A Decade’s Quest for Safer Drugs: Congressional Committee Green Lights Regulation of Drug Supply Chains and Compounding Manufacturers

By Mary Ann Chirba and Alice A. Noble

On May 22. 2013, the Senate Health, Education, Labor and Pensions (HELP) Committee unanimously approved S.959, “The Pharmaceutical Compounding Quality and Accountability Act,” and S.957, “The Drug Supply and Security Act,” (now incorporated into S. 959 as an amendment).  Congressional efforts to enact comprehensive legislation to improve drug safety and secure the nation’s drug supply chain have lingered for over a decade. The lack of federal uniformity has allowed a patchwork of state legislation to emerge, attracting the less scrupulous to those states with the lowest security. The issue finally gained traction among HELP Committee members when 55 people died and 741 more became ill after contracting fungal meningitis from contaminated steroid injections made by the New England Compounding Center (NECC). Committee member Sen. Pat Roberts (R-KS) stated that given prior reports of problems with NECC, this tragedy could have been averted but for a “shocking failure to act” by NECC, state and federal regulators, and Congress.

As NECC’s role in the meningitis outbreak came to light,gaps in regulatory oversight did, too. The federal Food Drug and Cosmetic Act (FDCA)[1] currently recognizes only two categories of pharmaceutical manufacturers: commercial pharmaceutical companies and compounding pharmacies. To qualify as the latter under federal law, the entity must make individual or small batch, patient-specific drugs and do so only with a physician’s prescription for that patient.  Compounded drugs must be either be unavailable in the commercial market or needed in commercially unavailable doses or combinations. The FDCA exempts such compounders from its pre-marketing requirements applicable to commercially manufactured drugs. Thus, federal law clearly covers commercial pharmaceutical manufacturers, state law just as clearly oversees and licenses pharmacies but as the NECC case demonstrates, there is nothing clear about the responsibility for inspecting, licensing or otherwise overseeing compounders that do not fill prescriptions on a per patient basis.

Instead of compounding in response to an individual prescription, the New England Compounding Center made large batches of drugs for institutional buyers such as hospitals. Many of its drugs were commercially unavailable but some were knock-offs of marketed FDA-approved drugs – a practice which is clearly unauthorized. NECC’s business model was certainly not unique; neither was the limited and erratic response of state and federal regulators to complaints about the facility’s unsafe manufacturing practices. Congress knew that large-scale compounders existed along with concerns about their safety. Several members of the Senate HELP Committee had worked on curative legislation for over ten years, but made few inroads until the NECC crisis prompted the  HELP Committee to shift from park into drive.

Read More

Reidentification as Basic Science (Re-Identification Symposium)

By Michelle Meyer

This post is part of Bill of Health‘s symposium on the Law, Ethics, and Science of Re-Identification Demonstrations. You can call up all of the symposium contributions here. We’ll continue to post contributions into next week. —MM

Arvind Narayanan (Ph.D. 2009) is an Assistant Professor of Computer Science at Princeton. He studies information privacy and security and has a side-interest in technology policy. His research has shown that data anonymization is broken in fundamental ways, for which he jointly received the 2008 Privacy Enhancing Technologies Award. Narayanan is one of the researchers behind the “Do Not Track” proposal. His most recent research direction is the use of Web measurement to uncover how companies are using our personal information.

Narayanan is an affiliated faculty member at the Center for Information Technology Policy at Princeton and an affiliate scholar at Stanford Law School’s Center for Internet and Society. You can follow him on Twitter at @random_walker.

By Arvind Narayanan

What really drives reidentification researchers? Do we publish these demonstrations to alert individuals to privacy risks? To shame companies? For personal glory? If our goal is to improve privacy, are we doing it in the best way possible?

In this post I’d like to discuss my own motivations as a reidentification researcher, without speaking for anyone else. Certainly I care about improving privacy outcomes, in the sense of making sure that companies, governments and others don’t get away with mathematically unsound promises about the privacy of consumers’ data. But there is a quite different goal I care about at least as much: reidentification algorithms. These algorithms are my primary object of study, and so I see reidentification research partly as basic science.

Read More

I Never Promised You a Walled Garden (Re-Identification Symposium)

This post is part of Bill of Health‘s symposium on the Law, Ethics, and Science of Re-Identification Demonstrations. You can call up all of the symposium contributions here. We’ll continue to post contributions into next week. —MM

By Misha Angrist

Dear Michelle:

You know I respect your work immensely: your paper on the heterogeneity problem will be required reading in my classes for a long time to come.

