April 7, 2014

FDA Seeks to Plug Swiss Cheese-size Holes in Medical Device Security Systems

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

The Internet giveth and the Internet taketh away.

For years, we’ve been hearing about the benefits online tools will bring to the medical industry, especially at hospitals and physicians’ offices.  Many of those promises have come true, and its been a benefit for patients and industry.

But that sound you are hearing could be the other shoe dropping.

Perhaps reacting in part to a sobering year-long series by The Washington Post finding big, big holes in medical device security systems, the FDA this week (June 17) issued a new safety communication suggesting the hospitals take this threat to medical devices seriously.

Meantime, the FDA have been busy beavers. Last week the agency issued an alert and notices bulletin advising the industry to shore up key medical device security provisions.

Among its recommendations for responsible medical device manufacturers:

  • Swiss CheeseKick the tires on your program designed to limit unauthorized device access to trusted users.
  • Utilize stronger security controls such as user authentication, user ID and password, smartcard or biometrics; strengthening password protection by avoiding hard-coded passwords and limiting public access to passwords used for technical device access; physical locks; card readers; and guards.
  • Use design approaches that maintain a device’s critical functionality, even when security has been compromised, known as “fail-safe modes.”
  • Provide methods for retention and recovery after an incident where security has been compromised

No, neither Woodward or Bernstein were involved in The Post piece, but its pretty thorough and damning for the medical device industry nonetheless.

Security analysts at cyber security firm Cylance found it was depressingly easy to figure out hundreds of passwords for sensitive surgical equipment, patient monitors, among others.

“We stopped after we got to 300,” Billy Rios, who found the passwords with his colleague Terry McCorkle, told The Post.

They tell me Swiss cheese holes are the result of bacteria popping (some use a grosser word). I’m no foodie, leaving that to fellow blogger Kim Egan and celebrity chefs, but I do understand that these are “good” holes.

Holes in medical device security programs are not among them.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Taste’s Like Chicken — With a Side of Bacteria

Kim Egan

Kim Egan, Founder, Saltbox Consulting

FDA’s latest Annual Meat Report is out.   It analyzes foodborne bacteria in retail meat, particularly salmonella, campylobacter, enterococcus and E. coli.   Salmonella causes typhoid.  Campylobacter causes spontaneous abortions in animals and opportunistic infections in humans.  Enteroccus can cause meningitis and E. coli is the most common source of food poisoning.

Suffice to say, the news is bad.

The number of antibiotic resistant microbes in retail meat is going up, not down.   Over half of all retail meats – 55.7 percent — test positive for E. coli.  Contrary to popular belief, pork chops have the lowest prevalence – 30.4 percent – while ground turkey has the highest at 76.7 percent.  In fact, pork and beef came out rather well in this report, relatively speaking, compared to retail chicken and ground turkey.  Chicken and turkey do so badly, in fact, that it is amazing anyone eats retail poultry at all.

T-boneThe report also analyzes the extent to which these food contaminants are resistant to antibiotics, and assigns p values to measure statistical significance.  In other words, FDA made sure its findings are real and not the result of chance.  It turns out that:

  • Over a third (33.5 percent) of the contaminants in retail chickens and almost a fourth (22.4 percent) of those in ground turkey are resistant to third-generation cephalosporins.   Third-generation cephalosporins are supposed to be effective against hospital-acquired infections, pneumonia, and meningitis.
  • Almost half (40.5 percent) of contaminants in retail chickens and over half (58.4 percent) of those in ground turkey are resistant to ampicillin.  Ampicillin is supposed to be effective against staph infections, strep, and the flu. FDA said the change in ampicillin resistance in turkey from 2002 to 2011 is a “highly statistically significant” result.
  • Tetracycline resistance in poultry is up.   Tetracycline combats cholera.  So, that’s more bad news.
  • Gentamicin resistance in retail chicken and turkey is higher than that in beef and pork, or 20 percent compared to 5 percent.  We use gentamicin to fight staph infections, along with  the pathogens found in decomposing animal matter, sewage, manure soil, and human and animal feces.

On the theory that The Truth Will Set You Free, we can expect FDA to do something about this, right?  No.  Prediction: All FDA will do is write more reports and approve ever more powerful antibiotics for animals.

Makes you a little sick to the stomach, doesn’t it?

