Auditing Your Aggregate Spend Program

Written by Alexis Stroud, Director Quality and Compliance, QPharma

1. What components of the audit process need to be implemented to ensure compliance with state aggregate spend and Healthcare Reform regulations?

In order to comply with state aggregate spend and healthcare reform legislation and regulations, you need to have policies, procedures, systems, controls, and monitoring and auditing processes designed to maintain data integrity and compliance with the various state and federal reporting requirements.

Life science companies must clearly understand and interpret the regulatory challenges to comply with each States’ reporting requirements, as well as begin preparation for the Patient Protection and Affordable Care Act (PPACA) – and possibly new state legislation. Based on these interpretations, their policies, procedures, monitoring controls, and auditing steps need to be developed and implemented to ensure reporting compliance is maintained.  This becomes even more challenging for a life science company, because the necessary data and systems are generally not centrally located or maintained (i.e. a cross-functional effort). In addition, the required data elements required to comply with the current Federal reporting requirements may be incomplete or non-existent within these systems.

Using a process-based audit approach enables a company to understand all of its interactions with Healthcare Providers (HCPs) and how those interactions are performed and recorded within its existing systems.  This type of assessment delivers a detailed understanding of the current environment in which your company is operating; identifies policy and procedure gaps, control weaknesses, and opportunities to implement industry best practices; and positions your company to ensure accurate and complete state and federal disclosure.
Note: Some of the state laws (NV and MA, for example) require certification that a manufacturer has conducted audits as part of its compliance program.



What should your Auditing and Monitoring Program consider?

•  Is the process documented?  What is the process for reporting findings?
• Does the compliance auditing and monitoring program incorporate key approval points such as HCP credentialing, needs assessment, payment authorization, and reporting accuracy?
• Have you built into the formal compliance audits a degree of independence?
• Are audits performed at least annually?
• How aware are your Internal Audit teams of the requirements of the state and federal regulations.  
• When reviewing past audit reports, how comprehensive were those reviews?  Were findings investigated and closed out?

Things to consider when auditing your aggregate spend program:

• Do you have a Federal- and State-specific reporting policy?  Is it adequate and is it being followed?  How are you keeping up to date with the changing legislation and regulations and how is that information being communicated within the organization and to any third party providers?
• Do you have assessments of third party vendors?
• Third party vendors are acting as agents of a Company. Their activity is ultimately the activity of the Company.
• Monitoring/auditing should include activities of third party vendors.  Perform contract reviews.
• Third party vendors should be informed of this requirement and will have to potentially provide data and other documentation for the audit.
• Do you understand the underlying data controls?
• Process – How is data captured, approved, and updated?
• Systems – What systems are the data maintained in and what are the relevant controls and validation procedures?
• Data – What data elements are available to meet the reporting requirements?
• Procedures – What processes are necessary to capture accurate and complete relevant data?
• What are your data collection challenges? How can you improve current processes to address these challenges?
• Are there enough resources within your organization to perform various data gathering, validation, and reporting functions?
• Have you had any prior incomplete or inaccurate State reporting filings?
• What tools/procedures (checklists, sign-offs, sub-certification process) and monitoring controls are in place to address the day-to-day process designed to enhance compliant state reporting?
•  ensure accuracy of data through consistent and efficient data review
• identify and investigate outliers and compliance red flags
• Have you tested any system-based tools to ensure they are working properly?
• Is your system flexible enough to change and adapt over time with new/updated laws and are you collecting data at the most granular level?
• Has training been provided to all levels of the organization related to the current and future reporting environment requirements, company policies and standard operating procedures, and monitoring and auditing techniques?
• Is the company using the information obtained for state reporting requirements to enhance business operations, as well as overall corporate compliance?
• Do you have disciplinary actions for employees that do not comply with your procedures?

Recommendations for an Effective Vendor Qualification Program - Part 2 of 2

Written by Teresa Jaworski – Subject Matter Expert, QPharma


In last week’s post, I shared with you some preliminary guidelines for qualifying a vendor. Here is Part 2 of that post:

Pre-Audit Questionnaire

If it is determined that a new vendor is needed, you should select a minimum of three (3) vendors, if possible, which can supply the product or services needed ( raw materials, components, manufacturing equipment, testing equipment, consulting services, etc.). The approved procedure should provide guidance for selecting these vendors. Once the potential vendors are selected, a pre-audit questionnaire should be provided to and completed by each of the potential vendors. The results from the completed questionnaire should be used to determine if the vendor will continue in the qualification process.


