Q. Data integrity has been making headlines recently, in response to foreign inspections by FDA and European regulatory agencies (1). Based on these reports, it appears that data integrity issues center largely on manufacturing companies in Asia. Should we conclude that these issues only concern firms already struggling to comply with basic good practices in this part of the world?
A. In general, media tend to report on the most serious violations uncovered by regulators. Often when companies find similar issues through their own internal investigations, they remain confidential and unreported. It would, therefore, be presumptuous to assume violations reported on by the press are representative of the industry as a whole.
What inspections have triggered, however, is increased attention toward potential data integrity issues lurking across the industry. Few companies would have data integrity verification activities integrated into their quality oversight programs before these examples of serious violations of healthcare regulations became public knowledge in the form of warning letters (2), consent decrees (3), or reports in the European EudraGMDP database (4).
Conscientious companies have taken these potential data integrity issues seriously by starting internal investigations, incorporating data integrity assessments into their quality assurance oversight programs, and in some cases, establishing a special data integrity office. Companies—even those in good standing with regulators--have initiated such activities regardless of existing or anticipated compliance concerns.
The question is: what have these internal investigations uncovered, if anything? The answer, surprisingly, is that they have uncovered a significant amount. Once you start studying analytical data, root cause analyses, logbooks, and any other data source, gaps are repeatedly found in data traceability and trustworthiness. A few data-related issues include: uncertainty where the data originated from and who created it (e.g., where several analysts use the same user ID and password on a set of similar instruments); which raw information produced the reported data (e.g., where a summary table reports stability data results, but all raw data on the chromatography instrument have since been deleted); and whether these are the original data (e.g., where there is no audit trail on the analytical instrument). These issues are not necessarily the result of willful malpractice, but are often caused by insufficiently controlled processes, poor documentation practices, suboptimal quality oversight, and often enough, professional ignorance.
Occasionally people do intentionally falsify data. This is unfortunate but, thankfully, still a rarity.
The following are some steps companies should take to ensure data integrity:
1. MHRA, MHRA expectation regarding self inspection and data integrity, Dec. 16, 2013.
2. FDA, Warning Letter to Sun Pharmaceutical Industries Limited, 320-14-08 (May 7, 2014).
3. FDA, Department of Justice files consent decree of permanent injunction against Ranbaxy, Press Release (Jan. 25, 2012).
4. EMA, EudraGMDP database.
About the Author