Kim Egan is the Founder of Saltbox Consulting, a firm that provides legal and compliance advice to entities regulated by FDA and USDA.  She can be reached at kim.egan@saltboxlaw.com and on Twitter at @saltboxlaw.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Part II: Next Practices for Selecting an Enterprise Quality System

John Moroney of AssurX, Inc.

John Moroney, VP, Sales, AssurX, Inc.

Note: In part one, we looked at how to approach the selection process, assess vendor capabilities, and find the right philosophical “match” for your particular organization. In part two, we’ll take you through next practices for scoring vendors, conducting an effective vendor search, and clearly defining project scope and costs.

Beware of how to measure. Companies frequently will devote significant effort and elaborate scoring methods to grade vendor functions resulting in very precise but ultimately irrelevant scores. Academic studies of software project success indicate that product functionality contributes less to success than the customer and vendor implementation team and process.  Keep the assessments simple and double check major variances with the team members and the vendor.

One approach to avoid feature/function obsession is to develop scenarios for vendors to demonstrate. Select one to three primary areas of business improvement (CAPA, Customer Complaints, etc), develop an outline of how the team would like these processes to be and review the outline with key vendors. This may result in a more detailed scenario for each vendor to demonstrate, or simply request the vendors to show how they would support the original description.

Once the team has narrowed down to the final one or two vendors, it is advisable to speak with customers, but first consider what questions you would like to have answered. This will achieve at least three things:

  • Focus the team on the primary concerns with the vendor/product/project.
  • Assure that the reference company is appropriate.
  • Allow the reference company to have the correct person available.
  • Not miss any key points during the meeting.

This can be an excellent time to hear the lessons learned by the customer – not just about the product or vendor but the project itself and how it has evolved over time.

Quality WhiteboardDefined Project Plan and Costs

At this point the team should have firm costs and establish (possibly with the vendor’s help) a project timeline. If it has not been done already, a business case justifying the project is frequently required to secure executive approval.

The most common source of frustration and delay at this stage is the team not knowing the internal process for getting the project approved. In many companies a capital request and presentation is required. Contracts and agreements usually must be reviewed and/or modified requiring procurement and possibly legal resources. Vendor setup and approvals and possibly background checks may also need to be done. Depending on the company, a separate plan to work through this stage is sometimes helpful.

Often your project is vying with other capital needs for funding. Furthermore, few members of the capital committee or approval executives will know much about your project. It can be useful to create a summary presentation describing the business need for this software, the vendor selection process, general project plan, the benefits and when they will begin to accrue. Include the alternatives as well and the recommendation and consider framing the presentation to address these questions:

  1. Why do anything?
  2.  Why do it now?
  3. Why this recommendation/alternative?
  4. What does the company need to invest – not just money but what resources?

Closing

Embarking on the implementation of a new EQMS is much like any project where change is necessary. Success will hinge on consistent effort and working through obstacles and resource limitations as well as resistance to doing things differently.

Here are some final tips to help ensure success:

  • Secure solid management support – make sure the project leader has been given the time, the resources and organizational support necessary.
  • Get requirements defined, agreed upon and documented – reference and revise frequently.
  • Avoid the geek factor –  beware of flash. Remember, features can often be added later.
  • Don’t let perfection be the enemy of the good – a version 2.0 can come later.
  • Strong team and communication – better to get issues out early.
  • Focus on small wins, quickly – iterate, test and refine along the way.
TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Part I: Next Practices for Selecting an Enterprise Quality Management System

John Moroney of AssurX, Inc.

John Moroney, VP, Sales, AssurX, Inc.

Editor’s Note: In this two-part series, you’ll learn the most effective ways to select an Enterprise Quality Management system, why it’s a critical long-term decision, and common pitfalls to avoid.

First, let’s simplify things a bit: Selecting an Enterprise Quality Management system is no different than any other major business purchase decision. Broadly speaking, that means you’ll face similar issues and risks you’ve encountered before.

So, if you’ve already got experience making big purchases, you should begin the process with a relatively high degree of comfort.

Unfortunately, most companies do not make major purchase decisions very often, whether buying an enterprise software system, purchasing or leasing a new facility or committing to a major piece of capital equipment. These decisions have long lasting effects and can be career enhancing or threatening for those involved.

With that in mind, let’s examine some proven ways to improve your selection process.

