DATA INTEGRITY: Foundation of Compliance; Critical Source of FDA Enforcement Risk
One of today’s most significant areas of FDA enforcement risk (and for that matter, international regulatory body risk) is data integrity. Although data integrity has been an area of focus for many years, enforcement activity in this area is exploding. As an example, data integrity is at the core of over 15 FDA Warning Letters issued to Indian pharmaceutical companies alone since 2012. Data integrity is such a critical focus area for the FDA because when basic data integrity controls are lacking, FDA cannot rely on the data or records of that company to determine compliance, quality or safety risks to consumers and patients. Data integrity is the cornerstone of FDA compliance, since data and documents provide the only reliable information to determine a company’s actions and intent.
Issues with data integrity can be grouped into three primary types:
- Fraud: Intentional conduct resulting in compromised and unreliable data and records;
- Negligence: Unintentional but improper conduct either directly or indirectly leading to compromised and unreliable data and records; and
- Incompetence: Lack of knowledge and/or awareness of requirements surrounding FDA’s data integrity principles that may lead or have led to compromised and unreliable data and records.
Risk Situations, Stages and Contexts:
Data integrity is a topic of importance to all regulated products manufacturers, including but not limited to those in the pharmaceutical, medical device, dietary supplement, biologics, and food, industries. Data integrity issues can be found throughout the product lifecycle (discovery, pre-approval and post-approval), and within both internal operations and extended supply chain operations. High-risk areas where data integrity issues and failures are found include:
- Manufacturing control;
- Laboratory operations / product release;
- Suppliers, contract manufacturers, contract laboratories, partners & extended supply chain participants.
Sources of Issues and Problems:
Without the proper systems and controls, data integrity issues and problems can be found throughout a regulated company’s operations. Data integrity failures are typically found in:
- Quality records (completed forms, computer-based entries) due to lack of basic Good Documentation Practices;
- Laboratory raw data and derivative reporting;
- Computer-based system and data/information change security and tracking;
- Data and information traceability, i.e., original recording to later communication and reporting.
Root Causes of Data Integrity Issues and Problems:
Data integrity is something that is either an organizational focus, or if not, is a topic that will eventually lead to significant FDA enforcement challenges. Data integrity issues and problems are often due to lack of:
- Adequate personnel qualifications;
- Adequate training;
- Adequate standards, procedures and process documentation;
- Positive business performance cultural influences resulting in personnel failing to identify / reveal problems or issues;
- Adequate control frameworks, control rigor and controls;
- Adequate IT / IS controls.
Lifecycle Considerations for Data Integrity:
All data and information within regulated industry is subject to a lifecyle (whether formal or not) and data integrity principles apply at ALL POINTS in the data / information lifecycle:
- Recording (paper / computer-based)
- Approving / Invalidating
Resolving Data Integrity Issues and Problems:
Programs to resolve problems with a company’s data integrity practices must be comprehensive and aggressive. They must involve basic cultural change principles; and must address basic procedural controls, along with incorporating changes to paper-based quality records and computer-based systems. The approach must be multi-faceted, encompassing personnel practices, systems, controls, and review and approval actions. Remediation programs must be tightly managed and controlled. Basic elements of a long-range remediation program include:
- Risk Determination;
- Remediation Planning;
- Remediation Execution;
- Remediation Effectivity Assessment;
- Ongoing Monitoring.