Dispelling GXP myths in today’s regulatory environment


This is a very active time in the healthcare regulatory compliance world. A number of new initiatives from FDA are underway at a time when industry is working to balance compliance with cost control, drug shortages, consolidation, and new technology. As a result, there are some that might feel that FDA (and other global regulatory entities) might be relaxing or allowing more flexibility in their enforcement efforts. Today, we take a look at several of these notions or myths that might prevent us from thoroughly and completely fulfilling our duties to comply with current requirements. So, let’s look at some of these GXP myths and discuss what we need to do to keep from falling into the trap of nonchalance:

  1. Myth #1: The end justifies the means – Certainly, in this day and age, GXP practitioners do not believe that we can violate specific GXP requirements, provided the final product meets specifications. However, there are subtleties that can crop up. For example, the thought that as long as we document a GXP discrepancy, complete an investigation, and get QA approval, we can overcome any manufacturing issue is false! FDA investigators have every right to ask us how these GXP discrepancies impact our validation for that product/process, what impact it might have on our filed Drug Master File process, or evaluate any additional validation we might have conducted to ensure the discrepancy had no adverse impact. In short, we cannot assume that a thorough and complete investigation report is enough to justify excursions from approved processes.
  2. Myth #2: FDA does not connect the dots – In companies with multiple locations and some product portfolio complexities, it is tempting to think that our response to GXP compliance can be limited to each locality. In other words, as long as we comply in our location, we don’t have to worry about what happens at other sites. Not true! FDA has become more sophisticated regarding “global” compliance. They now have increased ability to monitor issues to determine if we have company-wide systemic issues. They cross-check performance issues at one location with similar issues at other locations. Many Warning Letters in recent years reference compliance concerns at multiple issues. Sites receiving inspections are often asked about approaches to compliance concerns noted at other sites in the same company. I have colleagues at other companies that are frequently challenged for issues at other firms FDA now considers “current” compliance expectations.
  3. Myth #3: Relationships and trust don’t really matter to FDA – FDA is in the business of protecting the consuming public. Safety is the bottom line. So, when dealing with manufacturers, FDA has a limited time to assess operations to answer the question, “Is the firm complying with GXP to the extent that has been inspected and do I have confidence that they comply in areas I have not inspected?” Thus, in addition to assessing what and how we do what we do, they also try to determine whether they can trust our employees to do the right thing. If they feel they can trust us to do the right thing, it enhances the confidence they have in us and what we do. I was once at a company that the FDA District Compliance Director said, “Because I know you as individuals and trust that you will address these issues, we will not pursue a Warning Letter.” In other words, the trust they had developed through our relationship allowed them some discretion in the compliance action they took. So, relationships and trust in people do matter!
  4. Myth #4: We can hide our problems from FDA – FDA investigators are somewhat predictable. We tend to learn, over time, what they will examine, how much time they will spend, and what activities will not receive attention. However, as FDA investigators become more sophisticated and more data-driven, we can be sure that they will find our vulnerabilities. In addition, the laws and regulations have changed over recent years to allow FDA investigators access to more of our operations than ever before. They now have access to nearly everything we do. So, we cannot assume any more that dirty laundry will remain hidden.
  5. Myth #5: Our strong record of compliance will cover us in the future – Though relationships are important, we can no longer rely heavily on a track record of compliance. Yes, a history of compliance is possibly the greatest predictor of future inspection success. But, the FDA has demonstrated in the past year or so that they will hit hard, when needed, regardless of your reputation or history. A number of firms have recently experience their first compliance issues in years, showing that FDA is willing to look at each inspectional result as a fresh, single data point.
  6. Myth #6: FDA will never look at developmental data or early studies – FDA now has greater regulatory power to examine data than ever before. And, now, they appears to view developmental data in light of potential data integrity concerns. They have shown that, in order to verify regulatory submission data, they will go back much further to evaluate early data. Thus, we have to be even more rigorous to ensure that all developmental data, including for early studies, is well documented and inspection-ready.
  7. Myth #7: FDA cares more about science than compliance – Despite frequent FDA speeches touting the agency’s interest in science-based compliance, they still default to the details of regulatory compliance. In other words, science will not trump compliance for nearly any compliance/inspection situation. So, we cannot feel that a solid scientific argument will overcome a clear regulatory non-compliance.
  8. Myth #8: Electronic data are completely trustworthy – There is a tendency to think, “As long as our data are generated and archived electronically, FDA will accept it and have no compliance concerns.” Wrong! A very high percentage of Warning Letters recently have cited issues with data integrity of electronic systems. We simply cannot make assumptions about the integrity of electronic data short of a executing a comprehensive compliance plan.
  9. Myth #9: If we don’t know about a problem, FDA will give us a pass – Ignorance is not excuse for non-compliance with GXPs. In fact, even senior management is liable for GXP issues whether or not they have been informed directly of the issue. Therefore, we must all ensure that we know the regulations, we know whether we have gaps, and that we have plans and actions in place to remediate those gaps.
  10. Myth #10: FDA does not care about product costs or cost of poor quality – This one might be a bit tricky. FDA does NOT care about what is costs to comply with GXP regulations. We cannot say that it costs too much to do what is needed to produce safe and effective products. However, FDA is interested in cost of poor quality in that it can often be an indicator of poor systems or poor execution. If they find that our cost of poor quality is higher than they see at other firms, they may dig deeper to determine why. FDA is also concerned about ensure a continuous supply of medically necessary products. If we pose a risk of have a supply shortage that could impact patients, FDA is very concerned. In fact, we must communicate to FDA when there is a possibility of a drug shortage. So, in effect, FDA is concerned about product costs to the extent that we must maintain an adequate supply to patients that depend upon our products.


So, hopefully, a review of these myths may help those of you dealing with GXP compliance every day and give you something new to consider as you work to balance company needs, patient requirements, and regulatory compliance.

Thanks for all you do for our patients. Have a tremendous and productively compliant day!


One thought on “Dispelling GXP myths in today’s regulatory environment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s