Having a plan is usually the best approach, but what should the plan include? Experience shows the best have several stages:

  • Defining requirements & project objectives
  • Initial investigation of options
  • Detailed vendor reviews (not just product!)
  • Defined project plan & costs
  • Corporate approval and kickoff

quality circleConsider that this process will likely take several months, so one of the first steps is to set expectations within your organization. Explain to colleagues and superiors that this is like a major remodeling project. It has many steps, will require time and effort, and you only want to do this once, correctly.

Defining requirements & project objectives

It is surprising how few companies spend enough time defining the objectives and success metrics a new EQMs should deliver.

Start with the key business issues you want to address. For example:

  • Is there an inability to understand the root cause of product failures? How big is the problem – quantity, dollar impact, lost customers, etc. Who in the company is affected? What are the KPIs (Key Performance Indicators), and what values would be considered excellent? How difficult is it to collect that information?
  • What is the cost of supplier quality and how can that be reduced or charged back? Who are the best suppliers and the worst? What do they cost the company per year?
  • Is it difficult or impossible to determine how many complaints are received by a customer? What were the reasons for those complaints? How many were resolved and how long did it take? Who would like to have that information, and what is it worth to the company?

Performing this exercise yields three outcomes:

  • What constitutes success for this project?
  • What are the potential financial benefits of the project and agreement on what the project investment should be (the budget)?
  • What product/vendor capabilities are required to support the outcomes?

Although this stage of the project may be done by an individual, the creation of requirements should be based on interviewing all of the key stakeholders including users, managers and executives. A project selection team should also be recruited from these ranks and most often should include IT professionals as well.

Initial investigation of options

With so many options available, how can the team be sure to include the best choices? First, understand what the corporate ERP system vendor can deliver. Often this will be both the least expensive and the easiest to deploy, and at the very least should be evaluated to provide a base line to compare against other best of breed choices.

Some companies have a strict policy that no third party applications will be purchased unless a strong business case for not using the ERP vendor’s modules is first made. In larger companies, other divisions or business units may have already implemented an EQMS. Not only is there much to gain by interviewing those users, there may be corporate edicts or at least preferential pricing and implementation resources already available for deploying that product.

Other choices can be found through web searches, trade shows, etc. but one of the best approaches is to network with industry colleagues. Not only will you benefit from their experience, but to the extent their vendors have a focus upon your industry, best practices will be available to your team. Frequently, customers will have suggestions and possibly preferences for what system to select or at least a short list of what their other suppliers use.

Certainly one criteria at this point is cost, but another is whether to purchase the software or subscribe to a hosted solution. Some vendors offer both forms, but many do not, so part of the initial criteria needs to be settled with the IT organization and corporate policy.

Most companies will want to consider vendors with customer profiles similar to themselves, whether by size, industry, technology, etc. and/or a strong user group. For example, life science, aerospace and automotive companies have specific needs which will narrow the field of suitable vendors. It is important to engage the IT organization because there may be preferences for certain technology platforms such as Oracle versus Microsoft databases or integration to specific ERP systems.

How many vendors should be evaluated? It is difficult for a team to devote time searching for a vendor selection and “fitting in” their normal work; therefore most companies might interview six to ten vendors but whittle that down to three or five vendors for the next phase of detailed vendor reviews

Detailed vendor reviews

Now that your team has created a short list, it makes sense to take a deeper dive. Much of the focus at this stage should be the product functionality, and maybe “look and feel”. It is critical to establish criteria at this stage, as a “pretty” product may not be the best product available for your company. In the software industry a term frequently used is the “whole” product – not just the software. That would include, beside software functionality, elements such as:

  • Support – uptime performance metrics, Level One support issue and response times, what is the support process and what are the metrics?
  • User community – is there one, how active, who participates, is it vendor or customer driven?
  • Industry domain knowledge – does the vendor know your industry and have support staff with experience. Does the vendor know how to work with companies your size and scope?
  • Product reliability – how often do customers have problems, how severe are they?
  • Implementation track record – how often do customers fail to implement? Why? Is there an implementation process?
  • Vision and direction – is the vendor commited to being an EQMS, do they have a product plan and does their product and market strategy align with your company’s plans?
  • Customers – who are they and do they align with your kind of company? Are they highly dependent on the vendor or can they support themselves?
  • Total cost – beyond the initial project, what costs could there be in the future? Additional users, modules and/or changes? Is there a cost for future versions? What cost protections will the vendor provide? What are customer experiences?

