Science-based discoveries leading to the development of medicines, both organic and inorganic, and ingenious medical devices have enormously eased the burden of disease, illness and injury on human and animal populations.
Globally, a huge industry has developed around healthcare over the last 200 years or so, with capabilities accelerating in particular over the last 40 – 50 years.
Breakthrough discoveries and developments have been occurring almost constantly over the last decade or so, and the Covid-19 pandemic has put an uncommonly high level of societal focus on two key healthcare sectors during 2020 and 2021:
- Pharmaceuticals (Pharma): This sector focuses on the discovery of natural molecules or the invention of synthetic ones that show signs of potentially contributing to better healthcare in specific areas. Development and testing of promising candidates follows, and hopefully the production and release of a safe and effective new medication to the market.
- Biotechnology (BioTech): This sector uses cellular and biomolecular processes to develop technologies and products that may potentially increase the health of certain parts of the population like the aged, improve certain types of manufacturing like brewing, and enhance the yield or insect resistance in specific areas of agriculture.
This focus has in turn placed an even greater level of scrutiny onto the governmental bodies responsible for oversight of these sectors.
In the United States, the Food and Drug Administration (FDA), an agency within the Department of Health and Human Services, protects the public health of Americans by assuring the safety, effectiveness and security of human and veterinary drugs, vaccines and other biological products for human use, and medical devices.
The Food, Drug and Cosmetic Act (FD&C Act) is a broad and deep range of regulations that provides the charter for and the scope of the FDA’s activities.
Most of the rest of the world has established their own equivalent agency for this purpose, such as the European Medicines Agency (EMA), the Australian Therapeutic Goods Administration (TGA) and the UK’s Medicines and Healthcare products Regulatory Agency (MHRA). These agencies operate under the authority of their relevant local legislation.
Every such agency is backed by a raft of legislation covering to various degrees just about every aspect of the healthcare industry.
More legislation naturally results in greater compliance requirements being extended onto the businesses operating in these sectors. These compliance requirements have to be met and evidence kept on hand to prove it. And the legalities need to be addressed through appropriate contract agreements between parties.
This article focuses on Pharma and BioTech in the United States based on the economic heft of those sectors, covering:
- Sample FD&C Act regulations and obligations
- Common areas of FD&C Act non-compliance
- Some key issues for Pharma and BioTech
- Some typical Pharma and Biotech contracts
- Managing contracts in Pharma and BioTech
Examples of FD&C Act regulations and obligations
The FD&C Act establishes a wide range of obligations on businesses involved in Pharma and BioTech, covering activities related to the manufacture of each sector’s products, and the filing and acquiring of any registration, permit and approval required by the FDA for the importation, marketing, sale, distribution and use of those products.
Available for viewing at ecfr.federalregister.gov, Title 21 Food and Drugs contains the most current details of the regulations and associated obligations of the FD&C Act.
Both the regulations applicable to Pharma and BioTech and their associated obligations are pervasive and quite prescriptive, strong evidence of a regulator that demands all the i’s to be dotted and the t’s to be crossed given the seriousness of the subject matter. It really can’t be any other way.
A very thorough and completely up-to-date awareness of these regulations is absolutely required by any business involved in Pharma and BioTech if they don’t want to attract any unwanted attention from the FDA."
A brief sample of the hundreds of regulations and obligations pertinent to drugs includes:
- Section 200.5 Mailing of important information about drugs: requires the mail to be distinctive in appearance so it will be promptly recognised and read, and specifies how such distinctiveness must be achieved, from the envelope size, colour and location of addressee details, down to the font type, size and boldness level to be used
- Section 201.18 Significance of control numbers: requires the lot number on the label of a drug to be capable of yielding the complete manufacturing history of the package
- Section 210.1 Status of current good manufacturing practice for drugs: sets out some of the minimum standards for methods to be used in, and the facilities or controls to be used for, the manufacture, processing, packing, or holding of a drug to assure that such drug meets the requirements of the FD&C Act as to safety, has the identity and strength, and meets the quality and purity characteristics that it purports or is represented to possess
- Section 211.34 Consultants: Records are to be kept stating the name, address, and qualifications of any consultants advising on the manufacture, processing, packing, or holding of drug products for which they are retained
- Section 211.192 Production record review: All drug product production and control records, including those for packaging and labelling, must be reviewed and approved by the quality control unit to determine compliance with all established and approved written procedures before a batch is released or distributed
- Section 310.305(g)(1) Records and reports concerning adverse drug experiences; recordkeeping: Each manufacturer, packer and distributor must, for a period of 10 years, maintain records of all adverse drug experiences, including raw data and any correspondence relating to those experiences.
