I was a bit embarrassed a few months ago, at an industry event, when someone asked me the question Id dreaded to hear: So, whats happening now with 21 CFR Part 11? Of course the regulation is still in force, but last year wed heard that the FDA had softened its approach to enforcement. Although vendors still trumpet the Part 11 compliance of their products, we almost never hear about it certainly not to the extent that we did when I joined this magazine, when every headline screamed out that magic code and every article seemed to comment on the regulation that the industry loved to hate.
Few regulations have brought more misunderstanding, or illustrate the gap between industry and FDA more than Part 11. As George Smith, head of CDERs Office of Compliance, has admitted, FDA may have focused too much on the technology hows rather than the required outcomes. Industry, meanwhile, took the same approach it usually takes to any edict from FDA.
I stammered out some perfunctory reply, but as I was to learn a few weeks later, any rumors of Part 11s demise have been greatly exaggerated. Its not going away any time soon, advises IT consultant John Avellanet, CEO of Cerulean Associates, LLC. But companies need to think about it differently. You need to key into the informational aspects of Part 11, he suggested during a recent presentation in Washington, D.C.
Two very recent cases get to heart of the data integrity that Part 11 was designed to protect:
- In the devices area, the recall of Baxters infusion pumps, which was traced to altered maintenance, testing and inspection data.
- A whistleblower lawsuit brought against Novartis by David Olagunju, former global head of oncology statistical reporting.
Olagunju alleges that Novartis altered clinical results for its new cancer drug Tasigna (recently approved for use in Switzerland) and that he lost his job after he brought up Part 11 noncompliance issues involving clinical data. His suit seeks a court order compelling an audit of all Tasigna and other drug study data. His complaint (accessible on PharmaManufacturing.com) is a litany of issues, all of which Novartis vigorously denies. Even if they dont hold up in court, some of his allegations may be familiar to many of you: decentralized departments, downsizing, managers new to the specific subject area, invalidated data being sent to FDA, and programmers being asked to hard-code that data.
Experts in life sciences IT say that many pharmaceutical companies are struggling with issues like this every day, particularly those firms that havent made data integrity a priority.
What are the top problems? John Avellanet sums them up as:
Lack of clarity and accountability for data integrity. Records management says its an IT issue, IT says its a record management issue, while scientists want to stick it in their desk drawer because they know IT wont be able to find it later when they need it.
Siloes between data and inability to translate and achieve mutal understanding between functional units. IT cant understand Compliance. They cant undertand the scientists, who cant understand Purchasing, who cant understand senior management. They neednt be in mutual agreement, but they should be marching to the same beat of the same drum.
Consultant Michael Gregor, CEO of Compliance Gurus, adds a few more, including failure to:
- follow documented standard operating procedures
- maintain accurate and complete records
- deploy audit trial functionality in automated applications used for regulatory purposes
- validate computerized systems for their intent of use
- train employees on company SOPs and/or policies
Insufficient resources are another matter. Ive seen companies where there arent enough people to support the companys official policy or to ensure the quality of data, Gregor remarks. Recent news of one of the worlds top pharma companies cutting 11% of its workforce, mainly in Operations and IT, made me wonder if that decision wont trouble them later on.
How are you coping with the data challenge? Please write in and let us know.