In the previous post of the series we reviewed how Health Authorities have developed a series of guides detailing their point of view on how data integrity should be maintained in the pharmaceutical industry.
Even though said guides contain enough detail for their proper interpretation, this can be further enriched with the information obtained from the publishedWarning Letters (FDA) and Non-Compliance Reports (EMA).
Some excerpts from several of these documents are provided hereunder, as non-comprehensive examples of interpretation of the guides:
• GxP data deleted: Deletion of at least six (b)(4) and (b)(4) tests in the audit trails for two instruments used to test sterile (b)(4). Your systems allowed operators to delete files. You had no procedure to control this practice or to ensure a backup file was maintained.
• Lack of proper security and identification of users (with affectation in Audit Trail): Laboratory equipment used to generate analytical data for batch release purposes by your quality unit lacked restricted access. For example, the high-performance chromatography (HPLC) and gas chromatography systems each had a single username with administrator rights. All users could delete or modify files, and there was no mechanism to trace individuals who may have created, modified, or deleted data generated by computerized systems.
• Analytical data discarded without justification: During the inspection, our investigator reviewed the electronic HPLC injection history for (b)(4) intermediate stability sample, batch (b)(4). The history indicated that the same vial was injected twice on June 14, 2017. The first injection was not included in the final data packet provided to the quality unit for batch review, and the intermediate batch was ultimately cleared for and used in manufacturing a finished lot of (b)(4) API, batch (b)(4).
• Trial testing: The inspection of your facility documented multiple incidents of performing “trial” testing of samples, disregarding test results, and reporting only those results from additional tests conducted. For example, the official release data for (b)(4) and (b)(4) Tablets (b)(4) mg batch (b)(4) for unknown impurities was reported to be within specification (NMT (b)(4)%). However, the chromatographic data showed that the “trial” injection data for this batch failed the unknown impurities specification with a result of (b)(4)%.
• Data Manipulation: Your firm performed retesting or manipulated data after obtaining out-of-specification (OOS) or other unacceptable results. For example, investigation 2016-C-023 stated that the system suitability test (SST) was nonconforming and that “some data were manipulated to meet SST specification” for the high-performance liquid chromatography (HPLC) analysis of your raw material (b)(4).
• Lack of control of paper forms: Your quality assurance unit provides analysts with blank controlled document forms that have already been approved and signed. Investigators observed torn, partially complete QA-signed calibration records in the trash and observed QA staff shredding documents without recording the identity or the reason for shredding the documents.
• Necessity of an overall audit and remediation plan process: Based upon the nature of the violations we identified at your firm, we strongly recommend engaging a consultant qualified as set forth in 21 CFR 211.34 to assist your firm in meeting CGMP requirements. The third-party consultant should comprehensively audit and assist with remediating your operations, including but not limited to data integrity(…).
The aforementioned real cases showed a small part of the publicly available health authorities’ information related to Data Integrity, but it can be seen that this is really a hot topic in the inspections carried out nowadays.
The findings described in the inspection results show that data integrity problems can be found in all the GxP activities of the company, both in electronic and paper records (so, data integrity is not related to QC computerized systems only). Health authorities expect the data to be reliable through the implementation of a suitable ‘data integrity aware’ quality system, developed in technological control measures, data management policies & procedures and trained users.
In the next blog posts we will present the different key elements of Data Integrity and establish an action plan to understand and control this element in our quality systems.