Data Integrity in Regulated and Accredited Environments
Part 1: Fundamentals and Principles
Dr David Trew BSc(Hons), PhD, CChem MRSC
It is a fundamental expectation and requirement that all scientific data and records are both reliable and trustworthy. When the data are used to make decisions concerning the health and safety of individuals, the quality of the environment, to support national and international trade, the detection of crime and the prosecution of offenders, the reliability and trustworthiness of those records is of critical importance.
In the heavily regulated pharmaceutical and healthcare sector, the integrity of manufacturing records and laboratory quality control testing continues to attract considerable regulatory scrutiny. The issue of unreliable manufacturing and testing records in the pharmaceutical industry was first identified in 2005 when US generic drug manufacturer Abel Laboratories was found by the US Food and Drug Administration (FDA) to have routinely resampled, re-
Able Laboratories was forced to suspend production of, and recall all of its products from the market. With no production and no products, it was able to sell, the company’s value fell by over 85 %, and by the end of 2005 the company had sold its assets to Sun Pharmaceuticals.
Since the Able Laboratories scandal the integrity of manufacturing records and laboratory testing data has continued to attract increasing scrutiny from the regulatory authorities and other stakeholders in the pharmaceuticals and life sciences sectors. More recently, Indian generic drug manufacturer Ranbaxy entered in to a consent decree with the FDA in January 2012.
The regulated pharmaceutical and life sciences sectors are not the only industries to experience scandals over fabricated records and data. For example, the accredited forensic analysis sector has been rocked by misconduct. In 2012 confidence in the entire Massachusetts judicial system was compromised when Annie Dookham, an analytical chemist working in the Massachusetts Forensic Drug Laboratory, analysing samples of seized drugs in criminal court cases, was discovered to have falsified the test results in samples for up to 40000 criminal drugs cases over a ten-
Some of the regulatory authorities have published guidelines which elucidate their current thinking and expectations regarding the systems companies should have in place. These systems should be able to provide a high level of confidence that the data and records being used to make decisions concerning the quality of regulated products are reliable and trustworthy.
The United Kingdom Medicines and Healthcare Regulatory Authority published guidelines titled “MHRA GMP Data Integrity Definitions and Guidance for Industry”1 in March 2015, and issued an undated version2 as a consultation document in July 2016. In September 2015 the World Health Organisation published a draft “Guidance on Good Data and Record Management Practices”3. In addition, in April 2016 the FDA published a draft Guidance for Industry titled “Data Integrity and Compliance with CGMP”4. All of these guidelines advocate accurate, legible, contemporaneous, original and attributable, as fundamental requirements for achieving comprehensive data integrity. The Pharmaceutical Inspection Cooperation Scheme has also published a draft document “Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments”5.
In addition to the guidance documents published by the regulatory agencies a number of articles have also been published addressing different topics. In the first part of a two-
Human errors when incorrect data is entered by mistake (an uncorrected fat finger moment), stupidity (not being aware of regulatory requirements or poor training) or wilfully (falsification or fraud with the intent to deceive)
Selection of good or passing results to the exclusion of those that are poor or failing
Unauthorized changes to data made post-
Errors that occur when data is transmitted from one computer to another
Changes to data through software bugs or malware of which the user is not aware
Hardware malfunctions, such as disk crashes
Changes in technology, where one item is replaced when it becomes obsolete or no longer supported, making old records unreadable or inaccessible
This paper also discusses potential data integrity issues associated with chromatographic data systems (CDS) and discusses the deficiencies found during an inspection at Indian drug manufacturer RPS Life Sciences7. It is noted that all FDA inspectors have received training in data integrity. Also instead of looking at paper printouts, inspectors now look at the electronic records created by the CDS, and will request to be taken through the analysis and audit trails. It is also important to understand that it is the electronic records that are considered to be the data, not the paper printouts.
The second part of this article8 discusses the Consent Decree9 between Ranbaxy Laboratories and the US Food and Drugs Administration. The principle elements of this Consent Decree are:
In addition, Ranbaxy also paid a record breaking $500 million fine. This clearly demonstrates that complying with the regulations is a much more cost effective strategy than taking short cuts or seeking to conceal test results that do not show your products conform to specifications, and then having to cover the costs associated with remediation.
In an earlier article10 published in 2011 McDowall suggests the following ten areas are essential for ensuring the integrity of records created by chromatographic data systems:
1. Identify each user uniquely
2. Implement adequate password controls
3. Establish different user roles / access privileges
4. Establish and maintain a list of current and historical users
5. Control changes to the system
6. Use only trained staff to operate the system
7. Understand predicate rules for laboratory records
8. Define and document e-
9. Review the audit trails for each run
10. Back the system up regularly
Smith11 has discussed the potential data integrity issues associated the use of Fourier transform infra-
The current paper is the first part of an ongoing series which will discuss data integrity in regulated and accredited environments. Part one of this series will present a discussion of the fundamentals and principles of assuring data integrity. The second part will discuss strategies for establishing systems to manage the integrity of laboratory data and records in regulated and accredited environments.