In 2018, the U.S. Food and Drug Administration (FDA) published its final guidance detailing how companies developing regulated products need to maintain and ensure the integrity of their data throughout the product’s life cycle. The bottom line is the FDA expects that all data be complete, reliable, accurate, and consistent. Data integrity is established where the data is stored and managed in its original form.
To be confident that no corners were cut or data was falsified in product development, the FDA expects manufacturers to ensure all data meets the guidelines outlined in the ALCOA acronym:
The FDA has released several guidance documents detailing its current thinking and policies on data management. Still, data integrity, or the lack thereof, keeps appearing in warning letters and remains a hot topic in industry publications. This is highly concerning to the FDA because violations continue to present an unacceptable level of risk to the public - not to mention product shortages. Nevertheless, data integrity observations are continuing on an upward trajectory. In 2021, 65% of FDA warning letters addressed data integrity problems. This is up from the 51% reported in 2020.2
The data integrity issues cited in warning letters tend to have a recurring pattern. Incomplete production record data, incomplete lab data, and deficient access controls regularly top the list of the most common data integrity observations. A deep dive into these violations could reveal a deficiency of the company’s quality management system (QMS) and data integrity assurance strategy. This means companies are likely struggling to ensure data integrity at the quality governance level. Below are recommendations for how to right the data integrity ship.
Part of the data integrity compliance shortfall is simply that companies have an abundance of data. This inherently makes data oversight much more unwieldy. The goal of data integrity is to maintain data quality, much like manufacturing systems are developed with the goal of maintaining product quality.
When creating a data integrity strategy, consider putting yourself in the position of the regulator and look at the intent of the data management regulations. Ultimately, data integrity and all other regulatory guidelines are in place to ensure that all products put on the market for public health purposes are high quality, safe, and effective. It’s important to closely follow the data management best practices outlined in the guidance in order to achieve those objectives with the products you deliver.
Regulated products move through various stages during manufacturing and throughout their life cycles. To produce high quality and compliant products, companies are encouraged to embed quality at each phase of the product’s life cycle. Just like a product being manufactured, data moves through different phases as it is processed and verified. Therefore, it makes sense to apply the same amount of attention to ensuring data integrity (data quality) throughout the data’s life cycle.
An effective strategy for maintaining data integrity is implementing a modular approach to achieving compliance. Using the ALCOA guidelines, clearly define each task in every data management process that needs to be completed for compliance. Giving consistent attention to each individual focus area is a good way to prevent overlooking critical tasks and remaining in compliance with data management regulations.
Achieving data integrity compliance involves a cultural change rather than simply completing a short project. That said, create a detailed plan for how the entire organization can contribute to proper data management best practices and data integrity compliance.
When creating your plan, carefully consider your current state. Assess the compliance status of your existing systems as well as the scope of your company’s data integrity efforts. Lack of clarity in any area of the organization commonly leads to data integrity issues.
Regulators rarely prescribe technologies or strategies for achieving compliance. The “how” is usually left up to the individual companies. The systems companies put in place for record and data management are simply their own approach or a strategy for ensuring data quality. Retrofitting data management controls into an existing GxP quality management system is difficult, especially with a paper-based system where data is unstructured and stored in files and bankers boxes. This scenario is a recipe for lost files, inaccurate or incomplete data sets, and a plethora of data integrity violations.
Your product needs to comply with the regulatory standards for quality before it can go on the market - data integrity is an essential component for compliance. With so many opportunities for data integrity lapses, companies that digitize their QMS and data management processes are able to gain tighter control of data oversight.
References: