FDA Law Blog - Our First of Many Drug cGMP Compliance Updates: CDER’s First cGMP Warning Letter of 2016, to Ipca Laboratories Ltd., cites Data Integrity Violations

Our First of Many Drug cGMP Compliance Updates: CDER’s First cGMP Warning Letter of 2016, to Ipca Laboratories Ltd., cites Data Integrity Violations Posted: 14 Feb 2016 09:06 PM PST By Mark I. Schwartz – [1] According to our calculations, 2015 was a banner year, from CDER’s perspective, for foreign drug facilities receiving cGMP Warning Letters citing data integrity issues. While the overall number of cGMP Warning Letters issued by CDER was only 23 (compared, for instance, to 2011 with 42), the number with data integrity issues in 2015 was 18, equaling the number from 2012, and 15 of last year’s 18 were from inspections in either India or China, surpassing the prior high from those countries of 13, in 2014. Perhaps getting off to a slower start this year, on January 29th, CDER issued its first cGMP warning letter for a pharmaceutical facility in 2016, to Ipca Laboratories Ltd., (Ipca) in Mumbai, India, as a result of inspections at three of its manufacturing facilities: the Ratlam facility, the Pithampur facility, and the Piparia Silvassa facility.   The first of these facilities manufactures Active Pharmaceutical Ingredients (APIs), and hence the firm was cited for alleged violations under 21 U.S.C. 351(a)(2)(B), while the other two manufacture finished dosage form products, and hence were cited for alleged violations under 21 C.F.R. Parts 210 and 211. The investigators observed what was referred to as “systemic data manipulation and other CGMP violations and deviations” at the three sites. According to CDER, the quality system at the three sites did not adequately ensure the accuracy and integrity of the data generated at the facilities to support the safety, effectiveness, and quality of the drugs manufactured there. Intriguingly, the Warning Letter references an admission of data manipulation from an Ipca employee, as well as an anonymous email to management regarding the data manipulation. The Ratlam Facility The Failure to have Computerized Systems with Sufficient Controls to Prevent Unauthorized Access or Changes to Data With regard to this alleged violation, CDER stated that: “[w]e found that controls on your computerized chromatographic instrumentation were not adequate to prevent analysts from manipulating processing parameters in order to obtain passing results. We also found that your computerized systems lacked controls to prevent the back-dating of test data.” As evidence of alleged wrongdoing, among other things CDER cited to a 12 month commercial stability assay test for residual solvent in the API, performed by Gas Chromatography (GC), where standards and samples had allegedly been processed using different integration parameters, with no documented reason given. In addition, there were allegedly no controls in the software to prevent analysts from manipulating the integration settings in order to obtain passing results. In what was an unusual twist for these sorts of inspections, the investigators spoke with an analyst who allegedly admitted that: “…if we find a failure, we set back the date/time setting and re-integrate to achieve passing results…” Failure to Adequately Investigate and Resolve Critical Deviations With this alleged violation, CDER is charging that the firm’s quality unit was aware of the lack of computerized controls to prevent data manipulation, and, despite that, they failed to take sufficient corrective action to prevent the recurrence of these problems. Indeed, CDER details the firm’s receipt of an anonymous email, dated August 5, 2013, which stated that: “…[t]here is no control of data in the department…Falsification is going on…Take action as early as possible...". While the firm did perform an investigation as a result of this email, CDER’s Warning Letter makes clear it did not consider the investigation sufficient to detect or correct the data integrity issues. First, the GC investigation was limited to the review of audit trails for batches analyzed on only two GCs, over a very limited timeframe, and the firm came to the conclusion that there was no product impact, or patient risk associated with the “deficient data management and retention practices”. As a result, their CAPAs were not particularly effective, according to CDER. Next, CDER looked at the High Performance Liquid Chromatography (HPLC) investigation that the firm had performed. Again, CDER concluded that the firm had reviewed the data for only a short period, and their investigation had concluded that good documentation practices were not being followed, and that the staff was insufficiently aware of the electronic records requirements under 21 C.F.R. Part 11. Again, in CDER’s view, it was clear that the investigation was inadequate. “…[A]lthough your own lengthy investigation did not capture critical deviations, our investigator’s limited review of this data during the inspection identified data manipulation, including deleted injections, re-injections, and missing injections.” Failure to Follow and Document Laboratory Controls at the Time of Performance, and Failure to Document and Explain any Departures from Laboratory Procedures. In addition to the data integrity issues previously outlined with GC and HPLC equipment, this section of the letter details CDER’s concerns with Ipca’s microbiology laboratory. “[O]ur investigators observed multiple examples of your firm’s practice of back-dating and falsifying laboratory data…. Without contemporaneous and accurate data, there is no way for you to ensure that your APIs meet specifications for the absence of objectionable microorganisms.” Examples of alleged deviations here included temperature record logbooks that had allegedly been back-dated, and media growth promotion samples (i.e., plates) where the QC worksheets for these plates contained sample preparation and incubation information despite the fact that the plates had apparently not yet been tested. The Pithampur Facility Failure to ensure that laboratory records include complete data derived from all tests necessary to assure compliance with established specifications and standards. (21 C.F.R. 211.194(a)) Here investigators concluded that they found instances of analytical test results, but they did not find the original data. For example, incoming raw materials were tested by GC, and several initial injection results had allegedly been overwritten. They also concluded that they found multiple instances of trial injections of samples, where the final tests were recorded, but the original results had apparently not been. Piparia Silvassa Facility Failure to ensure that laboratory records included complete data derived from all tests necessary to assure compliance with established specifications and standards. (21C.F.R. 211.194(a)) Here too, the Quality Control laboratory had allegedly conducted trial injections of samples but failed to report and document all of the data that the lab had generated. The firm’s laboratory controls failed to establish scientifically sound test procedures to assure that their drug products conform to appropriate standards of identity, strength, quality and purity. (21 C.F.R. 211.160(b)) The issue cited by CDER here involved the use of media with an inhibitor for gram positive bacteria (presumably for purposes of a growth promotion test) that none-the-less grew gram-positive microorganisms, specifically Staphylococcus aureus. According to the Warning Letter, the Quality Control laboratory confirmed the growth of the Staphylococcus aureus, but did not initiate any investigation, and proceeded to use the batch of media in the facility. As with most of the other Warning Letters with purported data integrity violations, CDER requested a comprehensive investigation and evaluation, a risk assessment and a strategy to implement a global corrective and preventative action plan. It will be interesting to see whether CDER concludes that these violations, together with CDER’s claims that the firm has performed insufficient remediation in response to the inspectional observations, warrant additional regulatory measures, such as import detention, of Ipca’s products at the three facilities. Rest assured, we will continue to keep you updated in future posts. [1] This post is our first of many drug cGMP compliance updates.  We will be providing regular updates of significant Form 483 inspectional observations, Warning Letters, policy pronouncements and yet other interesting information involving cGMP compliance matters emanating from CDER and CBER