The Secrets We Keep — FDA Data Integrity, Elizabeth Holmes, Theranos, Bad Blood and HBO’s “The Inventor?”

Jack Garvey |

By now, most everyone in FDA regulated industry is aware of Theranos, the Wall Street Journal’s John Carryrou, and his award-winning book Bad Blood: Secrets and Lies Inside a Silicon Valley Startup. But have you seen HBO’s new documentary, “The Inventor: Out for Blood in Silicon Valley?” I was lucky enough to come across the documentary while doing my usual evening channel surfing, and I decided to tune in. While most of the information covered in the documentary has already been told, being able to observe the tone, mannerisms, and delivery of everyone’s story was truly fascinating. To see the people involved discuss a story with such scope, scale and unrealized promise was both sad and riveting.

Some still find it baffling that Theranos was able to raise upwards of $900 million without any tangible evidence that their marquee product, the Edison, worked. Even more puzzling, at least to me, was how many high-profile investors were eager to support the company. These were well-respected, high-net-worth individuals and venture capital (VC) funds with hundreds of years of collective investing expertise. How could they be SO FAR OFF?

The Motive? Ego and Money

Take a look at the Theranos pitch, it’s easy to see the allure:

The PitchIt was a marvelous pitch. A black box, capable of running upward of 240 blood tests — diabetes, HIV, cholesterol, cocaine — a la carte, from just a single drop of blood. Think about the level of industry disruption. Labs, doctors, Big Pharma, all brought to their knees and consolidated into a Macintosh-like box in the back of your Walgreens. Patient-consumer data at the prick of a fingertip, with far less blood and funding needed to make things happen. We’d beat a gatekeeping, profiteering healthcare system overnight. This could save untold millions of lives with early detection. And who wouldn’t want to see that in their lifetime? Developments in nanotechnology, modern medical innovation, and Silicon Valley gumption seem like perfect excuses for an idea like this to be within reach.”[1]

Who wouldn’t want to ride this wave? “Disruption”, “Macintosh-like”, “save untold millions of lives”, “nanotechnology,” the Theranos pitch had it all. If there’s one thing that makes investors drool its buzzwords. Especially when delivered with a slick presentation backed up by an all-star board of directors. Despite some of the brightest minds in science stating the idea was technologically unfeasible, investors continued to throw money at the company. In due time, everyone learned exactly what the problem was…the box (and the company’s culture) didn’t work.

Why VCs Should Care About FDA Data Integrity

Data integrity continues to be a hot topic in our industry. Despite all that’s been written and spoken about it, bad data (or downright fraudulent data) is still being produced daily. For life sciences companies to accurately represent their products, procedures and processes, data needs to be accuracy, reliable and reproducible. For the investors, the quality of such data is foundational to the value placed on a funded company. When journalists, industry experts and, most recently documentarians, dug into the Theranos story — fabricated data and data manipulation was a central tenet. Incredibly, the high-profile VCs who continued to pour money into the company didn’t even want to do a casual assessment regarding the integrity of the data.

One scene in the documentary describes a particularly egregious example of data manipulation. Theranos would bring investors into a conference room and ask someone to volunteer a blood sample. Theranos executives would insert the sample into the Edison machine, and while they were “waiting for the results,” take the VCs out of the conference room for a tour of the facility. While investors were away, other Theranos employees took the blood sample elsewhere for diagnostics and then manually input data into the Edison machine.

While this sounds crazy, it was relatively common practice according to Business Insider:

“The first incident…involved a blood test ordered in 2013 for a patient using the company’s proprietary Edison lab machine. The lab worker assigned to the test reportedly found problems that indicted accuracy problems with the device. When the lab worker told superiors, the report said, an employee in research and development came to the lab and deleted the data. In the second incident…an employee sent an email to CEO Elizabeth Holmes in 2014 suggesting the company ‘cherry-picked’ data when comparing the Edison machines to traditional blood-testing machines to make the machines look more accurate.”