Leading vendors understand the elements of the decision process and will be forthcoming with information. Successful sales people, who have participated in dozens if not hundreds of selection cycles, have a deep understanding of your industry’s best practices and the options in the market – usually much better than consultants or program managers who may lead selection projects only a few times per year.

Note: In part two, we’ll look at the most effective ways to “score” vendors, narrow the search process, and define project costs and scope.

 

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Employees Must Wash Hands

Kim Egan

Kim Egan, Founder, Saltbox Consulting

On January 4 2013, FDA took the first step in its history to regulate produce farmers. The agency issued a 547-page proposed rule that spends a lot of time reducing everything humanity has learned about plants since agriculture emerged in the Fertile Crescent 10,000 years ago in to U.S. Government jargon.

It is interesting reading if you like that sort of thing. There is an entire section devoted to the hazards of sprouts and another to the taxonomic and agricultural definition of mushrooms. FDA takes no position on glass or metal fragments in soil, but the “hazards unique to cilantro” warrant mention. We are introduced to an excellent new phrase: “pre-consumer vegetative waste.”

There are some stupid new acronyms, like Raw Agricultural Commodity (RAC) and some blindingly obvious regulatory findings, such as: “The statutes we describe above, and previous interpretations of the concepts of RACs and processed food as set forth in the 1998 Joint EPA/FDA Policy Interpretation and the Antimicrobial Guidance, lead FDA to tentatively conclude that the basic purpose of farms is to produce RACs and that RACs are the essential products of farms.” (Translation: Farms grow produce and produce is what farms grow.)

farmThere are also a lot of exemptions, such as food grown for your own use and food that is not normally consumed raw. This means that FDA’s first ever effort to regulate farmers does not apply to asparagus, corn, eggplants, figs, lentils, peanuts, or potatoes, among many others. Figs? Why not figs? Fresh black mission figs on a cracker with brie are yum…

To spare you the agony of reading the whole thing, I have boiled the whole 547-page proposal down a few key points. If you are a farmer:

  • Wash your hands.
  • Clean your equipment.
  • Send sick employees home (this means infectious diseases as well as suppurating wounds).
  • Change your clothes if you just spent a bunch of time shoveling manure.
  • Don’t put portable toilets smack in the middle of your irrigation source.
  • Don’t dump raw sewage on your fields.
  • Don’t let dead wildlife decompose in your fields.
  • Don’t harvest rotten apples.
  • Don’t bother with Purell; it doesn’t work on actual clods of dirt or manure.

Were I Queen, I would add:

  • Wash your produce before you eat it.
  • Know where your produce comes from, and don’t eat it if it came from a sewer or a nuclear power plant.
  • Follow the “Diplomats Rule” when traveling, i.e.,:
    • things with rinds or husks (oranges, nuts) are usually safe
    • things filled with water (lettuce, tomatoes and cucumbers) less so,
    • eventually you will acclimate, and
    • alcohol cures all.

But this is in fact a serious topic and I think the Food Safety Modernization Act misses the point. FDA really can’t do this by itself and the produce farmer is not the problem. If we want to improve the safety of our food supply, we need to:

  • Figure out a way to keep pharmaceuticals out of the water supply. If they aren’t in the water supply to begin with, they won’t end up in our lettuce and cucumbers.
  • Figure out a way to reduce our over-reliance on antibiotics. We would be less susceptible to food-borne illnesses in the first place if we didn’t routinely carpet bomb the flora in our bodies that keeps us healthy.
  • Figure out a way to prevent surface water run-off. I propose building codes that require green roofs for all new commercial structures over a certain size, and that require green verges on all new roads, etc.
  • Apply existing tort law to food producers who negligently or intentionally put a dangerous food product (raw or otherwise) into inter-state commerce. For biotech crops and hybrid seeds, this could include design defect and manufacturing defect claims, which can carry substantial financial penalties.
  • Take serious steps to increase agricultural biodiversity, which would include ending or seriously reducing subsidies for corn, wheat and sugar, and encouraging effective crop rotation.
  • Solve the problem of migrant farm labor. We depend on undocumented workers to harvest our crops because it turns out that picking tomatoes it not really “unskilled labor,” as the recent example of Alabama shows.

In the meantime, let’s keep things in perspective. A little dirt never hurt anyone.

Kim Egan is the Founder of Saltbox Consulting, a firm that provides legal and compliance advice to entities regulated by FDA and USDA.  She can be reached at kim.egan@saltboxlaw.com and on Twitter at @saltboxlaw.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Utility Industry Grapples with Larger NERC Enforcement Penalties

Vice President, Energy & Utilities Compliance, AssurX Inc.

