2. Contents
• Introduction
• DI-ALCOA
• Why is it a hot topic
• Challenges noted by agencies
• Why it arises?
• Regulatory perspective
• Change in regulatory focus
• Impact of absence of DI
• DI CASE
• Inspection focus
• AIP
• Breach of DI
• USFDA inspection
• How to prevent DI issues
3. Introduction
• Data Integrity refers to maintaining and assuring the accuracy and
consistency of data over its entire life-cycle and is a critical aspect to the
design, implementation and usage of any system which stores, processes
or retrieves data.
• Data integrity is a prerequisite for the regulated healthcare industry as
decisions and assumptions on product quality are made based on data.
4. Data Integrity - ALCOA
• FDA uses the acronymALCOA to define its expectations of electronic
data.The “L” originally stood for legible, which dates back to the time
when FDA was dealing with scanned documents. It has been updated to
“long lasting.”
Attributable
Long-lasting (legible)
Contemporaneous
Original
Accurate
5. Why is it a hot topic now ?
Agencies expects that pharmaceutical companies should retain complete
and accurate records and all raw data and to make that available to
inspectors .
The integrity of data generated by a regulated pharmaceutical companies
and laboratories matters most, because properly recorded information is
the basis for manufacturers to assure product identity, strength, purity, and
safety and non-compliances found in the integrity of data leads warning
letters and a regulatory action from the agencies.
6. Challenges noted by the agencies
• Non contemporaneous Recording: Failure to record activities at the time
when activity was performed.There is evidence that the records were signed by
company personnel when the person was actually absent on that day.
• Document back-dating: Backdating stability test results to meet the required
commitments.
• Copy of existing data as new information: Test results from previous batches
were used to substitute testing for another batch or acceptable test results
were created without performing the test.
.
7. Continue…..
• Re-running samples to obtain better results: Multiple analyses of assay
were done with the same sample without adequate justification and in
some cases samples were tested unofficially or as a trial analysis until
desired test results obtained.
• Data fabrication and data discarding: Original raw data and records
were altered for e.g., by using of correction fluid or Manipulation of a
poorly defined analytical procedure and associated data analysis in order
to obtain passing results
• • Not reporting stability failures appears to be common.
8. Why it arises?
• Feel embarrassed after making a mistake
• Admission of error – harmful
• Covering up-Why admit when nobody is watching
• This is not related to training or understanding a particular technical or
quality concept but mainly related to honesty and ethical issues. Further
what is more disturbing is that senior management and company owners
appear to either support such practices covertly or overtly and in many
instances encourage them.
9. Why is so hard for the companies to get it right?
10. Regulatory Perspective
• For authorities the integrity of data is an essential quality attribute in
the manufacture of pharmaceutical products.After some serious
deviations international authorities have moved the topic into the centre
of their interest. In particular the US FDA issued serious violations in
Warning Letters to the companies concerned.
• Data integrity issues pose such a high risk and are not always easily
detectable. As electronic data recording and management systems are
implemented instead of paper systems, the detectability of data
manipulation becomes more complex.
11. FDA and other health authority agencies have recently
expanded efforts to target manufacturers and
laboratories with potentially questionable data. A
MHRA guidance places the responsibility on senior
management to ensure systems and procedures are
implemented utilizing the principles in ICH Q9,Quality
Risk Management to minimize the potential risk to data
integrity.
Data integrity
directives
standards
12. Change in Regulatory Focus
• The integrity of the data collected and recorded by pharmaceutical
manufacturers is critical to ensuring that high quality and safe medicines are
produced.
• International Regulatory focus has shifted to DI issues and between 2010 &
2013 US FDA,WHO & UK MHRA inspectors have undergone training to
better detect signs of data problems.
• Regulatory authorities are looking more closely at international facilities for
signs of altered and doctored records.
13. Impact of absence of data integrity
In many cases, Pharma Companies have been impacted by:
• Consent Decrees
• FDAWarning Letters
• EU statements of non-compliance (SNC),
• Importation Ban(s)
• Loss of consumer confidence
• Product applications review suspended
• Market & share price reduction.
14. -DI Issue (case)
• The inspector and the authority criticised multiple aspects with regard to "failure to
prevent unauthorized access or change to data and to provide controls preventing
data omissions“ to the API manufacturerVUAB Pharma.
