The Most Important Compliance Best Practices You Need to Know

The Food and Drug Administration (FDA) requires manufacturers of medical devices to create and maintain a device master record (DMR). Section 820.3(j) of the Federal Code defines device master record. DMR is a set of documents containing procedures and specifications for a finished medical device. 

This article gives the best practices for maintaining DMR to comply with medical device regulations.

Off-label use is the practice of prescribing drugs for an unapproved condition or in an unapproved age group, unapproved dose or unapproved form of administration.  Unlike the drugs approved by the Food and Drug Administration (FDA), off-label drugs do not undergo mandatory clinical trials to determine the dosages, efficacy, or side effects.

This article discusses the best practices to be followed in the off-label marketing of drugs.

A vaccine is a biological preparation that provides immunity against a particular disease. It is usually made of dead or weakened organisms which cause the particular disease. Biosafety means the safe handling of infectious biological materials which can cause diseases. Biosafety level refers to safety tiers prescribed by the Center for Disease Control (CDC), a United States Federal Agency, for laboratories which work with infectious materials. 

This article discusses how to comply with biosafety risk assessment requirements during vaccine production.

Abbreviated New Drug Application (ANDA) is an application for approval of a generic drug. This application is submitted to the FDA Center for Drug Evaluation and Research (CDER) for review and approval. Using bioequivalence for generic drug approval was established by the Waxman-Hatch Act. 

This article describes the requirements for bioequivalence data submission for ANDA to the FDA.

An ethics committee protects the rights and interests of the people in a clinical trial. The ethics committee is usually comprised of individuals from diverse backgrounds like local health care professionals, counselors, social workers, lawyers, and community representatives. Practices of ethics committees vary enormously across Europe, Australia, Canada, and USA.

This article gives an overview of best practices that ethics committees can follow in order to execute their roles and responsibilities in an effective and compliant manner.

The informed consent is process is a cornerstone in the ethical conduct of clinical trials and research on human subjects. Regulatory requirements for this important process varies from country to country.

This article gives an overview of best practices for getting informed consent from human subjects in various international jurisdictions.

The Division of Drug Marketing, Advertising, and Communications (DDMAC) of the Food and Drug Administration (FDA) seeks to protect public health by ensuring that drug information is truthful, balanced, and accurately communicated. The Congress has given FDA the authority to oversee prescription-drug (drugs used under medical supervision) ads.   The FDA has passed regulations detailing how it will enforce these requirements.

This article describes the best practices to comply with the FDA's rules for using social media to promote and market FDA-regulated products.

This document is intended to assist medical device manufacturers with the integration of a risk management system or risk management principles and activities into their existing quality management system by providing practical explanations and examples.

A basic understanding of quality management system requirements and a basic knowledge of quality management system terminology are assumed in this guidance document.

This document is based on general principles of a quality management system and general principles of a risk management system and not on any particular standard or regulatory requirement.

This document also:

• Has general applicability to quality management systems for manufacturers providing medical devices;
• Discusses risk management related to medical device safety, rather than financial or other business risks;
• Does not suggest a particular method of implementation; and
• Does not include requirements to be used as the basis of regulatory inspection or certification assessment activities

The present paper deals with the ambiguity associated with IT outsourcing. Additionally the article, here critically examines the pros and cons of the SaaS system, reminding the regulatory companies to remain ever vigilant on the process of outsourcing.

An establishment inspection is a careful, critical, official examination of a facility to determine its compliance with laws administered by FDA. This Article talks about the different types of FDA inspection, the authority and what are the steps to prepare for FDA inspection. It also shows How FDA Prepares for Inspection, what are the high priority areas of inspection for FDA, the various FDA inspection techniques, close out meeting, post inspection function.
 

Software has become part of almost every business process and the scope and complexity of software is increasing every year. Most software is purchased from a vendor and is referred to as commercial off-the-shelf software (COTS). The term “developer” identifies people that create software and for the purposes of this article is equivalent to the vendor. The term “user” identifies people that use software to perform their job.

