Ranbaxy Consent Decree Includes Strict Requirements For Auditing Drug Applications

Measures in Ranbaxy Laboratories Ltd.’s consent decree aimed at detecting and addressing fraudulent data submissions, though not commonly included in settlements of pharmaceutical good manufacturing practice violations, reflect the dual nature of compliance problems the generic drug manufacturer has faced for the past six years.

The consent decree negotiated with FDA includes elements common to other pharmaceutical industry GMP consent decrees, such as appointment of an independent expert to assure the company will bring its manufacturing operations into compliance with FDA’s GMP requirements. Yet, it is the inclusion of the data integrity measures that sets the decree apart from other recent GMP settlements, industry experts told “The Pink Sheet.”

The burdens required under the data integrity provisions appear extensive. Among them, Ranbaxy must appoint an independent data integrity expert who will oversee auditing of seemingly almost all of the company’s pending, approved and future applications to assure they do not contain questionable data.

While the corrective measures are extensive, the underlying data integrity problems themselves are even more far-reaching than had previously been disclosed. FDA is now implicating Ranbaxy’s Dewas, India facility as the source of fraudulent data in drug applications, in addition to the previously identified Paonta Sahib facility.

Violations Date Back To 2006

The 55-page decree, approved by a federal court Jan. 26, has been years in the making, dating back to FDA inspections of the company’s Paonta Sahib and Dewas facilities in 2006.

Allegations in the complaint for preliminary injunction, filed concurrently with the consent decree, include numerous GMP violations at the Paonta Sahib, Dewas, Batamandi (India) and Gloversville, N.Y. facilities. FDA also alleges the company submitted drug applications with fraudulent data, manufactured and distributed unapproved drugs and failed to file timely reports with FDA (see related story, (Also see "Ranbaxy’s “Persistent” Data Integrity Problems, Systemic GMP Violations Drove Consent Decree" - Pink Sheet, 6 Feb, 2012.)).

Ranbaxy announced in late December that it had signed a consent decree and reserved $500 million to resolve all potential civil and criminal liabilities (Also see "Ranbaxy’s $500 Million GMP Settlement Would Be Second Most Expensive For Rx Manufacturing Violations" - Pink Sheet, 2 Jan, 2012.). Although the consent decree does not contain any financial penalties for past conduct or require disgorgement of profits, the company is expected to face further financial liability in connection with a Department of Justice investigation.

The consent decree was filed with the court less than two months after Ranbaxy’s closely watched ANDA for atorvastatin (Pfizer Inc.’s Lipitor) managed to secure FDA approval late on Nov. 30, the first day that Ranbaxy was able to launch the statin under a 2008 patent settlement with Pfizer (Also see "Lipitor Goes Generic, But First-Filer Ranbaxy’s Approval Leaves Plenty Of Questions In Its Wake" - Pink Sheet, 5 Dec, 2011.).

Although Ranbaxy managed to retain its 180-day exclusivity rights for atorvastatin, the company faces immediate relinquishment of generic marketing exclusivity on three ANDAs under the consent decree and potential loss of exclusivity on five others (Also see "Ranbaxy Consent Decree Includes Unusual Provisions On Exclusivity Relinquishment" - Pink Sheet, 30 Jan, 2012.).

The fate of the atorvastatin ANDA had long been a question mark because the filing originally was based on data generated at Paonta Sahib. In February 2009, FDA placed the Paonta Sahib site on its Application Integrity Policy (AIP) list due to evidence of falsified data in applications generated there. Both Paonta Sahib and Dewas have been under an import alert since September 2008 due to GMP lapses.

The complaint accompanying the consent decrees reveals that FDA also found evidence of falsified stability data generated at Dewas, apparently marking the first time that this facility has been publicly linked to application fraud. “FDA verbally notified defendants of the data integrity concerns at the Dewas facility during a meeting at FDA headquarters on April 5, 2011,” the complaint states.

Although Paonta Sahib remains under the AIP, Dewas was never added to the AIP list. The complaint also alleges fraudulent data were generated at Ranbaxy’s Batamandi facility, although FDA has viewed Batamandi as being under the control of Paonta Sahib.

AIP Guide’s Recommendations Become Requirements

FDA developed the AIP following the generic drug scandal of the 1980s, in which generic firms were found to have falsified data and bribed agency employees.

In a June 1991 “Points To Consider” document, FDA describes actions applicants under the AIP may take to affirm the validity of data that has been called into question by FDA. The suggested actions include conducting internal reviews and audits to identify all instances of fraud and untrue statements associated with applications submitted to FDA, and development and implementation of a corrective action operating plan (CAOP). The document suggests applicants retain outside consultants to conduct the internal reviews and audits, although it “does not establish criteria, standards or requirements that bind FDA or any applicant.”

The Ranbaxy consent decree’s provisions in many ways mirror the actions recommended in the 1991 document, with a key difference being that such measures are now requirements enforceable in federal court.

