From The Editor | September 23, 2014

The DOJ & cGMP Enforcement: What The Medtech Industry Can Learn From Pharma's Folly

By Jim Pomager, Executive Editor

Gavel

What would you say if I told you that failure to comply with FDA Current Good Manufacturing Practices (cGMPs) could soon cost your company millions — as much as $505 million, or even $750 million?

Those are the amounts paid by pharmaceutical manufacturers Ranbaxy USA and GlaxoSmithKline (GSK) respectively to settle allegations of manufacturing adulterated product that eventually ended up in Medicaid and other government healthcare programs. What’s interesting is that these penalties included criminal and civil elements, since both cases involved violations of the Food, Drug, and Cosmetic Act (FDCA) and the False Claims Act (FCA). Ranbaxy plead guilty and agreed to pay $150 million in criminal fines and $350 in a civil settlement in 2013; GSK’s penance was $150 million criminal and $600 million civil in 2010.

These two cases have become the poster children for a developing trend in the government’s approach to handling cGMP violations, wherein the Department of Justice (DOJ) lends its considerable might to help FDA prosecute serious FDCA offenders — wielding the FCA as its hammer. And a mighty weapon it is: Companies found liable under the FCA must pay $5,000 to $10,000 per false claim in civil penalties, plus three times the government’s damages.

And if you think these pharmaceutical examples don’t apply to you because you’re a medical device manufacturer, then think again.

On several occasions last year, DOJ spokespersons made it painfully clear that cGMP enforcement would be a major area of emphasis for the department going forward, not only in the pharmaceutical industry, but in the medical device industry as well. Sure, the pharma industry has represented the lower-hanging fruit (and bigger payouts) to date, but device makers are already starting to draw the Justice Department’s notice and ire for unacceptable cGMP and Quality System Regulation (QSR) practices, and the movement will only grow.

What can you do to prepare for — and ideally avoid — such unwanted DOJ scrutiny? In two weeks, a group of expert panelists at the AdvaMed 2014 conference (Chicago) will explain how, during a session titled DOJ's Focus on Safety and FDA cGMP Enforcement. The panel will be chaired by Sonali Gunawardhana, an attorney at the Washington, DC, law firm Wiley Rein LLP (who happened to be working at FDA during the GSK FCA settlement), and will include Ralph Caccia, a partner at Wiley Rein; Steven Silverman, director of FDA’s Office of Compliance; and Jeffrey Steger, assistant director of the DOJ’s Consumer Protection Branch, Civil Division.

“The message of this panel is, ‘Hey, medical device community, don't be asleep at the wheel — this could happen to you,’” Gunawardhana told me during a recent call to discuss this phenomenon. “You should be learning from the mistakes of your pharmaceutical brethren. Similar issues can occur in the medical device world, and you should be prepared to address these issues so as to avoid such costly penalties for cGMP noncompliance.”

What follows is a high-level overview of the topics the panel will tackle, along with some best practices that will help keep you on both the DOJ’s and FDA’s “good side” when it comes to compliance with cGMP and QSR requirements.

Changes In FDA Enforcement Strategy
The FCA is the DOJ’s primary weapon for prosecuting acts of fraud committed against the federal government. The law is best known for its whistleblower (or qui tam) provision, which allows individuals unaffiliated with the government to file actions on behalf of the government and receive a portion of any recovered damages. (In the previously mentioned GSK case, the whistleblower reaped a staggering $96 million from the settlement.)

The DOJ collected $3.8 billion from FCA cases during its 2013 fiscal year, and of that, $2.6 billion was related to healthcare fraud. The healthcare sector has been an area of increased attention for the DOJ over the past several years — part of the federal government’s push to curtail the continuing rise in federal healthcare spending, stem the tide of product recalls, and increase patient safety measures.

Historically, most of the high-profile, FCA cases have involved infractions like misbranding (promoting off-label use), contract pricing, and kickbacks. The largest FCA-related settlement to date, again involving GSK, was a combined $3 billion for misbranding, false price reporting practices, and failure to report safety data.

More recently, however, the DOJ has turned its gaze toward manufacturing practices, working with FDA to penalize companies that attempt to sell the government substandard products. Medicare and Medicaid spend a great deal of taxpayer money each year reimbursing for drugs, devices, and healthcare services. If treatments fail because a product the government purchased isn’t at spec, it must be replaced by an alternative, essentially doubling (or more) the original expense.

“The government has a vested interest in terms of its healthcare programs. It wants to use both pharmaceutical and medical device products that have gone through the FDA approval and/or clearance process, and that actually maintain the promised level of purity, quality, or substantial equivalence, depending on whether it's a drug or a device,” Gunawardhana explained. “If a manufacturer isn’t meeting the safety and efficacy specs that are outlined in its submission for review — and on which the FDA made its approval or clearance determination — then the product is misbranded and adulterated. These types of errors put patients at great risk and cost the government money. Representatives of the DOJ have stated numerous times that they remain committed to recovering losses and to bringing abuses to light, as well as to holding accountable those who violate the law.”

