Akorn, Fresenius and Data Integrity – A Journey from ALCOA to Materiality and FDA Enforcement Risk

Tommy McMaster |

The following is a redacted transcript of a live, conference call question and answer session conducted on 16 March 2018 with a leading investment advisory firm interested in the Akorn v. Fresenius merger litigation.  Jack Garvey, CEO of Compliance Architects LLC, provides background knowledge and information on FDA’s data integrity and compliance policies relevant to the litigation.

Dialogue was redacted for confidentiality purposes.  Headings are added for convenience.

 

INTRODUCTIONS & CALL BACKGROUND

[REDACTED]:  Thanks, Operator.  Good morning everyone, thanks for joining us today to discuss the FDA’s data integrity and compliance policies as it relates to the recently completed Fresenius investigation of Akorn’s alleged breaches of these policies. I’m the host, [REDACTED] and on the line with me, right next to me, is [REDACTED] covering Akorn, as well as other generics manufacturers, Valeant, Teva, Allergan, et cetera.

Our expert today is, Jack Garvey, founder and Chief Executive Officer of Compliance Architects – a leading consulting and advisory firm specializing in quality and compliance solutions for FDA-regulated manufacturers. Jack will go through his background a little bit, but I’ll just say he’s both a chemical engineer and an attorney. He has more than 30 years of experience in the field.

So [REDACTED] and I had a call earlier this week with Jack, which we found very helpful.  It was kind of the genesis of this conference call today.  The goal here is for Jack to help us dive deeper into the potential issues raised by Akorn v Fresenius.

We’ll do the call Q&A after some initially prepared questions.  We’ve obviously left time for your questions at the end. Before we start with Jack, maybe [REDACTED] can give us an overview of where we are?

[REDACTED]:  Thanks, [REDACTED].  So again, I’m [REDACTED], specialty pharmaceuticals analyst here at [REDACTED]. I cover brand and generic manufacturers, but specifically today talking about FDA regulations and enforcement with regard to data integrity.  It’s an issue that is certainly something companies deal with on a daily basis, but generally doesn’t rise to an investable issue in our space.

Some of the examples that have been in the past have been quite severe.  We have now an almost year long pending merger, and then a surprise announcement a couple of weeks ago at the end of February by the applier Fresenius that it was investigating information from an anonymous source.  They’re raising issues of data integrity in Akorn’s product development.  It’s certainly raised the specter of what could be a very serious issue.

But also in the context of a merger where I think it’s widely viewed that they overpaid relative to deteriorating performance in Akorn’s business. Perhaps this is also a negotiating tactic. The purpose of the call is to get Jack’s expertise on the range of issues that data integrity can encompass. What FDA’s enforcement options are and maybe to help gauge a little bit more of the risk side of the equation.

With that, maybe we’ll get started. Onto some questions.

BACKGROUND:  JACK GARVEY, FOUNDER & CEO, COMPLIANCE ARCHITECTS LLC

[REDACTED]: Yeah, just before that, Jack, we have your bio, but maybe just in a couple of minutes you can talk about your experience and all you’ve done in the field so people know where you’re coming from with this.

JACK GARVEY:  Sure, thank you for that.  Well, good morning everybody, and possibly good afternoon and good evening.  I’m Jack Garvey, I won’t take long to expand on my background.  I am a chemical engineer and an attorney. I’ve spent virtually my entire career in FDA-regulated companies, primarily with pharmaceutical and medical device firms. I’ve worked for large companies, BASF Corporation, Ciba-Geigy prior to its merger into Novartis and Johnson and Johnson.

I’ve been in a variety of roles; legal, regulatory, quality, operations and I consider myself an expert in pharmaceutical and medical device regulated manufacturing — what’s called good manufacturing practices — and FDA’s regulatory frameworks and their expectations for manufacturers. Specifically, with respect to data integrity, I’ve done data integrity going back into the mid-2000s where I was responsible for a project at another firm in the generics industry that was stymied by failures of data integrity by a third party bioanalytical lab that put many generic ANDAs in jeopardy.  As part of this project we managed multiple projects to essentially deep dive into the data sets to try to remediate the data.