Vice President, Energy & Utilities Compliance, AssurX Inc.

As we approach the sixth year of mandatory compliance with the NERC Standards, we can see that NERC and the Regions are becoming more experienced dealing with the audit findings and penalties.  As shown in the last two releases of NERC enforcement actions, the non-compliance fines are larger and larger.  We have seen some penalties well over $500,000 (see $725,000 and $950,000 fines, too.)

Some registered entities are leading by example, with strong compliance programs and engagement with industry.  Registered entities are sharing experiences with each other in forums and workshops. They’re talking about their experience with Electric Reliability compliance software, and hiring consultants for independent reviews.  A few companies have even implemented the needed internal corrective action programs (CAPA) that benefit their Find, Fix, Track and Report (FFT) initiatives.

That’s the good news!

The relative bad news is that registered entities are still out there trying to doing the absolute minimum for NERC compliance.  There are reasons for this including a tough economy and over-worked resources.  Registered Entities that have tried to maintain compliance with limited resources and managing through many spreadsheets, weak document control, and lack of proper compliance participation in the industry.  We are still seeing common mistakes out there that can be easily corrected.  As the top Electric Reliability software provider, we see best practices that can anticipate or correct these problems.  Our customers are sharing their success with other companies.  Some of those successes include:

Registered Entities need to take a look at best practices, talk to their industry counterparts and evaluate their programs. They also need to look at strong compliance software tools, remove burdensome internal processes, and build a reliability culture that will be engaged, proactive and identify issues before they become signification violations.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

ICF International and AssurX, Inc., Partner to Provide Utility and Power Companies with a Complete, Outsourced NERC Compliance Management Solution

ICF International and AssurX, Inc., leading providers of consulting services and technology solutions, today announced a strategic partnership to provide comprehensive outsourced NERC compliance management solutions to the energy and utilities industry.

ICF’s industry expertise and regulatory experience combined with AssurX’s proven software solution creates an unsurpassed suite of services with the depth and breadth of capabilities to support energy sector clients in achieving their NERC compliance goals and objectives.  The combined solution provides NERC (693) and NERC compliance software services, as well as in-house CIP Cyber Security help.

Michael Sanchez, ICF

Michael Sanchez, Vice President, ICF International

“We are excited to team with the industry’s leading NERC compliance software developer to provide companies with a comprehensive set of outsourced NERC compliance management services.  By combining the capabilities of AssurX and ICF, we look forward to helping our clients maintain NERC compliance so they can reallocate internal resources to other high value initiatives,” said Michael Sanchez, Vice President, Energy Risk and Compliance for ICF International.

Energy companies in today’s market face constant challenges in meeting and complying with NERC standards but not all of them have the internal resources to effectively manage NERC compliance, and many have been forced to assign these responsibilities to already heavily burdened employees. This strategic partnership brings together ICF’s compliance assessment and advisory services with the AssurX One™ program to provide complete outsourced compliance management services.  Together, ICF and AssurX provide clients with unparalleled expertise, and these services can be provided for about half the total cost of a full time compliance employee.

The combined outsourced solution includes:

Managing Regulatory Compliance and Best Practices (ICF)

  • Ongoing reliability compliance assessments
  • Monitor standards under development
  • Communicate approved changes to standards
  • Self-certification management
  • Annual NERC awareness training
  • Annual management presentation
  • Maintain ICP documentation

AssurXOne ™ Secure OnDemand Software Solution

  • Document management and evidence collection
  • Seamless automatic regulatory updates
  • PRC and maintenance compliance
  • Corrective action process (NERC find, fix, track reporting)
  • Built-in metrics and dashboards
  • Audit and self-certification management
  • No hardware/software to install
  • No internal IT support required
  • Highly secure data center (SAS 70, Type II Certified)
  • Quick software implementation and training
  • BES cyber security (CIP) management

“A comprehensive compliance solution is needed for the registered entities that do not have the day-to-day resources to maintain a strong compliance program.  There are continual changes within the NERC regulated industry and smaller entities are having trouble keeping up. With the industry experience of ICF International and the proven AssurX NERC compliance software program, this solution could benefit many registered entities.” said Trey Kirkpatrick, VP Energy & Utilities Compliance Services.

