)

• When data is entered directly into the system, the electronic record is the source document.

• Audit trails recommended• Data attributable to the individual subjects• Security measures put in place



and Compliance CongressOther details…

• SOPs – Detail about the system (setup)– Data collection and handling– System maintenance– Backup, archive, disaster recovery (including alternative recording

methods)– Security – Change control

• System Access and Security• Audit Trails• Date and Time Stamps• Record retention/retrieval• Reliability/validation• Change control• Training



and Compliance CongressWhat FDA Investigators may look for:

• Record Keeping. Company’s SOPs on providing electronic and paper records upon FDA request

• Audit Trails. System’s capability to automatically capture “who, what, when and where”

• Security. Record or trace of changes introduced to records• Access and Passwords. Level of sophistication and difficulty to

decipher and impost passwords. Screen savers, reentries and other common practices in-site

• Training. Proof that IT professionals and all employees have been trained on Part 11, computer system validation in general and other procedural documentation

• Administrative Controls. SOPs on system operation and maintenance • Documentation. Functional requirements and specifications, modules

interaction and system validation• Internal reviews. Evidence of internal audits from QA/QC staff• Corrective action plans and Validation. Evidence of assessment of

existing systems, time frame for corrections, and validation and progress to date




Bottom Line: Part 11 Compliant and Validated

Part 11 magic words:

1. Content, technology and process must be SECURE

2. Must be an AUDIT TRAIL for critical data

3. Must be VALIDATED4. E-Signatures must have

MEANING The Big Five for Validation:

1. Requirements definition2. System design3. Testing4. Documentation5. Change

control/maintenance

©2004 Deloitte Development LLC. All rights reserved.

2004 Pharmaceutical Regulatory and Compliance Congress

Pre-marketing Risk Assessments:The Future of Clinical Trials1.02 Regulatory Issues in Pharmaceutical Product Development

Gregory V. Page, PhDFDA Life Sciences Practice LeaderLife Science and Health Care Regulatory PracticeDeloitte & Touche LLP

November 16, 2004



and Compliance CongressPDUFA III & Risk Management

• On June 12, 2002, Congress reauthorized, for the second time, the Prescription Drug User Fee Act (PDUFA III) under which FDA agreed to meet certain performance goals

– One of those goals was to produce guidance for industry on risk management activities for drug and biological products.

– As an initial step towards satisfying that goal, FDA issued three concept papers focused on various aspects of risk management, including • (1) conducting premarketing risk assessment, • (2) developing and implementing risk minimization tools, • (3) performing postmarketing pharmacovigilance and

pharmacoepidemiologic assessments. – After Public Comment, FDA issued three draft guidance documents on

risk management activities: • Premarketing Risk Assessment (Premarketing Guidance) • Development and Use of Risk Minimization Action Plans (RiskMAP Guidance) • Good Pharmacovigilance Practices and Pharmacoepidemiologic Assessment

(Pharmacovigilance Guidance)




Premarketing Risk Assessment –Agency Focal Points

I. INTRODUCTION

II. BACKGROUND PDUFA III Guidance Performance Goal Overview of the Risk Management Guidances

III. THE ROLE OF RISK ASSESSMENT IN RISK MANAGEMENT

IV. GENERATING RISK IINFORMATION DURING CLINICAL TRIALS

Size of premarketing safety database Considerations for development of premarketing safety databaseDetecting unanticipated interactions as part of safety assessmentDeveloping comparative safety data

V. SPECIAL CONSIDERATIONS FOR RISK ASSESSMENT

Risk Assessment During Product DevelopmentSafety Aspects That Should Be Addressed During Product DevelopmentRisk Assessment and Minimizing the Potential for Medication Errors

VI. DATA ANALYSIS AND PRESENTATION

Describing Adverse Events to Identify Safety SignalsAnalyzing Temporal or Other AssociationsAnalyzing Dose Effect as a Contribution to Risk AssessmentRole of Data Pooling in Risk AssessmentUsing Pooled Data During Risk AssessmentRigorous Ascertainment of Reasons for Withdrawals from StudiesLong Term Follow-up Important Aspects of Data Presentation



and Compliance CongressWhat Is Risk Assessment?

