In Part 1 of this report, we covered the details of data integrity citations issued in CY2018 and trends since CY2008. If you missed Part 1, you can find it here. The second and final part of this report will cover:
- Actions firms can take to prevent, identify, and remediate issues
- Expand upon key findings in the data
- Summarize the trends
[NOTE: No need to flip back and forth between pages – download the full report!]
Actions Firms Can Take To Prevent, Identify, And Remediate Issues
The number of data integrity-associated warning letters decreased significantly between CY2017 and CY2018, though the percentage in 2018 remains slightly above that for CY2016. We will follow the trends for CY2019 to see if this continues to decrease.
So, what is a firm to do to prevent, detect, and remediate these problems before the health authorities become involved?
We divide these actions into ones that may be taken by executive management and functional areas. We include a focus on management of contract services among the actions for firms to consider.
Additional detail on contract manufacture and data governance is provided in two articles published in 2017. Find them here:
- Data Integrity & Your Contract Manufacturer — Common Pitfalls To Avoid
- Best Practices For Data Integrity Oversight At Your Contract Manufacturer
Executive Management Ownership
- Executive management must develop and reinforce a culture of Quality.
- Executive management must establish and maintain a corporate culture of openness where employees may report problems and failures without fear of retribution. In fact, reporting of problems should be encouraged and rewarded.
- Executive management must own the gap assessment process and remediation efforts. Remediation may be costly and time-consuming. Firms often uncover additional problems along the way. Don’t expect to complete remediation quickly; it’s often a multiyear process.
Technical Area Actions
- Cross-functional teams should perform gap assessments for both paper and computer systems against predicate rule requirements and specific data governance/integrity guidance from health authorities. The team should identify corrective actions and a timeline for their implementation. Firms should implement interim corrective actions until they can put fully compliant solutions in place.
- Firms should map data and process flows and identify and remediate risk areas. Results from this exercise can contribute to the gap assessments described above.
- Firms should validate systems for their intended purpose and ensure that adequate controls are in place to ensure that deleted or altered data can be detected.
- Monitor enforcement actions including Form 483s, warning letters, import alerts, EU reports of GMP noncompliance, and WHO Notices of Concern. All of these, except for the Form 483s, are available without cost on the internet, and Form 483s are available from commercial sources.
- Ensure that the data governance processes at suppliers and contract service providers are adequate to ensure that data is valid and trustworthy. This effort begins with rigorous due diligence evaluations, periodic on-site oversight, and appropriately detailed quality agreements.
Data integrity and data governance remain initiatives of global health authorities. The U.K.’s Medicines and Healthcare Products Regulatory Agency (MHRA) was the earliest to enter the area, in 2015, with its guidance and a published revision in 2018. (Read more on the MHRA’s GXP Guide to Data Integrity here). The European Medicines Agency (EMA), World Health Organization (WHO), Pharmaceutical Inspection Co-operation Scheme (PIC/S), Australia, Canada, and China followed in 2016.
Further, enforcement is not limited to the GMP area but includes good clinical practice (GCP), with the most impactful cases at sites that perform bioavailability and bioequivalence studies.
For these firms, the data for hundreds of products is impacted. Sponsors must frequently repeat the studies at different sites. Among the more significant failures in this area were identified at GVK and Semler Research. Consequences at Semler included a three-page Form 483, untitled letter, WHO notice of concern, and EMA recommendation of suspension.
GMP enforcement citing data governance and data integrity has not diminished, expanding both the number of warning letters and their geographic distribution. Although the number of warning letters has increased markedly over the past three years, the percentage has decreased slightly. In CY2017 an increasing number of countries were home to sites that were the subject of these warning letters.
Deficiencies in data governance and data integrity have remained markedly consistent over the ten years addressed in this report, with a few new areas identified each year. Newer focus areas that appeared in 2017 continue in 2018 and include:
- Firms that repackage APIs were transferring analytical results onto Certificates of Analysis on their own letterhead, making it appear that they generated the results. The practice obscures the supply chain from the company that purchases and uses the material in the manufacture of drug products.
- Firms aborted an excessive number of analytical runs.
- Firms manipulated “integration suppression” parameters within chromatography data systems, intending to obscure or minimize impurity peaks.
I expect this type of problem to expand in scope to more OTC manufacturers because action in this area is a clear trend that began in 2017. I also watch for this topic to be cited more frequently in enforcement actions taken against compounding pharmacies and outsourcing facilities. Previously, most of the problems in this area addressed failures in aseptic processing, including facilities and equipment issues. I look for data integrity to be cited more frequently in both Form 483s and warning letters issued to these firms.
Note: Readers who want the complete text of the warning letter deficiencies on this topic can find them on my website for 2015 (starting on page 4), 2016 (starting on page 5), 2017 (starting on page 8) and 2018 (starting on page 1).
[NOTE: You can have your own complete copy of this expert report. Download it here!]
Contact us if you ever have questions at firstname.lastname@example.org.