Ranbaxy Internal Audit Disclosure Highlights U.S. FDA Policy Exceptions

Ranbaxy's uphill battle to keep U.S. FDA from seeing a consultant's audit reports provides a sobering reminder of the circumstances under which the agency will seek to review such documents - and the pressure it can exert on a company to release them.

Normally, FDA won't flip through quality audit reports, fearing the chilling effect of such reviews. The agency recognizes that if auditors knew it would be reading the reports, they would leave out anything that might get a company into trouble, and the reports would be of little or no value to drug manufacturers.

However, in Ranbaxy's case, the government not only asked to see the reports, it filed an administrative subpoena to obtain them, and then asked a federal court to enforce the subpoena.

Although lawyers for both sides are not talking, recent court filings provide insight into their thinking.

A February 2006 inspection of Ranbaxy's plant in Paonta Sahib, India, led FDA that June to issue a warning letter and put a hold on approval of abbreviated new drug applications for drugs and active ingredients originating from that plant.

Why the hold? According to the subpoena enforcement motion the U.S. Justice Department filed last month, sources alleged and documents indicated "a pattern of systemic fraudulent conduct." Justice alleged that Ranbaxy failed to timely report the distribution of out-of-spec drugs and tried to conceal cGMP violations from FDA (Also see "Ranbaxy Denies Fraudulent Conduct Alleged By U.S. FDA As Rumors Swirl About Daiichi Deal" - Scrip, 14 Jul, 2008.).

Furthermore, DOJ said in the July 3 motion, Ranbaxy submitted false and fabricated stability and bioequivalence data with applications to market generic drugs in the U.S. and to distribute antiretroviral drugs under the President's Emergency Plan for AIDS Relief (PEPFAR) program in other countries.

In an effort to convince FDA to lift the compliance hold, Ranbaxy described and disclosed portions of 12 post-inspection audit reports of the Paonta Sahib plant by the consulting firm Parexel. "In the process, Ranbaxy waived any privilege that arguably might have attached to the audits," Justice asserted.

DOJ also complained that Ranbaxy delayed disclosure of the audits with "interminable privilege reviews" to ascertain which audit documents it still considered to be privileged.

As the investigation deepened, FDA inspected Ranbaxy's API facility at Paonta Sahib in late January 2007. The next month, federal agents executed search warrants at Ranbaxy facilities in New Jersey, where they seized documents and imaged computers.

DOJ filed the administrative subpoenas for Parexel last September and for Ranbaxy last December under Section 3486 of the Health Insurance Portability and Accountability Act, a blanket provision allowing the attorney general or designee to issue subpoenas "in any investigation relating to any act or activity involving a federal health care offense."

• From Ranbaxy DOJ requested, among other things, "all internal or external audits of the complaint and adverse event investigation and reporting procedures, manufacturing processes and testing of drug products, including annual reviews."
• From Parexel DOJ requested "all documents relating to any audit, study, review or other assessment of Ranbaxy," including documents relating to the company's "laboratory program and practices, quality control/quality assurance program, manufacturing processes, standard operating procedures, drug product testing, cGMP practices and inventories," as well as "interviews, reports, summaries, work papers, notes, memoranda, correspondence, spreadsheets, electronic mails and minutes of meetings, including all drafts."

Ranbaxy asserted the audit reports and related documents were protected by attorney-client and work-product privileges because it had retained Parexel through counsel.

Kate Beardsley of the law firm Buc & Beardsley had retained Parexel "to assist us in providing legal advice to our client, Ranbaxy," according to a May 2006 letter agreement.

DOJ argued that Parexel was actually working for Ranbaxy, not the lawyer, and that therefore the attorney-client and work-product privileges did not apply. After all, Ranbaxy reimbursed Buc & Beardsley for all consulting fees under the arrangement, which the company said totaled millions of dollars.

Also DOJ noted instances over the next few months where Alok Ghosh, Ranbaxy's global quality VP, indicated in correspondence with FDA that it was Ranbaxy that had retained Parexel.

In July 2007, Ranbaxy's counsel began selectively releasing audit documents in an effort to convince FDA to release the compliance hold on its ANDAs, which clearly exerted a great deal of pressure on the company.

Counsel for Ranbaxy contacted FDA in December 2007 in an effort to negotiate a lift of the hold on the ANDA for clarithromycin so Ranbaxy could begin marketing it the following month. In return, Ranbaxy would release additional audit documents. But Ranbaxy declined to release at that time the documents FDA most wanted, so that it could think through the implications for the related criminal case, DOJ said.

Ranbaxy's counsel said in a July 14, 2008, response to the DOJ motion that its client produced those audits in April 2007 after deciding that "from a business standpoint, Ranbaxy felt it had no choice but to waive privilege with respect to those audits."

An additional consideration that DOJ didn't know about was that Ranbaxy had weakened its privilege claims by providing information about the audits to a third party.

