Vanessa Fachada Oliveira, Pharmacovigilance Manager & EU QPPV at Arriello, discusses 10 common issues identified in risk-based audits, and pinpoints implications for drug developers as well as marketing authorisation holders (MAHs).
In EU markets, pharmacovigilance (PV) provisions are closely monitored to ensure that patients can have maximum confidence in the safety of the products they take. Yet, eight years since EU PV legislation came into force in Europe, the majority of associated systems are failing audits. Reasons include gaps in measures along the supply chain, poor process documentation, and a range of other issues.
Current EU pharmacovigilance legislation came into force in Europe in 2012, requiring that pharmaceutical companies targeting the region must put in place a number of formal measures to monitor the safety of products and any issues once drugs are being consumed in the real world. The measures also mandate that life sciences companies must run, check and document their pharmacovigilance (PV) activities, so that regulating authorities can be confident that standards are being upheld and that nothing is being missed.
At a manufacturer level, if the company is the batch releaser its details will appear on the product information provided to healthcare professionals and patients. Because of this, there is a possibility that manufacturers will receive safety information directly – information which they must process in a responsive and reliable way. A PV agreement between the manufacturer and the MAH should exist to define the exchange of information between both parties – including the reconciliation process.
If a product is still in development and undergoing clinical trials, a PV system is needed to ensure that the safety of the drug is monitored during these investigations (and is covered in the protocol of the study and in contracts in place with the investigator, clinical research organisation, PV providers, and any other stakeholders involved).
Yet, even now – eight years on – a majority of companies are struggling to fulfil their legal obligations, and as a result MAHs are failing risk-based audits. These organisations must be able to provide evidence of strong standard operating procedures – on demand. That includes measures implemented down the supply chain. If anything has been overlooked, MAHs could fail inspections, incurring fines and potentially seeing products withdrawn from markets.
Here are 10 potential points of vulnerability, with commercial as well as safety and reputational implications for all concerned:
1.Quality management system issues
The 2012EU PV legislation states that quality systems should form an integral part of an organisation’s PV system – and these need to be in place prior to marketing authorisation submissions. If the drug developer/sponsor subcontracts marketing authorisation applications (MAA) activities to a third party and/or engages a service provider for pharmacovigilance activities, these companies need to be pre-qualified via an audit.
At the MAH level, although other strong standard operating procedures (SOPs) may have been documented as part of general Quality systems, there may be nothing relating specifically to PV. That is, there is no specific information about what is required in terms of procedures for managing deviations; what happens if a new Qualified Person Responsible for Pharmacovigilance (QPPV) is appointed; how external service partners are qualified; or what the business continuity plan is and how this is tested, etc. These omissions can result in inadequate integrity and management of pharmacovigilance data; difficulty identifying and implementing corrective/preventative actions (CAPAs); and incomplete oversight/compliance management of a PV service provider.
2. Gaps in training, or associated reporting
Training-related failurescan occur firstly because it is not obvious who is responsible for or who actually needsPV training – both within the MAH, and right along the supply chain, back to the drug discovery and development organisation. PV training should be extended far and wide – from the most senior managers to manufacturing teams. That’s because anyone could find themselves the recipient of safety feedback, which means everyone needs to know what action to take next – and how quickly.
3. Breaks in supply-chain continuity: failure to make contractual provision for PV beyond company boundaries
As noted above, manufacturers as well as MAHs and distributors could find themselves the first port of call for a safety report. A PV agreement should set out the respective PV responsibilities of each party, who the QPPV is, who will manage actions relating to adverse reactions and associated reporting. For a distributor, the obligation might simply be to forward all relevant information to the MAH – unless that company also has a remit for local PV activities.
The manufacturer will need procedures in place to be able to collect such information (quality system and PV procedures) and to train their people in pharmacovigilance, not least because the MAH will need to perform PV audits of the manufacturer, at regular intervals as determined as part of their own risk-based-approach to PV.
Lesser failings, but nonetheless important to put right, include the omission of special situation reports, and provision for archiving, retention periods and exchange of information following the termination of an agreement.
