Stakeholders are taking issue with the US Food and Drug Administration’s (FDA) draft guidance on conducting bioresearch monitoring (BIMO) inspections. They are particularly concerned about protecting sensitive information that agency inspectors request access to and getting advanced notice to prepare for inspections.
In June, the FDA published draft guidance on its process and practices for its BIMO program, which outlines how inspectors plan to monitor FDA-regulated research through on-site inspections, data audits, and remote regulatory assessments. Stakeholders writing to the agency about how it plans to manage the program have taken issue with how sponsors are expected to share information with FDA inspectors.
The medical device lobby group AdvaMed asked FDA to clarify that inspectors granted read-only access to electronic systems will only view the information during on-site inspections. The group said it is concerned about data privacy and security.
“Many of the documents shared with FDA during a BIMO inspection are highly confidential and may contain health and other extremely sensitive data,” said AdvaMed. “This concern is particularly acute in the context of a remote environment.”
“It is important for the final guidance to unequivocally state that read-only access to electronic systems will only be requested by an FDA investigator during an on-site inspection,” the group added. “In the remote context, it is not appropriate to allow anyone other than a company’s employees to have access to any company systems, even read-only access.”
AdvaMed said there are IT authentication protocols, security restrictions, and cybersecurity risks from allowing remote access to electronic systems, and a company’s security protocols may require email accounts and multi-factorial authentication limited to its personnel. It also reminded FDA that its Investigations Operations Manual (IOM) requires the agency to talk to the company in advance about how to gain read-only access information, and the agency investigator cannot change the system.
Drugmaker Sanofi also wrote to FDA about how the agency proposes to access information from electronic systems. It emphasized that electronic systems are complex and require training and wants more clarity about acceptable methods inspectors may use to get the information they want. It also asked that the guidance include language to establish clear communications and agreements between the sponsor and FDA before an inspection so that the sponsor can prepare.
Drugmaker Gilead echoed similar comments about allowing inspectors access to information systems.
“Please clarify what is intended by ‘access’?” said the company. “For instance, whether an inspector should be provided with their own unique account to access systems and/or be allowed to view and access records via the establishment staff.”
Gilead, too, noted that IT security policies may prohibit the use of electronic data sharing, and the agency should consider detailing what documents it needs to share within the pre-announcement notice section of the guidance.
Sanofi also took issue with FDA’s position that, in some instances, investigators may not disclose specific reasons for conducting their inspection and instead tell sponsors that additional details will be shared during the inspection’s opening meeting.
“Sanofi would appreciate that FDA provide further detail and rationale on the circumstances and reasons for which pre-inspection information is not disclosed on identified studies/sponsors at the investigator site level,” said the company. “In addition, for Sponsors to prepare for inspections, we request FDA to share information to Sponsors regarding studies/sponsors that may be impacted.”
Genentech, a subsidiary of drugmaker Roche, took a slightly difference position and asked FDA to announce beforehand what kind of inspection it plans to conduct for the sake of efficiency.
“We acknowledge that there will be instances in which FDA investigators may not disclose specific reasons for conducting the inspection during pre-announcement; however, in most instances, specifying the inspection type would help to facilitate records availability and systems access from all parties to make reviews more efficient during the inspection,” said the company. “Given the global nature of many pharmaceutical companies, a longer notice period for domestic sponsor pre-approval inspections in support of submissions would allow the sponsor to arrange for appropriate individuals to be onsite to facilitate the inspection.”
Genentech also asked FDA to include the use of modern tools and technologies to plan, conduct, and report their inspections. Specifically, it asked the agency to incorporate Good Clinical Practice (GCP) information to determine the scope and objectives of inspections and allow the use of remote and hybrid inspections.
“We note that incorporating lessons learned from the many flexibilities that FDA utilized to expedite medical product development during the public health emergency into routine practice was an explicit commitment made in the last user fees reauthorization commitment,” said Genentech. “We therefore encourage the agency to examine its ability to enhance efficiency and improve the inspections process by adopting modern tools and technologies for inspections in a manner that maintains the integrity of the process.”
To continue reading this article please go to RAPS .