Data Integrity and Documentation� 10th October 2022, �Drugs Inspectors of Food & Drugs Administration, Maharashtra State���Sandip Shah – Viyash Life Sciences
1
2
Some Rules…
3
Some Rules…
INTRODUCTION
We will discuss…..
4
Regulatory Landscape �
5
REGULATORY APPROVAL
REGULATORY INSPECTORS ENSURE
COMPLIANCE WITH cGMP
CENTRAL DRUGS STANDARD CONTROL ORGANIZATION
State Licensing Authorities
Regulatory Landscape �
6
If Pharma Companies ignore GMP?
Regulatory Landscape �
7
How Does the Regulators Enforce?
Elements of a code of conduct for Data
8
What is Data?
9
Data : Facts and statistics collected for reference or analysis
Data should be:
A - attributable to the person generating the data
L – legible and permanent
C – contemporaneous
O – original record (or true copy)
A - accurate
What is Data?
10
What is Data?
11
Attributable
Legible
Contemporaneous
Original
Accurate
Complete
Durable
Corroborated
Version-Based
Accessible
What is data?
Could be a paper documents or electronic records
12
What is data Integrity?
13
Common Data Integrity Issues Found in QC Chemistry Laboratories
Audit Trails – For electronic data acquisition systems, audit trails are not
available or are not enabled, therefore, there is no record of data
modifications or deletions. Some companies have software that contains
audit trail capabilities but they do not turn the audit trail on, and are cited for
not enabling it.
What is data Integrity?
14
Unique User Logins – Software that ensures data integrity and preserves the
company’s culture of quality has unique user logins. This feature gives each
person a username and password, so that the software can track the
person’s work. Each user should have a unique username and password for
both the analytical software and the operating system. This is essential for
tracing work performed to a unique individual, and is critical for Good
Manufacturing Practice (GMP) compliance and data integrity. Companies
are often cited for having multiple users share the same username and
password or, worse yet, having all users logging in as the administrator with
privileges that may include the ability to modify or delete data.
Manufacturer 3
What is data Integrity?
15
User Privilege Levels – Each data acquisition system should have defined
user levels based on the role the user will have in the system. Examples of
common user roles include analyst, supervisor, manager, and administrator.
Privileges assigned to each level should be clearly defined and be
appropriate for the requirements specific to each user type. Examples of
privileges include the ability to create test methods, modify high
performance liquid chromatography (HPLC) integration parameters, modify
data, validate data, and approve data.
Manufacturer 3
What is data Integrity?
16
Manufacturer 1
Overwriting of electronic raw data until acceptable results were achieved, OOS not initiated. Falsification of data to support regulatory filings Stand alone GC systems without adequate controls
Manufacturer 2
Falsification of batch records (re-writing clean records) Non-contemporaneous recording of lab data Recording of sample weights on scraps of paper Missing raw data Manufacturer 3
What is data Integrity?
17
Manufacturer 3
Unofficial testing of samples (trial samples) OOS results not investigated Retesting completed but not justified No restriction/protection of electronic data
What is data Integrity?
18
Manufacturer 4
Chromatographic software was not validated to ensure re-writing, deletion of data prohibited
Manufacturer 5
IPQC performed without batch record present, Unexplained ‘trial’ samples run before analysis, Deletion of HPLC data -lack of data security, Missing stability samples
Cultural Considerations
19
What is culture ?
Does it vary from country to country?
Does it vary from state to state?
What makes the culture?
Cultural Considerations
20
✔GXP
Some Macro Root Causes and Factors
❑ Financial Motivations
❑ Business Pressures
❑Organizational culture and working environment
21
Not all cognitive load is bad. But a problem arises when the load exceeds the capacity of the person processing it
In cognitive psychology, cognitive load refers to the total amount of mental effort being used in the working memory.
