Examples of Data Integrity Violations in a GxP Laboratory

Leading Minds Network

The 2015 MHRA, WHO and FDA data integrity guidelines aren’t that new anymore. Actually, data integrity has been a top priority of these governing bodies for decades.

In 2016, the Pharmaceutical Inspection Cooperation Scheme (PIC/S) also released updated Draft Guidance on Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments.

Also in 2016, the European Medicines Agency (EMA) published Data Integrity Guidance, stating their guidelines are aligned with other national governing bodies participating in PIC/S. They made it clear that data from testing, manufacturing, packaging, distribution, and monitoring of drugs all must follow Data Integrity Guidance to ensure regulators can effectively review the quality, safety, and efficacy of drugs.

What do all these new regulations mean?

By now, your pharmaceutical R&D operation should include identifying data integrity issues as part of your Quality Risk Assessment, uncovered using a Failure Mode and Effects Analysis (FMEA).

The key issues to identify are:

Are your data systems producing compliant results; or are manual processes creating issues?
Are good documentation practices in place, or SOPs for employees to follow?
Is employee training to blame, or lack thereof? Or are procedures unclear, ineffective, or outdated?

It’s interesting that 95% of Data Integrity Violations are actually due to poor data management. Unlike the news headlines, who promote fraudulent activities as the blame for Data Integrity Issues.

What is Data Integrity?

The FDA defines data integrity as «…the completeness, consistency and accuracy of data. Complete, consistent and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy and accurate (ALCOA).»

What could be a violation?

Data integrity involves all aspects of data and document management including creation/generation; use; manipulation; storage; destruction; and disposal.

A regulatory audit violation could be a result of:

Failing to document activities, with time stamp
Discarding data or only reporting data of positive test results
Backdating
Fabricating data
Missing, altered or raw data not being recorded
Lack of audit trail, or no documented change control

Why is temperature data so important in a GxP lab?

There are so many systems, devices and equipment that produce data that fall under data integrity regulatory requirements. Your environmental data is no exception.

Environmental monitoring plays an essential role in your GxP activities because the environments at which medicines and consumer care products are manufactured, tested and stored
can affect composition and efficacy. Even moderate changes in temperature, humidity or CO2 can make experiments, manufacturing, laboratory, or distribution results unreliable. Refrigerators, freezers, stability chambers, storage areas and incubators are all examples of controlled environments utilized to ensure these sensitive products are maintained at specific conditions.

Regulators ask that you keep records of the temperature / environmental data to document that activities were performed under the appropriate environmental conditions. It will also ensure that all tests performed are reliable and repeatable. In the event of an excursion, deviation reports will demonstrate the corrective action taken to document whether or not the product was at risk.

Poor temperature data management

There is a misconception that meeting data integrity expectations is easier with paper-based processes and that data integrity does not apply equally to paper as it does to electronic records, however data integrity expectations apply to all data collected.

In fact, the WHO draft on data integrity notes that there is a need to modernize risk management practices with updated, current technology and states that data integrity risks are higher when processes are manual or paper-based.

The data integrity guidance from the MHRA specifically warns against reverting from computerized systems back to paper, stating: «Reverting from automated, computerized to manual/paper-based systems will not in itself remove the need for data integrity controls. This may also constitute a failure to comply with Article 23 of Directive 2001/83/EC, which requires an authorization holder to take account of scientific and technical progress and enable the medicinal product to be manufactured and checked by means generally accepted scientific methods.»

How to temperature monitor compliantly

To reiterate - the FDA defines data integrity as «…the completeness, consistency and accuracy of data. Complete, consistent and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy and accurate (ALCOA).»

The best way to achieve FDA’s expected data output is usually an electronic means that includes an audit trail, time-stamped, point by point data. Read more about this subject, and how electronic means of temperature monitoring in your GxP lab or facility can ensure your compliance in the article Could poor temperature data management be putting your GxP facility at risk for Data Integrity Violations? You will learn the difference between chart recorders, hand-written temperature logs, independent data loggers and networked data loggers.

If you’re using chart recorders currently, you’ll probably want to read this peer-reviewed article Losing everything - is a chart recorder enough to protect critical assets?

If you want to get a closer look at how networked data loggers work, visit ELPRO’s solutions page for central production & lab equipment.

Regulatory Inspectorate’s Advice

In May 2015, ELPRO and Envirotainer hosted a Leading Minds Seminar in New Brunswick, NJ. Ian Holloway from the MHRA presented how the new Data Integrity Rules affect temperature control professionals.

He presented a series of questions to challenge pharmaceutical manufactures to ask themselves:

Are our raw data retained and secured against unauthorized changes?
Do you have adequate metadata – data-about-data?
Would you detect unapproved changes?
Do system users have appropriate access controls and defined user rights?
Is your data attributable, legible, contemporaneous, original, accurate, complete, consistent and enduring?
What risks do you have from Cloud storage/services?
Are any spreadsheets fully validated and secured?

Conclusion

There’s been a lot of hype about pharmaceutical Data Integrity Regulations. The FDA suggests making a periodic risk-based assessment of your activities to help evaluate your existing policies and procedures. Try mapping your specific temperature monitoring workflows to identify areas of risk.

It’s also important to note that risks change over time, so the same risks you had a couple years ago may not be the same as they are today, especially considering the new Data Integrity Definitions and guidelines, and not to mention the increase in data integrity-focused audits.

For example, perhaps five years ago, you only had a couple pieces of equipment to monitor, and chart recorder monitoring posed very little risk to your operation. Now, with twenty pieces of equipment to monitor, the chance for human handling errors while processing these charts is greater. If you’re still using paper or manual processes for your temperature monitoring, consider about how an automated, computerized system will minimize risk and improve processes, minimizing the risk to data.

References: