Data is omnipresent in the pharma industry. From creation, to deletion, to preservation – and everything in between – data integrity is the bedrock of GLP, GCP and GMP. But what exactly do we mean by safeguarding data integrity? Essentially, there are two core elements: physical and logical. Physical refers to aspects such as (physical) location, personnel access controls, and processes for retrieving or moving the data sources. Logical refers to the controls and records relating to any access and use of the electronic data after it has been created, as well as being able to demonstrate the accuracy and completeness of the data.
In recent years, there have been several high-profile cases in the US where quality control analytical testing results and data have been deliberately manipulated to falsify test results associated with the release of medicinal products (1)(2) . In turn, regulators, as well as the wider quality community, have been forced to prioritize the restriction of quality-related processes and systems that give users the opportunity to manually modify data, whether deliberately or inadvertently. To be very clear, most instances of poor data integrity result from human error or negligence, rather than malice. Nevertheless, the consequences of the action remain the same. Corrupting the continuity and completeness of an audit trail – whether by altering or removing pages of a physical record and/or replacing them with alternatives, or by altering or deleting electronic records and not being able to reconcile this with who, why, when, or under what authority, for example – irreparably compromises integrity; confidence in the quality of the record is subsequently lost, and demonstrating compliance to inspectors suddenly becomes extremely difficult. Not to mention the reputational damage once the media find out… With a continuing move towards more distributed workforces, there has been an increase in the use of technology (particularly mobile devices) to capture data and, in the pharma industry, interact with the electronic quality management systems (EQMS) that handle the data. During the past 24 months, the industry has seen an increased number of published guidance papers and regulations regarding data integrity, such as The WHO’s Guidance on Good Data and Record Keeping Management Practices, published in September 2015, and the FDA’s Data Integrity and Compliance with GMP Guidance for Industry, published in April 2016. Regulated organizations need to demonstrate how they are maintaining data integrity with the increased use of mobile devices, hosted applications and distributed workforces. The challenge the industry faces is how to embrace the advantages such technology provides, without compromising data integrity – and ultimately patient safety.
Any technology, however sophisticated, will never be a total solution in isolation. Organizations that fail to fully recognize the role that data integrity plays in promoting safe and profitable practices, regardless of the technology used, are leaving the door open to risk. A good data integrity strategy should incorporate three elements: people, processes, and technology. Ownership should also rest with every individual who encounters the data. There is an onus on everyone involved in the preparation, recording, checking, transferring, storage and use of GxP data to understand and adhere to the internal processes and regulations associated with maintaining data integrity. Those people involved should also challenge anything that represents a potential risk to data integrity – and be aware of the consequences if integrity is compromised, as well as the benefits of effective data management, whether paper or electronic. Most problems associated with data integrity occur at the interfaces between systems and at the points of manual data input. The best people to understand any weak points, manage the risks, and drive improvement are those that work with the processes every day. Championing data integrity or improving practice does not always require financial investment and/or increased auditing. Often, small, cultural changes, such as instigating reward and recognition programs, appointing data integrity champions, and holding regular refresher courses on best practice, can instill a sense of context and responsibility in all staff. Often, just communicating the importance and potential impact people have in the context of their specific roles and tasks can make a huge, positive impact. If people are not clear on why data is monitored and measured, or do not feel empowered to challenge processes, how can they be expected to care about it? Equally, if methods of managing quality assurance and safeguarding data integrity are outdated or ineffective, how can organizations expect to remain compliant?
Newsletters
Receive the latest analytical science news, personalities, education, and career development – weekly to your inbox.
References
- FDA, “Wockhardt Limited 7/18/13”, (2013). Available at: http://bit.ly/2y9FCD4. Last accessed September 18, 2017. FDA, “2015 Warning Letters”, (2015). Available at: http://bit.ly/2ykfAgv. Last accessed September 18, 2017.
