The pharmaceutical and biopharmaceutical industries must give immediate and strategic consideration to data integrity practices for two critical reasons:
1. increased attention to data integrity shortcomings by global regulatory agencies and
2. the possibility of a less stringent regulatory environment.
To understand the pressing ramifications of the data integrity issue, we must remind ourselves that data is both the backbone of CGMP compliance and the fuel of the digital economy. In the pursuit of increased efficiency, digital approaches are being used for risk reduction and greater innovation in pharmaceutical lifecycle processes—from discovery to commercial manufacturing—and must continue to be further leveraged. Additionally, data must become less siloed and flow much more seamlessly throughout pharmaceutical organizations at various stages of the product lifecycle. However, just as if gasoline in a car engine is contaminated, it will damage and/or cease the engine, the same is true for “digital fuel.” Correct and uncorrupted data must flow through a pharmaceutical organization so that correct and reliable decisions can be made.
Even without sophisticated digital data management considerations, data integrity of even the most basic data systems must be assured to ensure compliance.
REGULATORS INCREASED ATTENTION TO DATA INTEGRITY
For several years, the FDA and other global regulatory bodies have emphasized the importance of accurate and reliable data in assuring drug safety and quality. However, in tandem with increased digital sophistication and the role of global manufacturing partners, data integrity violations have been on the rise.
As a reflection of the importance of this issue, in April, 2016, the FDA released draft guidance, “Data Integrity and Compliance With CGMP Guidance for Industry.” Within the guidance itself, the FDA notes the trend of increasing data integrity violations.
The guidance states, “In recent years, FDA has increasingly observed CGMP violations involving data integrity during CGMP inspections. This is troubling because ensuring data integrity is an important component of industry’s responsibility to ensure the safety, efficacy, and quality of drugs and of FDA’s ability to protect the public health. These data integrity-related CGMP violations have led to numerous regulatory actions, including warning letters, import alerts, and consent decrees.”
The phrase “data integrity” often conjures the image of intended and dishonest manipulation of data to achieve some benefit or avoid negative consequences. While purposeful data adulterations do occur, many data integrity violations are not purposeful and are a result of improper training, ineffective SOPs, corrupt systems, or lack of clarity within the regulations themselves. The CGMP framework recognizes that technologies and approaches evolve over time which reflects advances in innovation. Therefore, regulations and guidance are created with built-in flexibility to accommodate these changes. However, often these accommodations result in a lack of clarity.
POSSIBILITY OF A LESS STRINGENT REGULATORY ENVIRONMENT
President Trump has vowed to overhaul the FDA and sharply reduce the regulatory burdens of the current drug approval system. In fact, arguments have been made, by people associated with the administration, to completely eliminate pre-market approval clinical trials that are currently required to demonstrate drug efficacy and safety.
While eliminating clinical trials is a very extreme position and is unlikely to happen, the Trump administration is decidedly moving in the direction of sharply decreased regulation. A regulatory structure that is less burdensome does not eliminate the need for the development and production of safe and effective drug products. In addition, pharmaceutical companies need to demonstrate the value of a new drug to payers to ensure reimbursement and, therefore, the marketability of a new drug.
Data—which is the fuel of decision making, continuous improvement, quality, and the demonstration of clinical value must hold high levels of integrity regardless of the regulatory environment. However, strong arguments can be made that the importance of data will radically increase within a less regulated environment. The highest levels of data integrity will be needed if some regulatory checks and balances that have historically protected patients and facilitated marketability of a drug are removed.
NEEDED DATA INTEGRITY APPROACHES FOR THE PHARMACEUTICAL INDUSTRY
Given the factors that are bringing data integrity to the forefront of pharmaceutical industry priority, how should a pharmaceutical company approach the effort?
Setting regulatory requirements aside, data serves two critical functions within pharmaceutical organizations: efficiency of innovation and assurance of quality.
“The value of the economy today, and even more so tomorrow, lies in data, often called the 21st-century oil. But the comparison isn’t entirely apt: oil companies in the 20th century often had the monopoly, whereas we’ll need a different model for data,” stated French Secretary of State for Digital Affairs, Axelle Lemaire.
Modeling, sequencing, continuous improvement, root cause analysis, and many other areas of pharmaceutical development and manufacturing should be as automated as possible and continuously improved. High quality data that is not organizationally or functionally siloed is required to accomplish these ends.
From a quality standpoint, data integrity is a critical component of a company's Quality System. Quality data provides the basis for the confidence that the company uses correct data to operate in accordance with regulatory requirements. In addition, it is high quality data that provides the basis for product, process, true product quality understanding, and determination.
With the importance of data integrity firmly established, how does a pharmaceutical company achieve this?
ELEMENTS OF DATA INTEGRITY
Data integrity is defined as the degree to which all data (electronic, paper-based, or hybrid) are complete, consistent, and accurate throughout the lifecycle of the data. ALCOA is the data integrity standard of regulatory bodies, hence the needed industry standard. The elements of ALCOA are the same whether the data is electronic, paper-based, or a combination.
- A—Attributable to the person, system, or device generating the data. The information that is captured should identify the source of the data and accurately record any changes made.
- L—Legible and permanent. Data is to be recorded and stored in a durable medium that ensures readability for the full period of time that the data might need to be accessed or legally referenced.