Common areas of FD&C Act non-compliance
The FDA conducts regular inspections of businesses subject to the FD&C Act to check their levels of compliance with applicable sections of the Act.
Analysis of violations discovered in FY 2020 during such inspections shows the top five most common areas of non-compliance related to drugs for people, representing 413 violations (27.3% of the total number), were:
- Section 211.192 Production record review: Failure to thoroughly review any unexplained divergence from specifications of any batch of a drug product, whether or not the batch has already been distributed
- Section 211.22(D) Responsibilities of quality control unit: Failure to document or document clearly, or to fully follow the responsibilities and procedures applicable to the quality control unit
- Section 211.100(a) Written procedures; deviations: Failure to prepare written procedures for production and process controls designed to assure that the drug products have the identity, strength, quality, and purity they purport or are represented to possess
- Section 211.160(b) Laboratory Controls; General requirements: Failure of laboratory controls to include the establishment of scientifically sound and appropriate specifications, standards, sampling plans or test procedures designed to assure that components, drug product containers, closures, in-process materials, labelling or drug products conform to appropriate standards of identity, strength, quality, and purity
- Section 211.68(b) Automatic, mechanical and electronic equipment: Failure to validate the accuracy of computer-based records, apply appropriate controls over changes to computer-based records, or take and verify the completeness of computer backups.
In total during FY2020, 1,514 occurrences of non-compliance involving 178 sections of the FD&C Act were detected.
The FDA inspection reports only describe the violations discovered; no insight is provided about the underlying causes. Doubtless some of the causes could be put down to resource issues – lack of people, systems, funding, time and so on.
Ignorance of the law could also play a big part. Everybody who wants to be in the game, especially if funding is a problem, probably has to reinvent the wheel in respect of gaining an understanding the complexities of the FD&C Act, what parts of it apply to which parts of the business, and how to turn obligations into action.
The trick to dealing with the sheer length and complexity of the FD&C Act is to study it thoroughly to identify and document all the regulations and obligations that actually do apply to the business’s business, including the different areas and activities where the use of third parties is in place or anticipated."
An alternative approach is to obtain this sort of information from internal or external lawyers who have been there and done that, as well as from any third parties under consideration for the provision of relevant services.
Do this once and keep the document updated as the regulations change or their applicability to the business changes, for instance through the use of outsourcing. This information will be enormously useful when developing contracts for Pharma and BioTech products and services.
Key issues for Pharma and BioTech
1. Regulatory Change
In order to maintain its purpose, relevance and effectiveness, all regulation is subject to change. That’s because the operating environment the regulatory regime was designed to oversee undergoes constant change.
This is nothing new of course, it’s been happening since rules were first invented. It’s continuous improvement and risk management in action.
What is different today from just a generation ago is the accelerating rate of change in the operating environment. This is also nothing new, it’s the continuation of a trend that commenced with the Industrial Revolution. The trend-line curve is now getting steeper."
This leaves the regulators scratching to keep up, to adjust the regulatory regime to make it fit for purpose for the new ways of doing things.
The safety levels required and expected from the imposition of regulations can‘t realistically be delivered if new processes, methods and technologies are not covered at all or insufficiently.
The consequence for Pharma and BioTech is a Ground Hog Day scenario of yet another round of regulatory changes to be considered for applicability and implemented where necessary. Just when you think it’s safe to go back into the water…
This is not negotiable though. It’s simply part and parcel of life in the fast lane that is Pharma and BioTech. Regulatory change has to be expected, allowed for and dealt with properly, just like any regulations that drive other corporate activities.