The developer and users share responsibilities that affect the quality of the software. The developer must create the software to contain the functionality required by the users, and perform developer validation. The users must perform user validation of the software in the context of its application, meaning the business processes that use the software.  Additionally, the user must ensure proper maintenance and control of the software on an ongoing basis.

The requirements of validation from the developer and user perspectives have many steps in common but the focus of each step is different because their perspectives are different. 

Corporate understanding of green compliance has been limited to complying with the regulations prescribed by the binding government agencies. They saw to it that their processes kept emissions well under the mandate or limit or eliminate the use of banned substances in their products.

Current trends in green compliance have seen corporate do things beyond the mandate. Environment friendly initiatives are finding its way into core corporate strategies. General awareness among the end users is also setting trends for companies to rework their conduct of business with more eco sense.

Corporate initiatives are driving the enforcement of regulations with more vigor. Any demand from the end user affects the entire chain of stakeholders. These trends are also helping government agencies in re-looking at their existing regulations or bring in better regulations.

More on this, with illustrations from the corporate world that has brought about this change, read on

http://blogs.harvardbusiness.org/leadinggreen/2008/08/what-compliance-means-now.html

HIPAA – Health Insurance Probability and Accountability Act was enacted to protect the health insurance for workers and their families when they change or lose their jobs. Protecting patient’s health records becomes important for medical practitioners. In this age modern technology, this becomes all the more critical. Technology is susceptible to various risks of exposure and data security calls for significant investment. The ensuing article details 10 steps for understanding the gaps and how to get compliant for better data security.

The 10 steps that can help for better compliance are:

• Understand why computer security is important
• Make certain your colleagues and staff take security as seriously as you do
• Catalog all the information system components that interact with protected health information in your office
• Prepare for disaster before it occurs
• Make sure your network and communications safeguards are intact and robust
• Be certain you have anti-virus software and keep it up-to-date
• Understand what encryption will do and when it is necessary
• Consider chains of trust and your business relationships
• Demand that your vendors fully understand the HIPAA security standards
• Star with a plan – and the end – in mind

You have been through a rigorous FDA inspection, now what? You are handed a list of observations for which needs immediate corrective action. Responding to these observations is deemed Herculean task than facing the audit itself. The hows of responding to observations can be explained in steps as:

• Formation of committee
• Sub-committees to investigate particular committee
• Developing the response document
• Follow-up with FDA for its response on the document submitted
• Lessons learned

Its good to be compliant but companies need to look into the ground work that can make this a more productive and hassle free exercise by:

• Training its employees more frequently
• Upgrading the computer hardware to reduce on costs
• Better documentation and processes for efficiency

Spreadsheets are tools that simulate paper worksheets. Macro is a pattern that specifies mapping of input sequence to the output sequence in a pre-defined procedure. Macros also enable automation of repeat actions. Macros and spreadsheets are used in conjunction in regulated environments. Spreadsheet programs are very generic and their use in regulated environs requires preventive actions to avoid mitigate the risk due to erroneous outputs. Therefore, electronic records generated using spreadsheets must comply with 21 CFR Part 11.

The primary requirements of 21 CFR Part 11 are:

• Dedicated software for use in regulated environment
• Evaluate software add-ons that enable existing software to comply
• Bring in compliance requirements as built-in functions in the development phase

What are the current compliance problems? What it takes to bring spreadsheet applications under the purview of compliance?

• use of validated software and computer systems
• user-independent, computer-generated, time-stamped audit trails
• system and data security, data integrity, and confidentiality through limited authorized system access
• binding electronic or handwritten signatures to electronic records
• secure retention of accurate and complete electronic records

Commercially available software are generic, hence achieving compliance can be done by having:

Quality System Inspection Technique – FDA’s new approach to enforce regulation and compliance aims to improve speed, efficiency and consistency of both routine and pre-approval inspections. CDER has defined and grouped QSIT into six major systems as:

• Quality
• Facilities and equipment
• Materials
• Production
• Packaging and labeling
• Laboratory control

What do these broad headlines mean and how to implement QSIT?