Date post: | 04-Jan-2016 |
Category: |
Documents |
Upload: | brendan-dudley |
View: | 24 times |
Download: | 2 times |
©2004 Deloitte Development LLC. All rights reserved.
2004 Pharmaceutical Regulatory and Compliance Congress
Taming the New Clinical System Compliance Requirements1.02 Regulatory Issues in Pharmaceutical Product Development
Michael BreggarGlobal Director Life SciencesLife Science and Health Care Regulatory PracticeDeloitte & Touche LLP
November 16, 2004
Copyright © 2004 Deloitte Development LLC. All rights reserved. 2Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 2
2004 Pharmaceutical Regulatory
and Compliance CongressOverview
• September 2004 FDA released Draft Guidance geared towards– CDER– CBER– CDRH– CFSAN– CVM– ORA
Copyright © 2004 Deloitte Development LLC. All rights reserved. 3Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 3
2004 Pharmaceutical Regulatory
and Compliance CongressTake a look:
• Table of contents hints at what the document contains and how to best understand the document
• Document deals with:– System requirements– System features– System security and data
integrity– Data entry and operation– Controls (including SOPs)– Training– Electronic signatures
• “Part 11 Revisited – Revisited”– Reference to 21 CFR Part 11 is
made 64 times
Copyright © 2004 Deloitte Development LLC. All rights reserved. 4Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 4
2004 Pharmaceutical Regulatory
and Compliance Congress
• Defines specific technical and procedural requirements for the design, use, and implementation of computer systems, devices and instruments that create, modify, maintain, archive and retrieve electronic records in support of our client’s current and drugs and developmental pipeline products– Technical - achieved by the computer hardware or software– Procedural - achieved by people and policies
• Scope is any system used for the research, manufacture, packaging, holding or monitoring of any FDA regulated product
• Is the “oversight” regulation to already established rules that govern our business (Good Clinical Practices, Good Manufacturing Practices, Good Laboratory Practices)
The 21 CFR Part 11 Regulation – A Bird’s Eye View
Copyright © 2004 Deloitte Development LLC. All rights reserved. 5Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 5
2004 Pharmaceutical Regulatory
and Compliance Congress
– Electronic Records• Any combination of data
represented in digital form that is created, modified, maintained, archived, retrieved or distributed electronically
• The regulation defines the criteria for making electronic records equivalent in FDA’s eyes to traditional paper records
– Electronic Signatures• The act of signing/approving
using electronic means instead of traditional handwriting - replaces human signatures
• Use is voluntary, if used, the regulation defines the criteria for accepting electronic signatures in place of handwritten signatures
• The system must be able to associate the username/ password with a person and identify the meaning of the signature (approval of a clinical study report for example)
Two Components to the Regulation:
Electronic collection of clinical trial data
Data collection from laboratory instruments
Electronic batch record processing
Electronic tracking and disbursement of raw materials
Using a unique username and password to approve case report form data, to approve promotional or advertising pieces, or to release raw materials or samples for use.
Copyright © 2004 Deloitte Development LLC. All rights reserved. 6Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 6
2004 Pharmaceutical Regulatory
and Compliance Congress
Part 11--ELECTRONIC RECORDS; ELECTRONIC SIGNATURES
Subpart A--General Provisions
Sec.
11.1 Scope.
11.2 Implementation.
11.3 Definitions.
Subpart B--Electronic Records
11.10 Controls for closed systems.
11.30 Controls for open systems.
11.50 Signature manifestations.
11.70 Signature/record binding.
Subpart C--Electronic Signature
11.100 General requirements.
11.200 Identification mechanisms and controls.
11.300 Controls for identification codes/passwords.
AUTHORITY: Secs. 201-902 of the Federal Food, Drug, and Cosmetic Act, 52 Stat. 1040 et seq., as amended (21 U.S.C. 301-392).
Copyright © 2004 Deloitte Development LLC. All rights reserved. 7Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 7
2004 Pharmaceutical Regulatory
and Compliance CongressA challenge of interpretation (Early)…
•What are “open vs. closed” systems?
– CLOSED SYSTEMS: ... “an environment in which system access is controlled by persons who are responsible for the content of electronic records that are on the system.”
