Hackers Trying to Steal Drug Formulas for Counterfeiters Can Wreak Havoc

IT expert advocating for stronger pharma IT security.

This article highlights the threat that hackers and cyber-criminals pose to drug and device manufacturing systems.  MWA assesses the security of your IT systems during audits, particularly those that consider Part 11 compliance.  If you feel that your organization is protected, read this article and share it with your IT personnel.  You may want to reconsider your conclusions.

Criminals can manipulate drug production if IT systems not protected says expert

By Gareth MacDonald+, 02-Mar-2016

Hackers trying to steal drug formulae for counterfeiters can wreak havoc says an IT expert advocating stronger security for networked pharmaceutical manufacturing facilities.

PMA Supplements: Draft Guidance for Industry and FDA Staff

This guidance document describes the decision-making steps that we recommend you follow to determine whether a PMA supplement should be submitted when you intend to change the manufacturing site (including a change to the processing, packaging, or sterilization site) of your legally marketed PMA-approved device. This guidance also discusses general factors FDA intends to consider to determine whether a preapproval inspection is necessary before approval of the PMA supplement.

There is a great table that outlines the type of manufacturing site changes that FDA believes affect the device’s safety or effectiveness as well as the type of submission that should be submitted to FDA. Manufacturers are responsible for validating changes, as necessary, in accordance with the QS regulations, whether or not a PMA supplement is submitted.

Download the entire guidance here.

Foreign Particle Guidelines for API and Drug Manufacturers

APIC recently released a great guide for both API and drug manufacturers on dealing with foreign particles. The guideline differentiates between the different types of particles that can be present in a batch.

Technically unavoidable particles: particles which do not harm the health or safety of the final consumer. They should not affect the efficacy and quality of the related Drug Product due to the (chemical) harmlessness of the material and / or their mechanical attributes and low amount. Technically unavoidable particles are intrinsic to the manufacturing process, the production equipment and processing aids.

Atypical particles are particles that should not be present in final API and their presence should always trigger an investigation. These particles consist of foreign matter which is not intended/designed to be in direct contact with the product/manufacturing process. These atypical particles commonly originate from materials which accidentally or unintentionally came into contact with the product or a process stream.

The guide offers practical ways to minimize the presence of particles in APIs, proposals for limits on particle size, prevention measures, and much more.

Download the guidelines here.

2013 to 2015 Data Integrity Issues related to Computer Systems

Here is a great resource to gain an understanding of FDA’s perspective on data integrity issues relating to the use of computer systems.  FDA 21CFR Part 11 and the European Union’s focus on data integrity are resulting in an increase in the number of observations during an inspection.

Read more about cases of data integrity issues here. (updated September 2015)

Information compiled by Orlando López, Data Integrity SME.


FDA Issues Adverse Event Reporting Guidelines for Outsourced Facilities

FDA finally bears down on outsourced compounding facilities in 2015, as a result of having found dozens of potentially dangerous safety problems at 30 specialized pharmacies, in 2013, months after tainted steroid shots made by a Massachusetts pharmacy triggered the worst drug disaster in decades.

In 2012, FDA had found filthy conditions at the New England Compounding Center (NECC), the Massachusetts pharmacy at the heart of the fungal meningitis outbreak that killed 53 people and sickened 680 others. These “priority inspections” were focused on firms that produce high-risk sterile products, a key segment of the multi-billion-dollar industry that has fallen between the regulatory cracks. Read more about the corporate criminal acts committed by NECC.

Outsourcing Facility Registration and Reporting

The new law allows an entity that compounds sterile drugs to register as an outsourcing facility. Once registered, an outsourcing facility must meet certain conditions in order to be exempt from the FDCA’s approval requirements and the requirement to label products with adequate directions for use. Under the new law, the drugs must be compounded in compliance with CGMP by or under the direct supervision of a licensed pharmacist in a registered facility (section 503B(a)). The outsourcing facility must also report specific information about the products that it compounds, including a list of all of the products it compounded during the previous six months, and information about the compounded products, such as the source of the ingredients used to compound (section 503B(3)). In addition, the outsourcing facility must meet other conditions described in the new law, including reporting adverse events and labeling its compounded products with certain information (section 503B(b)(5) and section 503B(a)(10)).

Under the new law, an outsourcing facility will not be considered registered until it has paid the applicable annual registration fee (see section 744K(g)(3)(A)). An outsourcing facility may register without paying a fee until September 30, 2014, however, because fees are not required until October 1, 2014. In addition, the new law requires that outsourcing facilities register and report their products to FDA electronically unless the Secretary grants a request for a waiver of such requirement because use of electronic means is not reasonable for the person requesting the waiver (section 503B(b)). FDA has issued draft guidances on registering and reporting for those entities that intend to register as outsourcing facilities.

Download the guidance for adverse event reporting here.