• The inspector revealed the firm did not properly maintain a back-up of HPLC
chromatograms that form the basis of the product release decisions.The inspector
revealed as well discrepancies between the printed chromatograms and the OQ
protocol for the HPLC system, which is intended to demonstrate correct operation of
the system (e.g. injection sequences and values to calculate relative standard deviation‘
• 'The quality unit was unable to retrieve the original electronic raw data because back-
up discs were unreadable.The quality unit stated that back-up discs have been
unreadable since at least 2013'
• 'The inspector criticised that the firm does not have proper controls in place to prevent
unauthorized manipulation of labs raw electronic data.The HPLC systems did not
have access controls to prevent alteration or deletion of data.The HPLC software
lacked an audit trail recording any changes to the data, including: previous entries, who
made changes, and when changes were made'
15. Case continue..
• 'The laboratory employees shared a common log-in and password to access the system'
• 'The firm failed to review historical data to ensure the quality of the products distributed to
the US market'
• In response to this list of deficiencies the FDA now expects the affected company to provide
a comprehensive corrective action plan to the following points within 15 working days:
1. 'Information regarding changes in the reliability of the IT infrastructure, including
improved IT systems, systems validation, revised procedures and retraining of
employees'
2. 'Procedures regarding passwords used to access the analytical instruments. All access
levels for computerised systems should be clearly defined and documented in a written
procedure'
3. 'A detailed summary of the steps taken to train the personnel on the proper use of
computerised systems'
16. Inspection Focus
• Company understanding of computerised system capabilities
and transfer of data between systems
• Up to date listing of all relevant systems and GMP functionality
• Control of networked & standalone instruments
• Policies and procedures detailing processing and control of data
17. Inspection focus - data
• Data processing and review
• Accuracy checks
• Potential for data manipulation and deletion
• Repeat testing / replicate data
• Date / time stamp manipulation
• Criteria used to invalidate data
• Data transfer to systems - Checks that data are not altered in value and/or
meaning (primary and meta data). Level of checking should be statistically
sound.
18. Application Integrity Policy (AIP)
• The Application Integrity Policy is what FDA pulls up when it
has questions about a manufacturer’s electronic data.
• Electronic information includes everything, such as emails,
adverse events reports, complaints, batch records, and quality
control records—everything that’s stored electronically.
19. Breach of DI
• Breach of Data Integrity is , a violation of the integrity of Data. Which
means, the actions performed and the documents/records written do not
reflect the truth and the reality which has taken place.
• It is not about Lab Data alone “Data Integrity is not only about the QC, it
applies to compliance with GMPs: Relates to:
• - Research & Development
• - ClinicalTrials
• - Manufacturing &Testing
• - Inspection
• - Post Inspection Activities
20. US FDA Surprise Inspections …
• Until now, FDA’s inspections of Indian pharma plants have always been with
prior notice.
•The surprise checks and aggressive surveillance are being considered
because of “instances of fabrication of documents and human errors”.
• India’s growing importance as a hub of Generic producers and rising
compliance problems prompt regulator to consider the plan
• FDA expanded its inspection team in India from 12 to 19.
21. Ensuring Data Integrity
• Records should be created contemporaneously
• Retained, reliable
• Changes should be noted, reasoned and non repudiated
• Computer system should be trust-worthy
• -validated to intended use.
• No resultant decrease in product quality, process control or product
assurance
• Evidence should be available to prove the above
22. Ensuring DI
Ensuring data integrity in regulated
labs.
CGMP
21 CFR PART 211
GALP
EPA DIRECTIVE
2185
GLP
21 CFR PART 58
GAMP
5 (ISPE) GUIDE
GCP
21 CFR PART 312
SUBPART D
23. So what can be done to prevent data integrity
problems?
• • Encourage Co. to establish a “Data Integrity policy” to show that you are serious
about falsification of data and that it is a cause for termination.Train on this policy.
• • Establish a general standard for GDP so that even the most innocent recording
issues cannot be perceived as fraudulent.Train on this standard.
• • Establish a specific procedure on sampling/testing requirements and laboratory
data recording to be clear about incoming, in process, and final testing
requirements. Train on these procedures.
• • Provide specific training for secondary reviewers/approvers to ensure GDP are
followed and suspicious results and trends are investigated.
• •The QCU must be able to demonstrate that it has established and trained on
policies and procedures that are designed to take data integrity seriously.
24. Other primary solutions to DI Issue
• Put errors to good use
• Share with others
• Analyse and find Root Cause
• Correct errors through QMS
• Anticipate that errors will be made in the learning process
• Risk acceptance: It needs to be understood that errors may occur