antonio b. regadio jr., bsip r - pamdrappamdrap.org/wp-content/uploads/2016/06/pamdrap-ta… ·...
TRANSCRIPT
Antonio B. Regadio Jr., BSIP R.Ph.
Regulatory Assistance Manager,
Regworks
Outline Regulatory basis for the risk management plan
Risk Management
Risk Management Plan
What is a Risk Management Plan? "Risk Management Plan" means a set of health product
vigilance activities and interventions designed to identify, characterize, prevent or minimize risks relating to health products, and the assessment of effectiveness of those interventions.
The risk management plan is a requirement for the issuance of the appropriate authorization.
- IRR of RA 9711 Article 1, Book 1 Section 5. Definition of Terms, ll
Why does FDA require your establishment to make RMP? Answer 1 # It is required by law
(l). To require all concerned to implement the risk management plan which is a requirement for the issuance of the appropriate authorization;
Section 2. General Powers and Functions. Article II. A. Food and Drug Administration of IRR of RA 9711
Licensing and Registration Division’s function To mandate, order, review, and implement a Risk Management Plan
on any health product for conformance with the FDA standards;
Article VII, Section 4 (h) of IRR of RA 9711 )
Why does FDA require your establishment to make RMP? Answer 1 # It is required by law all marketing authorization
holders (MAHs) (or CPR Holders) and other concerned stakeholders (DD/DI/DE/DS?) are required to implement an RMP for the issuance of the appropriate authorization
Republic Act No. 9711 Section 5, (k)
“All establishments are required to implement a risk management plan which is a requirement for the issuance of an LTO or other authorization”
- Administrative Order 2014-0034. General Guidelines(D)
all MAH shall establish a PMS system for every product in the market, which shall be translated into a RMP
FDA Circular No. 2013-004
Section V, (2)
Why does FDA require your establishment to make RMP?
Why does FDA require your establishment to make RMP? Answer 1 # It is required by law
Licensing, Inspection and Compliance Division
Sec. 7. Powers and Functions of the Licensing, Inspection" and Compliance Division.
c. To review, evaluate and monitor implementation of Risk Management Plans for conformance with the FDA standards;
IRR of RA 9711
Risk Management Plan
Requirement for the licensing of drug establishments
During initial for new establishments
During renewal for existing establishments
Must always be available for inspection
Administrative Order 2014-0034
Drug
meeting
requirements
Equipment Personnel
Methods Premises
Definition of conditions under which
drugs are manufactured, packed,
tested, held
State of Control: a drug firm is considered
to be operating in a state of
control when it can guarantee
a finished drug product
for which quality, strength
and purity has been
assured throughout production and
that the product is compliant
with its registration
Why does FDA require your establishment to make RMP?
Risk Management
Risk Management is not a New Concept
Risk Management Framework Risk management --
Principles and guidelines ICH Q9 – Quality Risk
Management
Risk Review
R i s
k C
o m
m u n i c
a t i o n
Risk Assessment
Risk Evaluation unacceptable
Risk Control
Risk Analysis
Risk Reduction
Risk Identification
Review Events
Risk
Acceptance
Initiate Quality Risk Management Process
Output / Result of the Quality Risk Management Process
R i s
k M a n
a g e
m e n t t o
o l s
Regulatory Requirement ISO 14971:2007 Medical Devices –
“Application of Risk Management to
Medical Devices”
Note 1: ISO 14971:2007 = EN ISO 14971:2009
Note 2: Conformity to EN ISO 14971:2007 expired on March 21, 2010
ISO 13485:2003 - Medical Devices Quality
Management Systems Requirements for Regulatory Purposes
•Clause 7.1 requires, “…risk management throughout product realization.” –In addition, “Records arising from risk management shall be maintained”.
–The standard cross references ISO 14971 for guidance related to risk management.
•Clause 7.3.2 states that design and development inputs
include risk management outputs
FDA’s Quality System Regulation Requirements for Risk Analysis
Risk Assessment is required as part of design validation
(820.30 (g))
Note : Design Validation is defined as “establishing by objective evidence that device specifications conform with user needs and intended use(s).
Risk Analysis -Intended use and
Id of Char related to safety
of the device
-Id hazards
-Est risk for each
hazardous situation
Risk evaluation
Risk Control -Option analysis
-Implement controls
-Residual risk evaluation
-Risk/benefit analysis
-Risks arising from control
measures
-Completeness of risk control
Ris
k A
sses
smen
t
Evaluation of overall
residual risk
acceptability
Risk Management
Report
Production and
post-production
information
Risk
Man
agem
ent
Adapted from ISO
14971:2007 Figure 1
What Could Go Wrong? What is the Consequence if it Goes Wrong?
What Situation It Could Go Wrong?