But as far as this forum goes, I feel like I need both to push back and seek clarity. I’m missing something.

As you know, the PGP consent form includes a litany of risks that accompany the decision to make one’s genome and medical information public with no promises of privacy and confidentiality. These risks range from the well documented (discovery of non-paternity) to the arguably more whimsical (“relatedness to criminals or other notorious figures.”), including the prospect of being cloned. You write:

Surely the fact that I acknowledge that it is possible that someone will use my DNA sequence to clone me (not currently illegal under federal law, by the way) does not mean that I have given permission to be cloned, that I have waived my right to object to being cloned, or that I should be expected to be blasé or even happy if and when I am cloned.

Of course not. No one is asking you to be silent, blasé or happy about being cloned (your clone, however, tells me she is “totally psyched”).

But I don’t think it’s unfair to ask that you not be surprised that PGP participants were re-identified, given the very raison d’être of the PGP.

I would argue that the PGP consent process is an iterative, evolving one that still manages to crush HapMap and 1000 Genomes, et al., w/r/t truth in advertising (as far as I know, no other large-scale human “subjects” research study includes an exam). That said, the PGP approach to consent is far from perfect and, given the inherent limitations of informed consent, never will be perfect.

But setting that aside, do you really feel like you’ve been sold a bill of goods? Your deep–and maybe sui generis–understanding of the history of de-identification demonstrations makes me wonder how you could have been shocked or even surprised by the findings of the Sweeney PGP paper.

And yet you were. As your friend and as a member of the PersonalGenomes.org Board of Directors, this troubles and saddens me. In the iterative and collaborative spirit that the Project tries to live by, I look forward to hearing about how the PGP might do better in the future.

In the meantime, I can’t help but wonder: Knowing what you know and having done your own personal cost-benefit analysis, why not quit the PGP? Why incur the risk?

Warm regards,

Misha

Reflections of a Re-Identification Target, Part I: Some Information Doesn’t Want To Be Free (Re-Identification Symposium)

This post is part of Bill of Health‘s symposium on the Law, Ethics, and Science of Re-Identification Demonstrations. You can call up all of the symposium contributions here. Please note that Bill of Health continues to have problems receiving some comments. If you post a comment to any symposium piece and do not see it within half an hour or so, please email your comment to me at mmeyer @ law.harvard.edu and I will post it. —MM

By Michelle N. Meyer

I wear several hats for purposes of this symposium, in addition to organizer. First, I’m trained as a lawyer and an ethicist, and one of my areas of scholarly focus is research regulation and ethics, so I see re-identification demonstrations through that lens. Second, as a member of the advisory board of the Social Science Genetics Association Consortium (SSGAC), I advise data holders about ethical and regulatory aspects of their research, including issues of re-identification. I may have occasion to reflect on this role later in the symposium. For now, however, I want to put on my third hat: that of data provider to (a.k.a. research participant in) the Personal Genome Project (PGP), the most recent target of a pair of re-identification “attacks,” as even re-identification researchers themselves seem to call them.

In this first post, I’ll briefly discuss my experience as a target of a re-identification attack. In my discussions elsewhere about the PGP demonstrations, some have suggested that re-identification requires little or no ethical justification where (1) participants have been warned about the risk of re-identification; (2) participants have given blanket consent to all research uses of the data they make publicly available; and/or (3) the re-identification researchers are scholars rather than commercial or criminal actors.

In explaining below why I think each of these arguments is mistaken, I focus on the PGP re-identification demonstrations. I choose the PGP demonstrations not to single them out, but rather for several other reasons. First, the PGP attacks are the case studies with which, for obvious reasons, I’m most familiar, and I’m fortunate to have convinced so many other stakeholders involved in those demonstrations to participate in the symposium and help me fill out the picture with their perspectives. I also focus on the PGP because some view it as an “easy” case for re-identification work, given the features I just described. Therefore, if nonconsensual re-identification attacks on PGP participants are ethically problematic, then much other nonconsensual re-identification work is likely to be as well. Finally, although today the PGP may be somewhat unusual in being so frank with participants about the risk of re-identification and in engaging in such open access data sharing, both of these features, and especially the first, shouldn’t be unusual in research. To the extent that we move towards greater frankness about re-identification risk and broader data sharing, trying to achieve clarity about what these features of a research project do — and do not — mean for the appropriateness of re-identification demonstrations will be important.