Compliance Architects has also done a good bit of data integrity remediation for pharmaceutical companies.  I’m a writer on the topic and most recently have spoken at a couple of conferences — including the Food and Drug Law Institute.  I spoke at the FDLI Enforcement Conference in December moderating panel on data integrity.  Also, just two days ago moderated a webinar panel – kind of a redo of our in-person panel – with two of FDA’s leading experts of data integrity.

I think I have a pretty good bead on most aspects surrounding the topic of data integrity.  This is a broad space so I don’t know everything for sure, but I think I can give you important insights to some of the questions you have related to this topic.

Couple of quick disclaimers.  I am an attorney; however, this is not and should not be construed as legal advice.  It’s a general information discussion and does not create any attorney-client relationship. I have to say that.  The discussion is for general information only, and listeners are not to rely on the information for investment purposes. Importantly, I have no independent personal knowledge of the facts in question. All the information on which I base my comments have been derived from public information sources.

And finally, the comments I will provide are based on general knowledge of the FDA-regulated industry and what could hypothetically be occurring based on different possible scenarios.  None of these scenarios implies that this is what has, did, or will occur.  So with that, I’m open to questions or however you’d like to start the discussion.

 

WHAT IS DATA INTEGRITY?

[REDACTED]:  Sure, thanks Jack.  Maybe [REDACTED] and I will start, and then we’ll open it up, but we’ve got a bunch of stuff here.  So maybe just a first one, what is a data integrity violation? How do you define that?  Does it cover a wide range of issues?  Can you just frame it for us?

JACK GARVEY:  Sure.  Data integrity is a concept, really.  It’s not a directly measurable thing.  It’s a concept that’s really a characterization of several different aspects of information, not just data as you’d think, numbers, but data and information.  It could be the recordation of somebody’s name or the recordation of an activity that occurred.  All that is considered data in the context of data integrity.

The characteristics of data integrity include — and FDA has a specific term for it, they call it ALCOA – but it really is the characterization of the reliability, the credibility, the validity, authenticity, and trustworthiness of a state of data. And the FDA’s ALCOA acronym is based on the following characteristics:   A -Attribution, meaning can the data be directly attributable to a distinct person or act?  L – Legible, well, simple, is it legible, readable, decipherable, etc.?  C – Is it contemporaneous?  Was the data recorded contemporaneous with when the data was created?  So things like if you record data, write it on the back of an envelope and record it three days later, that’s a data integrity issue.  O – Is it original?  The agency is looking for original data.  And then finally, A – Accurate. Is the data accurate?

So A-L-C-O-A is a term that’s used regularly and is expected for data by the FDA.

[REDACTED]:  Got it, got it.  There were some issues with Ranbaxy a number of years ago that caused import alerts and ultimately a change in the ownership of the company.  Thinking back more than a decade now, a company named Able Labs went from about zero to a billion in value in a short time and after data integrity issues surfaced, very quickly they were sold off for basically zero.

Are data integrity issues always that serious? Or what’s the range, is there such a thing as a non-serious data integrity issue?

JACK GARVEY:  I don’t know if I’d want to say there’s a non-serious data integrity issue, but there is certainly, like most things in this field, a spectrum of significance. The importance of data integrity is that the FDA, in their public health mission, has to rely on the information generated by companies in order to do their job of assessing companies’ compliance to their regulations and expectations and also the data and information that supports product safety and efficacy. They can’t rely on data if it’s not valid, right?

Think about it as a kind of thumbs-up, thumbs-down. If they look at the information as a thumbs-down, they can’t do their job. So all data integrity is important, but clearly there is a scale, a spectrum of significance, and that really, I would say, has two different aspects.

One is that the closer you get to the product and the patient — meaning how the product is built and the characterization of that product through, let’s say, laboratory analytical data or data that actually ties into whether the product works or is safe — the closer you get to that, the more significant it would be to the FDA because it’s tied more closely to public health.  If you have data integrity issues, let’s say with respect to the development of a document or procedure that may be two or more steps away from the end product quality, yeah it’s not that significant, but it is problematic because it tends to be indicative of sloppiness and a lack of control, which is a pervasive problem.

