Major Data Integrity Violations Exposes Flaws in the Regulatory Process

This week European Medicines Agency (EMA) announced suspension of the approval of 331 drugs due to gross data integrity violations at an Indian CRO. This is the third episode of its kind in the last 2 years and exposes a major defect in the regulatory review process in EU. One wonders how the CROs managed to evade the regulators for years before being caught. Also, was the suspension of approved drugs the right decision? Do the regulators and sponsors share blame for such violations? Just like the previous two episodes, EMA regulators suspended hundreds of approved drugs because of data integrity issues in their market approval applications. Several of these drugs may have been the market for years before they were suspended. Each time manufacturers were told that they need to provide new data to lift suspension causing delays, expenses and credibility challenges. While the scorn of the consumers and industry is rightly targeted at the violators, one wonders should the consumers hold regulators also accountable for letting such major violations go undetected. Each drug approval takes 6-12 months at the least. The time is necessary for the regulators to review the information and audit the facilities before deciding on a positive decision. Consumers expect that the regulators will do their job well so that dubious applications do not clear approval. On the other hand, regulators are also under pressure from public and politicians to approve drugs faster, which mean corners are cut at the regulatory agencies and skilled violators are able to dupe the regulators. A careful read of the suspension notice indicates that several of the suspected studies were conducted several years ago, also that the final decision to suspend approval decisions came 6-8 months after the last audit was conducted. Also each of the organizations where violations were found had previously passed inspections even when the questionable data was being generated and submitted. The story is certainly more complex than it appears from the news reports of a bad CRO being caught by the regulators. The regulators noted that they had not found any safety issues related to the drugs being suspended that could be linked to the suspect data. What about the manufacturers? The CROs must have been audited by the manufacturers prior to submitting applications to the regulators. So, does it mean that the internal and external audits were not done adequately? To solve data integrity problems it is important that all stakeholders do their share. It is easy to blame the CRO but some responsibility rests with the other stakeholders as well. The robust solution for such events is for changes at the regulatory agencies to do a better job of application review and pre-approval audits. Sponsors are being penalized by suspension of their drugs but there should be additional consequences for not doing their share and letting suspect drugs in the market. Sponsors should revisit their vendor selection and vendor audit practices to avoid such incidences from repeating. If the focus is going to be on the CROs only, these issues will keep repeating. The CROs subject these events are either out of business or no longer able to do much because of the bad publicity. They will dissolve and the people running them will restart operations as new companies and we will see the same activities again. Unless, the other stakeholders are ready and can catch the violators before the violations become an issue