- C—Contemporaneous. Data is to be recorded as the data is generated or at the time an event is observed.
- O—Original record. In other words, a true copy. Data is to be used or presented as it was created.
- A—Accurate. Data is to be verified as being free of errors. Data accuracy is to be demonstrated as correct via repeatable calculation, algorithm, or analysis.
DATA MANAGEMENT SYSTEMS CONSIDERATIONS
Commonly, quality professionals become overwhelmed by computer systems issues and their impact on data integrity. Therefore, too often, critical data integrity considerations are delegated to IT professionals who are not trained in pharmaceutical Quality Systems considerations. In truth, due to both the sophisticated data management requirements and quality considerations, collaboration is required among quality and IT professionals. Data management systems must take the following into consideration:
- Data management that assures security and reliability of data must be fully incorporated into the Pharmaceutical Quality System.
- Pharmaceutical companies must comply with 21 CFR Part 11 requirements wherever electronic records and/or electronic signatures are used in GMP processes.
- Quality System processes must properly reflect the use of computer systems and electronic records. Computer systems should be appropriately developed, qualified, tested, and periodically assessed to ensure that they remain in a validated state. Any changes made to computer systems must be tested to understand their impact on the GMP operations supported by the system.
- Laboratory instruments associated with the established Quality System should be identified and evaluated for their risk to GMP operations. These instruments need to be periodically checked to assure that they remain in a validated state. In addition, they should be periodically checked for compliance with 21 CFR Part 11 and the United Kingdom’s Medicines and Healthcare products Regulatory Agency (MHRA) guidance on data integrity.
- Passwords and login information should be unique to every authorized user and should not be shared because actions will then not be attributable to a specific individual.
- Thorough consideration needs to be made of time/date stamping procedures that are not fixed and can be altered by an individual.
- Data backup systems must be carefully considered to assure backups occur in a timely manner, are accurate, and data is retrievable when needed.
- Just as data collected by laboratory needs to be an integral part of the Quality System, so too does data collected by manufacturing equipment controls and automation systems.
- Data integrity evaluation must be included within a pharmaceutical company’s audit program. Data integrity experts need to be included within the audit program adjustment process to both ensure effective data integrity processes and to ensure effective inclusion within the audit program.
EMPLOYEE TRAINING
Pharmaceutical executives must create a culture that ensures data integrity procedures and processes are implemented and that staff are trained appropriately. While regulators do find malicious data integrity violations, the vast majority of violations can be traced to inadequate SOPs and training.
Additionally, many data integrity violations are coming from contract international partners. All members of a global supply chain may not have same level of GMP understanding nor have the proper systems in place for proper data management. Training of partner employees and collaboratively strengthening international partners’ data management systems and practices may be needed to assure data integrity.
While international partners can be data integrity stumbling blocks, pharmaceutical companies cannot overlook the training needed for domestic employees or other professionals familiar with operating in GMP environments.
COMPONENTS OF DATA INTEGRITY ASSURANCE
Data integrity assurance must consist of three components to protect GMP data from accidental or malicious modification: prevention, detection and response.
Prevention
The best ways to prevent data integrity problems are to make sure that the proper personnel are assigned to the proper functions, that they are properly trained, a validated data integrity program is in place, and proper data security measures have been taken. Cybersecurity and potential breaches of digital data security must be considerations at the forefront of preventing data from becoming compromised.
Detection of Problems
Data collection, management, and storage systems must be validated to assure that data meets ALCOA standards. Additionally, validation of data systems must thoroughly reveal how data changes impact the intended use of the data throughout its life.
Response & Security
Data security programs must be designed to assure that data integrity remains intact. Data security issues include data security at the physical level (in buildings, laboratories, factories, etc.), at the computer systems level, and at the network level. Cyberhacking, and other cybersecurity breaches, are increasing concerns and must be thoroughly addressed.
CONCLUSION
Regardless of the data collection and management systems that are employed – from paper-based to the most complex digital systems – data must hold high levels of integrity to assure compliance. This said, the industry has entered an era where sophisticated digital tools must be employed throughout a product’s lifecycle to increase R&D and manufacturing efficiencies as well the product and process understanding for risk mitigation. Advancements in these areas are critical for advancing innovation and addressing drug pricing pressures that will only intensify.
As mentioned within this paper, FDA’s data integrity draft guidance and the United Kingdom’s MHRA guidance on data integrity are the two most substantial directional documents within this area. However, two additional efforts are proving to be extremely helpful to the industry – the Parenteral Drug Association’s “Elements of a Code of Conduct for Data Integrity” and PICS draft guidance, “Good Practices for Data Managment and Integrity in Regulated GMP/GDP Environments.”
Without reliable, pure, and well-managed data, data cannot perform its proper function as the fuel of innovation, efficiency, and strategic decision making. Additionally, if the regulatory environment does become more laissez-faire for both patient safety and legal liability reasons, data systems must hold the highest levels of integrity. If FDA review and approval plays a smaller role in assuring product safety and demonstrating the clinical value of a new drug, pharmaceutical companies themselves will need outstanding systems with advanced data strategies to both ensure patient safety and facilitate the adoption of innovative new drugs.