Will the span of regulatory change increase?
Without doubt, as innovation introduces new areas to be regulated that haven’t existed before.
Will the frequency of regulatory change increase?
Almost certainly, as the regulators modernise their thinking and approaches, area by area.
2. Regulator-induced Delay
By definition, innovation means something new gets added to the mix. It arises from looking in all directions: forwards and backwards, up and down, and side-to-side.
On the other hand, regulation is often derived by looking through the rear-view mirror with an occasional glance ahead.
In Pharma and BioTech, it’s common for innovation to test the boundaries of established regulation.
A black hole exists when a relevant innovation can’t be accommodated by the regulations. This can occur because innovations can introduce never-before-seen processes, technologies, techniques, equipment and so on that might defy classification because they represent a new class."
A grey area exists when there’s uncertainty about which specific regulations apply best to deal with the innovation. This can occur if innovations can genuinely be classified in a number of ways, with different regulations applicable for the different classifications.
It can take time for the regulators to become aware of black holes and grey areas caused by the changes that are taking place in Pharma and BioTech.
Delay can be experienced while they consider appropriate ways to not only catch up and keep up but also to look forward and formulate how they can stay ahead, draft and socialise any changes needed to the regulations, then finalise and enact them.
This can be followed by further related changes to tighten up or relax some of the latest changes, as unexpected consequences and unanticipated situations reveal confusion, impracticality, new black holes and grey areas and other issues. All this can lead to further delays for those suffering under those situations.
Extended delay can also occur if the regulators decide to ban the use of such innovation until such time as the regulations are updated to cover it.
A more common type of delay is that triggered by the regulator demanding yet another test or clinical trial. Changes might be required to a few or many aspects of previous tests and trials, for reasons ranging from the practical to the political. The delays sustained in such circumstances can amount to years for those involved.
3. The Rise and Rise of Sector Disaggregation
An already vast ecosystem of smaller businesses providing services and support to Pharma and BioTech is growing rapidly, as spin-offs, entrepreneurs and opportunists go for a shot at the brass ring.
These types of businesses can provide other businesses with a specific focussed expertise, agility, brand new techniques and approaches, and speed amongst other capabilities. They can provide advice, expertise, capability and capacity in pretty much every aspect of Pharma and BioTech.
This helps the big end of these sectors accelerate along the route from product ideation to sales, saving time and money. Flexibility, collaboration and innovation are the name of the game."
There are now contract research organisations (CROs), contract manufacturing organisations (CMOs) and contract development and manufacturing organisations (CDMOs) providing options for Pharma and BioTech players besides just internal investment on people and infrastructure.
CDMOs themselves may outsource some activities to CROs and CMOs, or even acquire them to help simplify the overall supply chain.
The upshot of all this moving and shaking is that Pharma and BioTech businesses are generating a massive surge in the number of new contracts they’re having to deal with. Add this to their number of existing contracts and these sectors are starting to creak at the seams in terms of dealing with these volumes. It certainly raises questions about the quality and speed of that dealing.
What’s effectively happening now is the Pharma or BioTech idea owner outsources the mechanics of R&D, manufacturing, packaging and/or distribution while keeping ownership and control of its IP and retaining responsibility for its and its third parties’ regulatory compliance.
The issue for the businesses who outsource parts of their business activities in this way is that they still have to deal with regulatory compliance. That essentially means compliance by proxy.
Without outsourcing, compliance achievement can be managed by integrated, enterprise-wide IT systems and processes, policies and practices, widespread training and other actions, to the extent these things are available, enforced and in place.
Managing compliance under an outsourcing model can be akin to herding cats. Every partner might use completely different systems and processes than the others and/or the outsourcer."
Such a situation is likely to have a major effect on the accessibility and transferability of critical obligation compliance data the outsourcer needs. This data allows the outsourcer to determine each partner’s obligation compliance performance in respect of the work they do for the outsourcer.
The greater the extent of divergence of each outsourcing partner’s systems and practices from the outsourcer’s, the more work the outsourcer needs to do to understand its overall compliance position.
Many benefits can be obtained using an outsourcing model, but there can also be a significant downside for the outsourcer.