– OPEN SYSTEMS: … “an environment in which system access is not controlled by persons who are responsible for the content of electronic records that are on the system.”
Copyright © 2004 Deloitte Development LLC. All rights reserved. 8Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 8
2004 Pharmaceutical Regulatory
and Compliance CongressA challenge of interpretation (Later)…
•What systems do I really need to be concerned about?
•How do I apply the “predicate rule”•When does a record become an electronic
record?
Companies need to articulate their own answers to these questions…
… build a foundation to support validation and Part 11… THEN remediate
Copyright © 2004 Deloitte Development LLC. All rights reserved. 9Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 9
2004 Pharmaceutical Regulatory
and Compliance CongressCompliance and Technology Issues
• Validation of the system • Demonstrate ability to generate accurate and complete copies of
record in both human readable and electronic form• Demonstrate that records can be accurately and readily retrieved
during the records retention period• Limiting of system access to authorized individuals• Use of secure, computer-generated, time-stamped audit trails to
independently record the date and time of operator entries and actions that create, modify, or delete electronic records. (NOTE: the audit trail itself becomes an “electronic record” subject to requirements of Part 11)
• Use of operational system checks to enforce permitted sequencing of steps and events, as appropriate
• Use of authority checks to ensure that only authorized individuals can use the system, electronically sign a record, access the operation or computer system input or output device, alter a record, or perform the operation at hand
Part 11 Compliance Requirements
Copyright © 2004 Deloitte Development LLC. All rights reserved. 10Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 10
2004 Pharmaceutical Regulatory
and Compliance CongressCompliance and Technology Issues
• Use of device (e.g., terminal) checks to determine, as appropriate, the validity of the source of data input or operational instruction
• Determination that persons who develop, maintain, or use electronic record/electronic signature systems have the education, training, and experience to perform their assigned tasks
• Written policies that hold individuals accountable and responsible for actions initiated under their electronic signatures, in order to deter record and signature falsification
• Use of appropriate controls over systems documentation including:– Adequate controls over the distribution of, access to, and use of
documentation for system operation and maintenance– Revision and change control procedures to maintain an audit trail that
documents time-sequenced development and modification of systems documentation
• Approved standard operating procedures around system operation, usage and maintenance -- employees and supervisors trained in the procedures
Part 11 Compliance Requirements
Copyright © 2004 Deloitte Development LLC. All rights reserved. 11Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 11
2004 Pharmaceutical Regulatory
and Compliance CongressClinical System “Principles”
• Identify the steps which involve computerized systems• Identify hw/sw being used• System must support requirements in the protocol itself• System must have error “filters” (“…preclude errors in data
creation, modification, maintenance, archiving, retrieval, transmission…”
• Record retention rules per GCP (“Retaining the original source document…at the site where the investigation was conducted…”)
• When data is entered directly into the system, the electronic record is the source document.
• Audit trails recommended• Data attributable to the individual subjects• Security measures put in place
Copyright © 2004 Deloitte Development LLC. All rights reserved. 12Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 12
2004 Pharmaceutical Regulatory
and Compliance CongressOther details…
• SOPs – Detail about the system (setup)– Data collection and handling– System maintenance– Backup, archive, disaster recovery (including alternative recording
methods)– Security – Change control
• System Access and Security• Audit Trails• Date and Time Stamps• Record retention/retrieval• Reliability/validation• Change control• Training
Copyright © 2004 Deloitte Development LLC. All rights reserved. 13Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 13
2004 Pharmaceutical Regulatory
and Compliance CongressWhat FDA Investigators may look for:
• Record Keeping. Company’s SOPs on providing electronic and paper records upon FDA request
• Audit Trails. System’s capability to automatically capture “who, what, when and where”
• Security. Record or trace of changes introduced to records• Access and Passwords. Level of sophistication and difficulty to
decipher and impost passwords. Screen savers, reentries and other common practices in-site
• Training. Proof that IT professionals and all employees have been trained on Part 11, computer system validation in general and other procedural documentation
• Administrative Controls. SOPs on system operation and maintenance • Documentation. Functional requirements and specifications, modules
interaction and system validation• Internal reviews. Evidence of internal audits from QA/QC staff• Corrective action plans and Validation. Evidence of assessment of
existing systems, time frame for corrections, and validation and progress to date
Copyright © 2004 Deloitte Development LLC. All rights reserved. 14Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 14
2004 Pharmaceutical Regulatory
and Compliance Congress
Bottom Line: Part 11 Compliant and Validated
Part 11 magic words:
1. Content, technology and process must be SECURE
2. Must be an AUDIT TRAIL for critical data
3. Must be VALIDATED4. E-Signatures must have
MEANING The Big Five for Validation:
1. Requirements definition2. System design3. Testing4. Documentation5. Change
control/maintenance
©2004 Deloitte Development LLC. All rights reserved.
