The pharmaceutical manufacturer will remember that day in May 2015 for a long time. Within the scope of a routine audit, FDA inspectors noticed incomplete and inconsistent laboratory data. Raw data was completely inaccessible, which the company blamed on a defective backup system. Understandably, the inspectors concluded: No reliable data, no trust in the products. This judgment had immediate consequences in the form of an FDA warning letter, the ultimate nightmare of any life sciences company.
Increasing data volumes
There has been a rapid increase in GMP violations due to data integrity. Why? Because the amount of existing data has also been increasing. At the current rate, companies double their data pool every two years. Of course, companies want to make the best possible use of the new opportunities brought about by digitalization: Unstructured and structured data files are connected and made accessible via broadband networks from mobile devices at any time, from anywhere. Due to the increasing complexity, the transparency of the data types and their life cycles can be lost. This heightens the risk of accidental manipulation.
A management issue?
As a specialized consultancy firm, we have insights into many companies in the life sciences industry. The topic of data integrity rarely comes up in management agendas. In our opinion, too rarely.
The following assumptions tend to prevail instead:
1. The “not me” syndrome: A common myth regarding data integrity is the firm belief that incomplete, unreliable data could never be an issue in your own company. Managers place unreserved trust in their processes, systems, staff – and data. Mistakes only occur in other companies.
2. Data integrity is purely a compliance issue: This notion also lacks foresight. Patient welfare and reputation are already serious enough to prioritize the topic of data integrity. Even the best management is unlikely to make the right business decisions if these are based on inconsistent data, but this obvious factor is often disregarded. Data integrity impacts business directly. However, compliance is only one of many factors.
Step by step towards a solution
Management should not wait for a warning letter or an internal business incident to start looking at data integrity.
What should be done? An evaluation of the process data based on their criticality is a reasonable first step. This sheds light on the lifecycle of the data from its creation up to the final archiving or deletion. It provides you with a risk-based evaluation of your data files and insight into any weak spots within your data processing system.
Based on the results, you can implement controls at critical steps of the processes to prevent data manipulation or at least detect it at an early stage. Small adjustments, such as more detailed access control or the implementation of automatic data acquisition systems instead of manual data entry, can have a significant impact on data integrity.
Sensitizing and training staff is equally important. A combination of training courses and methods from organizational change management has yielded the best results. This firmly integrates the significance of data integrity for business success into the company culture.
■ Dr. André Geiser