Last year’s Ranbaxy case was a prime example of the DOJ’s shift in focus with regard to FCA enforcement. The $505 settlement stemmed directly from the manufacture of adulterated drugs at two of the company’s facilities in India. Among Ranbaxy’s admissions of guilt were incomplete testing records, an inadequate stability program, and cGMP deviations in the manufacture of certain active pharmaceutical ingredients and finished products. In addition, the company acknowledged it failed to file required field alerts to FDA in a timely fashion for batches of product that had failed certain tests.

How To Stay Out Of The FCA Hot Seat
The Ranaxby and GSK cases are highly illustrative for medical device makers that want to avoid getting into similar situations with the FDA and DOJ. Often, the proverbial writing is on the wall immediately following an FDA inspection, in the form of warning letters and Form 483 violations. According to Gunawardhana, three common citations for medical device violations that can potentially lead you down a path toward recalls and, if there is severe noncompliance, possible DOJ involvement include:

  • Lack of or inadequate process validation [21 CFR 820.75(a)] - A process whose results cannot be fully verified by subsequent inspection and test has not been [adequately] validated according to established procedures.
  • Purchasing controls [21 CFR 820.50] – Procedures to ensure that all purchased or otherwise received product and services conform to specified requirements have not been [adequately] established.
  • Nonconforming product [21 CFR 820.90(a)] – Procedures have not been [adequately] established to control product that does not conform to specified requirements. 

The good news, however, is that the FDA’s Center for Devices and Radiological Health (CDRH) would much rather work with manufacturers to resolve issues than ask the DOJ to get involved, and FDA’s  issuance of administrative actions (e.g., warning letters) are a strong indicator that you have significant violations that should be addressed immediately. Smart manufacturers will heed these warning signs and respond with urgency to even the smallest problems, before they snowball into major problems.

Even smarter manufacturers will implement and maintain a robust quality and compliance program — before an inspection even occurs. Gunawardhana refers to this proactive approach as “preventative compliance.” “You can avoid a lot of unnecessary turmoil if you put into place solid systems for handling QSR and cGMP, from the inception of your device,” she said.

If you are unsure whether you have sufficient measures in place to prevent and address possible cGMP/QSR issues, ask yourself the following questions:

  • Have we implemented an internal audit program?
  • Have we thoroughly qualified all of our suppliers?
  • Do we have quality agreements in place with all suppliers?
  • Are we fostering a culture of compliance, encouraging — or even incentivizing — employees to identify, report, and correct problems?
  • Do we have employees with sufficient expertise to recognize problems?
  • Are we providing sufficient ongoing quality/compliance training for employees?
  • When problems are detected, are we performing a thorough root cause analysis?
  • Do we promptly follow through on corrective and preventative action (CAPA) plans?
  • Do we respond quickly and appropriately to customer complaints?

“CDRH wants you to have a corporate culture that allows you to self-police and that allows you to hire the right people with the right training and expertise in manufacturing — the right people who can identify issues for you,” Gunawardhana elaborated. “If you make a change to a design, have you identified the different issues that could result from that adjustment in terms of both safety and efficacy? Have the necessary changes been made to your policies, and have you trained the rest of the staff on them? It's the idea that manufacturing doesn't happen in a vacuum — it's a community of people that need to work together.”

FCA Risk Beyond QSR/cGMP
As I mentioned earlier, the FCA’s reach extends well beyond manufacturing-related violations. Medical device manufacturers have been, and will continue to be, subject to FCA enforcement associated with improper kickbacks, off-label use, and misleading advertising and promotion. In 2014 alone, examples of device makers running afoul of the DOJ and the FCA include:

  • Earlier this month, Smith & Nephew agreed to pay $11.3 million in a settlement for false country of origin claims, admitting that it sold the Department of Veterans Affairs orthopedic devices it claimed were made in the U.S., when they were actually manufactured in Malaysia.
  • In August, Omni Surgical (doing business as Spine360) and spinal surgeon Dr. Jamie Gottlieb reached a $2.6 million settlement related to allegations that the company paid Gottlieb illegal kickbacks to encourage him to use its products.
  • Vascular Solutions settled for $520,000 with the DOJ in July to resolve allegations that it marketed an ablation device for sealing perforator veins without FDA approval — and in spite of a failed clinical trial.
  • In May, Medtronic agreed to pay $9.9 million to settle allegations that it paid kickbacks to physicians to induce them to implant its pacemakers and defibrillators.

The bottom line is this: Medical device manufacturers need to be aware of the magnitude of risk they take by failing to understand the full extent of the False Claims Act and taking steps to comply with the law. All signs point to further FCA enforcement in the medical device industry. Noncompliance with FDA cGMP requirements could ultimately earn you a date with the Department of Justice — an encounter you really want to avoid. Not only could an FCA violation potentially cost your company millions of dollars, it could also damage your reputation, hurt sales, and distract you from the important work of delivering safe, effective devices to the doctors and patients that need them.