• Risk assessment is the process of – Identifying, – Estimating, and – Evaluating the nature and severity of risks associated with a product.

• Risk assessment consists of identifying and characterizing the nature, frequency, and severity of the risks associated with the use of a product

• Risk management is an iterative process designed to optimize the benefit-risk balance for regulated products– Requires ongoing review and evaluation

• The Premarketing Risk Assessment Guidance document focuses on risk assessment during clinical development, particularly in phase 3 studies

Deloitte POV:The Agency views risk assessment as a continual process of

reviews, evaluations and re-assessments – Industry must adapt



and Compliance CongressWhat Is Risk Assessment?

• Risk assessment occurs throughout a product's lifecycle, – Beginning with the early identification of a product as a candidate,

through the premarketing development process, all the way thru to post-marketing studies

– To develop a risk management plan and perform post-approval pharmacovigilance, it is important to have as good an idea as possible of the product's underlying risks and benefits prior to approval

– This process entails ensuring that the body of evidence generated by the clinical trials not only defines the product's effectiveness, but also comprehensively describes its safety (as required by the FD&C Act, which calls for the conduct of all tests reasonably applicable to evaluate a drug's safety)

Deloitte POV: A critical component of FDA approval process will now include an

evaluation how well the pre-marketing/phase 3 studies define that product’s safety profile within a risk/benefit framework




Generating Risk Information During Clinical Trials

• Providing detailed guidance on what constitutes an adequate safety database for all products is impossible

• The nature and extent of safety data that would provide sufficient information about risk for purposes of approving a product are individualized decisions based on a number of factors

• Decisions on approvability will be based upon both existing risk information and safety questions as part of a product’s risk assessment. If the product offers no new benefits, the risk levels must be low

• FDA recommends that sponsors pay careful attention to safety issues from the outset of the product development cycle – Investigate potential problems that may be suspected from preclinical

data – As experience accrues, refine or modify a products safety evaluations

Deloitte POV: FDA’s focus on risk/benefit data requires continual review, evaluation

and documentation of pre-market safety data




Considerations for Developing a Premarketing Safety Database

• Although the characteristics of an appropriate safety database are product-specific, some general principles can be applied– Efforts to ensure the quality and completeness of a safety

database should be comparable to those made to support efficacy

– If data from multiple trials is used when assessing safety, it is critical to examine terminology, assessment methods, and use of standard terms to be sure that information is not obscured or distorted

– Evaluation of the reasons for leaving a study (deaths, dropouts, etc) are particularly important to understanding a product’s safety profile

Deloitte POV: FDA views safety as the critical component leading to product approval – If your product isn’t a blockbuster – you must have data to support it’s

safety (good safety data doesn’t hurt with blockbusters either)




Development of a Premarketing Safety Database – Specific Issues

• Size of the Premarketing Safety Database • Even large clinical development programs cannot reasonably be

expected to identify all risks associated with a product. Some risks become apparent only when a product is used in tens of thousands or even millions of patients in the general population. However, the larger and more comprehensive a preapproval database, the more likely it is that serious adverse events will be detected.

• The appropriate size of a safety database supporting a new product will depend on a number of factors specific to that product, including: – Its novelty (i.e., whether it represents a new treatment or is similar to

available treatment) – The potential advantages of the product over existing therapy – The intended population – The intended duration of use





• Long-Term Controlled Safety Studies – It is common clinical practice for much of the long-term patient

exposure data to come from single-arm or uncontrolled studies– It may be preferable to develop controlled, long-term safety data

• A Diverse Safety Database – Phase 3 safety databases should include a diverse population– FDA recommends that, to the extent feasible, only patients with

obvious contraindications be excluded from study entry in phase 3 trials. • Inclusion of a diverse population allows for the development of safety data in

a broader population that includes patients previously excluded from clinical trials, such as the elderly, patients with concomitant diseases, and patients taking multiple medications.

