The pace of regulatory change in the pharmaceutical industry over the past 20 years has been rapid. Although heightened emphasis on patient safety, data transparency, and harmonization has prompted new guidance’s and requirements, perhaps what is most notable is the rate at which technology has changed how processes are documented and regulated.

Today, digitization is entrenched in day-to-day life and is steadily becoming the norm among health authorities and at pharmaceutical companies. But just two decades ago, incorporating technology-led regulatory developments placed a great strain on existing office equipment and know-how within biopharmaceutical companies. Indeed, what we take for granted now were just pie-in-the-sky ideas at the turn of this century.

From PDFs and eCTDs to Complete Digitalization
The shift to electronic submissions began in the 1990s when the US Food and Drug Administration (FDA) started requesting that labeling content and most other documents for electronic submission be sent in portable document format (PDF) (1). It soon became clear that sending large PDF files to the agency wasn’t particularly helpful if they weren’t structured or grouped. So began several national attempts to define an electronic-submission standard. Regulators in several European countries and the United States ran some pilot programs. Ultimately, standards were set by the International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (ICH) with the definition of the common technical document (CTD) in 2000 and, from there, the electronic CTD, or eCTD.

The eCTD gave companies and regulators a defined folder structure and file-naming protocol for submission of PDFs, with a structured set of metadata. This was the starting point for providing structured information to the agencies, even though metadata were, and still are, limited.

The next significant step in the journey toward electronic processing — the precursor to digitization — called for structured product labeling (SPL) in the United States. For the first time, applicants were required to create structured documents that presented defined elements in a particular order. The objective was to ensure a uniform approach to product labeling, thereby enabling reuse of information for different purposes.

The European Medicines Agency (EMA), meanwhile, had its own labeling project, Product Information Management (PIM), again with the goal of simplifying the handling and exchange of product information in the member companies. The project also aimed to automate translation of labeling texts into different European languages. Unfortunately, despite efforts by the agency to bring this project to fruition, and despite significant investment by industry, the project was halted in 2011. That was the first major failure of an EMA regulatory information technology (IT) initiative.

The next big step toward full digitization came in 2012 with the first release of the International Organization for Standardization’s (ISO’s) Identification of Medicinal Product (IDMP) Standards (2). Those standards established definitions and concepts and described data elements and their structural relationships for the unique identification of medicinal products.

The IDMP standards triggered several important regulatory developments, most notable of which was the mandatory use of these standards within European pharmacovigilance legislation, passed in 2012. That required creation and maintenance of an IDMP-based product database.

With limited budget, resources, and time to build the database, the EMA decided to repurpose an existing database, the EudraVigilance Medicinal Product Dictionary (EVMPD), which was designed to capture adverse-event reporting (3). The result was the extended EVMPD (xEVMPD). Although that database didn’t cover the complete data model of ISO IDMP, it at least had some features in common with IDMP. That makes it a useful starting point for the agency, allowing EMA to demonstrate compliance with EU pharmacovigilance legislation.

Next, the agency began working on SPOR — substance, product, organization, and referential — data-management services for the centralized management of master data (4). The primary objectives with SPOR have been to resolve the xEVMPD’s shortcomings, better support the approach to identifying and describing medicinal products involved in adverse events, and ensure accurate analysis and clear communication across jurisdictions.

The agency’s digital initiatives also include the IRIS platform, the clinical trials information system (CTIS) to support the new clinical trials regulation, and the Digital Application Dataset Integration (DADI) portal, which is expected to go into effect later this year, which will affect the process of submitting regulatory variations.

Other health authorities are taking slightly different approaches. Health Canada, for example, has what it calls the Structured Product Monograph, which places more emphasis on structured documentation than on the pure description of a pharmaceutical product through a data set. The objective of this new format is to improve access to drug-labeling information to help patients make informed decisions about their medications.

Switzerland also is looking at initiatives focused on building up an IDMP-compliant structured database for all products authorized or registered in that country. Such a database would support the entire health system rather than existing only for regulatory purposes.

In the United States, the FDA is looking into individual use cases for adopting IDMP standards instead of following the EU approach of adopting the ISO standards across the board.

Even though the different implementation roadmaps of a number of agencies depict a journey from unstructured information hidden inside documents to well-structured comprehensive data sets, at least some documents always will persist as part of the regulatory exchange with agencies. Both the current eCTD (3.2) and the next eCTD version (4.0) are based mainly on pdf files. This means that a huge portion of information is largely unstructured even though it includes structured pieces that are needed for xEVMPD, IDMP, and other systems. The unstructured information is even considered to be the single source of truth in some instances. EMA, for example, is validating xEVMPD data records against information provided within the product information documents (SmPC). What is needed in the future is an approach to define where it makes the most sense to have structured data and where unstructured text is more suitable, so that companies aren’t faced with additional workload and duplication of information.