DOJ complained that throughout the process, Ranbaxy "repeatedly proffered Parexel's involvement in its regulatory compliance measures as a badge of corporate responsibility and a demonstration of its good faith compliance efforts."

Meanwhile, DOJ said, "Ranbaxy has tried to shield Parexel's factual investigations, including employee interviews and observations of plant operations in India, while at the same time the company has used the reports as a sword to obtain favorable regulatory consideration of its ANDAs. This subterfuge is unworthy of the protections accorded by the courts to legitimately privileged confidential communications between a client and his attorney."

In last month's response, Ranbaxy argued that it had cooperated fully with the investigation, and that at the time Justice filed the motion for subpoena, Ranbaxy "had waived its privileges for all audits conducted by Parexel and as a result, there is not now and was not at the time the motion was filed any dispute requiring adjudication by the court."

Saying that Ranbaxy's capitulation came as its subpoena motion "was literally on its way to the clerk's office," DOJ later argued that "the motion was not moot when filed nor is it moot today because nearly four weeks later, the government still has not received all Parexel documents."

The judge has granted Ranbaxy a 60-day abeyance from the subpoena to produce the audit documents (Also see "Ranbaxy Granted 60 Days To Produce Audit Documents in DOJ Investigation" - Scrip, 31 Jul, 2008.).

Is Audit Disclosure Bad if Fraud is Suspected?

In its July 14 response, Ranbaxy said it had tried to convince FDA and DOJ that it was "bad policy" for them to request to see voluntary audits conducted at the request of counsel.

Ranbaxy said its counsel had explained to DOJ that, "If drug manufacturers learned that the government would force them to disclose the results of voluntary audits to help build civil or criminal cases, companies would stop doing audits, or would stop hiring tough auditors like Parexel and instead hire auditors who would be less likely to be tough and thorough" (Also see "Ranbaxy Will Produce Internal Audits To U.S. DOJ But Warns Of Impact To Industry From "Bad Policy"" - Scrip, 15 Jun, 2008.).

However, that appears to be a risk the government deemed to be nevertheless appropriate in this case.

"FDA really doesn't ask for those audit reports under normal circumstances," James Vesper, president of LearningPlus, a Rochester, N.Y., GMP training and consulting firm said in an interview.

Sometimes FDA investigators will request certification that audits were performed, or their findings acted upon, Vesper noted. Often companies will make sure audit reports have cover sheets signed by the lead auditor and the head of the quality assurance group, confirming that the report was completed, and sometimes also noting that findings were made and deficiencies corrected. Copies of the cover sheets can then be provided to investigators upon request.

In the old days, FDA did not permit its investigators to review internal audit reports "under any circumstance," recalled one former investigator. Historically, if the agency found evidence of fraud, it would respond by halting its review of drug applications, as it did to great effect in Ranbaxy's case.

However, in January 1996, the agency toughened its policy against reviewing internal audits by establishing four exceptions in Compliance Policy Guide 7151.02, "FDA Access to Results of Quality Assurance Program Audits and Inspections."

The revised policy remained unchanged for routine inspections and investigations conducted at regulated entities that have written quality assurance programs: "FDA will not review or copy reports and records that result from audits and inspections of the written quality assurance program."

After consulting with headquarters, district personnel could seek written certification "that such audits and inspections have been implemented, performed and documented, and that any required corrective action has been taken."

The four exceptions appended to the hands-off policy in 1996 were:

• In "directed" or "for-cause" inspections and investigations of a sponsor or monitor of a clinical investigation;
• In litigation (for example, and not limited to grand jury subpoenas, discovery or other agency or DOJ law enforcement activity, including administrative regulatory actions);
• During inspections made by inspection warrant where access to records is authorized by statute; and
• When executing any judicial search warrant.

Many drug manufacturers are so eager to work with FDA that they will give the agency copies of audit reports without even being asked, one lawyer noted.

An unfortunate example of that approach was when the management of Able Laboratories came to FDA with an internal audit report because it showed data integrity issues. "In my opinion, that was the right thing," FDA's Edwin Rivera-Martinez told a conference last year. "Consequently, they are no longer in business, but it is not because of the FDA."

A March 2005 "inspection trigger guidance" from the European Medicines Agency calls for inspectors in the European Union to review audits that EU had begun requiring drug product manufacturers to conduct of their active pharmaceutical ingredient manufacturers.

FDA's Nicholas Buhay told an October 2005 conference that he did not "see any such move in the FDA," due to the potential chilling effect .

There are cases involving consent decrees where FDA routinely reviews internal audit reports. For example, a consent decree with Schering-Plough requires the company to annually submit internal audit reports and proposed corrective actions to the agency.

- Bowman Cox ([email protected] )

[Editor's note: This article also appeared in 'The Gold Sheet' - Aug. 15, 2008. Published monthly, "The Gold Sheet" is designed for manufacturing and quality control managers concerned with QC procedures and U.S. FDA regulatory and enforcement activities in the pharmaceutical and biological industries. To receive a free trial issue, click here.]