The second aspect is the FDA certainly understands that manufacturing is inherently difficult and there’s a lot of complexity around regulating manufacturing. And companies do make mistakes.  So those things that are unintentional, certainly unintentional on a smaller scale, are things the agency understands more.  I would term them, not as significant as if you get into broad swaths of negligence or just poor conduct, lack of control.

Then you have the issue of crossing the line into fraud. You mentioned Able Laboratories or Ranbaxy, and those are what I would call rare circumstances, although any frequency is too much, of companies that get into fraudulent conduct. They intentionally created data that was not accurate and not representative of their activities. The FDA, as you could imagine, doesn’t take too kindly to that.  Those are certainly what I would consider the most egregious type of conduct.

DATA INTEGRITY AND FDA ENFORCEMENT

[REDACTED]:  Are there any other examples you’ve seen, from public information that you would say are good examples of either run-of-the-mill conduct or otherwise illustrative to share here?

JACK GARVEY: Illustrative is hard.  In this work, I see a lot of different companies, and this is a struggle for most companies, and again I think the indicator for the agency is how willing is the company to self-identify — or also when identified by them or a third party — to fix things.  So, this is a difficult area when you think about the overall scope and scale of regulated manufacturing, distribution, production operations, research operations. Every single entry, every single piece of documentation must have those attributes.  It’s a high bar.

On the other hand, if the companies do what they can and should do relative to this, in large part it becomes just normal practice. From a numbers perspective, since 2014 there have been at least 108 companies have received warning letters from the FDA that included data integrity observations.

Not all of those rise to this level of significance where it’s involved in a merger that places it in some sort of jeopardy. Not all those warning letters had life expectation impacts. Out of those, about 15 to 16 involved a serious warning letter that was sent to them that required an in-depth, broader remediation plan. And if 108 companies had a warning letter, there are many more that got 483s.

This is not something that’s rare unfortunately.  It is something that a lot of companies are dealing with and firms like mine are being paid to help remediate these complex internal processes and get these practices up to snuff.

[REDACTED]:  In your experience, how do these things typically come to light?  You mentioned self-identification, obviously FDA inspections, at least as told by the companies in Akorn v Fresenius it was an anonymous source. Any sense what to balance – how are these are identified?

JACK GARVEY:  Yeah, how does this occur?  Often, it’s identified by the FDA.  In my experience, companies in general think they are far better than they are with respect to compliance generally, and data integrity specifically. I mean, it’s really that simple. This is, again, a complicated area and FDA compliance is something that’s always what I would call an aspirational objective.  It’s never 100% finished and always a work in progress.  And, a lot of companies just don’t take it as seriously as they should.

For somebody like me who’s been doing this a long time, these things aren’t hard to find, and they aren’t hard to root out. There’s a lot of pressure that’s put on the Quality organization, which is the responsible party for ensuring data integrity controls are put in place. But they’re often pressured by finance to hit quarterly profit numbers and they reduce staff, they cut things to the bone.  They assume that if they haven’t had a bad inspection that they’re okay.

So, these things just percolate and people, good, well-intending people who don’t necessarily know how to differentiate what’s right and wrong are just doing their job. It’s somewhat tragic from my perspective.  A lot of times it is identified by the FDA.  The good companies have good, robust internal audit programs that try to look. Not every company is involved with these issues, but many companies have these problems.

Many companies self-identify through internal audit programs, which are a requirement, and many of the good companies have essentially chartered teams to do deep dives into their data integrity practices because they know this is an issue that the FDA is highlighting as one of their focus areas.

[REDACTED]:  Actually, Jack, related to that we had a question come in via email.  The question is, in the case at hand, with Fresenius and Akorn, it doesn’t seem like the FDA is involved, but when does the FDA typically get involved? If they were not the instigator of an investigation would they wait until the company’s own internal investigation is over?  Or would they just get in the middle of it?  How would that work?