Should an outsourcing partner not comply with any aspects of the FD&C Act in a manner that draws highly unfavourable penalties and publicity, the outsourcer may find, through guilt by association, that its business and development plans get derailed by nervous investors withdrawing funding, its current and potential markets shrink overnight as a form of disapproval-based punishment when there are alternative products available, and/or a close and sustained anxiety-inducing attention from the FDA. Or worse.
It’s worth remembering the two key elements of successful outsourcing:
- The doctrine of ‘no surprises’. This means getting the details from the horse’s mouth, whether it’s good news or bad, but especially when it’s bad. Being the last to know is not a good look
- Trust, but verify. This means running random spot checks on the veracity of the details, because the Hawthorne Effect is real and can deliver continuously with the occasional nudge.
Bear in mind also that outsourcing can actually increase the outsourcer’s compliance burden.
4. The Compliance Burden
Nobody in Pharma and BioTech would deny that their sectors are probably the most highly regulated in the United States, if not the planet. Many view that as a good news, bad news thing.
The good news is that compliance with the regulations delivered by the FD&C Act, as required and enforced by the FDA, provide Pharma and BioTech with a roadmap for delivering trustable medicines and medicinal products. Everybody in these sectors, the government, the recipients and the man in the middle, they’re all happy when something works like it says on the box.
The bad news is the compliance burden. This involves the following activities:
- Discovery of exactly which regulations need to be complied with
- Assignment of specific regulations to relevant parts of the business
- Determination of what needs to be done, when and by whom
- Formulation of approaches for how to do what needs to be done
- Creation or acquisition of products and services to accomplish those approaches
- Appraisal and revision of those approaches
- Implementation of those approaches into practice
- Ongoing operation of those practices to determine the level of compliance achieved
- Provision of compliance data to the regulators as required
- Facilitation of periodic regulatory inspections and audits
- Remediation of practice shortcomings responsible for incomplete compliance.
Activities 1-7 above are additional to the everyday activities used to research, develop, test, produce and distribute Pharma and BioTech products.
They should normally only be required when regulations change but may be performed from time-to-time in response to changes in the business or its product line, systems, operating policies, approaches, technologies, outsourcing partners and so on.
The remaining activities need to be made an integral part of the everyday activities, built-in rather than bolted on as an afterthought. That way, compliance testing becomes an early warning system, the proof of the pudding, not an easily ignored optional step."
Given the likelihood of increasing regulatory change as discussed above, a lockstep increase in the compliance burden can be expected.
Bear in mind also that, while this article focuses on compliance with the FD&C Act, the compliance burden for many in Pharma and BioTech can be multiplied many times over if they are subject to the regulatory regimes of other countries.
That’s a strong general possibility given healthcare products and services are needed everywhere.
Apart from the workload and management effort associated with the compliance burden, significant expense can be incurred by Pharma and BioTech businesses in terms of the infrastructure needed to enable and support those efforts.
Those expenses should really be considered as investment, since not only is better quality data an outcome, so too is avoidance of penalties for non-compliance which can be tough, long-lasting and a threat to the ongoing viability of the defaulting business.
Typical Pharma and Biotech contracts
Strip away the subject matter, the terminology and the mystique from any industry, no matter how commonplace or esoteric and you’ll find it’s just business.
Business is often based on turning ideas and raw material into processed product and getting it out the door onto the proverbial shelves.
That inevitably means contracts with third parties will be required somewhere between idea generation and product shipping, regardless of whether most of the work is done in-house or is outsourced."
To support that type of work, other contracts will also be needed for infrastructure-related products and services that provide a foundation for the business to operate: premises, people, utilities, hardware and software, telecoms, insurance, leases of all kinds and much more.