4. Failings with the Pharmacovigilance System Master File (PSMF)
The Pharmacovigilance System Master File (PSMF) is one of the main documents of the company’s PV system. It should provide a very clear overview of all critical PV processes and procedures for managing adverse events and safety signals; the key stakeholders; full details of the QPPV and their experience and contact details; documentation showing how the organisation will manage compliance with the legal requirements; key performance indicators (KPIs) and the rationale behind these.
The first version of the PSMF needs to be in place prior to MAA submission. Although it is acceptable that some information is not provided in the initial document (such as compliance detail), descriptions of what willbe implemented should be provided.
The PSMF must be kept up-to-date at all times, so there must be a process for ad-hoc revisions as well as periodical updates. If the competent authority asks to see a copy of the File, companies must be able to deliver a fully updated document within seven days. Failings can be for something as simple as poor formatting or omitting an index to allow easy navigation. If the PSMF preparation is subcontracted, another oversight inviting a penalty might be the lack of MAH involvement in any document revisions.
5. Inadequate QPPV oversight
If the Qualified PV person (QPPV) – who carries personal liability for PV failings, in addition to any company penalties – does not have sufficient oversight of the process for safety variations preparation, submission and implementation, or over KPIs and adverse event reporting, this could also result in a failed inspection and potential fine. The QPPV needs to have access to PSMF as well as authority over its content, especially in the case when the PSMF is located in a different location from the QPPV. It is also important to guarantee that the QPPV has access to the global safety database.
6. Insufficient attention to risk management
This is one of the topics with largest number of critical findings over time during inspections, and includes findings related to poor maintenance of product information (routine risk management) or to implement additional risk minimisation measures (aRMM), such as educational materials or pregnancy prevention programmes.
7. Failure to consistently collect and manage safety information
Often the breakdown here is a failure to identify and track all potential sources of spontaneous safety data, or to reconcile adverse event monitoring activity with medical information and product quality complaints. This can lead to safety signals being missed. Failing to properly validate the database for Individual Case Safety Report (ICSR) management can also lead to a fine, especially for SMEs which can’t justify the cost of a top-of-the-range PV database.
Using spreadsheets or other tables to manage validation is not acceptable, but there are affordable options to formalise activity here. Failure to transfer safety data from previous MAHs during an acquisition can also catch companies out.
8. Ongoing gaps in safety evaluation
These concern benefit-risk and signal management and aggregate reports (PSURs). Common mistakes include inaccurate sales and patient exposure figures; the inclusion of unrelated adverse event reports; failure to include relevant cases in the benefit-risk analyses; and late updating of product information. Other issues include failure to discuss all sources of potential signals; and a lack of rationale for the report frequency.
9. Poor links between departments/with third parties to support complete and timely safety information
It’s important to include teams monitoring MAH web sites for comments/safety reporting, and keep tabs on any general company email addresses that people might use to report safety data.
10. Failures in business continuity provision
This includes validating controls over access to sensitive patient medical information and, if fireproof/waterproof filing cabinets have been swapped for digital archiving, that such systems meet all required parameters.
Taking action: performing a gap analysis
One way for organisations to gain peace of mind that they are fulfilling their own respective obligations is to pursue unbiased feedback on current provisions from professionals with experience of a diverse range of approaches and systems. They will be able to bring to bear the latest best practice, based on the effective ways other companies are tackling this – or perform a gap analysis that can help target remedial action.
In due course the EU should clarify its guidance, so each stakeholder group will be better able to understand what they need to aim for. It’s important not to wait until then, however. Competent authorities are starting to perform remote inspections now, which is likely to lead to increased coverage and frequency of these spot-checks as more auditor capacity is freed up.
Vanessa Fachada Oliveira, is a Pharmacovigilance Manager & EU QPPV at Arriello. She is a qualified Pharmacist with deep knowledge of Pharmacovigilance legislation, and extensive experience in PV, Quality Management and Medical Information. Based in Lisbon, Portugal, Vanessa supports clients both as a PV consulting specialist and as a global EU QPPV / deputy QPPV or LPPV for the local territory. Arriello is a global provider of innovative, high-impact market access, regulatory affairs & pharmacovigilance solutions and services for pharma and biotech firms primarily in Europe and North America.