Technology, Regulations, and Industry Impact
As with other processes and regulations, any mandate first has to be feasible technologically. Development of eCTD submission standards was driven by the shift to PDFs and a recognition of the potential to migrate from a paper-based office to a paperless one where all documents are drafted, reviewed, and finalized on a computer.

The introduction of eCTD triggered a world of applications to support both industry and regulators. Industry began by developing software to assist with organizing information and documents before transferring them to the agencies. However, there was no way to determine how the agencies processed that information after receiving an eCTD. That concern prompted software vendors to develop tools for both the applicants and the agencies to create or adapt document-management systems encompassing the eCTD format. Such systems are used by industry for creating submissions and by agencies for analyzing, evaluating, and assessing submissions, as well as tracking processes.

With IDMP, pharmaceutical companies realized that they needed a more efficient and data processible way to describe their products in a data-processible way, in keeping with the ISO standards. That would enable them to describe and compare all their products globally using the same data structures.

IDMP and the shift to SPOR bring initial challenges but also offer longer-term benefits. For example, in the future, authorizations of product changes will occur only if the product datasets in the SPOR database are correct and complete. The benefit of such an approach is that companies applying for an authorization change won’t have to start from scratch when filling out forms and providing product details to the authorities. Companies will be required only to provide the ID numbers of their products in the SPOR database. Ultimately, this will simplify the daily business of regulatory affairs officers submitting variations while accelerating the review process and, most important, improving oversight on patient safety.

First, though, some harmonization hurdles must be negotiated. Those include potential regional differences that could create additional integration costs and jeopardize key objectives of IDMP; namely, ensuring patient safety and using standardized data to improve efficiency and support innovation. Using standardized data means that information describing pharmaceutical products and their properties is captured and processed using the same definitions and semantics across countries or regions. The hope and expectation is that IDMP will harmonize how regulatory requirements are handled across different European countries and perhaps even beyond, but there has been an ongoing battle to convince the national agencies of these benefits.

Companies also will have to resolve internal challenges, such as existing separations between regulatory operations and other functions. IDMP will require better interoperability and information-sharing among key functions such as clinical, pharmacovigilance, quality, manufacturing, and the supply chain.

This is where another trend will come to the fore: the move away from on-premise storage and toward cloud technology, enabling company data to be stored in data centers and transmitted to and from those locations from any device. The cloud could enable better interoperability and data sharing — both internally and externally.

As EMA moves to its next phase of digitalization with the implementation of the CTIS portal and IRIS platform, there will be another dramatic shift in working practices and processes. Rather than creating submissions in a separate company-based solution and then uploading a set of data or documents to for regulators, the idea will be to perform all those functions through a shared virtual workplace, facilitating an exchange of information with health authorities. The benefit is that industry could work on documents or datasets and simply release them into the shared workspace, allowing agencies to review data as they are released and in the same environments.

Such a process is not without its challenges for industry. Currently, documents and data sets are drafted, reviewed, and approved within a company’s own infrastructure. Switching to a shared workspace raises questions over how such information can be connected seamlessly back to a company’s own systems and databases so that the business has access to crucial submission information for both regulatory and commercial purposes.

Nevertheless, although shared platforms and digitalization will create more work for industry at first — requiring companies to redesign some of their processes and transition away from developing submissions in parallel — the long-term vision is that it will reduce industry workloads.

The Impact of Innovation on Regulations
Although technology innovation has been an enabler for regulatory processes, the opposite is true when it comes to therapeutic innovation. Innovative new products, such as cell and gene therapies, are creating complications for health authorities because such products cannot be easily categorized or defined within preexisting regulatory IT systems.

Pharmaceutical products often are thought of as tablets or solutions for infusion within a certain package and at specified concentrations of active substances, which are characterized by chemical means. However, such descriptions don’t fit less-well–established products. For example, a biosimilar product might have only 90% of the same characteristics as its originator product because no biological organism is absolutely identical to another. The challenge is how to define the active substance of a product that has an enzyme, for example, with possible varieties of structures and compositions.

Regulators do recognize those challenges, and addressing them is high on regulatory agendas. Another issue with which pharmaceutical legislation is struggling to find new ways to organize information exchange and define rules is the vast and complex area of health apps for smartphones — which are, or could be, considered as medical devices. The challenge for regulators is that when nothing is physical and the output is software that can run on a smartphone, the risks are quite different from those of traditional devices, and risk evaluation becomes a totally different process.

