Data Integrity Practical Applications

Slide 1 © PharmOut 2016

Data Integrity –Practical Applications

Marc Fini

12th July 2016


Data Integrity – Why Bother?

• What’s all the fuss about?

• What could really go wrong?


Data Integrity and People

• There are plenty of ways to think about Data Integrity and to implement strategies to improve data integrity in your organisation.

• Both paper based & electronic data should be considered.

• Everything ultimately uses a human.

• Automation amplifies the contribution of people:

• Fewer people = more impact per person


Man vs. Machine

Ma

n - Pattern recognition

- Simultaneous bottom up and top down reasoning

- “Look and feel” comparisons (both visual and tactile)

- Contextual reasoning (extraneous clues)

Ma

ch

ine - We have data

transcription error rates around 2 – 10%

- Verification by a single person catches about 40% of errors

- Experienced people think they are better – data shows they are not

Smart design uses people and machines where each provides the best benefit


Data Integrity vs Data Quality

Data Integrity

Maintaining and assuring the accuracy

and consistency of data over its entire life-cycle

ALCOA+

MOM

PPP

Data Quality

Data quality ensures clear understanding of the meaning, context, and intent of the data

Accessibility, Accuracy, Consistency,

Comprehensiveness, Currency, Granularity, Definition, Relevancy,

and Timeliness


Recent Enforcement Actions

Data Integrity problems were cited in at least 13, or 30% of the US FDA Warning Letters in the 2015 financial year.

• In the 2014 financial year, there were 8 or 17% of Warning Letters

In 2010 two Warning Letters had a major focus on Data Integrity, in 2014 there were 10.

In 2015, Data Integrity failures were observed in almost all Warning Letters to API manufacturers.


Issues Regulators Focus On

The past several years have brought increased concern and level of regulatory attention to issues surrounding:

Access controls to electronic systems

Audit trail reviews

Back up of data

Supplier quality

management


Top deficiencies relating to data integrity found by the US FDA in 2015

Failure to include

complete data

Audit Trail

Control of Data

Password Sharing


MHRA Data Integrity Definitions and Guidance for Industry (March 2015)

Data governance should address

Data ownership throughout the

lifecycle

Staff training in the importance of data integrity principles

Design, operation and monitoring of processes /

systems

Creation of a working environment that

encourages and open reporting culture

Control over intentional and unintentional changes to information

Systems and procedures to

minimise the potential risk to data integrity, and identifying the

residual risk.


Motive, Opportunity and Means (MOM)

• MOM – how do we control these three key factors?

• Motive is a factor controlled by leadership and culture.

• Opportunity and means can be controlled to a certain extent.

• People still need access to do their work.


Means

Document Control

• Issuance of paper forms

• Library access processes

Physical Controls

• Identification of critical records

• Review of critical records in source (especially dynamic records)


Means – Access Management

Logical Controls

• Enhanced access accounts

• Conflicts of interest

• Inadequate system design (e.g. data files)

Physical Controls

• Access to business documents and unsecured system

• Key for locked samples and paperwork


Opportunity

Access

• Electronic systems, especially enhanced access

• Personal computer

• Workstation in sparsely used area of facility

• Access to paper documents (test results, batch records, deviations)

Time

• If improper activity is accepted / promoted, people have all day to create falsified data

• Overtime or non-standard time (if a lone actor)

• Isolated work area

• Personnel rotation through job positions


PPP – People, Paper, Programs

People is strong leadership, management and close supervision. This fits in to the Plan, Do, Check, Act (PDCA) or similar management frameworks.

• Activities like batch document review, data or testing review and checking and by association, training are becoming increasingly significant.

Paper is great technical writing – things such as document design, information mapping, allowing adequate space – all play a part.



• Programs relates to the software, in the design of your broader and then more specific systems:

• Passwords

• All users have a unique password

• Passwords expire within a set amount of time or uses

• No shared passwords



• Signatures

• Signatures and initials are kept in a register

• All users understand what their electronic signature represents.

• Software

• Remove and ban all snipping tools

• Disable any ability to edit pdf files (e.g. Adobe Professional)



• Audit Trails

• Ensure that review of audit trail is a documented, regular process within your organisation.

• Back Up and Restore

• Have a documented back up and restore process within your organisation.

• Have a disaster recovery plan in place for data.


Designing DI into your systems

AttributableLegible/

PermanentContempora

neousOriginal Accurate

Initials & Signature registers

Active directory, e-sig, audit trails, metadata

Control of blank forms, pen policy/white out

Documents available in right place at right time, +/-time limits

Verified ‘true copy’, scans

Reflective of the observation data checking

Data annotation tools, audit

trail

System clock, sync., transaction window

Metadata, data about the data that permits reconstruction

Data capture, manual data entry

Paper-based

Electronic


Thank you for your time.Questions?

Marc Fini

[email protected]

Lead Consultant

www.pharmout.net