The British Medicines and Healthcare Products Regulatory Agency (MHRA) has an active and excellent website on drug regulation in the UK. They have an ongoing series on Good PV Practices. Their website on drug safety is well worth reading.
In December 2014 they issued a succinct review of MHRA inspections, which is worth reviewing for several reasons: it is short and informative and it applies to you if you sell drug products in the UK. You can see the latest postings here.
Here is a review and some comments:
MHRA inspects marketing authorisation holders and their contractors, to ensure they:
- Have an adequate and effective quality system for monitoring the medicines they have licences for
- Maintain a pharmacovigilance system master file
- Document all actions they take
- Have enough competent, appropriately qualified and trained staff to work the system
Comments: Note that this applies both to the MA holder and its contractors. That is, CROs, computer support companies, co-marketers or other contracted partners are also required to maintain good PV practices. Though not stated directly, this includes partners outside the UK. The MHRA does frequent inspections outside the UK and outside the EU. The inspection requirements in this document are logical and expected (have enough competent and trained staff, maintain good document practices and a quality monitoring system, etc.). The requirement for a PV System Master File (PSMF or PVMF) is entirely an EU requirement and may not be familiar to US and other ex-EU companies and vendors. Suffice it to say, non-EU companies should be sure that their EU partners have an up to date PSMF. This document summarizes in detail how PV is done in that entity.
Types of Inspections
- Routine national inspections under the risk-based compliance programme: The MHRA creates a numerical “risk rating” for each MA holder and prioritizes inspections. These are usually announced in advance and usually “systems based” – (that is they cover not just the computer system but the entire human, paper, electronic, quality etc. “system” in place to handle drug safety).
- EU inspections: Inspections of companies with centrally approved products are usually inspected every 4 years or so under a plan created by the EMA. These may be done as routine national inspections by are authorized by the EMA.
- Triggered inspections (also called For Cause inspections): These are done when breeches are told to the MHRA inspectorate by a whistleblower, other MHRA departments or another regulatory agency. These may be unannounced (surprise) inspections and may be done outside the UK if a product marketed in the UK or EU is involved.
Preparing for an Inspection
Unlike the FDA, the MHRA will request and require that the auditee send information for review some weeks or even months before the actual inspection. This is usually the Pharmacovigilance System Master File (PSMF). Every MAH should have a PSMF in place in 2015. Some companies may still be transitioning to the PSMF and may still have in place the older Summary of Pharmacovigilance Systems (SPS) or Detailed Description of Pharmacovigilance Systems (DDPS).
After receipt of the requested information, an inspection date will be set and additional data may be requested. This might include SOPs and other internal records and data.
Comments: The preparation of the PSMF is a major task in large companies. The requirements are complex and the document must be kept up to date. A brief summary of its contents: This document contains information on the Qualified Person (QPPV), the structure of the MAH, information on the computer systems and database(s), sources of safety data, how data is handled and processed including ICSRs, PBRERs, REMs, studies, communication of safety issues to HCPs and the public, mechanisms for changes to the SmPC and patient leaflet, the Quality System for PV, subcontracted and out-sourced activities. In the annexes (appendices), the CV of the QPPV, a list of contracts and agreements including subcontractors with copies of the signed agreements, lists of sources of safety data including affiliates and third parties, listing of computerized systems and databases, lists of SOPs and procedures, lists of performance indicators, scheduled and completed audits and those with significant findings and unresolved issues, lists of all products and EU countries where approved, audit trail of changes to the PSMF over the last 5 years.
As noted, this can be a very large task for multinational companies where the PV system may be distributed globally and where subcontractors and out-source companies are used. It will be difficult to prepare this document or even update it if the MHRA wants to see it in 4-6 weeks. There should be a mechanism in the company to prepare and keep the PSMF up to date.
During an inspection, the inspection team will conduct site visits, interview relevant personnel, review documents and carry out computer system reviews including searching PV databases. Additional documents may be requested during the inspection. The inspectors may also change the focus of the inspection if they suspect serious non-compliance.
At the closing meeting the inspector will provide feedback and discuss any deficiencies and actions required after the inspection with you.