Having argued here about how not to think about the ethics of re-identification studies, in a later post, I plan to provide some affirmative thoughts about an ethical framework for how we should think about this work.

Read More

GM Crops and the Environment

By Joanna Sax

I’ve become increasingly interested in GM crops, in general, after the recent Petrie-Flom Conference on the FDA in the 21st Century.

I know there is a lot of discussion and controversy about genetically-modified (GM) crops.  I want to pick-up on a topic that is related to GM crops – that is, the environment.  The May 2nd issue of Nature includes a special section on GM crops.  Part of this section provides information on the environmental advantages of GM crops.  Most of the GM crops contain DNA that allows them to be resistant to herbicides or insects.  It turns out that a study showed that there was a 6.1% reduction in the use of herbicide between 1996 and 2011 on crops of herbicide-resistant cotton compared to the amount of herbicide that would have been used to treat conventional crops.  See Natasha Gilbert, A Hard Look at GM Crops, 497 Nature 24, 25 (2012) (I believe this article is free if you search for it on the Nature website).  A reduction in the amount of herbicide used to treat our fabric or food sources may have environmental advantages.  Less herbicide run-off into waterways.  Less herbicide for animals to consume.  See id.

Other scientific data provide inconclusive results about environmental impacts.  Some studies look at whether transgenes are spreading to weeds or non-GM crops.  For example, husbandry techniques of cross-breeding may unknowingly cross breed a non-transgenic line with a transgenic line and thereby create a transgenic line.  Now, a GM crop will be grown without the farmer even knowing it.  See id. at 24, 26.  And, if the GM crop has some sort of negative environmental impact, then a farmer may unwittingly be creating potential harm to the environment.

One thing I want to raise with this post is the importance to incorporate multiple areas of study – biology, environmental studies, genetics, health, regulation, etc. – to determine how we advance our understanding of GM crops.  I imagine that many readers of this blog are much more familiar with GM crops than me, so I welcome your comments.

More Commentary on Why Patients May Be Discriminated Against

Given my recent piece in the New England Journal on discrimination against patients, particularly obese patients in the context of the Americans with Disabilities Act, I found this NY Times story particularly interesting: Disability and Discrimination at the Doctor’s Office. The Times story focuses on patients who are disabled in more traditional ways, but indicates that the main culprit behind the medical discrimination they may experience is not animus, but rather lack of proper equipment, which can be quite expensive.  Luckily, there may be hope on the horizon, thanks to the ACA.

PFC Student Internship Applications Due in 1 Week!

The Petrie-Flom Center for Health Law Policy,
Biotechnology, and Bioethics at Harvard Law School
 
Call for Applications
Student Internship Program

 

The Petrie-Flom Center for Health Law Policy, Biotechnology, and Bioethics at Harvard Law School is seeking student interns for the upcoming academic year beginning in September 2013.   Full-year availability is preferred, but single-term internships will be considered on an individual basis; please indicate your preference in your application materials. We are not currently accepting applications for Summer 2013, but may consider extension through Summer 2014 if there is mutual interest.

Who is eligible?

Harvard undergraduate and graduate students with an interest in the Center’s work are eligible to apply. More information about the Center is available here. The internship is open to students in all disciplines, but we particularly welcome applications from students studying health policy, philosophy, bioethics, law, medicine, business economics, and the sciences.  We are also interested in receiving applications from students interested in technology and communications, as we plan to substantially update and expand our Internet presence and social media strategy.

Read More

Data Sharing vs. Privacy: Cutting the Gordian Knot (Re-Identification Symposium)

PGP participants and staff at the 2013 GET Conference. Photo credit: PersonalGenomes.org, license CC-BY

This post is part of Bill of Health‘s symposium on the Law, Ethics, and Science of Re-Identification Demonstrations. You can call up all of the symposium contributions here. Please note that Bill of Health continues to have problems receiving some comments. If you post a comment to any symposium piece and do not see it within half an hour or so, please email your comment to me at mmeyer @ law.harvard.edu and I will post it. —MM

By Madeleine Ball

Scientists should share. Methods, samples, and data — sharing these is a foundational aspect of the scientific method. Sharing enables researchers to replicate, validate, and build upon the work of colleagues. As Isaac Newton famously wrote: “If I have seen further it is by standing on the shoulders of giants.”