JACK GARVEY:  So, the FDA has a number of different ways they can get involved with a company’s manufacturing operations to look at these sorts of issues.  All companies should be on, essentially, a routine inspection schedule within FDA that is increasingly based on a risk-based approach.  FDA has been working on this with industry for years. And at the direction of Congress, one of the recent statutes, directed the FDA to move towards risk-based inspections.  So they can find them during their routine surveillance inspections.

They can also be found during what’s called directed inspections — which are basically for-cause inspections.  These can be performed for any number of reasons.  The FDA could be looking at complaint or adverse event data that is trending in a way that denotes a problem.  They could get a call or email from a disgruntled employee. Generally, it’s not like they have a defined network of people who are aware of non-compliant situations; however, now that the allegations in this case are public, they could look at the pleadings and other public information just like we can.  And they could, with that information, go in and decide to do their own internal assessment of Akorn, or even Fresenius. I don’t know that they will, but they certainly could.

FDA gets their information from a number of different sources and they have the right to inspect domestic organizations at any time.  Outside of the US, FDA has the right to inspect ex-US based organizations upon reasonable notice.  The remedies are certainly, in the US, if you deny their right to come in and look at the operations, they can essentially shut your doors. Ex-US, they can put import holds on and basically just stop your product from coming into the US.  So they’ve got very broad powers both domestically and internationally.

FDA’s CURRENT ENFORCEMENT CLIMATE

[REDACTED]:  How would you characterize the current environment at the FDA?  Certainly, they’ve been in several areas, more industry friendly than they have been in the past.  Does that extend to either the focus on enforcement or how likely it might be that they would take action quickly in a case like this?

JACK GARVEY: When the agency sees issues that have direct linkages to public health, they get very aggressive.  I think they tend to be more deferential on what I’ll call the more administrative side of the regulatory oversight, but even in this environment, it’s clear they are not certainly walking away from their public health mission.

Frankly, in a panel discussion that I participated in this past week, there were some discussions – I was moderating the panel and I did a predictions segment at the end – and the two other experts with me on the panel both think the enforcement will continue to increase in this area of data integrity.  I think it will remain about the same because it’s already at a fairly high level and the FDA has a lot of things that they look at.  What I can say is that this is not going to reduce in significance for the foreseeable future.

DATA INTEGRITY AND AKORN PHARMACEUTICALS

[REDACTED]:  Okay, then what could the issue with Akorn become?  To the extent we try and read the tea leaves here. There are a couple of 483s that they’ve received over the last several years.   The one in India in 2014, in 2015 and 2017 they had some issues their Decatur injectable facility.  Seems to be an inspection from December in their ophthalmic facility in Switzerland.  Seems several routine inspectional observations, but maybe you can talk a little about what you see there and whether that rises to the kind of pattern that may be of concern to the Agency.  But at the same time, we haven’t seen a warning letter for the company or recalls of the products, so how does that mosaic fit for you?

JACK GARVEY:  Yeah, I think that’s a great way to characterize it — as a mosaic.  I’ll provide you my thoughts and those are my opinions only, on the 483s.  Just for background context for the participants – an FDA Form 483 is probably one of the most noted forms in FDA regulation. It’s called a notice of observations and it’s basically the record of observations by FDA investigators of deficient activities in a manufacturing, or distribution, or regulated facility.  This is essentially the first notice to a company that their operations are deficient as a result of inspections. It’s the predecessor document to a warning letter.

Not all 483s result in warning letters.  How that occurs is based on the company’s ability to respond to the 483, how contrite, how comprehensive they are in their response and, as I tell clients, does the 483 response show that they get it? Are they being combative?  Or no, I get it, we’re going to make those changes.

With that, just looking at the number of 483s, I would say all of them are significant.  The two recent ones, the one in Switzerland and the one in Decatur are what I’d call more traditional and — I don’t want to call them routine, because none of this is routine — but they’re not unusual.  These are fairly typical 483s looking at observational deficiencies, looking at manufacturing deficiencies, but they are significant also in that these are significant issues asserted by the FDA.

The one in India is highly troubling if — again these are FDA’s observations so I can’t state them as fact — true and are allegations of falsified data, failure to analyze samples, and that’s a real problem. So in four years, the concern I have is these are integrated companies.  Akorn is not — typically these companies don’t have a site that is completely self-managed.  They have corporate quality people, they have corporate compliance people, they have corporate counsel. These people have visibility to these issues, so the question is are they making the hard decisions to truly effect change across the organization?

