The Need for Data Integrity Regulations
Regulatory agencies have begun to recognize the data integrity challenges and issues. The Parenteral Drug Association (PDA) held a Data Integrity Seminar in 2015 when the issues began to grow. They identified four main red flags for regulators to be wary of:
- Non-contemporaneous reporting: Not recording data at the time the activity was actually performed
- Document back-dating: Inaccurately recording the date on a document to meet requirements
- Copy of existing data as new information: Copying old test results without performing a new test or as a substitution for new data
- Data fabrication and data discarding: Manipulating original data to obtain passing results
It’s easy to hold organizations accountable when they purposely falsify or alter data. But it’s important to remember not all violations are made with malicious or deceptive intent. For this reason, general data integrity regulations and guidelines can benefit all life science organizations.
An example: File attachments (PDF files, scanned copies of paper records, etc.) are critical objective evidence used to support many quality decisions throughout the product lifecycle. Most wouldn’t think twice about scanning a paper document, uploading and attaching that document to a quality system, and deeming the process complete.
Although this action was taken with good intentions, assuming the data’s integrity can be a costly mistake. Attachments from scanned documents should always be double checked for simple, yet impactful errors. Pages of the scanned document could easily be missing or illegible. Scanning, copying, and rescanning documents can blur the content or lead to partially copied pages. Anything highlighted for emphasis or marked with pen may appear blacked out if the scan or copy was made in black and white—often the case because it cuts cost.
These simple oversights are often overlooked until a regulatory audit. At that point it’s too late, especially if the original document can’t be immediately located. Although intentions were good and procedures were followed, companies may still get hit with hefty fines and risk delays in product development.
Regardless of intention, maintaining data integrity is of the utmost importance for life science companies. As the Institute of Validation Technology states, “Data integrity is a prerequisite for the regulated healthcare industry as decisions and assumptions on product quality and compliance with the applicable regulatory requirements are based on data.”
Inaccurate data will trickle down through the entire product lifecycle and carry consequences throughout all areas of an organization. Failing to maintain data integrity will cost an organization money from regulatory penalties, customer trust, and market position, among other areas.
How Regulatory Agencies Are Stepping In
Lachman Consultants reported in the first 10 months of 2015 that 16 warning letters were sent out by the U.S. Food and Drug Administration (FDA). Of those, 12 were specifically for data integrity. Further reports indicated those numbers increased steadily into 2016. Regulatory bodies decided enough was enough, and stepped up in an effort to stop this problem.
In response in April 2016, the FDA drafted a guidance for data integrity called “Data Integrity and Compliance with Good Manufacturing Practice Guide for Industry.” The Q&A styled document addresses 18 questions about the role of data integrity in Current Good Manufacturing Practice (CGMP).
The document’s main goals are to educate the public on the importance of prioritizing data integrity and make suggestions for improving integrity. One of the most salient guidelines the FDA iterates is the ALCOA Principle of data recording. This principle posits that data should be:
- Attributable: There should be a record of who performed the action and when, for accountability.
- Legible: The record should be clear and permanent.
- Contemporaneous: The data should be recorded at the time of taking measurements to prevent backdating.
- Original: The medium by which the data is first recorded should be preserved throughout the lifecycle.
- Accurate: All records should be free from errors or biases.
These concise guidelines can help organizations begin to establish data integrity initiatives.
The PDA also offers guidance on the situation with its document “Elements of a Code of Conduct for Data Integrity.” This document provides in-depth guidance for life science organizations to institute data integrity plans. The suggestions focus around a few main points:
- All employees should be required to collect and report information in a complete, accurate way in alignment with company policies and regulatory laws.
- Companies should develop programs that encourage ethical conduct, display commitment to compliance, and require prevention of data integrity issues.
- Companies should develop procedures and documentation systems that ensure information is handled appropriately.
- Electronic data acquisition systems should be configured and validated in accordance with industry standards, such as with audit trails or electronic signature requests.
- Companies should have procedures to investigate falsification, fabrication, or adulteration claims. These should include steps for reporting, non-retaliation policies, and agreements with suppliers.
These are more relaxed than regulatory requirements, but supply a solid foundation for building a data integrity initiative.
Aside from following guidelines and preaching honest reporting in theory, there are some concrete steps to take in order to track and store information more accurately. This not only improves data integrity, but also streamlines all processes for a more efficient business approach.
1. Utilize a Software System That Supports Your Goals
Having a Quality Management System (QMS) is a must for life science organizations for many different reasons. But not all systems are created equal—only some have features that fully encourage data integrity. Look for a software system with:
- 21 CFR Part 11 compliant features, like e-Signatures. That way, documents are protected from unauthorized alteration and accountability can be traced.
- Document control and employee training features. Following regulations for storing records and document templates (like audit templates) helps to stay organized and locate documents during audits and tests. Customizable workflows ensure the proper personnel approve the documents to verify they are legitimate. Firms can also administer, test, and update employees on training for how to properly record data so they are accountable for data integrity.
- Audit management tools. Automating the audit process facilitates compliance with any and all regulations. Here electronic signatures can also be utilized to verify the contents and purpose of the audit trail for internal purposes and regulatory audits.
- Data analysis and integration tools like Office integration and reporting. Organizations can automatically track and sync data so it does not get adulterated. The ability to see overall trends or export data and drill down on specifics helps locate exactly where issues could arise and how different factors contribute to data integrity.
The difference makers in software are automation and integration. They ensure data is tracked instantly, accurately, and throughout all procedures, eliminating the possibility of human error.
2. Design Procedures in a Way That Encourages Compliance
The Medicines and Healthcare products Regulatory Agency (MHRA) issued industry guidance outlining how to define processes in a way promoting data integrity. These tips focus on preventing integrity issues by equipping the team with integral tools. The MHRA encourages organizations to build systems that:
- Give employees access to clocks for recording exact time of occurrence.
- Have accessibility of batch records where activities take place.
- Have control over blank paper templates for data recording.
- Control user access rights to prevent or track data amendments.
- Automate data capture devices and printers.
- Place printers in close proximity to relevant activities.
- Allow access to sampling points and raw data.
Building processes around these principles sets the team up for accurate, timely, and compliant data recording.
3. Integrate Quality System Data with Other Applications
Although data integrity is an issue occurring primarily in the data capture phase, these principles can be applied to other business dimensions. Integrating QMS data with other applications improves product safety while building a competitive edge. Two areas where this is especially beneficial are:
- Library Information Management System (LIMS): Companies can automatically convert problems that arise in sample testing to a Nonconformance or Corrective and Preventive Action (CAPA) in the QMS. That way, everything necessary for an audit can be synced without manually updating separate systems. Integrating these systems also removes the possibility of human error arising from transfer of data from one system to the other.
- Business Intelligence: Data can be used from the QMS to perform advanced business modeling and make improvements from there. This propels products to market faster, but with less risk internally and throughout the supply chain.
When all systems are synced automatically, it can be confirmed that data tracking is contemporaneous and reflects exactly what happened during a given activity.
Maintaining data integrity is important on two levels. Adulterated or missing data can be disastrous during an audit. On top of hefty penalties and fines, an organization will take a financial hit from diminished consumer trust in its brand.
But for a life science organization, it’s more than just money. In this case, health and safety are on the line. Preserving data integrity is not only a regulatory responsibility, but an ethical one as well.
Alexa Sussman is a marketing content writer for EtQ. She is responsible for developing and writing content for EtQ, a leading enterprise quality and compliance management software vendor, as well as traqpath, EtQ’s compliance and event-tracking solution.