About ICF
ICF has been a market leader in energy consulting for over 40 years, and currently employs over 4,500 experts. Our NERC Compliance and Electric Reliability Solutions Group has provided NERC compliance services since 2006 to clients in all eight NERC regions. For more information, please visit: http://www.icfi.com/nerc.

About AssurX
AssurX, Inc., provides highly regulated organizations with enterprise quality management and compliance solutions. With a choice of OnDemand (SaaS) or OnPremise (licensed) software delivery options, AssurX’s flexible, all-in-one system automates quality and compliance processes so issues can be centrally managed. It helps collect, organize, analyze and share information to better manage and improve quality and compliance performance everywhere in your enterprise. More information is available at www.assurx.com.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Senate Bill Could Speed Drug Delivery – But FDA Deserves Better Treatment

Patrick Stone, President, TradeStone QA

Speed up approval for new health care products and minimize the major drug shortage. Sounds good so far, right?  Let’s hope lawmakers get this right with a new bill designed to speed delivery and avert shortages of life-saving medicines.

Throughout FDA’s history, the speed of drug, device, and biologics product approval time has swung pendulum-like first faster, then slower.  Then faster and, lately, slower.  Get the trend?

Let’s get some perspective on this with a brief review of recent history. First the product approval time is sped up and then three years later the first new products are approved for our health care market. Then two years after approval, our large and diverse market starts having adverse reactions or even death to these approved products. The story drastically changes roughly 6 to 7 years after Congress calls on the FDA to “speed” up the process. This time Congress calls on the FDA to “slow” down and take more review time.

As a former FDA inspector, I can speak to some of the behind the scenes problems for FDA in complying with a congressional mandate to speed up. The FDA will now have to ramp up training for new and old inspectors to conduct many more clinical trial inspectors, plus additional reviewers. In fiscal year 2006 there were a total of 248 CSOs conducting bioresearch monitoring (BIMO) investigations (Principal Investigators, IRB, Bioequivalence, Contract Research Organizations / sponsors, and Good Laboratory Practice). Just 84 of the 248 investigators (34%) only conducted one inspection. And 21 of 248 (8%) conducted nine or more BIMO inspections (this all from the FDA website). The number of inspectors in 2012 is about the same number as in 2006 (248) give or take fifty inspectors.  There are hundreds of thousands of ongoing clinical trials that need review and inspection. How long do you think it will take FDA to ramp up training qualified inspectors for this job?

Congress should think about tackling these separate issues in separate bills in order to appropriate the funding for each of them. More than 80% of the funding congress gives FDA is earmarked for food work. If congress allowed FDA to focus more on drugs, biologics, and drug review, drastic extra funding may not be necessary.

In order to speed up new health product approval you need more BIMO inspections (Center directed work). In order to mitigate more drug and device shortages the FDA needs more certified Good Manufacturing Practice (GMP) and Quality Systems Inspection Technique (QSIT) auditors (District directed work).  These two groups of investigators go through years of training.

The drug and device approval process is not like a supertanker ship that can easily be sped up and it takes more effort than flipping a switch. The drug shortage problem will be solved by less regulation of private industry, not a “new law” adding burden to manufacturers.  I look forward to reviewing the final bill or law that comes out of this brave new plan. The FDA has been granted the user fee application process in order to fund necessary operations. This vital money received will hopefully be used to train new BIMO, GMP, and QSIT inspectors. These inspectors will in turn help speed up the new health product approval process. These complex problems demand complex answers measured in years not weeks.

Patrick Stone is the author of Bubble Gum Badge – An FDA His-Story. You can also follow him on Twitter.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

CDRH 2012 Strategic Priorities Emphasize QA, Life Cycle Management

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

Deciphering the FDA is a bit like trying to understand what the old USSR was up to in the days of the Cold War.  In those days, it was called Kremlinology, or the study of a complex, secretive organization.  We need a catchphrase for those of us today who try to figure out what the FDA means when it says something, or what it means when it says nothing, or what it means when it tells you what it means. You get the idea.

The FDA has been talking a lot of late about transparency. Its 2011 initiative is an agency attempt, it says, to open up about how it does business. FDA is accepting comments on it until February 28.  The jury is still out on whether this initiative will accomplish much.

Our latest piece of FDA evidence is CDRH’s 2012 Strategic Priorities.

