Outsourced Data Integrity: Are Short-Term Financial Gains Worth Long-Term Headaches?



Competitive pricing and continued cost pressures have contributed to the need for many US biopharmaceutical companies to outsource manufacture of active pharmaceutical ingredients (API) and finished products from countries with lower costs for labor, material, and equipment. The main benefit of doing so is lower costs of manufacturing with quality standards comparable to those found in the United States. India and China now account for 80% of API production. But those countries have received media attention because of biopharmaceutical manufacturing issues. In particular, some drug manufacturers in India and China have failed to ensure that quality control procedures are followed after receiving initial record approval from the US Food and Drug Administration (FDA) and do not pay close attention to ongoing quality control.

Quality is important to drug manufacturing. Poor-quality drugs are not readily apparent upon visual inspection. That being so, pharmacists will unwittingly fill patient prescriptions with such drug products. Poor-quality drug products may not work for their intended purposes or — even worse — may harm patients.

The FDA has stringent quality control rules for drug manufacturers. These are known as current good manufacturing practices (CGMP) regulations, which are described in the Code of Federal Regulations (CFR), 21 CFR Parts 11, 210, and 211. Part 210 governs CGMP for manufacturing, processing, and packaging or holding drug products. Part 211 describes the CGMPs for finished pharmaceuticals. Part 11 defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable, and equivalent to paper records. The initial consequence of a pharmaceutical manufacturer’s failure to comply with CGMPs is an FDA warning letter.

The FDA has increasingly issued warning letters regarding drug quality to companies outside of the United States. A common issue in those letters is a lack of quality control over raw materials and suppliers. Warning letters often cite the failure of manufacturers to adequately control, process, analyze, and approve or reject raw materials, finished APIs, or finished goods. In particular, the FDA has indicated that those off- shore companies are compromising the drug products they produce with false data.

The core of good biopharmaceutical manufacturing is accurate data. Without it, manufacturers cannot verify quality or investigate problems. Even minor changes can make the difference between a high- and poor-quality drug product, so each step in a process must be recorded and validated. False or questionable data can result in an adulterated product.

What Is Data Integrity?
Data integrity can be defined as the assurance that data records (paper and electronic) are accurate, complete, intact, and maintained within their original context. Maintaining data integrity is a critical task across the entire product life cycle. Data are valid only as long as they are complete and authentic. Ensuring data integrity means protecting original data from accidental or intentional modification, falsification, and deletion. Biopharmaceutical companies must be able to provide evidence that data related to product manufacture are not compromised accidentally or intentionally.

To ensure data integrity, a manufacturer must certify that data are legible, attributable, original, documented in real time, accurate, complete, consistent, and enduring. Data must be available. Otherwise, a company cannot state that data are uncompromised.

As part of its standard inspection procedures, the FDA verifies accuracy and validity of different lots of APIs, components, and finished product with heightened scrutiny on quality control activities. The FDA inspects US and non-US manufacturing plants that supply APIs, components, or finished pharmaceutical products. Inspection of non-US plants has identified numerous manufacturers involved with deliberate falsification of results and manipulation of data to mask failing results.

Regulatory Enforcement
For example, since May 2013 the FDA has clamped down on more than 10 big Indian pharmaceutical companies (including Sun, USV Ltd., Wockhsrdt Ltd., and RPG Life Sciences Ltd.) over problems with data integrity. These issues typically revolve around not reporting failed results, conducting unofficial analyses, deleting electronic data, disabling audit trails in electronic data capture systems, fabricating training records, reanalyzing failed samples until passing results are obtained, back- dating data, and not reporting stability failures.

Companies receiving such warning letters are responsible for APIs, components, and finished goods manufacture of both generic and brand-name drugs. Interestingly, off- shore generic manufacturers also have found themselves in the hot seat with data integrity issues.

To date, the largest financial settlement relating to drug safety occurred in May 2013 when Ranbaxy USA (a subsidiary of Indian generic drug manufacturer Ranbaxy Laboratories) pled guilty to felony charges with respect to manufacturing and distributing adulterated drugs at two facilities in India. Ranbaxy agreed to pay a criminal fine and forfeiture amounting to US$150 million. Data integrity was the backbone of the government case. Ranbaxy was said to have

  • made false statements about batches, lots, or portions of lots of drugs imported to the United States between 2003 and 2013, in which the strength of the drugs were materially different from or the purity or quality of which fell below the strength, purity, or quality that they were represented to possess

  • manufactured drugs in a way that differed from FDA-approved formulation

  • failed to keep testing records that demonstrated the failure of drugs to meet specifications.