Some of the typical general and sector-related contract types found in Pharma and BioTech can include:
- Acquisition Agreement: a contract for the purchase of one business by another
- Clinical Trial Agreement (CTA): an arrangement between the producer of a new drug and a third party that will test the suitability, efficacy and safety of that drug via trials on animals and/or humans
- Confidential Disclosure Agreement (CDA): equivalent to a Non-Disclosure Agreement (NDA) used in more general commerce
- Distribution Agreement: an arrangement for one party to distribute the goods and services of another party
- IP Licencing Agreement: a contract where the owner or holder of certain intellectual property rights grants permission for the use of such intellectual property to another party
- Manufacturing Agreement: the terms under which a manufacturer will make certain products for a customer, to the customer’s specification
- Merger Agreement: a contract for the combining together of two or more businesses
- Outsourcing Agreement: an arrangement for a third party with specialist skills to take on a related aspect of a business’s operations on behalf of the business
- Packaging Agreement: an arrangement for certain raw materials or components provided by one business to be packed into appropriate containers and labelled ready for distribution by another business
- Product Licence Agreement: an arrangement where the owner of a product, brand name, trademark, patented technology or ability to produce and sell a product or service provides a licence to a third party to do those things
- Quality Agreement: a contract between the parties to a Manufacturing Agreement that establishes each party’s activities in terms of compliance with the current good manufacturing practices specified in the FD&C Act
- Services Agreement: an arrangement for a supplier of specific services to provide those services to a customer, as-is or tailored to the customer’s needs.
For sure, the subject matter of such contracts might only be comprehensible to a fairly limited group of people, but that’s true of any specialty. However, the intent of contract obligations is pretty clear to those fluent in the subject matter and its unique terminology.
Managing contracts in Pharma and BioTech
As a general rule, a contract should be managed over its lifecycle in accordance with its importance to the business.
‘Managed’ means the application of a set of activities designed to facilitate achievement of a contract’s purpose, compliance with obligations, and minimisation or mitigation of risk. ‘Importance’ can be defined to be whatever suits the business’s purposes.
This is known as Contract Lifecycle Management.
Manual management of contracts is only viable up to the point where available resources can realistically cope with the workload. Beyond that point, the risk increases rapidly from two perspectives:
- The coverage shortfall, where some contracts that should be actively managed don’t get managed at all
- The attention deficit, where contracts that do get managed don’t get the level of focus commensurate with their importance or the risk potential of any non-compliance with obligations.
Contract Lifecycle Management (CLM) can play a big part in ensuring that Pharma and BioTech businesses comply with their FD&C Act obligations.
Minimisation of manual activities in CLM is greatly facilitated through the automation provided by a CLM system such as Gatekeeper, allowing the time saved to be redirected to addressing the coverage shortfall and the attention deficit.
Because a contract is a contract, the practices of CLM and the technologies underpinning it tend to be pretty much industry-agnostic.
While subject matter expertise is critical for making industry-specific contracts work, that can be provided by the people involved in the operational aspects of their contracts. Those same people are instrumental in providing support to Contract Managers who work to ensure those contracts are managed effectively overall.
The good news for Pharma and BioTech businesses is that a CLM system can be extremely helpful in managing obligations compliance not just in respect of contract activities but also with the various regulatory regimes they are subject to.
It’s the level of management needed that’s key here. That’s because, as with all regulatory obligations, a business has to prove attainment of the claimed level of compliance.
