The integrity of the data collected and recorded by pharmaceutical manufacturers is critical to ensuring that high quality and safe medicines are produced. What exactly is data integrity and why is it so important?
Data rising to the standard that is commonly referred to as having “integrity” generally include five key attributes (1):
- Accuracy – no errors or editing without documented amendments
- Attributable – information lists who acquired the data or performed an action and when
- Available – for review and audit or inspection over the lifetime of the record
- Complete – all data are present and available
- Consistent – all elements of the record, such as the sequence of events, are dated or time stamped in expected sequence
Howard Sklamberg, Deputy Commissioner for Global Regulatory Operations and Policy, U.S. FDA, has said that the lack of data integrity is often “just fraud” (2). In today’s complex supply chain, it is more critical than ever to ensure the integrity of the data documented for the testing and manufacture of medicinal products.
Data integrity is mandatory for the regulated healthcare industry, as processing and disposition decisions regarding product quality, safety, efficacy, purity, and compliance with the applicable regulatory requirements are made based on data that is recorded and reported. Drug, medical device manufacturers, service providers, health authorities, end users and administrators of the product (patients and healthcare professionals) rely on robust traceable data.
What happens when data integrity is breached? The worst case scenario is impact on patient safety and the loss of lives. Although not regulated by the FDA or subject to cGMPs, the recent New England Compounding Pharmacy incident in the United States can be used as an example of the consequences of fraudulent activity. Here, 64 patients died and over 750 were sickened from fungal meningitis as a result of sterility negligence and data integrity issues. In this case, a FDA official said pharmacy technicians were instructed to lie on cleaning logs, showing rooms as being properly cleaned when they had not been (3).
Data integrity issues pose such a high risk and are not always easily detectable. As electronic data recording and management systems are implemented instead of paper systems, the detectability of data manipulation becomes more complex. Certain controls and requirements should be validated to mitigate any risk for data to be manipulated electronically. In addition, verification of audit trails in electronic management systems, training of operators and staff to promote cGMP awareness, along with the ramifications of breaching data integrity when recording results is critical.
The FDA and other health authority agencies have recently expanded efforts to target manufacturers and laboratories with potentially questionable data. A MHRA guidance provides a clear message, discussing the importance of the data integrity lifecycle and places an emphasis on senior management and supplier management programs. The guidance places the responsibility on senior management to ensure systems and procedures are implemented utilizing the principles in ICH Q9, Quality Risk Management to minimize the potential risk to data integrity. (4).
Additionally, the guidance states that any “contract giver” outsourcing work should ensure that the supplier management program review potential risk of data integrity for their suppliers. Over the past two years, the FDA has issued over fourteen warning letters to API manufacturers in India for data integrity issues (5).
It is compelling that the FDA issued such a large volume of warning letters in India for data integrity issues. With the MHRA guidance emphasizing the importance of evaluating data integrity risk for the contract giver’s suppliers, we have to ask the question, why did supplier quality audits not detect this risk? As the industry continues to develop and identify data integrity risks, data integrity risk evaluation should be part of the routine developed for the established supplier management program, instead of performed solely in-house.
The observations in these warning letters are startling. Some citations describe fraudulent activities such as documenting microbial results on a Certificate of Analysis when there was no objective evidence to support that any testing was actually performed. Through interviews, employees confirmed that the testing was never performed, however, results were reported on the CoA as sterile (5).
Adequately ensuring data integrity requires companies to create a company culture of ethics and compliance. This starts at the basic level, such as a company that follows the fundamentals of cGMPs, e.g., making all personnel aware that everyone is accountable for their own signature. Training programs must stress the serious ramifications of unethical behavior, and that documenting results or activities which did not occur is a fraudulent activity. Data integrity issues are the return to the basics of cGMP documentation.