The article goes on,

“…for one test, the device’s accuracy rate increased sharply after some information was deleted and manipulated, the employee wrote. Edison machines also allegedly failed daily quality-control checks often.”[2]

A Fundamental Cause of Data Integrity Issues? Poor Quality (and Compliance) Culture

FDA Quality Culture starts at the top. As we learned from the above examples, regardless of how great the potential of a patent, technology, or scientific innovation, it is impossible to assign value to a company’s potential when Senior Management willingly participates in generation of fraudulent data – or – turns a blind eye to making sure the data “works” regardless of its validity. This failure is fundamentally the result of a company’s poor Quality Culture.

When Theranos was questioned about the above occurrences, “Theranos representative Brooke Buchanan told the Wall Street Journal she didn’t believe the first incident ever happened. In the second incident, Buchanan put the blame on the employee, who she said was too inexperienced to ‘make these types of comments.’” [3]

Compliance Architects®’ CEO, Jack Garvey, has been on the cutting edge of FDA Data Integrity program development and FDA Quality Culture assessment. At a recent conference, Jack was quoted:

“Understanding the drivers of behavior behind quality and compliance outcomes can be frustrating and challenging. Stated corporate intent and policy can be disconnected from actual employee conduct. Pockets of information can lead to lack of transparency, and to personnel not working together as a team towards common goals, and with common understandings.”

Jack often states that “quality culture trumps quality systems when you need to improve quality and compliance performance and outcomes.”

A Comprehensive Approach to Solving FDA Data Integrity (and FDA Quality Culture) Problems

To address problems with FDA Quality Culture leading to non-compliant and possibly fraudulent Data Integrity outcomes, Compliance Architects®  has developed a 7-element program that considers culture and data integrity together to ensure an effective, lasting outcome for a data integrity improvement or remediation program.

Although comprehensive in nature, the program can be summarized as follows:

  1. Program Element 1- Regulations, Enforcement, Guidances, Industry Standards: Review and develop a consolidated requirements document from the various guidances and model approaches that reflect external stakeholder expectations. Consolidated requirements must reflect local market expectations and should be consistent across the enterprise.
  2. Program Element 2 – Policy, Expectation, Culture, Incentives & Punishment: Ensure all personnel understand the Corporate intent, requirements and expectations; to create positive culture and incent proper conduct; and to establish the significant ramifications from failure to adhere to Corporate principles.
  3. Program Element 3 – Quality System / Positive Compliance Controls: Establish a rigorous quality system and related control framework that incorporates data integrity considerations throughout all operational processes. Positive controls are an expansive term encompassing the quality system control framework and discrete, individual controls over focus activities and functions.
  4. Program Element 4 – Data Integrity Focus Areas: Identify those operational, quality and support activities that have particular risk for data integrity concerns and ensure both activity execution controls and proactive challenges are implemented rigorously.
  5. Program Element 5 – Data Lifecycle Management Controls: Establish comprehensive data lifecycle management controls that create clear, unequivocal requirements for how to record, migrate, report, repurpose and forward-migrate data to ensure integrity of data and information.
  6. Program Element 6 – Proactive Challenges: Establish a program that regularly challenges, probes and identifies occurrences of data mishandling and that will seek out and identify, to the extent possible, possibly fraudulent activity.
  7. Program Element 7 – Governance: Develop and implement an appropriate governance approach that ensures regular reporting of data integrity assurance practices performance, and that serves as an escalation point for deviations from directed practices and is responsible for maintaining the contemporary value of the overall program.

If Theranos had embraced such a comprehensive program, and if the Theranos technology actually worked, the company might have achieved transformational medical innovation. We can only hope the next Theranos considers this cautionary tale and embraces these principles before patients are put at risk, and investors lose their shirts on “snake oil” investments.

More information on Compliance Architects®’ 7-element data integrity program can be found here.

Bad data and quality culture are like the plague — they can spread and quickly overwhelm your organization. If you are concerned about your data integrity practices, call us before the FDA shows up at your door and identifies the negative outcomes that can occur.

For further information or for help on how to improve your organization’s quality and compliance operations, please contact Jeff Grizzel at or at 703-587-8990.





Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.