This breakdown is available for paid subscribers. Only paid subscribers get regular full access to our breakdowns and other analyses. If you’re not already a paid subscriber, you can upgrade here.

On November 6, 2024, the FDA posted one of the most alarming warning letters in recent memory, issued to a manufacturer of medicated patches in New Dehli. The letter followed a May inspection that revealed violations so egregious they challenge belief.

Read the full warning letter here.

The findings go beyond mere non-compliance. They paint a picture of systematic fraud that reads like a cautionary tale: torn batch records discovered in plastic bags on the rooftop, quality control documentation transmitted via WhatsApp, management admitting to retrospectively creating records, and perhaps most incredibly, a QC analyst taking home the facility's only computer containing critical data and becoming unreachable during the inspection.

What makes this warning letter particularly notable isn't the "lessons learned" — any Quality professional will recognize these violations as foundational breaches of GMP. Rather, this case serves as a stark reminder of why FDA's oversight role is crucial. While the public may rarely see these inspection reports, they represent the front line in protecting the integrity of our drug supply chain.

This warning letter demonstrates not just the importance of regulations, but the critical need for vigilant enforcement in an increasingly complex global pharmaceutical manufacturing landscape.

Let’s break it down.

Torn batch records in bags on the roof

"…batch production records were found torn in plastic bags on your rooftop. Among the torn records were missing batch production records that you were not able to locate during the inspection for your drug product, (b)(4) Patch, batches (b)(4) which were intended for the U.S. market. The torn records also included duplicate incomplete batch production records with the same batch numbers and issuance dates as the batch records already provided to the investigators..."

The discovery of torn batch production records in plastic bags on the facility's rooftop represents one of the most alarming findings from the inspection. These weren't just any records — they included missing batch production records for the company's drug products intended for the U.S. market, including specific batches of their pain patch product that couldn't be located during the inspection.

Even more concerning, investigators found duplicate incomplete batch records with identical batch numbers and issuance dates as records that had already been provided to them. This suggests not only the destruction of documents but also the creation of fraudulent records.

The company had since committed to investigating these retrospectively created records and conducting assessments of its data integrity practices, but the FDA found its response inadequate as it failed to detail how it would detect and investigate non-contemporaneously prepared records.

Retrospective record creation

"Your executive management admitted to not having all the batch records for the released drug products and batch production records were 'retrospectively prepared' to provide to the investigators."

Executive management admitted to not having all batch records for released drug products and acknowledged that batch records were "retrospectively prepared" to provide to investigators — a stunning confession of fraud.

This wasn't a case of poor record-keeping or accidental loss; it was an intentional effort to create false documentation to present to FDA investigators. The implications of this admission are far-reaching, as it calls into question the validity of all records generated at the facility for products within expiry.

While the company proposed rejecting and destroying certain batches, the FDA noted it provided no rationale for only selecting certain batches for destruction and failed to provide adequate assurance that products in U.S. distribution were consistently manufactured to ensure safety and efficacy.

QC analyst data manipulation

"Your QC analyst had the ability to manipulate results, dates, and images of in-house and vendor stamp approvals on component certificate of analyses (COAs) from third-party contract laboratories, including the means to duplicate the stamp approval across multiple COAs for components, such as (b)(4), lot (b)(4), lot (b)(4)."

The finding that a QC analyst could manipulate results, dates, and images of in-house and vendor stamp approvals on COAs reveals a complete breakdown in computer system controls.

The analyst could duplicate stamp approvals across multiple COAs for various components, effectively falsifying verification documentation.

While the company removed the analyst from regular duties, the FDA found its response inadequate as it failed to explain how appropriate controls would be implemented for maintaining data integrity and defining user privileges for computer systems, including measures for oversight of data from third-party contract laboratories.

Missing computer with CGMP data

"During the inspection, the only computer alleged to have all the electronic CGMP data, which was not backed up, was not available because the QC analyst took the computer home and could not be reached after multiple attempts... you reported your QC analyst was receiving COAs from your third-party contract laboratory in Word format via WhatsApp on his personal cell phone, and he confirmed to have deleted all the received COAs."

FDA investigators discovered that the company's only computer for storing electronic CGMP data was not backed up and was unavailable for inspection because a QC analyst had taken it home and could not be reached despite multiple attempts. (Re-read that sentence for full effect.)

“When the laptop was provided all recent files and drives were apparently deleted before being presented to the investigators,” the agency said.

Just as concerning, the QC analyst was receiving COAs from third-party contract laboratories via WhatsApp on their personal cell phone — a complete breakdown of proper documentation procedures — and then admitted to deleting all received COAs.