Onsite Vendor Audit


If it is determined that the potential vendor meets the criteria for continuing the qualification process per review of the completed questionnaire, schedule an initial, onsite audit as defined in the approved procedures.


When conducting the audit, the appropriate audit checklist should be used according to whether the vendor is defined as a critical or non-critical vendor. In addition, the onsite audit should include verification that the established requirements and specifications can be met by the vendor. Then based on the overall results, the potential vendor can be either accepted or rejected. If accepted, the vendor is considered qualified. If rejected, the company can either work with the vendor to resolve discrepancies and qualify the vendor or select another potential vendor. All auditing activities and results should be documented and maintained.


Quality Agreement


If it is determined that the vendor is qualified, a written Quality Agreement should be developed and approved between the company and the vendor. According to Hasselbalch, “a GMP guidance detailing expectations for quality agreements is in the works as well, and the regulations may be further upgraded to support the guidance in this area. The guidance will explain the expectation that the agreement be in writing and specify clearly what each party commits to do.”


Development and approval of the Quality Agreement should include members from all relevant areas within the company’s organization, including but not limited to quality, procurement, manufacturing, product development, process development, regulatory, and legal. This agreement should define required quality standards; products or services provided; quality requirements and specifications including but not limited to training, qualifications, and monitoring expectations; key contacts; quality roles and responsibilities; locations; and necessary communications regarding quality-related activities.

Recommendations for an Effective Vendor Qualification Program - Part 1 of 2

Written by Teresa Jaworski - Subject Matter Expert, QPharma

According to a June 16, 2010 article posted on the International Pharmaceutical Quality (IPQ) website, FDA Fast-Tracking Supply Chain cGMP Upgrades; Other GMP Changes, Quality Agreement Guidance Taking Shape, “FDA is fast-tracking a set of changes to 21 CFR Part 211 targeting control of raw materials, excipients and components used in pharmaceutical manufacturing.”

The Center for Drug Evaluation and Research (CDER) Office of Compliance Team Leader Brian Hasselbalch announced these impending GMP proposals at a Global Outsourcing Conference at Xavier University on June 14, emphasizing that “adulteration issues represent credible threats to our marketplace and that raw material controls have to be improved.”

Hasselbalch further explained “They will require drug producers to know who the original manufacturer is for all excipients and active ingredients, and any subsequent repackers and relabelers – that you know who they are, who handles [the material] in the supply chain, similarly to the EMA proposed pedigree.”

As discussed earlier in a September 2010 blog, the U.S. Food and Drug Administration (FDA) Guidance for Industry Q10 Pharmaceutical Quality System, which is in accordance with 21 CFR Part 820.50, specifies that Pharmaceutical companies are ultimately responsible for ensuring that processes are in place to assure the control of outsourced activities and quality.  We are now going to dig a little deeper to discuss how these controls can be accomplished.

A company should establish and implement processes that can determine the suitability and competence of a vendor for their specific needs.  These processes should include establishing approved procedures; performing audits; ensuring the vendor is qualified prior to selecting them as a vendor; and continuing to monitor the vendor’s performance after qualification including re-qualifying the vendor at established time intervals.

Establishing Approved Procedures

When establishing approved vendor qualification procedures, keep in mind that the procedures should include, at minimum, guidelines for the following:

• selecting a potential vendor for the products or services needed
• defining and documenting requirements and specifications to be met by the vendor
• determining whether the vendor is a critical or non-critical vendor
• auditing requirements for both a critical and non-critical vendor
• distributing the pre-audit questionnaire for completion by the potential vendor
• determining the vendor suitability as a result of the completed pre-audit questionnaire
• planning, scheduling and conducting on-site vendor audits
• preparing audit reports
• following up on any audit findings to ensure appropriate CAPAs have been implemented
• defining time intervals for re-qualifying/re-auditing vendor
• completing and maintaining vendor Quality Agreements
• developing and maintaining an Approved Vendor List
• storing all required vendor qualification documentation including pre-audit questionnaires, audit checklists and notes, audit reports, Quality Agreements, Approved Vendor List, etc.
• handling vendor relationships when requirements are no longer being met