2004 Pharmaceutical Regulatory and Compliance Congress
Pre-marketing Risk Assessments:The Future of Clinical Trials1.02 Regulatory Issues in Pharmaceutical Product Development
Gregory V. Page, PhDFDA Life Sciences Practice LeaderLife Science and Health Care Regulatory PracticeDeloitte & Touche LLP
November 16, 2004
Copyright © 2004 Deloitte Development LLC. All rights reserved. 16Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 16
2004 Pharmaceutical Regulatory
and Compliance CongressPDUFA III & Risk Management
• On June 12, 2002, Congress reauthorized, for the second time, the Prescription Drug User Fee Act (PDUFA III) under which FDA agreed to meet certain performance goals
– One of those goals was to produce guidance for industry on risk management activities for drug and biological products.
– As an initial step towards satisfying that goal, FDA issued three concept papers focused on various aspects of risk management, including • (1) conducting premarketing risk assessment, • (2) developing and implementing risk minimization tools, • (3) performing postmarketing pharmacovigilance and
pharmacoepidemiologic assessments. – After Public Comment, FDA issued three draft guidance documents on
risk management activities: • Premarketing Risk Assessment (Premarketing Guidance) • Development and Use of Risk Minimization Action Plans (RiskMAP Guidance) • Good Pharmacovigilance Practices and Pharmacoepidemiologic Assessment
(Pharmacovigilance Guidance)
Copyright © 2004 Deloitte Development LLC. All rights reserved. 17Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 17
2004 Pharmaceutical Regulatory
and Compliance Congress
Premarketing Risk Assessment –Agency Focal Points
I. INTRODUCTION
II. BACKGROUND PDUFA III Guidance Performance Goal Overview of the Risk Management Guidances
III. THE ROLE OF RISK ASSESSMENT IN RISK MANAGEMENT
IV. GENERATING RISK IINFORMATION DURING CLINICAL TRIALS
Size of premarketing safety database Considerations for development of premarketing safety databaseDetecting unanticipated interactions as part of safety assessmentDeveloping comparative safety data
V. SPECIAL CONSIDERATIONS FOR RISK ASSESSMENT
Risk Assessment During Product DevelopmentSafety Aspects That Should Be Addressed During Product DevelopmentRisk Assessment and Minimizing the Potential for Medication Errors
VI. DATA ANALYSIS AND PRESENTATION
Describing Adverse Events to Identify Safety SignalsAnalyzing Temporal or Other AssociationsAnalyzing Dose Effect as a Contribution to Risk AssessmentRole of Data Pooling in Risk AssessmentUsing Pooled Data During Risk AssessmentRigorous Ascertainment of Reasons for Withdrawals from StudiesLong Term Follow-up Important Aspects of Data Presentation
Copyright © 2004 Deloitte Development LLC. All rights reserved. 18Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 18
2004 Pharmaceutical Regulatory
and Compliance CongressWhat Is Risk Assessment?
• Risk assessment is the process of – Identifying, – Estimating, and – Evaluating the nature and severity of risks associated with a product.
• Risk assessment consists of identifying and characterizing the nature, frequency, and severity of the risks associated with the use of a product
• Risk management is an iterative process designed to optimize the benefit-risk balance for regulated products– Requires ongoing review and evaluation
• The Premarketing Risk Assessment Guidance document focuses on risk assessment during clinical development, particularly in phase 3 studies
Deloitte POV:The Agency views risk assessment as a continual process of
reviews, evaluations and re-assessments – Industry must adapt
Copyright © 2004 Deloitte Development LLC. All rights reserved. 19Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 19
2004 Pharmaceutical Regulatory
and Compliance CongressWhat Is Risk Assessment?
