21 CFR Part 11 noncompliance is a whole lot less sexy than the colorful sales and marketing pecadillos the industry has seen so far this year, but it is a main theme in Mr. Olagunju's complaints against Novartis and a recurring theme in 483s and regulatory problems. "IT is still the weak link in the chain of compliance," defense attorney Mitch Lazris said at an industry event recently, "And, in the courtroom it's the industry's Achilles Heel." (IT consultant John Avellanet, CEO of Cerulean, LLC quoted Lazris in a presentation he made in Washington this week. He also commented on data integrity a few days ago for "On Pharma." Here is a slightly longer article, in which he offers best practices.) The essence of Part 11 is data integrity, and pharma doesn't always get it right. (In the medical devices area, even news of Baxter's infusion pump recall involved data integrity---it appears that repair, test and inspection data had all been falsified.) "FDA's mistake with Part 11 was focusing on the technology hows and not the required outcomes for information integrity," said George Smith, head of CDER's office of compliance, also quoted by Avellanet. Experts agree that managing data is at the root of many of the pharmaceutical industry's most pressing problems today. When our magazine started up in 2002, "Part 11," the regulation that pharma loved to hate, was on every healthcare trade magazine headline and magazine cover (including ours). We don't hear about the regulation all that frequently anymore But rumors of Part 11's demise have been highly exaggerated. Just because we're not hearing about it again and again doesn't mean it shouldn't be a priority. Only now, it's integrated into the overall fabric of compliance. The following slide from Mr. Avellanet's presentation, sums up the situation nicely. Consultant Michael Gregor, CEO of Compliance Gurus, says many pharma companies fail to:
- follow documented standard operating procedures
- maintain accurate and complete records.
- deploy audit trial functionality in automated applications used for regulatory purposes
- validate computerized systems for their intent of use
- train employees on company SOPs and/or Policies