Data integrity refers to maintaining and assuring the accuracy and consistency of data over its entire life-cycle, and is a critical aspect to the design, implementation and usage of any system which stores, processes or retrieves data. New developments with computerized systems can make the security of data stronger, and these developments are an important feature of the digital transformation of the pharmaceutical and healthcare sectors. One concern is a mismatch between what the industry (and the overarching regulatory framework needs) and what some manufacturers of electronic systems are providing.
The subject of data integrity is a key focal point for major pharmaceutical regulators, such as the U.S. Food and Drug Administration (FDA) and the European Medicines Agency (EMA). These agencies see data integrity as fundamental to the codes that need to be in place for the manufacture and distribution of medicines – Good Manufacturing Practice (GMP).
Data integrity practices, as part of the sector’s digitial transformation, were outlined at a conference held by Pharmig (Pharmaceutical Microbiology Interest Group) which took place at the Hotel Šport, Grajska Cesta 2, 8222 Otocec, Slovenija, during October 2017. The conference focused on the healthcare and pharmaceutical sectors, aimed at pharmacists, microbiologists and laboratory managers.
Two presentations dealt with data integrity directly. The first was delivered by David Keen, who is a Site Microbiologist at a U.K. GlaxoSmithKline site and Pharmig Chair. Keen’s presentation was all about sharing best practices, laboratory-to-laboratory.
Keen looked at data integrity within the microbiology laboratory and the requirements for good data
Integrity, which are summarized under the acronym ‘ALCOA’. Regulators have defined a set of data integrity principles called ‘ALCOA‘ which stands for:
A – Attributable: Records and data linked to the individual or system performing the action
L – Legible: Records and data readable and traceable across the lifecycle
C – Contemporaneous: Records and data reported at the time it has occurred
O– Original: Records and data are the primary source (or true copy)
A – Accurate: Records and data are correct and free from errors
Complete: Records and data are complete (including any repeat runs, analysis)
ALCOA is more often defined in terms of ALCOA-plus, to which the following are added:
Consistent: Records and data enable reconstruction of events, results and sequences
Enduring: Records and data are recorded in permanent form and preserved
Available: Records and data are available for review, audit and inspections
Keen provided a useful framework for manufacturers of equipment used in the pharmaceutical industry to develop appropriate data controls for and for those tasked with purchasing equipment to construct checklists with which to examine equipment against, as part of the purchasing process. Central to this is the concept of a ‘user requirement specification’. All too often computer systems developed for regulated industries like pharmaceuticals have flaws, such as an insufficient number of passwords; audit trails that do not reveal the complete path; or inadequate data back-up facilities.
The concept of metadata was also introduced. This is ‘data about data’ and it gives data context or meaning. This may be a date or a unit of measurement. For example, the number ‘6′ in itself is meaningless, whereas 6 CFU (to represent 6 colony forming units) gives the data context. Keen also spoke of the ‘data lifecycle’: the processing, use, archiving, retrieval, and (where appropriate) destruction of data.
These themes were developed by the second presenter, Bruno Šimek who is a Qualified Person (in relation to being able to release medicines) and the managing director of the pharmaceutical consulting company Arguo d.o.o. Šimek’s presentation looked at capturing data, be that through electronic systems or other forms of documentation.
To ensure that data is secure, Šimek stated, computerized systems must be designed with password controls (separated for the user and an independent administrator) and full audit trails, so that the person tasked with final results approval can review each entry and associated records to ensure that the original result has not been altered in any form. Even with well-designed systems, behaviors and practices by personnel can lead to errors and here organizational culture is improtant. Hence the impact of organisational culture and senior management behaviour on data governance must not be underestimated.
Also emphasized was the control of raw data. With raw data, this is the original record and documentation retained in the format in which it was originally generated (this can be paper or electronic); or it may refer to a document retained as a true copy. This introduces a complexity in relation to raw data and metadata as to how this data is reviewed, stored and retrieved.
Both presentations highlighted how data integrity remains an important subject for the pharmaceutical sector and stands as regulatory ‘hot topic’. This subject matter can directly inform an auditor about the overall status of an organization, for when data integrity issues occur these can be identified by auditors as a sign of a poor quality culture within the organization.