Building a Culture of Compliance and Risk Management · 2005-08-24 · Managing A Compliance...
Transcript of Building a Culture of Compliance and Risk Management · 2005-08-24 · Managing A Compliance...
Geoffrey LevittChief Counsel, Regulatory and Research
Building a Culture of Compliance Building a Culture of Compliance and Risk Managementand Risk Management
August 26, 2005August 26, 2005
2
Pharma Companies
FDA
OIG
StateAG
HHS
DOJ
FTC
USPTO
FBI
EMEA/CPMP
3
Compliance
n Compliance With What?Law and regulationGood manufacturing practicesAgency expectationsInternal rules
n How Is Compliance Achieved?Setting expectationsMeasuring attainmentEnforcing compliance
4
Compliance: Ultimate Goals
n Patient HealthQuality ProductAdequate Supply
n Regulatory CompliancePass inspectionsStay out of trouble
n Business SuccessSell productMake money
5
Risk Management
n What “Risks” Are We “Managing”?How do we assess risks?How do we compare risks?How do those assessments and comparisons guide our behavior?
n What Does Risk Management Have To Do With Compliance?
6
Basic Rules: FDA GMP Requirements
n Food, Drug, and Cosmetic Act: 1938: SafetyFactory Inspections
n Legal Authority for GMP Requirements: 1962 n Major GMP Regulations: 1978 n Major Court Test: 1993n Risk-Based Quality Initiative: 2002 n Tension: Compliance vs. Flexibility
7
Principles
n Purpose: “Assure that all members of the drug industry are made aware of the level of performance expected of them to be in compliance with the act.”
n Goals:General enough to be suitable for essentially all drugs;Flexible enough to allow sound judgment and innovation;Explicit enough to provide clear understanding of the rules
n Approach: Describe what needs to be done, provide latitude as to how.
8
FDA Enforcement: Modern Era
n Sea change: regulators (pre-1990) to enforcers NAFs and Reg Letters replaced by the Warning Letter (1991)Explicit notice of violation and threat of regulatory action without further notice
n Barr Case (March 1993) Aggressive FDA vs. combative companyNegotiations break down; Barr pre-emptsFDA strikes back; PI to shut Barr down
n Surprise: FDA Wins!GMPs are what FDA says they areCourts will enforce
n Lesson: Don’t Take FDA On Over GMPs
9
Consent Decrees: Features
n Responsible Individuals Named n Additional Inspection Authority n Enhanced Powers: Recall, Shutdownn Outside Auditor - Reports and Certification n Timelines With Financial Penalties n Contempt Penaltiesn Disgorgement (Optional)
n A Private Regulatory “Micro-Regime” for Company
10
Beyond The Enforcement Model: A Risk-Based Approach
n Concerns About The Enforcement Model:Stifling innovationMisallocating FDA and industry resources
n Solution: Calibrate Compliance Intensity Based On Risk Factors
Complexity of product/processLack of defined process variables Potential impact of an error on product quality Public health impactManufacturer’s compliance status
11
Beyond The Enforcement Model: A Risk-Based Approach
n Focus On The PatientView quality elements from perspective of ultimate goal: ensure safe, effective, pure product for the patientGuides how expectations are set (regulations and requirements) and how compliance is checked (audits and inspections)Significance of process issues is measured against health impact, medical need, and product availabilitySets a framework that encourages technological advances FDA inspections are targeted and focused based on inherent risk of product and process steps as well as compliance status
12
Culture of Compliance
n What Does It Mean In A Risk-Based Environment?
Good informationBalanced communicationEffective analysis: root cause of problemsRisk assessmentCorrective actionEvaluation
13
Managing A Compliance Culture
n Demonstrated Senior Management CommitmentEstablish explicit plans, goals, objectives Put resources into quality and complianceAlign metrics with quality and compliance Participate actively in designing and overseeing quality and complianceCreate an appropriate management structure with clear lines of responsibilityActively seek out and act upon quality/compliance information
14
Policies and Plans
n Robust Structure of Written Policies, Standards, SOPsBuilt on explicit quality objectives
n Align Quality Objectives With Business And Manufacturing Priorities
Reduce complexityDecrease variability
n Be Specific “Design processes to ensure real-time release of quality product”“Use electronic batch records”“Reduce number of SOPs”
15
Training
n Systematic And StructuredNeeds assessmentTraining curriculaTesting and certificationDocumented
n ComprehensivePolicies and proceduresRegulatory requirementsJob functionsWork culture
16
Audits
n How Often and How Deep?Complexity of the processComplexity of the productCompliance status and historyExperienceMajor product/facility changes
n For Regulators As Well As Regulated
17
Corrective Action
n Adequate InformationPeriodic reports Manufacturing/lab investigationsCustomer complaintsInternal auditsAgency inspections
n Effective Follow-upInvestigateCorrectEvaluate effectiveness
18
Safety Valves
n Robust Investigative CapabilityAdequately resourcedPlugged in to management
n Compliance Hot LinePublicizedAnonymousNo retaliationVigorous follow-up
19
What About Risk Management?
n System for assessing vulnerabilities: chances of a problem X severity of consequences
HealthComplianceSupplyBusiness
n System EffectivenessRight resourcesRight questionsRight information
20
Risk-Based Compliance: Outcomes
n Better, more informed risk decisions
n Better relationship with regulators
n Put compliance resources where most needed