Critically, companies need to ensure that the culture and environment is built on trust and follows basic cGMP foundations, avoiding the often implied message: “Let’s just get this done...it’s okay to take shortcuts to meet deadlines.” The culture should be one where individuals are responsible for ensuring product, patient safety and drug efficacy and purity, having the responsibility to escalate any potential fraudulent activity without fear of repercussion. If a lower level employee observes data falsification at any level in the organization, there should be a defined confidential escalation program. This concept is a fundamental element to any ethics and compliance program.
Above all, the company culture of a drug manufacturer should ensure ethics. Ethics is vital at all levels of the organization, but certainly of management. There are serious ramifications for an organization with data integrity issues including regulatory actions of seizure and injunction of operations, individual incarceration and debarment. The FDA can also place an organization under consent decree, perform a directed and limited inspection regarding data integrity issues, cite an organization with a warning letter and halt the submission of any new products, and recall and withdraw products from the market.
The most important reason we are in the drug industry is to help make patients’ lives better. The consequences of data integrity lapses could be patient death, chronic illness or disability. Organizational impact could include a negative public and regulatory reputation resulting in devaluation of stock and market share loss. Once the trust of regulatory agencies and the public has been lost, it is not an easy thing to recover.
In a warning letter issued in 2014 (6), the FDA required the firm to “identify the specific managers in place who participated in, facilitated, encouraged, or failed to stop subordinates from falsifying data in CGMP records, and determine the extent of top and middle management’s involvement in or awareness of data manipulation.” Furthermore, in the same warning letter, the FDA stated: “That a senior manager was engaged in the falsification of documents is troubling and raises questions about validity of documents generated by your firm. Furthermore, your response to the FDA Form-483 is deficient in that it fails to address the root cause or the extent of the falsification of training documents” (6). The FDA then required the company to not only provide the deficient information but also how the company will change its systems to address these issues along with extensive information about employee cGMP training at the facility.
The message for data integrity is clear. It’s not a new concept; it’s about getting back to the roots of training all staff on the importance of data integrity in cGMP documentation and honesty. It is critical to ensure employees understand the accountability and traceability requirements for retention of raw data and the consequences of data manipulation. Training operators and analysts to document the performance of a task by recording what happened at the time it occurs, including information about the person who performed it along with clearly documenting and investigating deviations, is vital for patient safety and product efficacy. This is achievable by providing the training and creating a company culture that promotes and rewards ethical behavior as a core value from top to bottom of an organization.
[Editor’s Note: The 2015 PDA/FDA Joint Regulatory Conference will feature a plenary session on data integrity on Sept. 29. Visit www.pda.org/pdafda2015 for more information.]
- McDowall, R.D. “Fat Finger, Falsification, or Fraud?” Spectroscopy (December 2010) www.spectroscopyonline.com/node/218563
- Wechsler, J. “Data Integrity Key to GMP Compliance.” BioPharm International (September 2014) www.biopharminternational.com/data-integrity-key-gmp-compliance
- “Arrests in Pharmacy Compounding Meningitis Outbreak.” CBSNews.com, December 17, 2014 www.cbsnews.com/news/arrests-in-compounding-pharmacy-meningitis-outbreak/
- MHRA GMP Data Integrity Definitions and Guidance for Industry, Medicines and Healthcare Products Regulatory Agency: January 2015 www.gov.uk/government/uploads/system/uploads/attachment_data/file/397853/Data_integrity_definitions_and_expectations_v3_4__ack.pdf
- Gaffney, A. “India’s Data Integrity Problems.” Regulatory Focus (February 3, 2015) www.raps.org/Regulatory-Focus/News/2014/08/19/18980/Indias-Data-Integrity-Problems-Updated-17-June-2014/
- Marck Biosciences Ltd. Warning Letter, U.S. Food and Drug Administration: July 8, 2014 www.fda.gov/ICECI/EnforcementActions/WarningLetters/2014/ucm409898.htm
About the Author
An auditor for Biogen Idec with over 17 years of experience in the biopharmaceutical industry, Elayne Best audits the supply chain for clinical and commercial products including raw materials, components, contract manufacturing API, bulk drug substance, contract laboratories, parenteral and oral solid dosage drug product and distribution.