“It’s not a set of expectations under the policy. It’s now a set of obligations under the consent decree,” said one GMP consultant and former FDA employee, who described the consent decree’s data integrity requirements as highly prescriptive.

For example, the decree contains specific requirements for the auditing of pending, approved and future drug applications to verify the integrity of the underlying data.

Before Ranbaxy can submit any new applications to FDA, it must establish in the U.S. an Office of Data Reliability responsible for conducting pre-submission audits of all applications from all facilities. The new office will be headed by a chief data reliability officer, who will report to Ranbaxy’s managing director.

The chief data reliability officer will have the authority to recommend that individual employees be disciplined or fired, and that any of the company’s applications be withdrawn from FDA consideration for approval. For each application submitted to FDA, the chief data reliability officer must certify that the application was found to be accurate and complete in all material respects.

Auditing “Excepted” And “Affected” Applications

Within 30 days of the consent decree’s entry, Ranbaxy must retain an independent data integrity expert who will conduct internal reviews and audits of “excepted” and “affected” applications to identify all instances of wrongful acts and establish the reliability and integrity of the underlying data (see timeline chart).

Affected applications are those that contain data generated at Paonta Sahib and Dewas, while excepted applications are based upon data developed at other sites. Ranbaxy’s atorvastatin ANDA is not an affected application under the decree.

Audit reports for excepted applications must be submitted to FDA. If the agency determines there is an untrue statement or pattern or practice of data irregularities affecting approval, Ranbaxy must withdraw the excepted application unless the data integrity expert certifies that the company had replaced all questionable data prior to Feb. 25, 2009, the date that Paonta Sahib was placed in the AIP. “If FDA does not determine that an excepted application contains untrue statements and a pattern or practice of data irregularities affecting approval, FDA will begin or resume reviewing that excepted application.”

The data integrity expert also must investigate all affected applications. The expert must conduct internal reviews that identify a historical period during which wrongful acts occurred at Paonta Sahib and Dewas, identify and interview current and former employees and identify managers in place when wrongful acts occurred.

Based upon results of internal reviews, the data integrity expert and Ranbaxy will develop plans to audit all affected applications that contain data generated or developed at the two Indian facilities. After the audits are completed, Ranbaxy must submit an initial CAOP addressing the internal review findings from the facilities and each affected application audited. The CAOP must identify all untrue statements, data irregularities and individuals involved for each audited application, describe the actions taken by Ranbaxy to correct the problems, and describe the procedures to monitor the effectiveness of the CAOP.

If FDA makes a final determination that an affected application contains data irregularities affecting approval, Ranbaxy must withdraw all such pending applications and ask FDA to withdraw any affected approved ANDAs, unless the questionable data was developed at Paonta Sahib and replaced before Feb. 25, 2009.

FDA will begin or resume reviewing affected applications from Dewas only after it determines that any questions regarding data reliability appear to be resolved. The consent decree also outlines the steps and requirements for revocation of Paonta Sahib’s AIP status; only after the AIP is revoked will the agency resume review of applications containing data generated there.

After FDA determines that its concerns about the reliability of data in either pending or approved affected applications from Paonta Sahib and Dewas are resolved, Ranbaxy must retain an independent data quality auditor to inspect the facilities every six months for two years and annually thereafter for three years.

A pharmaceutical law attorney described the data integrity measures and the provisions on relinquishment of 180-day exclusivity as “much more elaborate, much more sophisticated remedies” than commonly seen in GMP consent decrees.

GMP experts said it is not surprising, given the underlying data fraud allegations, that Ranbaxy is being required to audit the integrity of data supporting almost all approved and pending applications.

Marla Phillips, director of Med-XU at Xavier University and a global compliance consultant for the pharmaceutical industry, said auditing of all pending and approved applications is an “intensely expensive” process that involves outside consultants spending months or years at a given facility.

Ranbaxy said it could not comment on the number of approved and pending applications that would require data integrity auditing under the decree.

GMP-Targeted Measures

The consent decree also contains GMP-specific provisions that industry experts described as what would be typical or expected for a pharmaceutical company.

For example, Ranbaxy must retain an independent cGMP expert to inspect the Paonta Sahib and Dewas facilities and determine whether they conform with FDA requirements. The expert also must evaluate whether Ranbaxy has established and implemented a comprehensive written quality assurance/quality control program that is adequate to ensure compliance with FDA requirements and certify that all deviations have been corrected. FDA may begin facility inspections within 90 days after receiving the certification; if the agency determines that Paonta Sahib and Dewas are in compliance, the import alerts associated with the facilities will be terminated.

After FDA determines that Paonta Sahib or Dewas appear to be in compliance, Ranbaxy must retain a GMP auditor who will inspect each facility at least every six months for the first year and annually thereafter for at least four years. If the facilities remain in continuous compliance for 60 months, Ranbaxy may petition the court for relief from the decree.

The Gloversville and Batamandi sites are not considered “covered” facilities under the decree. Ranbaxy closed the New York facility in October 2011 and has withdrawn the site registration for Batamandi.