From the Editor: Can Your Data Stand Up in Court?
Rumors of 21 CFR Part 11’s demise have been greatlly exaggerated. Data integrity is at the heart of numerous 483s and a recent lawsuit against Novartis.
By By Agnes Shanley, Editor in Chief
“IT is still the weak link in the chain of [pharma] compliance. In the courtroom it’s the industry’s Achilles heel.”
— Mitch Lazris, Hogan & Hartson
I was a bit embarrassed a few months ago, at an industry event, when someone asked me the question I’d dreaded to hear: “So, what’s happening now with 21 CFR Part 11?” Of course the regulation is still in force, but last year we’d heard that the FDA had softened its approach to enforcement. Although vendors still trumpet the “Part 11 compliance” of their products, we almost never hear about it — certainly not to the extent that we did when I joined this magazine, when every headline screamed out that magic code and every article seemed to comment on the regulation that the industry loved to hate.
Few regulations have brought more misunderstanding, or illustrate the gap between industry and FDA more than Part 11. As George Smith, head of CDER’s Office of Compliance, has admitted, FDA may have focused too much on the technology ‘hows’ rather than the required outcomes. Industry, meanwhile, took the same approach it usually takes to any edict from FDA.
I stammered out some perfunctory reply, but as I was to learn a few weeks later, any rumors of Part 11’s demise have been greatly exaggerated. It’s not going away any time soon, advises IT consultant John Avellanet, CEO of Cerulean Associates, LLC. But companies need to think about it differently. “You need to key into the informational aspects of Part 11,” he suggested during a recent presentation in Washington, D.C.
Two very recent cases get to heart of the data integrity that Part 11 was designed to protect:
- In the devices area, the recall of Baxter’s infusion pumps, which was traced to altered maintenance, testing and inspection data.
- A whistleblower lawsuit brought against Novartis by David Olagunju, former global head of oncology statistical reporting.
Olagunju alleges that Novartis altered clinical results for its new cancer drug Tasigna (recently approved for use in Switzerland) and that he lost his job after he brought up Part 11 noncompliance issues involving clinical data. His suit seeks a court order compelling an audit of all Tasigna and other drug study data. His complaint (accessible on PharmaManufacturing.com) is a litany of issues, all of which Novartis vigorously denies. Even if they don’t hold up in court, some of his allegations may be familiar to many of you: decentralized departments, downsizing, managers new to the specific subject area, invalidated data being sent to FDA, and programmers being asked to “hard-code” that data.
Experts in life sciences IT say that many pharmaceutical companies are struggling with issues like this every day, particularly those firms that haven’t made data integrity a priority.
What are the top problems? John Avellanet sums them up as:
Lack of clarity and accountability for data integrity. “Records management says it’s an IT issue, IT says it’s a record management issue, while scientists want to stick it in their desk drawer because they know IT won’t be able to find it later when they need it.
Siloes between data and inability to translate and achieve mutal understanding between functional units. “IT can’t understand Compliance. They can’t undertand the scientists, who can’t understand Purchasing, who can’t understand senior management. They needn’t be in mutual agreement, but they should be marching to the same beat of the same drum.”
Consultant Michael Gregor, CEO of Compliance Gurus, adds a few more, including failure to:
- follow documented standard operating procedures
- maintain accurate and complete records
- deploy audit trial functionality in automated applications used for regulatory purposes
- validate computerized systems for their intent of use
- train employees on company SOPs and/or policies
Insufficient resources are another matter. “I’ve seen companies where there aren’t enough people to support the company’s official policy or to ensure the quality of data,” Gregor remarks. Recent news of one of the world’s top pharma companies cutting 11% of its workforce, mainly in Operations and IT, made me wonder if that decision won’t trouble them later on.
How are you coping with the data challenge? Please write in and let us know.