CDRH devotes the Introduction of the document about looking ahead to patting itself on the back for its 2011 achievements, e.g. its report, “Understanding Barriers to Medical Device Quality,” that reviews the challenges that the FDA and industry face in supporting well‐integrated, best‐quality manufacturing practices and strategies that industry and the FDA can take to overcome these barriers.

CDRH also reminds us that “to complete this work [in 2011] our staff went above and beyond their already demanding workload. This is a remarkable achievement.”

Good to know.

In 2012, CDRH says it will continue to emphasize four priority areas:

  1. Fully Implement a Total Product Life Cycle Approach
  2. Enhance Communication and Transparency
  3. Strengthen Its Workforce and Workplace
  4. Proactively Facilitate Innovation to Address Unmet Public Health Needs

CDRH promises in 2012 to “improve” its premarket programs. By April 1, it pledges to begin its Triage of Pre-market Submissions Pilot to “increase submission review efficiency and better manage the pre-market review workload.”

And by the end of the year, CDRH pledges to publish a proposed rule to clarify the circumstances under which it could rely on clinical studies conducted in and for other countries. CDRH also says it will finalize all guidance documents it has issued as part of its overall plan to improve its premarket programs.

We’ll keep an eye on these and other promises throughout the year and report back as FDA hits or misses its own targets.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Lilly CEO Calls on FDA to Lighten Up

Michael Causey, Editor & Publisher, eDataIntegrityReport.com

The FDA has to speed up adoption of a “Benefit-Risk Framework” to improve decision-making in the regulatory process, said John Lechleiter, Ph.D., chairman, president and CEO of Eli Lilly and Company.

Speaking at recent industry conference, the CEO of the drug giant called for a regulatory process that focuses both on recognizing and appreciating benefits while identifying and minimizing risks. Such a balanced approach would help increase the flow of needed medicines to patients and reverse a trend of fewer new drugs getting approved, he said.

“The stakes are high,” Lechleiter said. “The only way to make inroads against [chronic and other] diseases is to sustain the pace of medical progress.”

The FDA appears to be a bit on the defensive here. It recently issued a report touting its record approving drugs it says demonstrates it isn’t stifling innovation at all thank you very much.

The backdrop to this battle is the upcoming reauthorization of the Prescription Drug User Fee Act (PDUFA) V. Originally enacted in 1992, PDUFA and its iterations set the foundation for how FDA will manage the drug review process for five years, beginning in October 2012.

Lilly’s Lechleiter stressed the importance of a non-partisan course for reauthorization. “As a basis for the drug review process, PDUFA is too important to get bogged down in partisan politics,” Lechleiter said. “As Congress considers reauthorization next year, we hope to see a ‘clean’ bill – one free of extraneous and controversial provisions that would politicize the bill and further complicate matters for all parties.”Lechleiter said the regulatory system must continue to evolve to meet 21st century needs.

Lechleiter offered five key characteristics of a “state of the art” regulatory approval system:

  1. Timely – “There are far too many conditions for which therapy is inadequate or nonexistent. We need a system that is not only effective, but efficient as well.”
  2. Predictable – “The system must be predictable in its judgments, its decisions, and the criteria on which those decisions were based – whether scientific, ethical, legal, etc.”
  3. Consistent – “The system must be consistent across review divisions using standardization and repeatable processes – so that an innovator clearly understands the regulatory requirements and so that institutional learning can be harnessed to replace time-consuming one-off learning by review groups and division.”
  4. Transparent – “The system needs to be transparent in its judgments and criteria so [stakeholders] understand the rationale for its decisions.”
  5. Scientifically rigorous – “This requires scientific expertise within the agency – or access to the expertise – that understands, engages in, and influences the constantly evolving external scientific environment and ensures that standards are up-to-date.”

Lechleiter also discussed ways to strengthen a medicine’s benefit and lower its risk, including calling for greater emphasis on improved outcomes for individual patients, through the development of tailored therapeutics.

“From the point of view of patients and their doctors, a tailored therapy will provide a better benefit/risk trade-off, because they can have a higher degree of confidence that it will work effectively and with minimal harmful side-effects relative to the benefit obtained,” said Lechleiter. “From a value-for-money standpoint, tailored medicines should also reduce the heavy costs associated with non-responders. In other words, payers will get what they are paying for.”

Cry havoc and let slip the dogs of war. This one isn’t over by a long-shot.

TwitterFacebookGoogle+LinkedInEmailPrintFriendlyShare

Switch to our mobile site