The key areas of CLM system functionality that apply to Pharma and BioTech contracts include:
- A centralised repository for storing and managing electronic versions of contracts and related documents like statements of work, amendments and price lists
- A core database for storing the common key metadata about each contract, such as its type, the other parties, its term and annual value, the amount spent to date, the key event dates, the hierarchical relationship between contracts and other important metadata such as contract category, ownership by legal entity or team, and custom metadata that can be added to contracts and suppliers. Related contracts can be linked. Contract details can be exported in CSV format for reporting or updating using a spreadsheet, updated data can be bulk imported to update the database
- A highly capable search engine that can be applied to both repository documents and the core database to find every occurrence of desired terms, or the absence of such terms
- A library of contract templates showing the types of clauses desired in different contract types. For the contracts typically used by Pharma and BioTech, such clauses should contain details of the obligations that the FD&C Act imposes. This action is a safety mechanism to ensure that such obligations are visible to all parties to the contract
- A playbook or library of individual clauses used in the business and their preferred, alternative and minimum settings to help guide negotiations, and simplify and accelerate contract development
- An online contract negotiation capability using MS Word, allowing use of the search engine and the clause library to check what has been agreed to by both sides in earlier contracts, and where give-and-take can be applied in terms of acceptable clause settings. Version control of contract documents can be easily achieved, with no need for email tic-tac, with online approval of clause changes
- Electronic signatures, reducing time to contract by allowing authorised people from each party to sign contracts wherever they are, whenever they’re available
- An events management capability allowing calendarisation of all date-driven events, whether those specified in contracts such as renewal or termination notice deadlines and other milestones, or associated with regulatory compliance such as reporting to the FDA, plus other non-specified supporting events, with automated reminders to the key people involved to help ensure no key dates are missed
- A workflow engine with multiple triggers (such as something new, a change of date or data value) for automating as much of each standard CLM process as is possible and practical, handling sequential, parallel and conditional tasks with automatic handover from one to the next regardless of whether the recipient is an internal or external person, tracking and reporting of progress through each task to increase the visibility of just where things are at, and checklists to help keep control of process steps that have to be done manually. Task ownership can be delegated to account for planned and unplanned absences
- Role-based single sign-on access to the centralised repository and CLM system functions prevents unauthorised access to what can be extremely sensitive contracts
- Hands-free, automated third-party risk assessment, useful for pre-qualification of suppliers interested in forming a relationship with the business, and for keeping the risk profile of existing suppliers regularly up to date
- Integration capability allowing data lookup and transfer between IT systems, say to obtain details of current spend with suppliers at an invoice line-item level or check contract details while operating inside a sales management system
- Bulk loading of legacy contract documents into the centralised document repository, using AI capabilities that can assist with extracting key metadata values from contract documents, such as third-party details, start date and annual value
- Supplier performance management using a KPI-based balanced-scorecard approach
- Configurable dashboards that show high-level details of the total or selected contract inventory in terms of volumes, values, operational and risk status, and a range of other parameters, with deep-dive capability to show the source information used
- A complete audit trail of all accesses and changes made to contracts and related details, providing assurance that role-based access controls are effective
- A supplier portal providing secure access to prospective and engaged suppliers for the provision and updating of certain types of information and documents such as contact and bank account details, performance reports, insurance certificates, SOC certificates, ISO certificates and so on, plus system-based messaging not based on email
- An Employee Portal for requesting new contracts or suppliers or accessing business forms, using workflow to route requests and forms to relevant reviewers and approvers and receive notifications about progress
- A governance, risk and compliance capability, providing insight into a detailed breakdown of risks across the supplier base
Developing new drugs is not for the faint-hearted. Discovering or inventing a new molecule or compound which can work to a greater or lesser degree against a particular illness is fraught with complexity. It takes an average of 12-15 years and about US$6B to develop a new drug. Unfortunately, most of this time and money will be wasted because a marketable product either can't be found in the end or isn't acceptable to the regulator.
It’s getting rarer these days for somebody to be able to do it all themselves. An immense and growing supply chain that provides various specialist expertise from R&D to distribution has entirely transformed Pharma and BioTech.
This transformation has also led to an order of magnitude or two of growth in the number of contracts needed to formalise arrangements at each level of the supply chain. Failure of a Pharma or BioTech business to effectively manage this volume of contracts has the potential to introduce a new risk that it just doesn’t need.
Contract Lifecycle Management practices, their increasing digitalisation and the growing use of AI technologies are saving time and money, improving productivity and minimising risk in businesses of all shapes and sizes, in every industry."
Increasing the visibility of regulatory obligations, whatever they are and especially those with teeth, is critical. Specifically documenting such obligations in applicable contracts subjects them to standard CLM practices and the automation provided by CLM systems.
This means regularly checking the levels of obligation compliance, addressing shortfalls, and providing proof of compliance achievement.
View contracts and obligations easily in Gatekeeper
It’s far, far better that senior management of a Pharma or BioTech business receives a clear picture of its regulatory compliance performance from internal staff than from the regulators.
Use of a modern CLM system and associated practices is a good way to do this.
If you would like more information about how Gatekeeper can assist with your contract management activities, then contact us today.