While a number of GMP inspections did look at some computer systems related issues (reviewing validation plans and reports, disaster recovery plans, test protocols, change controls and the like) this appeared less detailed than is usually reported and there were a couple of interesting things of note:
- A significant number of inspections weren’t looking at computer systems validation in detail,
- There was significant discussion around enforcement actions in other parts of the business, specifically in sales and marketing.
As last weeks coordinated action against counterfeit products in the supply chain showed, there is a growing concern with what is going on outside reputable manufacturing. These actions were coordinated by Interpol and supported by industry bodies, national law enforcement agencies and regulatory agencies, resulting in the seizure of more than 1 million tablets, 76 individuals now being actively investigated and leading to the closure of almost 300 websites (with more to come).
Reputable companies may not be the focus of such activities, but regulators have other concerns with regards to what respectable pharmaceutical companies are doing as part of their everyday business and which is perceived as also putting patients at risk.
As highlighted in an opinion piece in last week’s New Scientist (written by Dr Paul Thacker, in the 16th October edition) the increase of off-label prescribing is potentially placing patients at risk, and this is increasingly likely where pharmaceutical companies exercise less than tight control on the activities of those selling their products. As a result of the US Health Reform Bill, from 2013 companies will be required to disclose payments to doctors in excess of $10 and explain why the payment was made.
All of this means that regulations and enforcement actions are extending into almost every part of a Life Sciences company. However, very few companies are prepared to deal with this situation and fail to see that Information Systems can be both a blessing and a curse.
A well-defined and ‘validated’ computerized process can enforce actions that comply with regulatory requirements and can also significantly ease the burden of regulatory reporting. However, computerized systems that are poorly defined, insecure and easy to by-pass allow people to operate outside of the regulations, either mistakenly or by intent.
As such, Life Sciences companies should be looking to leverage experience from the GMP and GDP areas, where the validation of computerized systems is, for large parts of the developed world, a way of life. To rise to these new regulatory challenges it will however be necessary to:
- Take a sensible, cost effective risk-based approach, recognising that GMP and GDP systems are usually of much higher risk and that techniques will need to be adapted to suit lower risk profile systems and applications
- Recognize that the risk is inherent within the overall business and take an approach that considers the computerized system and information technology as just one element of the overall business process and information system (remembering that information also exists in other forms).
When used wisely, information technology can help Life Sciences companies respond to the changing regulatory landscape in a cost effective manner, delivering business improvement and supporting compliance.
The other side of the coin is that we can expect increasing regulatory focus and enforcement when the regulatory issues associated with the use of websites, collaborative portals, social networking sites, CRM systems and the like are ignored.
On the positive side, Life Sciences companies have time to respond and think about how to strategically leverage the knowledge and experience that already exists within other domains within the industry (GMP etc). On the downside is that few appear to be thinking about this at a strategic level just yet. Only time and on-going enforcement actions will tell how long any period of grace will be.
Posts
No comments:
Post a Comment