It is also recommended that the following templates be included, or their location referenced, in the vendor qualification procedures to ensure consistency and to ensure that requirements are being met:

• Pre-audit Questionnaire, which should comprise requests for relevant information  such as the following:
• company name
• company location
• contact information (telephone, fax, email)
• company history
• product(s) or service(s) provided
• number of employees
• details of implemented quality systems
• dates of last regulatory audits (FDA, ISO, etc.)
• Audit Checklist for auditing critical vendors
• Audit Checklist for auditing non-critical vendors
• Audit Report
• Quality Agreement
• Approved Vendor List

Training should be conducted and documented on the approved procedures prior to being used, emphasizing the need for quality support during all phases of the vendor qualification process.

Stay tuned for Part 2, coming next Monday, November 15th!

FDA Announces Plans to Revise cGMP Regulations for Auditing Vendors

Written by Teresa Jaworski – Senior Validation Specialist at QPharma

By year end 2010, FDA is planning to release new regulations that will include requirements for Pharmaceutical manufacturers to physically audit their vendors, no longer allowing paper audits to be acceptable. This change is being considered because of the large number of gaps being found in manufacturers’ quality systems due in part to the growth of production outsourcing. It is expected that once the drafting process of these proposed regulations is completed, they will be available for review and comments for approximately three to six months.

Brian Hasselbalch

According to Brian Hasselbalch, representing the Office of Compliance’s Division for Manufacturing and Drug Product Quality within FDA’s Center for Drug Evaluation and Research, at a conference held jointly by the agency and Xavier University in Cincinnati, Ohio, June 13-16, “between 2001 and 2007, the number of products manufactured outside the United States and the number of manufacturing sites abroad doubled. Some of the new products being imported into the US come from countries with less developed regulatory systems.”

As indicated in the U.S. Food and Drug Administration (FDA) Guidance for Industry Q10 Pharmaceutical Quality System, which is in accordance with 21 CFR Part 820.50, Pharmaceutical companies are ultimately responsible for ensuring that processes are in place to assure the control of outsourced activities and quality. In doing so, companies should implement processes to access the suitability and competence of a vendor prior to outsourcing operations or selecting them as a vendor. This can be accomplished by establishing approved procedures, performing audits, and ensuring qualifications. Note that defined quality requirements should be used during the auditing process to ensure the vendor is capable of meeting these requirements. The evaluation results should be documented.

If it is determined that the vendor is qualified, an approved, written agreement, often referred to as a Quality Agreement, that defines quality requirements, responsibilities, and communications necessary for quality-related activities, should be created and approved between the two parties. Records of acceptable vendors should be established and maintained via an Approved Vendor List.

If a company does not have an Approved Vendor List, it cannot be concluded that vendors being used by the company are qualified to provide the products and services being used for cGxP purposes. With the establishment of an Approved Vendor List, a company can work smarter, not harder. A company will be able to determine if a qualified vendor is currently available that can provide the necessary products or services instead of going through the entire qualification process each time a new vendor is needed. It also ensures that several vendors are not being used for identical products or services. In the end, this will result in better utilization of resources, an improved state of regulatory compliance, and a cost reduction for the company.

However, having these procedures in place does not ensure proper implementation of them. Training should be conducted and documented on these approved procedures, emphasizing the need for quality in all aspects of the vendor qualification process including ensuring that all required vendor assessment and auditing documentation is stored in a centralized, secure location.

A vendor audit does not have to be conducted by a company representative. It is acceptable to use contracted resources to perform these audits as long as the resources are qualified to perform the tasks and the qualifications are documented. According to Hasselbalch, “We will not demand that you individually audit. We acknowledge and recognize a surrogate or a third party audit arrangement. It may be more efficient and more effective, quite honestly. A third party audit would have to be performed by a credible auditing arm [with] certain characteristics that assure the integrity and the quality of the audits.”

Refer to the links below for FDA MedWatch reports relevant to outsourcing.

• http://www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts/ucm172252.htm
• http://www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts/ucm214036.htm
• http://www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts/ucm214034.htm
• http://www.fda.gov/Safety/MedWatch/SafetyInformation/SafetyAlertsforHumanMedicalProducts/ucm213532.htm