BLOG Data integrity – order and security

Modern IT solutions and industry automation are changing the world, and in many areas are contributing to the dynamic development of various sectors, including the pharmaceutical industry. In addition to the obvious benefits stemming from the digitization and automation of processes, the progressive computerization of the pharmaceutical industry also has a second, slightly less-beneficial side. Together with the increasing amount of digital data and electronic records, we’re seeing more and more data integrity breaches. The FDA (Food and Drug Agency), among others, is highlighting this in its publication “Data Integrity and Compliance with CGMP Guidance for Industry” published in 2016. The US FDA is not alone in its assessment, because the British MHRA (Medicines and Healthcare Products Regulatory Agency) and other global regulatory bodies are paying increasingly more attention to maintaining the accuracy and reliability of stored data to ensure an adequate level of safety and quality of drugs.

In response to the emerging problem with maintaining the integrity of data, a range of guides has been created to define and unify the rules of conduct in the data management process. These include:

  • MHRA: “GMP Data Integrity Definitions and Guidance for Industry” (March 2018);
  • WHO: “Guidance on Good Data and Record Management Practices” (2016);
  • FDA: “Data Integrity and Compliance with CGMP – Questions and Answers, Guidance for Industry” (December 2018);
  • PIC/S 041-1 “Good Practices for Data Management and Integrity in regulated GMP/GDP Environments” (July 2021),
  • EMA: “Questions and answers: Good Manufacturing Practice” (April 2016).

So what is “data integrity”? According to the MHRA, it’s a process that’s responsible for the completeness, accuracy and reliability of generated data throughout their entire life cycle (Data Life Cycle – DLC). DLC includes all phases in the life of data – from generation and recording, to processing, use, retention, archiving and destruction. Data integrity also includes data consistency, which ensures that data are not deliberately or inadvertently modified, falsified, distorted, deleted or amended in an unauthorized manner. This applies to both data recorded in electronic format and data in paper form.

According to the MHRA guidelines, data that have integrity should be “ALCOA”, meaning they should have five basic attributes:

  • A- Attributable – attributed to the person generating the data;
  • L- Legible – readable;
  • C- Contemporaneous – recorded in real time;
  • O- Original;
  • A- Accurate.

Data integrity is also associated with a range of terms and tools used in the process of maintaining data management, such as:

  • Metadata;
  • Audit Trail;
  • Backup Data;
  • Static vs. Dynamic Records;
  • System Validation.

According to the definition included in the MHRA document, metadata are data that describe the attributes of other data, such as their structure, inter-relationships and other characteristics of data e.g. author’s details, date of issue/creation, version, disk access path, etc.

The audit trail is a type of metadata that are a list of information that’s important from the point of view of GMP (Good Manufacturing Practice). It enables the re-creation of the history of the creation, deletion, supplementation or amendment of data, without impacting the original records. It’s a chronological record of user operations and actions containing who changed or modified what, when, and why.

Backup is simply a copy of original data, e.g. metadata, configuration settings, measurement data, etc. that is then secured and stored appropriately for a specific period. Data contained in the backup copy must be recorded in the original format or in a format that matches the original.

A static record is a fixed data document created in paper or non-editable electronic format that cannot be amended. The dynamic recording format enables interaction between the user and the record content, e.g. tracking trends or reprocessing.

A validated system comprises computer equipment, software, procedures, training and, of course, the validation process.

The collection and creation of data that are precise, exact and generated in a timely manner are important for researchers for assessing the credibility and reliability of research. Errors in data collection or damage to data result in a range of potential consequences, such as misleading other researchers, the need to repeat falsified research several times, or increased use of resources necessary to perform the studies.  Therefore, data integrity is an essential element in research. However, in the healthcare sector it has much more importance. Incorrect, inadequate or falsified data may pose a threat to the health and life of patients if they are the basis for product launches, qualitative research or the development of medicinal products for humans and animals. In the case of integrity breaches of data related to the quality of medicinal products, there can be serious consequences leading to health complications among patients taking the given drug. Why is this so?What is the reason for the lack of data integrity? It can be caused by the absence of appropriate procedures, training and, increasingly, adequate supervision of computerized systems used in the pharmaceutical industry. For many years, computerized systems have been replacing traditional processes, and paper forms of documents are being replaced by electronic data. However, we need to remember that the introduction of computer systems into various processes must not decrease the quality of these processes or increase risk. Some manufacturers and analytical laboratories are of the opinion that if they go back to paper documentation, data integrity requirements will no longer apply to them. They couldn’t be more wrong. As mentioned above, integrity applies not only to electronic data, but to paper data as well!

What happens in the absence of data integrity? What are the potential consequences? Despite the fact that data integrity has long been a topic described in legal regulations, its importance has increased significantly in recent times. This is because audits and inspections revealed many errors related to data integrity. This is why the FDA issued numerous warning letters.

So what should you do to avoid data inconsistencies? The most important aspect is for the pharmaceutical company to ensure the originality, accuracy, correctness and consistency of data generated during the broadly understood creation process. For this purpose, it would be good to introduce a coherent policy for conduct that allows assessment and analysis of data risk, control and management of data, and continuous data monitoring.

In order to avoid problems related to data integrity during audits, a three-tier system is recommended:

1. Monitoring and maintaining a culture of quality at the organization – the absence of data integrity is not just the result of deliberate fraud, but often of bad practice, organizational behavior or inadequate quality systems that create opportunities for data manipulation. That’s why companies should consider improving the organization of work by taking procedural, technical and behavioral actions.

2. Control tools – the following tools, among others, allow you to maintain data integrity throughout the entire system life cycle:

  • Computerized system validation
  • Regular Audit Trail record reviews
  • Introduction of a Data Risk Management approach
  • Staff training
  • Service supplier audits
  • Introduction of document management procedures
  • Defining rules for data migration and storage
  • Data security audits

3. Training – to create the right level of awareness among employees, internal auditors should become a focus. Experienced consultants and internal auditors introducing a fresh approach to the organization also contribute to the improvement of data integrity programs.

Given the numerous recorded data integrity deficiencies, their verification is a priority for the FDA and EMA (European Medicines Agency) during pharmaceutical inspections. When the main stakeholders – patients – take a given drug, they believe that the documents and data containing the decisions related to the production, research and launch of drugs are credible and reliable, and that the quality of the medicinal product is not at risk. Emerging problems that manufacturers face in terms of ensuring data integrity may lead to the imposition of huge fines, the suspension of drug production, import and distribution, and first and foremost, threaten patient safety, which is of course the most important aspect.

CONTACT FORM