Root cause analysis
22
There are many root cause investigation tools
Ishakawa Fishbone (6M), Fault Tree,
Failure Modes Effects Analysis (FMEA),
Failure Modes Effects and Criticality Analysis (FMECA),
Statistical Hypothesis Testing, Regression Analysis
These are designed to find root cause for process/system failures
Deploying these on human behavior failures (e.g., human error) are unlikely to result in finding true root causes and deploying the right corrective actions
A different analysis tool set is required for human behavior failures
ADKOM is a simple, easy to deploy approach to bolster human behavior root cause investigations and assure true root cause is found
Root cause analysis
23
ADKOM Methodology
Immediate
Actions
Fact
Finding
Run the Facts Through the ADKOM Filter
A
Ability
Did the person have the ability to do the right thing?
D
K
O
M
Motivation
Were the motivating factors around the person supportive of doing the right thing?
Opportunity
Did the person have the opportunity to do the right thing?
Knowledge
Did the person know the right thing to do and consequences of not doing the right thing?
Decision
Was the person directed properly to do the right thing?
Human Error
Mistake
Lie / omission
Poor behavior
Data falsification / destruction
Harassment
Quarantine of systems
Confiscate of files
Lock down equipment
Remove people involved
Notify HR, corporate
Gather the facts
Interview witnesses
Interview people involved
Find facts with ADKOM in mind
Root cause analysis
24
If 1 or more answers are “No” then the root cause is unlikely to be a performance issue
Probable Corrective / Preventive Action
The person can’t do the right thing. Solve with training or ergonomic fix if it is a physical limitation.
The person isn’t being directed properly. Improve supervision and/or redesign information sharing.
The person doesn’t know the right thing to do. Reinforce policy, increase signage or mistake proof.
The person isn’t being given the opportunity to do things right. Address the process or staffing causes.
The person is being motivated to do the wrong things. Address the cultural issues and clarify team expectations.
The person made a mistake or chose to do the wrong thing. Follow the disciplinary process.
If the facts show the answer to all 5 questions is “Yes” then it is a performance issue
Mitigation Approach
25
Mitigation Approach
26
When manually recorded data requires stringent oversight, consideration should be given to risk reducing supervisory measures. Examples include contemporaneous second person verification of data entry, or cross checks of related information sources (e.g., equipment logbooks).
The inherent risks to data integrity relating to equipment and computerized systems may differ depending upon the degree to which data (or the system generating or using the data) can be configured, and therefore potentially manipulated
Mitigation Approach
27
Designing systems to assure data quality and integrity
Systems and processes should be designed in a way that encourages compliance with the principles of data integrity. Consideration should be given to ease of access, usability and location whilst ensuring appropriate control of the activity guided by the criticality of the data. Examples includes,
• Access to appropriately controlled / synchronized clocks for recording timed events.
• Accessibility of records at locations where activities take place so that ad hoc data recording and later transcription to official records is not necessary
Mitigation Approach
28
• Automated data capture or printers attached to equipment such as balances
• Control of physical parameters (time, space, equipment) that permit performance of tasks and recording of data as required.
• Access to raw data for staff performing data checking activities.
Mitigation Approach
29
• To accommodate cultural or staff literacy/language limitations, for instance where an activity is performed by an operator but witnessed and recorded by a Supervisor or Officer.
Mitigation Approach
30
In both situations, the supervisory recording should be contemporaneous with the task being performed and should identify both the person performing the task and the person completing the record. The person performing the task should countersign the record wherever possible, although it Is accepted that this countersigning step will be retrospective. The process for supervisory (scribe) documentation completion should be described in an approved procedure, which should also specify the activities
Knowledge Checks
31
Intentional data manipulation or falsification
Poor documentation practices that result in unreliable data
Lack of computerized system, instrument and/or data control
Absence of detectability / review process
Knowledge checks
You are a Quality Supervisor
An analyst tells you that he suspects that a sample he is testing may be out-of-specifications. He utilized the sample to optimize his analytical equipment and noted that the sample reading was much lower than readings he had obtained for similar samples previously. He asks whether he should formally analyze the sample or request a new sample of the same lot from storage. He also adds, with a wink, that he had a batch earlier that day that “produced some really good data” and that there were plenty of tablets left in case he needed to “make some more good data”. How would you proceed? What types of errors occurred here?
Knowledge Checks
33
Good Documentation Practices ( GDP) – Simple rules