This, to me, would indicate a cultural deficiency with respect to investments in their quality organization.  That’s what this would indicate to me.  Again, my opinion, no fact, no assertion. But I would look at an organization like this and say hmm, they’ve got some real cultural issues because they’re clearly not, in my mind, not taking comprehensive definitive steps to make the investment.  I’ll also say the investments on these sorts of things are significant.

These require hundreds of thousands of dollars, or millions of dollars, to fix these kinds of problems properly; that’s the reality of it. It’s complicated and hard, which is why a lot of companies don’t do it.

FDA REMEDIES FOR DATA INTEGRITY VIOLATIONS

[REDACTED]:  What are the range of options that the FDA can take against a company that it deems has violated its data integrity policies?

JACK GARVEY:  They can do everything or nothing.  In the course of an inspection they could look at a company and see that they’re self-correcting and they are not obligated to issue a 483.  They can, but they could do nothing if they feel that the company is really doing the right things and they don’t want to punish the company.

More than likely they would issue a 483, identify issues, and depending how they felt the company was really addressing these it could be more or less significant. There is a level of variability, but there’s not a strict calibration across investigators and the inspections can go very differently.  You sometimes get combative companies so the next step would be to essentially issue a 483 outlining their observations.  If they don’t feel the company has responded adequately or is really getting to the root causes of data integrity, then they will likely issue a 483 and warning letter.

Root cause is important here — the root cause of data integrity could be everything from poor incentives, a bad culture, no policies, no controls, there’s a lot of reasons.

They’ve always got remedies of seizure, injunction, consent decree which is essentially going to a federal judge and basically asserting that the company is operating illegally, and they essentially need to be under the control of the FDA.

So, they have an escalating set of remedies that are available to them depending on the significance and the seriousness of their findings and how they feel the company is reacting to those findings.

DATA INTEGRITY AND SUBMISSIONS

[REDACTED]:  Got it. Operator, do we have any questions on the line?

CALLER:  Hi.  When you think about all the analytics and tests that need to be done to support an ANDA filing, is the data that’s generated to analyze purity, a yield, et cetera, bio equivalence, whatever it may be.  Is the entire set of data that a generic company runs all supposed to be submitted or is there any point in the process where the company has the ability to edit or add or delete data from those tests?  Or is it supposed to be something where every test you run, every sample that you put through, everything is supposed to be captured and submitted?

JACK GARVEY:  It’s the latter, everything has to be captured but not necessarily submitted, but at least captured. In other words, let’s say you were an analytical chemist and you were performing a HPLC run and you go through the prepping of the equipment, you make the run, you get an anomalous result. There’s a whole series of protocols called OOS/OOT — out of spec, out of trend — which essentially relates to what happens when you get anomalous, unexpected results.

What you have to do in that situation, is you have to capture the original outcome, and if you feel it is erroneous then you have to go through essentially a structured protocol — for lack of a better way to describe it — of invalidating that outcome.  Such as, you can redo the test.  The reason for that is pretty clear.

Let’s say you’re a startup company or a small company, early public and you want to make a lot of money, right?  So, you get some tests you don’t like and you say I don’t really like that test.  I’m just going to call it this.  Which is exactly what Able Laboratories did, they made up their data.  It looked great and there’s a financial incentive.  So you have to capture that original data and carry it through.  It doesn’t mean you’re bound to the data of errors, what it does mean is when that does occur, you need to be able to have that trail whether it’s electronic or on paper, whatever that is, that links the original data set to the subsequent data that is used internally or submitted to the FDA.

CALLER:  Thank you, Jack.

DATA INTEGRTIY AND THE APPLICATION INTEGRITY POLICY (AIP)

[REDACTED]:  Alright, so maybe we’ll dove tail with the discussion about some of the remedies.  Can you talk about the application integrity policy (AIP)?  In this case, the merger agreement refers to a predecessor name, but the fraudulent untrue statement and illegal gratuities regulations that they have.  But that was raised in the merger as potentially FDA invoking its application integrity policy as one of the reasons for not completing the deal.