In May 2014, the FDA issued a warning letter to Sun Pharmaceutical Industries Ltd. for manufacturing violations and deviations from CGMPs. The agency found that Sun had serious data-integrity problems and that certain physical records had been discarded. In particular, Sun’s analysts failed to provide critical data on sampling, including information about the identification of samples tested, maintenance of a complete record of all raw data generated, test methods used, sample preparation, calculations used for analysis, signatures of persons conducting tests, dates of tests, and raw materials. In addition, the FDA found data in trash bags rather than being securely stored and maintained and that Sun had deleted electronic files and replaced them with files of the same name.

Apotex also received a harshly worded warning letter from the FDA in June 2014. This letter contained allegations of manipulating quality control data at one of the company’s Indian plants. Specifically, Apotex failed to include complete data on testing results by excluding atypical results and by continuously retesting batch samples until acceptable results were obtained. No data were recorded until satisfactory data were generated — a clear and knowing violation of CGMPs. Such data-integrity violations has led to concerns over the integrity of outsourced drug manufacturing processes.

Outsourcing ConsideratIons
US companies subject to market pressures have sought other options for keeping costs down. Increased costs for raw materials and energy have lead to internal pressures for reducing some manufacturing costs (e.g., labor costs) by seeking cheaper manufacturing opportunities outside of the United States. However, with an increasing number of falsification and fraud cases, some biopharmaceutical companies may find it less expensive to in-source many activities. The cost of monitoring outsourced activities to ensure compliance can outweigh the savings of outsourcing those activities. Moreover, if poor data integrity practices are found during an inspection, the cost of remediation can far outweigh the cost saved by outsourcing.

But some companies have business reasons for outsourcing outside of the United States. In such cases, the most important exercise for a US company is to conduct a comprehensive regulatory and quality systems review before engaging in a collaboration. The sponsor company must determine whether its outsourcing partner has the appropriate manufacturing capabilities and must understand its partner’s US regulatory compliance history.

Due diligence assessment should include an understanding of whether a contract services company

  • provides an inspection history

  • understands quality system/GMP requirements

  • demonstrates that its quality system is working as intended

  • has laboratories that support in-process, finished-product, and stability testing of products

  • has GMP education and training programs with competency training as part of its curriculum

  • understands deviations and how to report and investigate them thoroughly

  • reviews and validates data

  • has an employee who performs batch record review and approval

  • can provide full access to its site when manufacturing product

  • permits annual and “for-cause” audits by qualified auditors.

Once a US company commits to working with an non-US partner, both parties must have a proper quality agreement in place. The FDA requires that manufacturers have quality agreements with their suppliers. Quality agreements should be separate from the master services or other commercial agreement with suppliers and should have the following components:

  • comprehensive allocation of responsibilities of each party

  • product owner approval of final product release

  • communication plan between the parties for oral and written communications

  • routine and for-cause auditing rights

  • facilities and equipment specifications, validation, and maintenance responsibilities

  • materials management, including designation of who will set specifications for raw materials, audit and qualify subsuppliers, conduct sampling and testing, and manage inventory (e.g., segregation, quarantine)

  • operational requirements such as batch numbering, expiration dating, process validation, and technology transfer;

  • laboratory controls, including requirements for validating equipment and methods, sampling protocols and testing timelines, and investigating deviations and out-of- specification results

  • documentation and record keeping requirements, including electronic document systems and their validation

  • change control processes, including identification of changes requiring prior approval by the owner.

Due Diligence Required
The integrity of data generated by a biopharmaceutical manufacturer is a key factor in determining the credibility of that manufacturer. A single instance in which data integrity is compromised casts a shadow over all data generated by that company. Inspections and audits can show only a small part of a process. Ensuring data integrity is an important part of evaluating a potential contract manufacturer. Comprehensive due diligence includes an understanding of the obligations of both parties in an outsourced partnership and works toward confidence that a manufacturer has robust quality systems. Those objectives provide drug sponsor companies with tools they needs to enter into productive relationships with outsourced manufacturing partners.

Corresponding author Leslie Gladstone Restaino, Esq. is a general counsel at Validus Pharmaceuticals LLC, 119 Cherry Hill Road, Suite 310, Parsippany, NJ 07054, 1-973)-265-2777, ext. 112; [email protected]; www.validuspharma.com. Ben Restaino is a student at Ridge High School in Basking Ridge, NJ.

You May Also Like