Data integrity has become an important issue. To comply with regulations, companies need to optimize data integrity and the underlying strategies involved in compliance and accountability. The following article outlines the basic regulatory expectations surrounding data integrity, as well as the strategic, multi-tiered approach needed to establish a result-based system of accountability and develop a culture of quality, ethics, and compliance.
Alongside risk assessments, electronic records, and outsourcing, data integrity has become increasingly important to regulatory agencies focusing on critical aspects of pharmaceutical quality management.
This became clear with the publication of the Good Manufacturing Practice (GMP) Data Integrity Definitions and Guidance for Industry by the UK’s Medicines and Healthcare Products Regulatory Agency (MHRA) . The guidance confirmed that the fundamental concept of data integrity should not be taken lightly, and that the consequences of failure can be severe.
But to meet the challenge of successfully implementing a data integrity strategy, what does an organization need to do to ensure its processes meet the required quality standards? Furthermore, how do training, awareness, system design and control, and data management practices ensure success?
2.0 What is Data?
Data integrity is not restricted to electronic data. The MHRA definition applies to all kinds of data, regardless of whether they are paper-based (manual) or generated within an electronic system.
To truly understand the regulatory requirements, it’s vital to establish a basic terminology. The MHRA defines “data” as information derived or obtained from raw data (e.g., a reported analytical result), while “metadata” is defined as the attributes of other data that provide context and meaning. Consequently, metadata describe the structure, data elements, interrelationships, and other characteristics of data.
To meet the requirements for data integrity, GMP facilities need to exercise discretion during implementation of both organizational and technical controls. The extent of the controls should be in line with the criticality of the data being generated and the complexity of the system or process being used.
To establish that data are trustworthy, or have not been tampered with or manipulated, the MHRA requires that data are:
- Attributable to the person generating the data
- Legible and permanent
- An original record (or “true copy”)
While these requirements may seem simple enough, there is another common misunderstanding about data integrity. Deliberate acts of fraud, falsification and/or provision of incorrect information are often considered to be the only causes of data integrity failures. This may not always be the case. Although fraud is a concern and data failure is one of the most obvious root causes of regulatory problems, data integrity breaches are even more difficult to identify, yet they are equally harmful if caused by an incorrect system configuration or poor system controls. Failure to meet regulatory requirements has serious ramifications and has in many cases around the world resulted in severe actions from regulatory agencies.
After developing a proper understanding of data integrity definitions, expectations, and consequences of failure, it is critical to understand steps for ensuring data integrity.
5.0 Responsible Integrity
GMP-based facilities and analytical laboratories need to develop a culture of quality, ethics, and compliance, and establish a result-based system of accountability. In such a climate it is crucial that employees at all levels in an organization, whether operational, quality or manufacturing staff, clearly understand their responsibilities and are comfortable and confident that they are able to escalate concerns in any part of the organization before they become significant issues. Such an approach starts at the basic level; for example, each employee should recognize that s/he is accountable for his or her own signatures. However, in order to be successful, a positive culture designed to empower individual employees to report issues and recognize opportunities for improvements needs to be established at the senior leadership levels. In contrast, a culture of fear will only increase the potential for data manipulation and the risk of fraud and data integrity failures.
6.0 Importance of Training
Training is essential for the quality and accuracy of data integrity practices. Internal quality auditors need to be experienced and competent in detecting data integrity deficiencies, and data verification activities must be part of the audit process.
Manufacturing personnel and/or technical laboratory staff must also have a complete and comprehensive understanding and appreciation for the procedures and policies that govern and secure data integrity. Because deviations will occur, as no facility is event-free, appropriately trained staff should be able to reinforce data integrity policies and procedures so as to significantly minimize their impact in the event that such a departure from protocol occurs.
7.0 Human Error
Although technical controls greatly reduce human error, the manner in which data is to be generated dictates the data integrity risk. Paper-based manual observations usually provide more visibility to potential data integrity risks than a configurable, complex, computer-based system. However, because failure with manual recordings does exist, all data must be recorded in real time directly onto the GMP record. These records also need to be controlled by issuance and reconciliation procedures for workbooks, batch records, and notebooks.
Laboratory equipment and systems need be configured appropriately to enable traceability to the employee generating the data, to enable access to the original data (source data), and to provide visibility of any data changes and reasons for such changes. This can be accomplished by following a set of simple guidelines:
- Enable audit trails on systems.
- Limit system administrator access to a few distinct individuals. The number of administrators should take into account the size and nature of the organization.
- Remove the ability for laboratory personnel to delete, overwrite, copy, alter or in any way manipulate data.
- Ensure that each employee has a unique ID and accompanying password for the system.
- Upgrade the software to ensure it is compliant with the Food and Drug Administration’s 21 CFR Part 11 and the European Medicine Agency’s Guidelines to Good Manufacturing Practice Annex 11.
To meet regulatory requirements, GMP organizations need to establish robust and sound programs that protect the data life cycle. Failure in just one area compromises the data integrity. Successful preservation of the data life cycle can only be achieved in organizations where a culture of quality, ethics and accountability is firmly established, a robust training program is employed, and organizational and technical controls are in place.
June 10, 2016 | Corresponding Author: Doug Chambers | doi: 10.14229/jadc.2016.06.01.001
Received: Aril 28, 2016 | Published online June 10, 2016 | This article has been peer reviewed by an independent editorial review board.
Featured Image: Data Courtesy: © University of Cambridge (UK)/Automatic Statistician. Used with Permission.