December 30, 2012 marked the end of an era in regulatory; it was the last possible day you could conceivably submit a major application entirely on paper.
If rumors and our voice mail are any indication, lots of people are already struggling with the new eCopy guidance that has been finalized for just over a week. Truth be told, we had two different things spend some time in "eCopy Hold" this first week too. I can only imagine what the doc control center at FDA looks like right now or what it must be like to deal with the amount of confusion and frustration headed their way.
It’s a new program and it’s reasonable to expect that there will be some frustrations and kinks to work out. That said, there is a lot to like about where FDA is going here and I imagine they're eager to continue streamlining this process.
With that in mind, here are some initial observations about the new eCopy requirement:
- If it goes to the document control center, it probably needs an eCopy
There are a number of submissions explicitly exempted from the eCopy requirement, but you should probably err on the side of providing an eCopy in all other cases. A few days ago, a client of ours sent in a letter requiring a change of primary contact on a PMA. That single-page letter (being a PMA Amendment) now needs an eCopy and (amusingly) its own cover letter.
Extra credit brain teaser: If a sponsor writes to request a change of contact but that letter can not be accepted and is placed on hold, who should you inform of the hold? The person who you know isn’t there any more or the person authorized by the document you can’t accept? (Answer below)
- The eCopy program is misleadingly named
FDA guidance is very clear that eCopies and eSubmissions are not the same and should not be confused with each other. They are just two things that happen to be exactly the same in every respect that actually makes any difference at all.
To elaborate, an eSubmission is a collection of electronic files assembled by FDA’s eSub software that represents the official copy of your submission. In contrast, an eCopy is a collection of electronic files assembled by FDA’s eSub software that represents the official copy of your submission. Got it? Adding further clarity, FDA helpfully points out that ODE/OIVD accepts eSubmissions in the form of eCopies.
It is worth making some distinction, of course, between those submissions that can be transmitted through FDA’s Electronic Submissions Gateway and those that must be sent via CD and accompanied with a print copy & cover letter. The effort involved in the parts that matter is about the same, however, so why treat them like two totally different things? Our suggestion: don’t.
- Digital is primary, paper is secondary
The eCopy is explicitly described as the “real” copy now, a fact that is underlined by two new policies. First, submissions that require multiple copies only need one paper copy… all other copies can be electronic. Second, you can avoid printing those large volumes of stuff that only make sense in electronic format anyway, such as line listings. Now, you just need a sheet in the submission indicating where the data resides in the eCopy.
- Validation is tougher than it looks; start early
Most of FDA’s requirements are pretty easy and straightforward: Include a cover letter… check. Use a common naming convention and organizational structure… easy peasy. Limit file size… no problemo.
The tougher ones are the “no attachments” and “no security settings” rules. Lots of things may invisibly add attachments to PDFs without changing their content or usage appreciably. FDA even seems to know this, as the example they give is of a “joboptions” attachment… a set of invisible instructions of use only to Adobe Distiller.
It’s more difficult than it might seem to truly get rid of these attachments, particularly if you’re also trying to preserve the fonts, graphics, OCR, bookmarks and hyperlinks that make your document usable. It’s not difficult to see why FDA has concerns about the abuse of attachments, but these things are pretty easily covered by the “exact copy” requirement. Rejecting documents because of application-specific enhancements or invisible, no-op configuration files feels like a bit much.
And then there’s the security settings. Stripping those out is not only challenging, but may well be illegal. Which brings us to our fifth observation…
- FDA doesn't leave much room for legal and practical challenges
FDA appears to have an expectation that PDFs are this big, easy open format that you can pretty much manipulate at will. They clearly expect that you can just “Print to PDF” to strip out pesky problems like attachments and security. That may have been true at one point, but those days are well and truly over now.
Content producers, you see, are very interested in securing rights over their digital content and have been making great strides in getting everyone else to dance on a string these last 10-20 years. If a PDF author does not want readers to print, copy, change or repurpose their content, you truly can’t do it without going to extraordinary measures and/or working with sketchy software from marginal vendors. Most modern software no longer provides features that “work around” copy protections or author-set permissions. Those few legit workarounds that still exist tend to be jealously guarded by a secretive class of PDF ninjas who want to ensure they always have the right tool in a pinch.
And then there’s the law. In the late 1990’s, the US passed the Digital Millennium Copyright Act, an incredibly broad condemnation of just about every activity that involves using digital content for some purpose other than those granted to you by the content creator. Circumventing copy protection on digital resources is explicitly illegal in the US under Federal law and Federal law further states that it doesn’t matter one bit whether you profit from the infringing action.
None of that is a problem if you’re working with documents you created. But it’s potentially a very large problem when you’re required to include copies of all the journal articles incorporated into your application. You may not face any actual risk of criminal prosecution for assembling a PMA, but the legal environment around digital content has caused most legit software vendors to become hyper-conservative, lest they become seen as facilitating criminal activity. Thus, even very mild protections (such as setting a password to faciliate form entry) can become tricky to undo.
In a bit of a comic admission of the problem, FDA notes that many of its own forms are password protected and thus can not be included as-is without causing a validation error. They permit a specific work-around and state that they are working on the problem, but the fact that it has taken longer to update these forms than to finalize the guidance speaks volumes.
FDAs inability to have their own materials pass their own validation is completely understandable, but it also demonstrates just how pervasive these types of practices are. Worse, it suggests just how unlikely it is that other organizations with less at stake will move any faster to accommodate FDA’s requirements. Perhaps, some day, we will be able to hide copy-protected journal articles in a zip file too… until then, make sure you’ve got a PDF ninja on your team. You’ll probably need one.
Answer to the brain teaser: Notify the new contact. It’s problematic, to be sure, but it’s really the only answer that makes any sense.