Can you talk about when FDA does invoke AIP, what the signs might be if that were likely or not likely be invoked in the current situation?

JACK GARVEY:  Sure, so it’s interesting – in the panel discussion I did back in December – a good friend of mine [REDACTED], who’s an attorney, spoke on the AIP. And [REDACTED] is quite an expert on it, so I’m happy to share that with you.

The AIP is essentially the grandfather — the granddaddy — of the current data integrity enforcement practices we’re seeing.  What I mean by that is that data integrity is not a new concept.  This goes back actually to my first job out of college in a pharmaceutical plant learning about data integrity.  How to record information, how to make sure if the information is changed that you identify there was a change.

So, the AIP was essentially spawned by the generic drug scandal in the late ‘80s and two products.  One is the Dyazide switch and the other is the Maxzide switch.  It was formally known as the alert list and it was really formally announced as a policy in 1991. And really, it’s triggered when there is any action that the agency detects — what they call subverts — the FDA process.

If there’s fraud in an application or other falsifications, the FDA will defer substantive scientific review of all the data in the application and possibly other applications. And that deferral – they basically stop reviewing applications – will continue until the questions regarding the reliability of the data have been resolved.

So, in order to address that, you must go through a corrective action plan, cooperate fully with the FDA, identify all the wrongdoers.  FDA is big on identifying individuals because companies don’t do things wrong, individuals do things wrong and the FDA knows that.  Then conduct an internal review and have a written action plan signed by your CEO. And interestingly, [REDACTED], during our discussion spoke that the AIP has been called the death penalty for companies, and only a handful of companies have survived being on an AIP.

Those who did were typically on it for four years and it usually goes hand-in-hand with criminal prosecution and collateral civil litigations such as securities litigations, shareholder derivative actions and competitor suits.

Currently, the AIP is not really being used all that much. I think the last company to go on AIP was in 2011.  [REDACTED]’s prediction in our webinar was that he believes it will be dusted off.  I’m not too sure on that, but on the other hand it doesn’t really matter because the FDA is addressing it through the warning letter remediation language.  One of the things I spoke about in the panel was newish data integrity warning letter language that they’ve been using since around 2014, just after the Akorn 483 that really requires an expansive remediation.

So hopefully that’s a little background on the AIP, but it still is a valid remedy.  There’s still policy and procedure that is available to FDA to use it and I certainly think in the right situation they absolutely would use it.

WHISTLEBLOWER IMPLICATIONS

[REDACTED]: Jack, just going back to the Fresenius investigation.  The fact that it was coming from an anonymous tipster, is there any way to read that?  Does it tell you anything?  And if the FDA got involved, how would that – or would it become public?  And how could we know if it has?

JACK GARVEY:  I don’t know if there’s much to read into the anonymous tipster.  That’s certainly been something that people within companies have been getting more and more aware of and becoming bolder in.  It’s not an area I practice in but there’s certainly, over the last 15-20 years, been a surge in what are called Qui Tam litigations.  These are essentially litigations that assert there are ties between what a whistleblower is asserting, and the company involved defrauding the US government because of the Medicare/Medicaid.  So theoretically, manufacturing outside of GMPs could be considered incurring fraud on the US government because of reimbursement issues.

I would say that this whistleblower, if that’s what it was, or this anonymous tip could be for a variety of reasons.  This merger could have resulted in a planned elimination of a person’s role, somebody being mistreated. I don’t know that there’s a whole lot that you can derive from that other than this potential is at any company and companies need to be aware of the risks.  Their employees know a lot about what’s going on, and if you’re not putting in the rigor on compliance, you’re exposing yourself for sure.

I’ve seen tons of things over my career that are questionable.  If there was any that were public health or safety related, I would have reported them myself if they weren’t being addressed. Fortunately, most of the companies I’ve been with and have been involved with take those things seriously.

