Industry insight: Data integrity deficiencies

Warning letters issued by the FDA in 2017 that cite failures in data integrity herald a trend for 2018. Barbara Unger, Unger Consulting Inc, explains

Enforcement of failures in data integrity and data governance began almost 20 years ago and continues to increase in visibility with a number of warning letter enforcement actions. The FDA is not the only health authority that identifies these issues in inspections and enforcement actions, but its transparency ensures the data is available.

As a topic, data integrity deficiencies started nearly four decades ago. The “generics scandal” of the 1980s identified falsified data submitted to the FDA in support of abbreviated new drug applications (ANDAs). In response, the FDA brought a new focus to pre-approval inspections (PAIs) to evaluate raw laboratory data included in the marketing application and evaluate whether the site was capable of manufacture as described in the application.

The FDA recognised the pharmaceutical industry’s increased reliance on computerised systems. In response, the agency developed and published in 1997 21 CFR11, the final rule on Electronic Records and Electronic Signatures and its preamble.

While the requirements for electronic signatures were understood, confusion remained on both sides regarding the interpretation and enforcement of requirements for electronic records.

Following enforcement actions against Able Laboratories in 2005 and against Ranbaxy in 2006 and 2008, the FDA announced a pilot program in 2010 to evaluate data integrity as part of routine GMP inspections. The FDA planned to use the information gained from these inspections to determine whether revisions to Part 11 or additional guidance on the topic were necessary. FDA investigator Robert Tollefsen describes the program in a slide deck presented at a variety of industry conferences in 2010. In the slide deck, the FDA stresses that it will “continue to enforce all predicate rule requirements, including requirements for records and recordkeeping.” In fact, deficiencies in Part 11 are rarely, if ever, cited in warning letters because almost all failures are those where firms fail to comply with the predicate rules.

Fundamentally, all data integrity deficiencies identified in Form 483s and warning letters are failures to follow CGMPs as specified in the predicate rules. The FDA has not implemented novel interpretations or requirements applicable to data governance. The use of computer systems and other electronic systems requires different approaches to ensure compliant practices, but these are all based on the existing regulations in 21 CFR211.

In 2017, the FDA issued 82 warning letters, excluding those issued to compounding pharmacies and outsourcing facilities. 56 included a data integrity component, a total of 68% of the warning letters.

2018 outlook

In her analysis, Barbara Unger, Unger Consulting Inc, establishes that data integrity and data governance remain initiatives of global health authorities and not just the FDA.

The UK’s Medicines and Healthcare Products Regulatory Agency (MHRA) was the earliest to enter the area, in 2015, with its guidance and a published draft revision in 2016.

The European Medicines Agency (EMA), World Health Organization (WHO), Pharmaceutical Inspection Co-operation Scheme (PIC/S), Australia, Canada, and China followed in 2016.

Further, data integrity now includes good clinical practice (GCP), with the most impactful cases at sites that perform bioavailability and bioequivalence studies. For these firms, the data for hundreds of products is impacted. Sponsors must frequently repeat the studies at different sites.

Most recently, this has included failures identified at GVK and Semler Research. Consequences at Semler included a three-page Form 483, untitled letter, WHO notice of concern, and EMA recommendation of suspension.

GMP enforcement citing data governance and data integrity has not diminished, expanding both the number of warning letters and their geographic distribution. Although the number of warning letters has increased markedly over the past three years, the percentage has decreased slightly.

Deficiencies in data governance and data integrity have remained markedly consistent over the 10 years addressed in this report, with a few new areas identified each year. This year saw the addition of three new focus areas, including:

  • Firms that repackage APIs were transferring analytical results onto a Certificate of Analysis on their letterhead, making it appear that they generated the results. The practice obscures the supply chain of the company that purchases and uses the material in the manufacture of drug products.
  • Firms aborted an excessive number of analytical of runs.
  • Firms manipulated “integration suppression” parameters within chromatography data systems, intending to obscure or minimise impurity peaks.

Unger says these three areas merit attention as the industry progress through 2018. “I expect this type of problem to expand in scope to more OTC manufacturers because actions in this area is a clear trend that began in 2017.

“I also watch for this topic to be cited more frequently in enforcement actions taken against compounding pharmacies and outsourcing facilities. Previously, most of the problems in this area addressed failures in aseptic processing, including facilities and equipment issues. I look for data integrity to be cited more frequently in both Form 483s and warning letters issued to these firms,” she concludes.

N.B. This is an excerpt from the article published by Pharmaceutical Online, with permission granted by the author.