Data integrity breaches: A call to action
By: Glen Potvin | May 05, 2016
Why biopharma should be concerned about their manufacturing partners and themselves.
In the push to develop faster cheaper products, biopharma companies are moving more of their development and manufacturing to global partners. It makes sense financially, but it makes them a lot more vulnerable to data integrity issues. Biopharma manufacturers in more cost competitive markets may be less accustomed to the strict guidelines of the US regulatory environment, and often operate with a culture and infrastructure that emphasizes speed over rigor. That can result in data being changed, forged, or neglected in the quest to get to market.
Unlike other industries (e.g. automotive), the quality of many pharma products cannot be determined by simple visual/sensory features alone, like does the navigation system work or does the engine start? When it comes to biopharma products, proof of quality is entirely dependent on batch records and analytical data – did the manufacturer adhere to approved production processes? Did the product meet analytical specifications? Have they captured all of the necessary information about the manufacturing process? Is that data reliable and consistent?
Without the necessary quality systems and oversight, biopharma companies manufacturing products in any facility may be relying on false data that may undermine product safety and effectiveness. In the worst cases these breaches can lead to patient injury, drug shortages, damage to corporate reputation, lost profits, and both civil and criminal liability.
FDA steps in
Recognizing the shift to global outsourcing and increased risk to patients (reference FDASIA), FDA partnered with industry to implement GDUFA in 2012 and is working ramp up the number of global cGMP inspections. In 2015, FDA sent 23 warning letters to biopharma manufacturing operations, 18 of which reference data integrity issues. These included a Warning Letter to Cadila Healthcare Limited in India, where inspectors found the manufacturer had deleted files, discarded paperwork, and lacked an effective quality assurance structure; and Zhejiang Hisun Pharmaceutical in China, which was warned for routinely re-testing samples without justification and deleting analytical data, among other deficiencies.
Clearly FDA is concerned about data integrity, and if manufacturers want to avoid being docked for compliance failures, the risk of significant financial penalties, and losing the trust of payers, providers and regulators in the process, they need a plan for implementing and monitoring effective compliance strategies for both their own sites, and for those of their global partners.
It starts with culture
Data integrity is defined as the extent to which all data are complete, consistent, and accurate throughout the data lifecycle. That means the data is legible, complete, trusted, unadulterated, timely and accessible as necessary. To achieve this level of integrity companies need to ensure an organizational culture that is committed to quality and compliance; culture drives the behavior of the organization’s ethics and compliance risk. An organizational culture is defined by executive leadership and is reinforced by the organizational structure, values, processes, management philosophies and incentives programs.
Biopharma leaders can’t just talk about the importance of integrity, they need to visibly support it by training staff on how to manage data, holding individuals accountable for following protocols, having a zero tolerance policy for fraud, and prioritizing quality and compliance above speed and cost. These expectations must extend across the supply chain, to suppliers and outsourcing partners in order to ensure everyone understands the importance of these rules.
Biopharma companies should ensure that routine quality systems and procedures include elements to enable the detection and mitigation of data integrity issues. Internal and external quality systems audits should include elements to help uncover data integrity problems among other deficiencies. These audits should include a thorough review of the entire data environment, looking at tolerance for bad behavior from leadership, instances of “work-around” solutions, effectiveness of quality systems, reliability of metrics, etc. Engagement by management and staff in routine operations and scheduled audits should uncover vulnerabilities in the data integrity lifecycle and enable companies to build a CAPA based remediation plan that will shore up these risks through increased accountability, better training, improved technology, and other actions based on specific findings. Finally, companies need to invest in continuous improvement efforts to reduce the frequency of all compliance problems.
Better to have leadership engaged in ensuring a Culture of Quality; setting high standards, recruiting and retaining top talent, and investing in rigorous and efficient quality systems to prevent serious compliance issues, than to have FDA or other regulatory bodies discover potentially existential compliance gaps.