So I don’t think you can derive much from the fact that there was an anonymous tip.  What was the FDA’s obligation?  You certainly won’t know anything until they take action.  They do not disclose pending reviews, they don’t disclose pending investigations.  They’re extremely close-lipped and tight, as they need to be, because any of these investigations that can start out as an administrative action can be quickly converted into a criminal action.

It’s important to note that FDA looks at potential issues if observes with a perspective that it could always be criminal conduct.  And that’s important, a lot of the people in the industry don’t even know that FDA calls the professionals that come into plants “Investigators” because they’re really gathering evidence. That evidence can be used administratively or in a civil context through the regulatory framework.  But if found to be something that rises to criminal conduct, the FDA has a criminal division that they can absolutely bring in with a phone call.  They can look at criminal activity that can implicate individuals, the company or both.

IS DATA INTEGRITY EASY TO FIND?

[REDACTED]:  Not knowing the specifics of, obviously this company’s practices, but if we took the assumption that the buyer, Fresenius, was looking to get out of a deal – if you had a company with some past history, how likely is it that if they dug hard enough they would find a material issue at the company?  You know, you can always find a record out of place but if they investigate hard enough and long enough, would you be able to uncover something serious?

JACK GARVEY:  Here’s what I can tell you, it’s pretty easy with most companies, even the best companies, to find problems within these companies that are costly and difficult.  You know, I make my living in a complex area.  It’s hard to fix these companies. Not only is there a blend of technical, legal, regulatory and scientific issues, but there’s also organizational change dynamics.  And that, frankly, is where most of the challenge occurs.

You’ve seen this with companies like Volkswagen, right, with their issues?  Something happens and you’ve got massive organizational change dynamics.  It’s hard to change a company’s culture.

So, it’s partly a technical challenge, partly a change management challenge, but it is also extremely costly.

Companies really just hope this stuff goes away.  My experience in the space is that executives would rather have their teeth pulled than talk about compliance.  They don’t like it, they think its non-value added. Again, this is my experience, I’ve spoke with many of them over the years.

They want to ring the bell on Wall Street, they want to go to marketing launch parties, they want the sexy stuff.  And this stuff is absolutely not sexy, but it is absolutely important to a company’s future.  Some companies that get it — I call it eliminating distraction.  I always talk to companies and say; your compliance objective is to eliminate distraction for the rest of the organization so the business can go out and make money.

And clearly, in this case I don’t think Akorn, gets that.  They haven’t made the investments to eliminate the distraction of – from my perspective – FDA regulatory intervention.

PRODUCT RECALLS AND DATA INTEGRITY

[REDACTED]:  Do you read into anything the fact that there hasn’t been any product recalls recently out of Akorn?

JACK GARVEY:  No, it really doesn’t matter, and that’s a hard concept for a lot of people to grasp. Well, you know, because there’s no product recalls I guess the product’s okay. Well, maybe.  But if you can’t rely on the data you don’t have verification that the products were built as intended.  You can’t guarantee every product out there, every individual dosage form, every individual unit meets its intended specifications.

The only way to do that is through 100% destructive testing and obviously that doesn’t make sense.  Quality assurance is quality that’s built in based on scientific statistical measures. So when there are deficiencies, like are identified in these or any company’s 483s and warning letters, they go to assurance of product. That ties directly into FDA’s public health safety mission. If you can’t assure – and the obligation is on the part of the manufacturer, they’re the ones making money from this.  Their job is to provide the assurance that the documents, information and data that establishes that the processes and the designs of these products work 100% of the time for the patient population.

I would say the short answer is no, recalls are really not indicative.  It just means there hasn’t been any flashing red lights out in the field that says we’ve got dangerous product.  When a company gets in a recall situation, you’re well beyond what is, in my mind, normal anticipated conduct in this space.

[REDACTED]:  Alright.  Thanks very much Jack, that’s been very informative. Thanks everyone for joining and have a great day.  Thanks [REDACTED] as well.

JACK GARVEY:  My pleasure, thank you.

 

#    #    #

 

For further information on pharmaceutical data integrity, FDA enforcement practice, quality culture, FDA 483 and Warning Letter assistance, or other related topics, please contact Jack Garvey at john.garvey@compliancearchitects.com or at 732-397-3103.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.