• Risk assessment occurs throughout a product's lifecycle, – Beginning with the early identification of a product as a candidate,
through the premarketing development process, all the way thru to post-marketing studies
– To develop a risk management plan and perform post-approval pharmacovigilance, it is important to have as good an idea as possible of the product's underlying risks and benefits prior to approval
– This process entails ensuring that the body of evidence generated by the clinical trials not only defines the product's effectiveness, but also comprehensively describes its safety (as required by the FD&C Act, which calls for the conduct of all tests reasonably applicable to evaluate a drug's safety)
Deloitte POV: A critical component of FDA approval process will now include an
evaluation how well the pre-marketing/phase 3 studies define that product’s safety profile within a risk/benefit framework
Copyright © 2004 Deloitte Development LLC. All rights reserved. 20Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 20
2004 Pharmaceutical Regulatory
and Compliance Congress
Generating Risk Information During Clinical Trials
• Providing detailed guidance on what constitutes an adequate safety database for all products is impossible
• The nature and extent of safety data that would provide sufficient information about risk for purposes of approving a product are individualized decisions based on a number of factors
• Decisions on approvability will be based upon both existing risk information and safety questions as part of a product’s risk assessment. If the product offers no new benefits, the risk levels must be low
• FDA recommends that sponsors pay careful attention to safety issues from the outset of the product development cycle – Investigate potential problems that may be suspected from preclinical
data – As experience accrues, refine or modify a products safety evaluations
Deloitte POV: FDA’s focus on risk/benefit data requires continual review, evaluation
and documentation of pre-market safety data
Copyright © 2004 Deloitte Development LLC. All rights reserved. 21Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 21
2004 Pharmaceutical Regulatory
and Compliance Congress
Considerations for Developing a Premarketing Safety Database
• Although the characteristics of an appropriate safety database are product-specific, some general principles can be applied– Efforts to ensure the quality and completeness of a safety
database should be comparable to those made to support efficacy
– If data from multiple trials is used when assessing safety, it is critical to examine terminology, assessment methods, and use of standard terms to be sure that information is not obscured or distorted
– Evaluation of the reasons for leaving a study (deaths, dropouts, etc) are particularly important to understanding a product’s safety profile
Deloitte POV: FDA views safety as the critical component leading to product approval – If your product isn’t a blockbuster – you must have data to support it’s
safety (good safety data doesn’t hurt with blockbusters either)
Copyright © 2004 Deloitte Development LLC. All rights reserved. 22Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 22
2004 Pharmaceutical Regulatory
and Compliance Congress
Development of a Premarketing Safety Database – Specific Issues
• Size of the Premarketing Safety Database • Even large clinical development programs cannot reasonably be
expected to identify all risks associated with a product. Some risks become apparent only when a product is used in tens of thousands or even millions of patients in the general population. However, the larger and more comprehensive a preapproval database, the more likely it is that serious adverse events will be detected.
• The appropriate size of a safety database supporting a new product will depend on a number of factors specific to that product, including: – Its novelty (i.e., whether it represents a new treatment or is similar to
available treatment) – The potential advantages of the product over existing therapy – The intended population – The intended duration of use
Copyright © 2004 Deloitte Development LLC. All rights reserved. 23Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 23
2004 Pharmaceutical Regulatory
and Compliance Congress
Development of a Premarketing Safety Database – Specific Issues
• Long-Term Controlled Safety Studies – It is common clinical practice for much of the long-term patient
exposure data to come from single-arm or uncontrolled studies– It may be preferable to develop controlled, long-term safety data
• A Diverse Safety Database – Phase 3 safety databases should include a diverse population– FDA recommends that, to the extent feasible, only patients with
obvious contraindications be excluded from study entry in phase 3 trials. • Inclusion of a diverse population allows for the development of safety data in
a broader population that includes patients previously excluded from clinical trials, such as the elderly, patients with concomitant diseases, and patients taking multiple medications.
• Broadening inclusion criteria in phase 3 studies enhances the generalizability of study findings and may, therefore, allow the product to be labeled for broader use.