• Broadening inclusion criteria in phase 3 studies enhances the generalizability of study findings and may, therefore, allow the product to be labeled for broader use.





• Exploring Dose Effects Throughout the Clinical Program – Currently, it is common for only one or two doses to be studied

beyond phase 2. – FDA believes that a number of characteristics common to many phase

2 studies limit the ability of these trials to provide definitive data on exposure-response, or adequate data for definitive phase 3 dose selection including; • Shorter durations of exposure • Common use of pharmacodynamic (PD) endpoints, rather than clinical

outcomes • Smaller numbers of patients exposed • Narrowly restrictive entry criteria

Deloitte POV: • The agency is recommending expanding Phase 3 studies • Bigger, longer, more comprehensive, more diverse clinical studies will become

the norm • Added time and costs do not appear to enter into the FDA’s thinking , despite

the agency’s stated goals of getting products to market faster • These proposed study designs present serious challenges to the industry





• Detecting Unanticipated Interactions as Part of a Safety Assessment – No clinical pharmacology program can guarantee a full

understanding of all possible risks related to product interactions. – Risk assessment programs should address a number of potential

interactions during controlled safety and effectiveness trials, including: • Drug-drug interactions • Product-demographic relationships — increased study population

diversity (gender, age, and race, etc) • Product-disease interactions — by ensuring sufficient variability in

disease state and concomitant diseases • Product-dietary supplement interactions — for commonly used

supplements that are likely to be co-administered

Deloitte POV: Expanded studies to define previously unknown and unstudied

interactions will become more prevalent



and Compliance CongressData Analysis and Presentation

• Premarketing Clinical studies must now endeavor to:– Accurately & consistently describe Adverse Events to identify

safety signals– Analyze and report temporal associations as related to Adverse

Events– Analyzing dose effect and it’s contribution to risk assessment – Use of pooled data during risk assessments– All placebo-controlled studies in a clinical studies should be

considered and evaluated for appropriateness for inclusion– Rigorous ascertainment of reasons for withdrawals from studies– Long-term follow-up

Deloitte POV: The safety & efficacy data requirements for pre-marketing trials, from pre-clinical development through phase 3 and post-marketing, continue

to expand and become more complex – HOW DOES THE INDUSTRY RESPOND???




Dr. Michael M. Breggar Global Director Life SciencesLife Science and Health Care Regulatory PracticeDeloitte & Touche [email protected](610) 479-3848Dr. Breggar leads the Life Sciences Regulatory segment for Deloitte. He has over twenty-five years of professional experience in health care consulting. He is a recognized industry leader and speaker in the fields of, technology optimization in R&D, computer-related system compliance, pharmaceutical e-Business, quality systems and product development issues. His strong background in drug development, regulatory and industry affairs complements years of hands-on experience of analyzing pharmaceutical operations and processes for compliance with pragmatic business drivers and relevant regulatory bodies.

Gregory V. Page, PhDFDA Life Sciences Practice LeaderLife Science and Health Care Regulatory PracticeDeloitte & Touche [email protected](516) 918-7092Dr. Page is the FDA Life Sciences Practice leader. He has over 20 years experience in both the Pharmaceutical and Biotech life sciences industries focusing on Quality Systems, Validation and FDA Regulatory Compliance. He has extensive experience in new business/product development, project management and QC/QA/RA issues. Greg has extensive FDA audit experience (annual audits, licensing inspections & product meetings) and 483/warning letter/consent decree response & remediation program development. He has led compliance risk assessment and remediation projects for a number of pharmaceutical and medical device companies.




Date post:	04-Jan-2016
Category:	Documents
Upload:	brendan-dudley
View:	24 times
Download:	2 times

Taming the New Clinical System Compliance Requirements

Documents