Data Integrity how to ensure data integrity by Siegfried Schmitt

Siegfried Schmitt

Q. Data integrity has been making headlines recently, in response to foreign inspections by FDA and European regulatory agencies (1). Based on these reports, it appears that data integrity issues center largely on manufacturing companies in Asia. Should we conclude that these issues only concern firms already struggling to comply with basic good practices in this part of the world?

A. In general, media tend to report on the most serious violations uncovered by regulators. Often when companies find similar issues through their own internal investigations, they remain confidential and unreported. It would, therefore, be presumptuous to assume violations reported on by the press are representative of the industry as a whole.

What inspections have triggered, however, is increased attention toward potential data integrity issues lurking across the industry. Few companies would have data integrity verification activities integrated into their quality oversight programs before these examples of serious violations of healthcare regulations became public knowledge in the form of warning letters (2), consent decrees (3), or reports in the European EudraGMDP database (4).

Conscientious companies have taken these potential data integrity issues seriously by starting internal investigations, incorporating data integrity assessments into their quality assurance oversight programs, and in some cases, establishing a special data integrity office. Companies—even those in good standing with regulators--have initiated such activities regardless of existing or anticipated compliance concerns.

The question is: what have these internal investigations uncovered, if anything? The answer, surprisingly, is that they have uncovered a significant amount. Once you start studying analytical data, root cause analyses, logbooks, and any other data source, gaps are repeatedly found in data traceability and trustworthiness. A few data-related issues include: uncertainty where the data originated from and who created it (e.g., where several analysts use the same user ID and password on a set of similar instruments); which raw information produced the reported data (e.g., where a summary table reports stability data results, but all raw data on the chromatography instrument have since been deleted); and whether these are the original data (e.g., where there is no audit trail on the analytical instrument). These issues are not necessarily the result of willful malpractice, but are often caused by insufficiently controlled processes, poor documentation practices, suboptimal quality oversight, and often enough, professional ignorance.

Occasionally people do intentionally falsify data. This is unfortunate but, thankfully, still a rarity.

The following are some steps companies should take to ensure data integrity:

• Embed data integrity verification activities into internal audit processes
• Create awareness among staff so they can assist with this endeavor, and report concerns before they become full-fledged issues
• Train internal auditors to understand what to look for when detecting data integrity deficiencies
• Seek external support to assure completely unbiased, third-party investigations and/or to enhance your internal investigation program.
• It should come as no surprise that companies already struggling to meet basic compliance standards are at a disadvantage when it comes to data integrity. Making data integrity a key element of a compliance approach, however, will give the company a competitive advantage. It is always better to proactively prevent issues, such as data integrity failures, to occur, than trying to remediate and resolve inspection findings. Compliance excellence makes good business sense. 

References
1. MHRA, MHRA expectation regarding self inspection and data integrity, Dec. 16, 2013.
2. FDA, Warning Letter to Sun Pharmaceutical Industries Limited, 320-14-08 (May 7, 2014).
3. FDA, Department of Justice files consent decree of permanent injunction against Ranbaxy, Press Release (Jan. 25, 2012).
4. EMA, EudraGMDP database.

About the Author

Siegfried Schmitt

Siegfried Schmitt, Principal Consultant, PAREXEL International.

Source: Pharma Tech news

ww.gmpviolations.com

(This story has not been edited by GMP Violations staff and is auto-generated from a syndicated feed.)

Read More

Root Cause Analysis–Finding the Root of the Problem by Siegfried Schmitt

Dr.Siegfried Schmitt

Siegfried Schmitt, principal consultant, PAREXEL International, discusses how to find the root cause of the problem.

Q:Deviations in clinical trials happen, and as such, FDA requires deviations to be investigated and documented. Our company has an established deviation investigation process. What advice can you give to ensure that deviation investigations provide the most optimal corrective actions and preventive actions (CAPA)?

A:Standard operating procedures (SOPs) for deviation investigations are generally similar from company to company, detailing a logical process flow with execution instructions, and a section on roles and responsibilities. Following a risk-based approach, deviations are classified as minor or major, requiring investigations that differ in resource requirements and detail.

Finding the root causes of the deviation, rather than merely causal factors, is absolutely essential to follow through with CAPA, a concept that focuses on the root causes of identified problems in an attempt to ultimately prevent their recurrence.

Root-cause investigations can be performed using a plethora of methodologies (see Table I), providing the deviation investigators with all the tools they need. These tools require familiarity with the methodology and regular practice to understand which method(s) will provide the answers you are looking for. It is almost always necessary to apply two or more methodologies in order to find the root causes of a deviation.

Table I: Selected root-cause analysis methodologies.

8D methodology

Affinity diagrams

Awareness and problem definition

Barrier analysis

Brain storming

Cause and effect diagrams

Define, measure, analyse, improve, control (DMAIC)

Failure modes and effects analysis (FMEA)

Five whys

Flow diagrams

Hazard analysis and critical control points (HACCP)

Impact assessment

Ishikawa diagrams

Kepner-Tregoe

Mind mapping

Modeling

Pareto charts

Pivot tables

Risk tree

Run charts

Statistical methods and sampling

Statistical process capability analysis

Statistical process control

The interview

Trend analysis

Trending

One factor that can derail the investigation is if too many operators and managers are involved in root-cause investigations. Unless the individuals regularly participate in root-cause investigations, they will not be fully familiar with either process or methodologies. Instead, it is best practice to have core teams of experienced subject matter experts (SMEs) fully support and execute all deviation investigations. This practice delivers consistency, quality, and assurance that the real root causes are found.

Another factor is that SMEs might be tempted to mistake root causes for causal factors, since the latter would require less investment or resources to fix. This is not good practice—almost always it will be possible to find at least partial solutions that can be implemented.

To give an example, an operator picked up the wrong tool to fasten a pipe. An investigation revealed the causal factor as ‘human error’ and the actual root causes as ‘tools not clearly and unambiguously labeled’ and ‘insufficient lighting to read the labels.’ Thus, instructing the operator in the procedure would not have resolved the problem. The solutions needed are improved labeling and lighting.

This example addresses why deviation investigations are so often found to be lacking when reviewed by agency inspectors. These issues can be grouped like this:

• Far too many root causes assigned as ‘human error’
• Inadequate or incorrect use of methodologies
• CAPAs not addressing actual root causes.
• Of course, where human interaction occurs, human error is a possibility. Thus, regulatory agencies expect companies to take measures to either prevent or detect human errors through procedural or technical solutions. If these are applied correctly, the remaining number of deviations that truly are human error will be small (perhaps around the 10% mark).
• 
  

The source of the problem with deviation investigations is not the procedure or methodology; it typically is how root-cause analyses are being performed. Improving on that step and following up with logical CAPAs will almost certainly guarantee compliance and satisfied regulatory inspectors.

Article Details

Pharmaceutical Technology
Vol. 40, No. 9
September 2016
Pages: 98

Citation

When referring to this article, please cite it as S. Schmitt, "Root Cause Analysis: Finding the Root of the Problem," Pharmaceutical Technology 40 (9) 2016.

Source: Pharma Tech news

ww.gmpviolations.com

(This story has not been edited by GMP Violations staff and is auto-generated from a syndicated feed.)

Read More