Copyright © 2004 Deloitte Development LLC. All rights reserved. 24Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 24
2004 Pharmaceutical Regulatory
and Compliance Congress
Development of a Premarketing Safety Database – Specific Issues
• Exploring Dose Effects Throughout the Clinical Program – Currently, it is common for only one or two doses to be studied
beyond phase 2. – FDA believes that a number of characteristics common to many phase
2 studies limit the ability of these trials to provide definitive data on exposure-response, or adequate data for definitive phase 3 dose selection including; • Shorter durations of exposure • Common use of pharmacodynamic (PD) endpoints, rather than clinical
outcomes • Smaller numbers of patients exposed • Narrowly restrictive entry criteria
Deloitte POV: • The agency is recommending expanding Phase 3 studies • Bigger, longer, more comprehensive, more diverse clinical studies will become
the norm • Added time and costs do not appear to enter into the FDA’s thinking , despite
the agency’s stated goals of getting products to market faster • These proposed study designs present serious challenges to the industry
Copyright © 2004 Deloitte Development LLC. All rights reserved. 25Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 25
2004 Pharmaceutical Regulatory
and Compliance Congress
Development of a Premarketing Safety Database – Specific Issues
• Detecting Unanticipated Interactions as Part of a Safety Assessment – No clinical pharmacology program can guarantee a full
understanding of all possible risks related to product interactions. – Risk assessment programs should address a number of potential
interactions during controlled safety and effectiveness trials, including: • Drug-drug interactions • Product-demographic relationships — increased study population
diversity (gender, age, and race, etc) • Product-disease interactions — by ensuring sufficient variability in
disease state and concomitant diseases • Product-dietary supplement interactions — for commonly used
supplements that are likely to be co-administered
Deloitte POV: Expanded studies to define previously unknown and unstudied
interactions will become more prevalent
Copyright © 2004 Deloitte Development LLC. All rights reserved. 26Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 26
2004 Pharmaceutical Regulatory
and Compliance CongressData Analysis and Presentation
• Premarketing Clinical studies must now endeavor to:– Accurately & consistently describe Adverse Events to identify
safety signals– Analyze and report temporal associations as related to Adverse
Events– Analyzing dose effect and it’s contribution to risk assessment – Use of pooled data during risk assessments– All placebo-controlled studies in a clinical studies should be
considered and evaluated for appropriateness for inclusion– Rigorous ascertainment of reasons for withdrawals from studies– Long-term follow-up
Deloitte POV: The safety & efficacy data requirements for pre-marketing trials, from pre-clinical development through phase 3 and post-marketing, continue
to expand and become more complex – HOW DOES THE INDUSTRY RESPOND???
Copyright © 2004 Deloitte Development LLC. All rights reserved. 27Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 27
2004 Pharmaceutical Regulatory
and Compliance Congress
Dr. Michael M. Breggar Global Director Life SciencesLife Science and Health Care Regulatory PracticeDeloitte & Touche [email protected](610) 479-3848Dr. Breggar leads the Life Sciences Regulatory segment for Deloitte. He has over twenty-five years of professional experience in health care consulting. He is a recognized industry leader and speaker in the fields of, technology optimization in R&D, computer-related system compliance, pharmaceutical e-Business, quality systems and product development issues. His strong background in drug development, regulatory and industry affairs complements years of hands-on experience of analyzing pharmaceutical operations and processes for compliance with pragmatic business drivers and relevant regulatory bodies.
Gregory V. Page, PhDFDA Life Sciences Practice LeaderLife Science and Health Care Regulatory PracticeDeloitte & Touche [email protected](516) 918-7092Dr. Page is the FDA Life Sciences Practice leader. He has over 20 years experience in both the Pharmaceutical and Biotech life sciences industries focusing on Quality Systems, Validation and FDA Regulatory Compliance. He has extensive experience in new business/product development, project management and QC/QA/RA issues. Greg has extensive FDA audit experience (annual audits, licensing inspections & product meetings) and 483/warning letter/consent decree response & remediation program development. He has led compliance risk assessment and remediation projects for a number of pharmaceutical and medical device companies.
Copyright © 2004 Deloitte Development LLC. All rights reserved. 28Confidential and Proprietary Material of Deloitte Consulting. Copyright © 2002 Deloitte Consulting (US) LLC. All Rights Reserved 28
2004 Pharmaceutical Regulatory
and Compliance Congress