For years, FDA has warned industry that “employees and former employees” would be critical in examining questions of cGMP compliance and corporate data integrity. A groundbreaking legal decision has since borne out this statement, emphasizing the importance of compliance and data integrity in preventing legal liability, and even criminal charges against noncompliant companies and managers.
Last October, former GlaxoSmithKline quality assurance manager Cheryl Eckard received a $96-million settlement after suing her former employer under the False Claims Act (FCA). Her legal complaint, which she had first brought to the FDA, had documented numerous cGMP noncompliance problems, including major data integrity issues, at the company’s former Cidra facility in Puerto Rico.
In addition to such flagrant problems as product mixups, she cited unsigned, undated and missing validation, investigation and change control documents, and SOP’s in need of revision. The company did not appeal, making Eckard’s case the first pharmaceutical whistleblowing lawsuit to invoke cGMP’s and succeed.
“Companies are now on notice that cGMP violations are open to the scrutiny of whistleblowers,” says Neil Getnick, of Getnick and Getnick Law (New York, N.Y.), who, with colleague Lesley Ann Skillen, represented Eckard.
Today, at least one pharma cGMP whistleblower case is reportedly under seal, involving compliance and the use of computerized quality controls, at a generic drug manufacturer in the northeastern U.S. Theoretically, whistleblowing cases can be brought against an employer based on the FCA, Sarbanes-Oxley reporting requirements, or evolving SEC regulations (Box). Experts agree that, whatever side you’re on, due diligence is key.
This article will briefly examine expert opinion on the potential for cGMP whistleblower cases, from both the employee’s and the corporate manager’s perspectives, touch very lightly on the gray area between chronic noncompliance and criminal fraud, and highlight the importance of data integrity to overall compliance efforts.
When Cheryl Eckard first approached them, it was the first time that Getnick and Skillen had considered a False Claims Act suit based on cGMP noncompliance. “This was a challenge, as Medicare and Medicaid statutes do not speak directly to cGMP compliance . . . the legal framework was untested,” Getnick says.
Ken Nolan, founding partner of Nolan and Auerbach, P.A. (Philadelphia), has successfully represented qui tam whistleblowers regarding off-label marketing. He had received inquiries from other would-be cGMP whistleblowers in the past. However, he notes, their cases were either too difficult to prove, or cited technical noncompliance issues that did not directly threaten product integrity. In addition, Nolan notes, the U.S. government has been reluctant to get involved unless egregious manufacturing deficiencies are involved that clearly put patients at risk, he says.
Drug manufacturers leave themselves most vulnerable to potential cGMP qui tam lawsuits by neglecting 21 CFR Parts 211.180-208, which cover recordkeeping, equipment use and cleaning, and maintaining and responding to CAPA data, says Nolan, who writes extensively on this topic .
However, these issues are also most frequently found in 483’s and inspection reports. Is there a boundary between chronic noncompliance and intentional fraud? Consultant John Avellanet, founder of Cerulean Associates, an FDA compliance consulting firm, sees a continuum, from ignorance to sloppiness to fraud, quoting Eugene Thirolf, head of the U.S. Department of Justice’s Office of Consumer Litigation. “Noncompliance always comes down to two reasons: ignorance or financial pressures.” “It’s the pressure to cut corners that causes most intentional fraud,” Avellanet says.
As Nolan explains, the False Claims Act only affects those who knowingly present a fraudulent claim, leaving simple negligence or innocent mistakes out. However, to suggest intent, he says, one must only establish that the defendant had actual knowledge of the information and either acted in deliberate ignorance, or reckless disregard of the information’s truth or falsity.
“FCA could apply in situations that show substantial gross negligence, or, in the plain language of the cGMP code itself, ‘reckless disregard,’ ” Nolan says.
This allows the Act to reach beyond the “head-in-the-sand” type manager, who may hide behind the fact that he or she was not personally aware that manufacturing or cGMP testing problems were made to appear okay in written responses to the Government. In addition, says Nolan, the criticality of the data is a decisive factor. If a company makes false statements about the sufficiency of its assay testing, one must ask: Would the lack of proper assay testing likely lead to a material deficiency in the product, or would such a deficiency be entirely speculative?
Once a pharma company submits paperwork that is false, that materially affects the integrity of the product, and it can be shown that the submission was not due to an oversight, the company faces liability.
There is no simple “litmus test” for determining whether cGMP violations are sufficiently serious to attract FCA liability, says Skillen. However, she notes that GMP non-compliance, if chronic and serious, will often amount to fraud on the government, which pays for drugs based on manufacturers’ claims of quality, strength, identity and purity as set forth in the NDA. “Without that assurance, the government is not getting what it paid for,” she says.
In the GSK whistleblowing case, Cheryl Eckard had pursued internal corporate communication channels before seeking legal help. Meetings and calls to senior managers, and a call to the CEO, met with insufficient, or no, response, her complaint says. It was this lack of response that may have helped build her case. Management’s involvement in the false record or statements, either through gross negligence or knowledge, is sufficient to establish corporate liability, says Nolan.