Discussions are ongoing, and agencies worldwide are trying to adapt by developing new regulations to address new capabilities. The International Medical Device Regulators Forum (IMDRF), a voluntary group of medical device regulators, is examining approaches to achieving harmonization of medical device regulation with regard to software as a medical device.

Bringing Regulators and Industry Together
Since the problems with PIM, there has been some tension between the EMA and industry over the ways in which new regulations are developed and implemented. There is a sense that the agency is hesitant to give industry a voice in development of IT projects or governance processes. Although the agency does look for subject-matter experts from industry on specific topics, it is asking for a substantial amount of those people’s time to work on EMA projects. Few companies are willing or able to provide such a share of an employee’s time without having some influence at a strategic level on how those systems should be developed or even what the end goals should be. Nevertheless, the EMA has been taking steps to increase involvement of industry and suppliers in its IT-related projects. It is hoped that industry involvement will continue to grow and develop into a real partnership.

Indications are that the FDA is more open than the EMA to engagement with industry before implementing policies. The US agency offers longer grace periods when a company is changing from one system to another. However, one big point of difference between the FDA and EMA is that the European health authority must manage not only industry reticence over new IT projects, but also multiple national agencies within Europe, which do not always agree on a way forward.

For most pharmaceutical companies submitting in Europe, 90% of all drugs on the market are still authorized by and are the responsibility of national agencies and not the EMA. The EMA is trying to set up its new database and process around how applicant information should be processed within that database and assessed by regulators throughout the European Union. However, the national agencies are not necessarily keen to change their existing processes and workflows.

Complicating implementation of regulations is the issue of conflicting laws. IDMP and the SPOR database were triggered by EU-mandated pharmacovigilance legislation, but at the national level, the legislation requires actions that run counter to the purpose of IDMP to “ensure wide interoperability across global regulatory and healthcare communities” (2). Initially designed to support a harmonized approach to pharmacovigilance processes, as the project widened, the standard was leveraged to support broader regulatory activities and healthcare practices. For example, several European countries have different rules about how marketing authorizations are archived. The existence of such national nuances explains why it took 10 years for full eCTD implementation because many countries required full printouts of applications for their audits.

Another issue that must be considered both by regulators and companies is employee buy-in. In the early days of eCTD, some agency employees initially resisted adopting electronic document reviews, but changed their minds almost entirely once their office desks had been equipped with larger, more appropriate monitors. The lesson equally applies to industry. Changes in policies and processes require taking your employees with you on that journey through collaboration and by improving IT systems to facility the work.

Digitalization in the Future
None of these regulatory obligations and guidelines specific to compliance help a company to make a profit, and all of them create costs. However, by making processes more efficient, companies can reduce their administrative burdens. The objective should be to make processes more robust by reducing the capture of information to one single point of entry, removing the need for system-to-system data transfer.

For many reasons, digitalization brings benefits to everyone: industry, regulators, and the public. In just over 20 years from the start of the regulatory push toward electronic submissions, the pace of technology innovation has been extraordinary, transforming every aspect of our lives and from a pharmaceutical regulatory perspective, revolutionizing guidelines, processes, and expectations. Successful implementation of the next generation of regulations and digital platforms will depend on companies and regulators alike developing clear, collaborative processes, breaking down functional silos, adopting efficient processes that support businesses and national agencies more broadly, and crucially, building buy-in from the staff who must implement and use such new systems and processes.

References
1 US Department of Health and Human Services Food and Drug Administration Center for Drug Evaluation and Research (CDER) and Center for Biologics Evaluation and Research (CBER). Guidance for Industry: Providing Regulatory Submissions in Electronic Format — Content of Labeling (April 2005); https://www.fda.gov/media/71129/download.

2 European Medicines Agency. Scope of the ISO IDMP Standards. Data on Medicines (ISO IDMP standards): Overview; https://www.ema.europa.eu/en/human-regulatory/overview/data-medicines-iso-idmp-standards-overview.

3 EudraVigilance. EudraVigilance Medicinal Product Dictionary (EVMPD); https://eudravigilance.ema.europa.eu/human/evMpd01.asp.

4 European Medicines Agency. SPOR Data Management Services; https://spor.ema.europa.eu/sporwi.

Karl-Heinz Loebel is associate director, regulatory operations, at PharmaLex; Rennbahnstraße 72-74, 60528 Frankfurt am Main, Germany; 49-617-27-64-64-0; [email protected].