Philippines
22
Philippines
PRINCIPLES OF QUALITY RISK MANAGEMENT
The evaluation of the risk to quality should be based on scientific knowledge and ultimately link to the protection of the patient
The level of effort, formality and documentation of the quality risk management process should be commensurate with the level of risk
Philippines
24
Philippines
25
Risks
Product
Process
Establishment
Performing Risk Management Some Tips…
1. Set the Purpose of QRM exercise
2. Assemble the QRM Team
3. Set P, S, & D Criteria
4. Determine Potential
Negative Event
5. Determine the Causes and
Evaluate the Risk
6. Evaluate Detection
7. Risk Control
8. Qualification & Validation
9. Action Items
10. Periodic Risk Review
10 Step Quality Risk
Management Process for
DM
Preparation for RM
State the purpose of risk management exercise
Set the limits of the item under study
Step 1 to Step 2
State any assumptions for RM exercise
e.g. All personnel are trained in SOP.
Reveal documents involved in the item under study
Risk Identification Brainstorming
What could fail in the system/ equipment/process?
What is the consequence/effect of the risks?
What is/are the likely cause of the risks ?
Do simulations
Near miss incidents
Deviation reports
Ask the subject matter experts (operators, WHmen, etc…)
Risk Identification
Determine the cause of the risks
Brainstorming
5 Whys
Fishbone Diagram
Pareto Analysis
Risk Identification
Hazard Assessment
Device Misuse Assessment
Dose response Assessment
Exposure Assessment
What could go wrong?
Risk Identification Tip Beware of “human error” causes for risk?
• Human error tends to be over-used when performing Risk
Management exercises. It offers quick answer, but it can be problematic!
• It usually only addresses the symptoms not the root cause • It blames someone, and this may or may not be the right
person. • TIP: Dig deeper. Ask why did the person conducted an
error which lead to the risk? (Perform 5 Whys?)
What Could Go Wrong? What is the Consequence if it Goes Wrong?
What Situation It Could Go Wrong?
Risk Identification Tip Separate the risk from cause and effect e.g.#1 Priority Risk - Incomplete/poorly managed records will hamper the process of recall Risk Cause Effect Delayed recall Incomplete/poorly Harm to managed records patient e.g.#2 power outage risk? Risk Cause Effect Product degradation Power outage ineffective or toxic product
Risk Analysis Tip Document the Sources of Uncertainty, Assumptions, or Gaps in the Risk Scoring Process may include: • unknown root causes • lack of clarity regarding the effectiveness of an individual
preventive or detection control • pending scientific inquiries (e.g. experiments or studies) • sources of variability within a process that have not been
fully characterized
Risk Evaluation
Probability : 1 (improbable) to 5 (highly probable) Severity : 1 (not severe) to 5 (very severe) Detectability: 1 (very detectable) to 5 (zero detection controls)
Which should be the first one to be controlled? RPN: A=B=C=D=E=F=G=H
Tips for Risk Evaluation
Do not rely only on RPN for Risk Evaluation Go back to Risk = P x S Challenge detectability The team has to formally decide (with justification) if the risk is
adequately controlled, by considering whether the detection controls give assurance that the risk is adequately controlled and that no further controls are required This is in line with the GMP QA principles of building in quality by
design rather than relying on QC test at the final product.
This is why the QRM tool that I’am using is different from GAMP 4, FMEA and FMECA
Risk Evaluation
Probability : 1 (improbable) to 5 (highly probable) Severity : 1 (not severe) to 5 (very severe) Detectability: 1 (very detectable) to 5 (zero detection controls)
RPN: A=B=C=D=E=F=G=H RP: A,C*,E* >B*>G*>D,H,F *challenge detectability
I use qualitative scales to remove the bias from multiplying ordinal numbers
RISK=PxS
Severity Minor Moderate Critical
Pro
bab
ilit
y
High Unacceptable Intolerable Intolerable
Medium Acceptable Unacceptable Intolerable
Low Acceptable Acceptable Unacceptable
Remote Acceptable
Acceptable
Acceptable*
* Acceptable only with Justification
Control the risk to an acceptable level
Risk Control
Risk Control
43
Risk Control Options re-design the process or replace a component
(Remove and Replace Control)
e.g. manual filing CD drive USB E-application
Risk Control Options isolate that part of the process/system so the impact of the
effects of the hazard may be reduced and contained
(Isolation Control)
e.g. isolate Liberia peacekeepers in Caballo island
Put effective procedures and checking activities in place to ensure that unwanted steps and actions are avoided
(Detection Control)
e.g. highlight changes during label re-design
Risk Control Options improve training for operator or staff to ensure compliance
with procedures and policies
(Compliance Control)
e.g. training of operators on the risks to quality of blistering
process
reduce or counteract the effects of the potential negative event
(Redundancy/ Contingency controls)
e.g. schedule of breaks of tableting machine to prevent
melting of tablets due to machine friction
Risk Control Options any fool-proof controls which cannot be by-passed via
human error or the by accidental or deliberate non-compliance with procedures (Poka Yoke controls)
e.g. unique pin index valves for different medical gas
Risk Control Options Controls outside the GMP or GDP environment.
E.g. nurses checks the solutions before injecting to patient
New and Improved Controls Any risk presented by the new component (or changes)
will be assessed and managed.
