RSSA brief talk with Steve Jolley, VP and Director of Pharmacovigilance at PATNI:
PhM: From what we hear, both industry and FDA have trouble tracking adverse patient reactions. Lack of connection between adverse patient responses and manufacturing continues to be pointed out in 483 inspection letters. Why does this situation exist, and what are the key IT challenges?
SJ: The whole process of reporting adverse events started in the 1960s with the thalidomide tragedy. For the first four decades through to about 2000, it was voluntary for patients and doctors to report events, but mandatory for the drug company.
If the company heard about any sort of undesired effect of its drug, it was mandatory for them to report, based on the severity of that event. If the event is serious and unexpected, companies had 15 days in which to report that.
Although some companies are late and get in trouble, most pharmaceutical companies do a reasonably good job of reporting. Now, more pharmaceutical companies are starting to outsource that operation - that's where our company can come in, to take that burden off the company and do it for them.
PhM: What happened after 2000?
SJ: Before 2000, regulators accepted the reporting of individual events and assumed the responsibility of collating all those events and trying and figure out whether or not there was some sort of trend. Then around 2000 the whole idea of risk management emerged, and regulators pushed data analysis back to the companies, asking them to trend data to determine whether any kind of signal was emerging.
It is now the company's responsibility to stand back and see the woods through the trees. Some companies reason, "If I analyze my events, I'm going to find something, and then what?"
PhM: Are there differences between FDA's approach and EMEA's/MHRA's?
SJ: In the U.S., FDA issued a voluntary guidance in March 2005 establishing best practices, but there has been no legislation mandating this until the FDA Amendment Act came out last year. In contrast, Europe legislated Volume 9A, which requires data trending. If you're a company in this country and you're selling your drugs overseas or you're selling into Europe, then the EMEA or maybe one of the member states, such as MHRA from the U.K, can come and audit you here in the States, and they will give you critical findings if you're not doing the analysis yourself.
If it's a challenge for companies, it's also challenging for regulators. They may have the processes and systems required to analyze individual events, but looking across multiple events and locating signals is more difficult.
PhM: Isn't adverse patient reaction data essential for continuous quality improvement? Does managing this data become mainly an IT problem?
SJ: It's much more than just an IT problem. To do risk management properly, you have to go across the entire life cycle of the drug. From preclinical stages you should begin to get a picture of the compound and its side effects. Then, when you go to human studies and as you move through the different stages of testing in man, a good risk management plan will incorporate all of the things that you find in both the pre-clinical and the clinical development. You find known risks, such as liver toxicity. You can then begin to define and assess each risk and start to quantify it.
And then from there, you would develop a risk management plan, and that risk management plan should be submitted, again, with the application when you're trying to get a new drug approved.
But it doesn't stop there. The Risk Evaluation and Mitigation Strategy (REMS) requirement that was passed by FDA last year said, "Okay. If you have one of these risks here, we need a REMS from you to get the drug approved." Once it's approved, you need to monitor the REMS and do further risk management and assessment.
So you need to manage the risk and also quantify the risk and pull in data from the post-marketing arena. At this point, the drug is not just in clinical trials. Real patients are taking it. Companies must not only pull in that data and analyze it, but demonstrate that their REMS is effective. This can be quite difficult.
PhM: Does risk management demand cross-functionality? What is needed to promote the cultural change that is needed?
SJ: In a word, legislation. I'd say the Europeans are probably a bit farther ahead in this. They say you have to do this and you can't sell your drug unless you do this.
PhM: FDA seems to be focusing on voluntary programs...
SJ: That's true, but there is a downside: product withdrawals, and the costs are astronomical. The day that Vioxx came off the market probably cost the market about $50 billion in terms of share price, litigation and lost sales. To prevent that from happening, you'd probably need some pretty tough legislation.
Now, the FDA does give enforcement to Risk Evaluation management strategies. Not everyone has to do it, only those whose drugs have a particular risk profile. However, it's not as comprehensive as the European legislation.
PhM: How is PATNI approaching risk management and data trending for adverse patient reaction reporting?
SJ: We've actually been working for some time now in the analysis of the data. We've offered some tools for doing signaling, and sometimes we sell those tools to the companies for them to use themselves. Sometimes we do that analysis ourselves on an outsourced basis where companies give us their data.
We recently launched Adept, an integrated environment for doing risk analysis during all of the stages, which handles the collection, assessment, reporting, and analysis of data. Our goal is to remove the burden of all aspects of adverse event reporting, both in clinical development and once the drug's on the market. In fact, we can actually write the risk management plans.
PhM: How many pharma customers do you have at this point?
SJ: Well, we probably work with about a dozen clients in terms of signaling analysis. And, in fact, we've worked around the world with that. We actually work with some Japanese clients to help them get their drugs approved in the West. I can recall one drug in particular, a good drug but with a very severe indication. We worked with that company and actually wrote a risk management plan to the European specification and to get that drug approved over here.
PhM: What types of modeling do you have to employ to get the signals?
SJ: We like to develop virtualizations. We start by taking the company data. Again, there are regulations that the company has to send in these periodic reports, so a company reports individual events. And then if the drug's new on the market, every six months, they send in a thing called a periodic safety update report (PSUR) and that would contain everything that's happened to your drug for the last six months.
We take those PSURs from the company, someone will analyze that, and we'll analyze it by body systems, so when they say, "Let's look at the events," maybe we'll find a lot of liver problems. Then we analyze the liver problems, and we look at MedRA Coding.
And then we might correlate that by age and by sex and by dose and by time to onset and by medication and by country, and maybe you'll see, "Well, you've got a little bit of a spike here, liver problems in a certain age range, and affecting females rather than males, maybe it's particularly bad in Japan with age and metabolism, interacting with a stroke . . . " So we'll get a detailed profile of the risk of the drug.
Then we'll go and compare the profile of that drug with other drugs. We'll take the data out of the FDA's database, look at this drug compared to the known data on that drug in FDA, which may have been reported by other companies, and compare the client's drug to other drugs in the same class.
So, for example, with Vioxx, you would look at other COX-2 inhibitors, or you might look at other drugs for the same indication. You want to get a profile of the risk for the company, but also a competitive risk profile comparing that company's drug to other drugs. And from there, you can develop the risk management plan to manage that risk.