Sound Off: Whom Do You Trust? Whose Needs Do We Serve?

March 19, 2003

The publication of U.S. Food and Drug Administration's (FDA's) first guidance on electronic records/electronic signatures was awaited with much anticipation by the industry. It was hoped that this regulation would provide clarity of FDA's intentions and enable firms to use computer technology to greater advantage.

On the surface it seemed that all was well, and we would soon realize substantial benefits from the adoption of electronic practices in lieu of our long-standing reliance on paper documents. The reality of the 21 CFR Part 11 regulations has proven quite different, however.

Interpretations of 21 CFR Part 11, whether by industry or FDA, have indicated that the perceived ease of use had to be tied to extraordinary efforts to safeguard individual identity, data integrity and other elements. As time has passed, many of us have witnessed the extraordinary efforts taken to implement 21 CFR Part 11 across our firms--at enormous costs in resources.

Perhaps some reflection on the subject is needed. A large part of the concern with 21 CFR Part 11 is focused on system security. After all, it was deemed unacceptable to accept that an unauthorized person could hack the system, alter data, change critical records and abuse the CGMPs (current good manufacturing practices) in a manner undetectable to either the firm or an FDA investigator. This task has proved quite daunting and has raised the bar substantially over the practices used for security of written records and hand-written signatures.

I've heard on numerous occasions from firms large and small that they will not move some practice or another to an electronic system to avoid the costs of 21 CFR Part 11 compliance. I know there are instances where conformance to 21 CFR Part 11 has been attained, but at what cost?

So whom do we trust? At the end of the day shouldn't we have the same trust in our employees whether they enter their signature with a keyboard or a pen? Electronics may eventually eliminate paper, but probably not in our lifetimes. So if we trust an employee to enter data of any kind, we must recognize that at the end of the day we must trust their skill, accuracy and principles. Errors of any type are inevitable; the "perfect" system doesn't exist, whether it be paper or electronic.

If we are to make drugs more affordable and accessible, regulation must not stand in the way of technological improvements. The CGMP regulations state, "Each person engaged in the manufacture, processing, packing or holding of a drug product shall have education, training and experience, or any combination thereof, to enable that person to perform the assigned functions." (21 CFR Part 211.25) While no mention is made of the individual's moral character and rectitude, there is clearly an implied understanding that each knows that he or she is acting in the best interests of the patient. If individuals have violated that implicit trust and if that criminality has been discovered, the FDA can disbar those individuals from further employment in the industry. (See

sections 306(a) and (b) of the Federal Food, Drug and Cosmetic Act.)

It is the moral responsibility of each of us to act in the best interests of the individual who will receive the product. Whether that requires us to use a pen, typewriter, word processor, sterilizer, high-performance liquid chromatography or any other piece of equipment, regardless of how complex, our obligation remains the same. Our systems must perform as required and be properly validated--a repetitive theme of CGMP regulations.

Whether the system is paper-driven or electronically supported, the requirements for validation are ever present and are adequate to ensure the integrity of our operations. Pursuing obscure aspects of electronic data security may not be in the best interests of the patient if, in doing so, we raise the cost or reduce the availability of medications.

James Agalloco is president of Agalloco & Associates, a consulting firm to the pharmaceutical and biotechnology industry. He was previously employed at Bristol-Myers Squibb, Pfizer and Merck. He holds bachelor's and master's degrees in chemical engineering and a master of business administration degree in pharmaceutical studies. He is a past president and director of the Parenteral Drug Association and frequent author and lecturer on the subject of process and computer systems validation.