Comments: This is phrased in a relatively innocuous way but can be quite problematic. If the inspectors discover or uncover issues during the inspection, they may suddenly focus on that. I have seen inspections where data is being projected from a computer onto a large screen on the wall. As the company person searches for the data he or she wishes to show, other information (e.g. email lists, personnel lists, late reports to the HA) may be inadvertently shown on the screen to the inspectors while maneuvering to the right file in the computer. All of these maneuvers may be projected onto the wall and if something doesn’t seem right, the inspector may say “STOP!” and want to talk about something not planned. This is, to use the tennis term, an “unforced error.” Never project or show the inspector information that is not requested or germane. Get to the right file on your PC before projecting it on the wall or showing it to the inspector.
Grading of Inspection Findings
Deficiencies found during inspections are graded at 3 levels:
1) A critical deficiency in pharmacovigilance systems, practices or processes is one that either:
- adversely affects the rights, safety or wellbeing of patients
- poses a potential risk to public health
- is a serious violation of legislation and guidelines
2) A major deficiency could potentially either:
- adversely affect the rights, safety or wellbeing of patients
- pose a risk to public health
- represent a violation of legislation and guidelines
3) A minor deficiency would not be expected to adversely affect the rights, safety or wellbeing of patients.
Comments: This grading system is different from the FDA’s. Normally the FDA just lists findings numerically without classifying or grading the more important ones though these frequently are listed first. Also unlike the FDA, the MHRA publishes summaries of their inspection findings. The most recent information is through mid-2012 and can be seen at Common inspection findings and inspections post-July 2012.
Actions After the Inspection
After the inspection closing meeting, the company will receive an inspection report confirming any deficiencies found. The report only includes things that the inspection team sees and hears during the inspection. It does not mean everything is fine with areas not looked at during the inspection.
The company must respond to the inspector by email within 25 days of the report being issued to confirm the Corrective Action, Preventative Action (CAPA) plan. The inspector will review your response, which must be approved by your qualified person for pharmacovigilance (QPPV). Once the CAPA is accepted, we send an inspection closing letter. If findings are referred to the Pharmacovigilance Inspection Action Group (PIAG), non-routine post-inspection actions may be taken in addition to the review of the CAPA and the provision of a closing letter.
Comments: Again the words are relatively innocuous but the import can be very significant. The inspector will issue a report. If there are critical or major findings, this is a “big deal” and a high priority plan must be put in place to respond to the findings and to create a CAPA. This is obligatory. The CAPA must be sent to the inspector for approval. The MHRA may choose to escalate the inspection findings and CAPA to the PIA Group which may require additional corrective actions. This is, in many ways, more stringent than the FDA. In the US, the actual details of the CAPA may not necessarily be included in the response to the FDA but rather a high level summary may be sent. Sometimes it will take more than 15 days and the company may respond that the CAPA is being prepared and will be sent to FDA at a particular (specified) date. I am not aware that FDA must formally accept or approve the CAPA, unlike the MHRA.
For inspections with critical and (usually) major findings, a follow up inspection should be expected by the MHRA. The same applies to the FDA. If there are significant findings, the agency will be back.
Note also that the MHRA, unlike the FDA, charges for inspections. They use a rate that is basically set at 2655 UK pounds or about $4000 per day. So a four day inspection may cost over $16,000 plus expenses for the investigators.
Expect an inspection! Most major health agencies set up inspection schedules for routine inspections that usually run two to four years. For situations where there are triggers (major safety problems at a company, late expedited reports, transitioning to a new safety database, mergers, launch of a “dangerous or toxic” drug that is expected to have safety issues etc.) the frequency of inspections may be more frequent.
Note also that the MHRA specifically notes that whistleblower reports may trigger an inspection.
The points in this MHRA review are entirely applicable to FDA inspections though the mechanism and preliminaries are different. The principles are the same: Have SOPs in place and do periodic internal (or third party) PV audits/inspections of your systems both in the home office and anywhere else where safety is handled within the company. Control and audit periodically your vendors and out-sourced companies. Prepare your team. Keep management informed. Get help when needed from others in the organization.