When scientists study humans, however, this impulse to share runs into another motivating force — respect for individual privacy. Clinical research has traditionally been conducted using de-identified data, and participants have been assured privacy. As digital information and computational methods have increased the ability to re-identify participants, researchers have become correspondingly more restrictive with sharing. Solutions are proposed in an attempt to maximize research value while protecting privacy, but these can fail — and, as Gymrek et al. have recently confirmed, biological materials themselves contain highly identifying information through their genetic material alone.

When George Church proposed the Personal Genome Project in 2005, he recognized this inherent tension between privacy and data sharing. He proposed an extreme solution: cutting the Gordian knot by removing assurances of privacy:

If the study subjects are consented with the promise of permanent confidentiality of their records, then the exposure of their data could result in psychological trauma to the participants and loss of public trust in the project. On the other hand, if subjects are recruited and consented based on expectation of full public data release, then the above risks to the subjects and the project can be avoided.

Church, GM “The Personal Genome Project” Molecular Systems Biology (2005)

Thus, the first ten PGP participants — the PGP-10 — identified themselves publicly.

Read More

Breaking Good: A Short Ethical Manifesto for the Privacy Researcher

This post is part of Bill of Health‘s symposium on the Law, Ethics, and Science of Re-Identification Demonstrations. We’ll have more contributions throughout the week, and extending at least into early next week. Background on the symposium is here. You can call up all of the symposium contributions here (or by clicking on the “Re-Identification Symposium” category link at the bottom of any symposium post).

Please note that Bill of Health continues to have problems receiving some comments. If you post a comment to any symposium piece and do not see it within half an hour or so, please email your comment to me at mmeyer @ law.harvard.edu and I will post it. —MM

By Yaniv Erlich

1. Increase the general knowledge –Like any other scientific discipline, privacy research strives to increase our knowledge about the world. You are breaking bad if your actions are aimed to reveal intimate details of people, or worst to exploit these details for your own benefit. This is not science. This is just ugly behavior. Ethical privacy research aims to deduce technical commonalities about vulnerabilities in systems not about the individuals in these systems. This should be your internal compass.

This rule immediately asserts that your published findings should communicate only relevant information to deduce general rules. Any shocking/juicy/intimate detail that was revealed during your study is not relevant and should not be included in your publication.

Some people might gently (or aggressively) suggest that you should not publish your findings at all. Do not get too nervous by that. Simply remind them that the ethical ground of your actions is increasing the general knowledge. Therefore, communicating your algorithms, hacks, and recipes is an ethical obligation and without that your actions cannot be truly regarded as research. “There is no ignorabimus … whatever in natural science. We must know — we will know!”, the great Mathematician David Hilbert once said. His statement applies also to privacy research.

Read More

Liability for Failure to Vaccinate

As of Friday, June 28, this post is closed to further comments. We want to thank the many readers who have engaged in a vigorous and civil discussion on the recent posts to the Bill of Health that engage questions related to the debate over vaccines. In general, we do not moderate discussions on the site. However, due to an increasing number of comments that violate our policies regarding abusive and defamatory language and the sharing of personal information, we are closing these posts to comment.

By Art Caplan

Measles are breaking out all over Britain.  Getting fewer headlines is the fact that measles are back in the USA too.  In fact they are in our region.  A mini-epidemic is raging in Brooklyn.  Measles for cripes sake!  The disease that many of us over 60 had as kids that should never occur is back with a vengeance.  The reason for the diseases reappearance is simple—failure to vaccinate.  Maybe it is time to get tough on those whose choices put others at risk.

For decades, there has been a safe, effective vaccine that works exceedingly well against the measles–95% full protection for a kid who has been vaccinated– and nearly equally well at preventing transmission to others.  The more people have been vaccinated the tougher it is for measles to gain a foothold.

NY City health officials have reported 30 cases so far–26 in Borough Park and four more in Williamsburg.  The NY Daily News reports that the consequences of this outbreak have been dire:

“There have been two hospitalizations, a miscarriage and a case of pneumonia as a result of this outbreak,” a Health Department spokeswoman said. “All cases involved adults or children who were not vaccinated due to refusal or delays in vaccination.”

So far the outbreak has been among religious Jews some of whom shun getting the vaccine for their kids out of fear it causes autism Dr. Yu Shia Lin of Maimonides Medical Center in Borough Park told The News.

Read More