Check residual risks
New risks can be generated out of the new or
improved controls.
e.g. manual filing vs CD drive / USB / E-application
Risk of lost data, brown-out, computer virus…
Risk and Change Control
Old Status Quo New Status Quo
Regulatory QA
Production Warehouse
Engineering
Quality Control
Clients
…
Say, what you do
Do, what you say
Gain experience
Improve it
Approval
Manufacture
for market
Analyse root cause:
Continuous
improvement
Update
documentation
Risk
Management
Risk of Failure ?
Risk Management is a continuous improvement system
Risk Management Plan
MDM MDT MDD MDI MDS
Product Risks M M C M/C C
Establishment Risks
M M M M M
M - Make C - Compile
Just to Simplify…
Approaches to Risk Management
Proactive Reactive
includes measures employed before occurrence of risks (accidents, failures and incidents)
Examples: HAZOP HACCP FMEA Brainstorming Risk Ranking and Filtering
Examples: Recalls Complaints PV Reports/ ADR Reports Whistle blowing
includes measures employed after occurrence of risks (accidents, failures and incidents)
Proactive Risk Assessment Multidisciplinary team (3-6 members)
1 Risk Management Facilitator (Team Leader)
1 QA and/or Quality Control
1 Subject matter expert (operators, engineers, warehouseman)
Establishment Suggested Frequency Composition
Device Manufacturer Quarterly Inter-/Intra-department Independent research
Device Distributor/Importer
Quarterly Inter-/Intra-department Independent research
Risk Identification;
Risk Control;
Risk Communication;
Risk Monitoring and Management
Evaluation
Medical Device Vigilance System
Risk Management
System
Product Complaints
System
Recall System
Establishment of RMP
Risk Identification
1. Sources of Risks
Internal FDA
deficiencies
Product Compliant
Recall
order
Deviations
Counterfeit Experience Whistle
blowing
Near -miss incidents
Incident reports
Brainstorming
Contributors: Pharmacovigilance, Customer Relations, Regulatory, QA, QC, Risk Management Team, Customers, Patients, FDA…
II. Risk Assessment
1. Sources of Risks
External Product Recall
FDA Advisories
Adverse Event Report
Counterfeit Report
Journals, News,etc…
Contributors: FDA, Media, Other Pharmacovigilance Teams,
Medical Device Vigilance System RM Approach Reactive
Risk Identification ADE/ADR report from patient, Journals, News, Device vigilance Database, Datamining
Risk Control Preventive recall of suspected batch Label Change Warning Letter/Advisories Dispense to Specialists Training of health professionals
Medical Device Vigilance System
Risk Communication Communicate the PV issue to the Manufacturer/Importer Get detailed information and contact details from the complainant (patient, physician, healthcare provider, pharmacist)
Risk Review Review PV issues for the year Review recurring PV issues Check effectivity of CAPA arising from PV
Complaint and Returns System Expectations:
Manufacturers/Traders Distributors/Importers
Receive returns/ complaints Receive returns/complaints
Investigate returns/complaints
Refer complaints/returns to the manufacturer
Issue preventive recall to distributors
Proactively hold the batch under complaint (depending on risk)
Report drug quality defect, possible recall to FDA
Complaint and Returns System RM Approach Reactive
Risk Identification Quality and Safety complaint, returns from patient/physician/customer
Risk Control Preventive recall of complaint batch Provide record of traceability of the complaint batch
Risk Communication Contact Details of Device Distributor/Importer Device Trader Device Manufacturer Patient/Customer/Physician
Preventive recall letter
Risk Review Review of recurring complaints/returns Check effectivity of CAPA arising from complaints/returns
Recall System Expectations:
Manufacturers/Traders Distributors/Importers
Remove the product for sale upon receipt of recall notice
Fast decision and execution of recall of products based on risk
Submit status report to FDA Status report to source
Report companies not complying with recall notice
Store in recalled product in appropriate storage (return or reject area)
Dispose recalled products Dispose recalled products ( for importers)
Consolidate the recalled products
Recall System RM Approach Reactive
Risk Identification Recall notice from Drug establishment or FDA
Risk Control Preventive recall of recalled batch Provide record of traceability of the complaint batch Mock recalls
Risk Communication 24/7 Contact Details of Medical Device Distributor/Importer Medical Device Trader Medical Device Manufacturer Patient/Customer/Physician
Risk Review Review of recurring recalls
Risk Management Plan
Outline I. Introduction
II. Risk Assessment
III. Risk Control
IV. Risk Communication
V. Risk Review, Monitoring and Management Evaluation
VI. References
VII. Appendices
Common Mistakes in QRM Poor understanding of Risk Management Concepts
Conducting risk assessment without consulting the subject matter experts
Unqualified, untrained personnel conducting risk assessments
Not considering all the hazards (unusual events, that will never happen)
Hiding risks
Business priorities over quality and due diligence
Poor risk communication
Quality management as function of time
Consequences
What if
disaster happens?
Nowadays
QR
M
Based on Prof. M. Haller, University St. Gallen, Switzerland
Using QRM
Prior use of QRM may
lower the consequences
What happens to regulatory expectations when things go wrong?
Collaboration is the key to a successful Risk Management Plan
Reference ICH Q9
ISO 14971
ISO 13485
AO 2013-0034
FDA Drug Circular 2014-004
RA 9711
IRR of RA 9711