RCA Radio is a podcast bringing you the latest news and insights in regulatory, compliance, and quality assurance. A transcript for “Episode 002: Data Integrity and Quality Culture” follows. Listen to the episode here and on your favorite listening apps, including Apple Podcasts and Spotify.
Erika Porcelli Hello and welcome to RCA Radio, a podcast covering the latest news and challenges in regulatory compliance and quality assurance facing the pharmaceutical medical device and biologics industries. I’m your host, Erika Porcelli. In this episode, we’re covering data integrity and the focus of global regulatory agencies. Today I’m joined by Sue Schniepp. Sue is RCA’s distinguished fellow and has published articles, given presentations and taught training courses on this topic at a number of different conferences. Sue, welcome.
Sue Schniepp Oh, thank you Erika. It’s a pleasure to speak with you today.
Erika Porcelli Well, I’m really happy that you could join us. I was hoping that we might be able to start out with you providing a brief history of data integrity and how it’s evolved over the course of time.
Sue Schniepp Well, data integrity has been of concern to the global regulatory authorities for quite a while, and this goes back to the Barr Decision in the United States where there was a company, Barr Laboratories, which was actually testing into compliance when they were getting out of spec results. And so based on some of the background and history, the generic drug scandal, other activities that were going on in the industry at the time, the FDA came up with rules and regulations on how to handle data integrity.
Now, there are specific data requirements to control data integrity and those go under the acronym ALCOA, A-L-C-O-A, and ALCOA actually stands for attributable, legible, contemporaneous, original, and accurate. And you can find the references to these specific attributes in, of course, 21 CFR 211, part 211.
So for attributable, what we mean is all data generated or collected must be attributable to the person who generated the data. For legible, it means that your data has to be readable and permanent, and that’s important because you can’t use pencils to record data, et cetera. Contemporaneous, the results are recorded at the time the work is performed, and original is that it’s the original source or document. It’s not been transcribed, but it’s the original document that the data was recorded on. And accurate, of course, is rather self-explanatory.
So these guidelines were put into place, as I said, with the Barr Decision, and then as the industry grew and we had more availability to electronic systems, and people were migrating over to electronic data collection systems, there seem to be a need to revisit, right? So recently there has been a resurgence of data integrity problems in the industry, as evidenced by the number of citations that have been, and you can look that up on the FDA website of course.
So based on this, the FDA, the MHRA in England, the World Health Organization and the Pharmaceutical Inspectorate Consortium or Group, PICS, we call it PICS, have all released documents to re-educate the industry on data integrity concepts. So MHRA came out with their new document in 2015 and then they followed it up. That was Definitions and Guidance for Industry, and then in 2016 they came out with the draft version. FDA came out with the new Compliance With CGMP Guidance for Industry on Data Integrity, and that was in April of 2016. The World Health Organization came out with Annex Five and it was Guidance on Good Data and Record Management Practices, and that was in June, 2016, and PICS of course came out in 2016 with their Guideline on Data Integrity. In addition to that, the Parenteral Drug Association released a free document in 2015 titled Elements of a Code of Conduct for Data Integrity.
“The focus is really revisiting data integrity based on, of course, the historical perspective, but more on what’s currently happening in the industry. And that’s why we’re seeing a resurgence of guidelines coming out, because controlling your data through the product life cycle has … always been of concern to the global regulatory authorities.”
So the focus is really revisiting data integrity based on, of course, the historical perspective, but more on what’s currently happening in the industry. And that’s why we’re seeing a resurgence of guidelines coming out, because controlling your data through the product life cycle has, as I said, always been of concern to the global regulatory authorities.
Erika Porcelli Yeah. I know we hear a lot of things here in the US on what the FDA is doing, and some of the issues we’re finding out about, and I think it’s very interesting that this is a global concern. Are you seeing any prevalent differences between the approach that the FDA takes versus that of the other global regulatory agencies?
Sue Schniepp What I think I would focus on here, of course there’s going to be minor differences. All of these organizations belong to PICS, so there is a unified thinking across the globe that data integrity is of concern. I think what I’d focus on more is the similarities in the documents. Now, with the exception of the FDA, the MHRA, the World Health Organization and PICS have all put in an element of quality culture into their data integrity guidelines, which is very interesting because we haven’t heard of this concept of quality culture, so in the PICS document actually, which is Good Practices for Data Management and Integrity in Regulated GMP, GDP Environments, so they say in there, in section 6.3, they actually have it titled Quality Culture, and they talk about it in terms of, “Management should aim to create a work environment, i.e. quality culture, that is transparent and open, one in which personnel are encouraged to really communicate failures and mistakes. Organizational reporting structures should permit the information flow between personnel at all levels.”
We also have the MHRA GXP Data Integrity Guidance and Definitions, and they actually have come up with principals of data integrity, and they talk about, an organization needs to take responsibility for the systems used, and the data they generate. And then they go on to say, the organizational culture should ensure data is complete, consistent and accurate and all its forms, i.e. paper and electronic. So then you can, you can see that they’re bringing in the concept of electronic data. They further go on to say, the impact of organizational culture, the behavior driven by performance indicators, objectives and senior management behavior on the success of data governance measures, should not be underestimated. Data governance policy or equivalent should be endorsed at the highest levels of the organization. So you can see how they’re pushing it upward in management. It’s no longer, data integrity is just no longer the concern of the quality unit or quality control, but it’s the concern of the entire organization including the highest levels of management.
“An essential element of the quality culture is the transparent and open reporting of deviations, errors, omissions and aberrant results at all levels of the organization, irrespective of hierarchy.”
And then we go back to the World Health Organization. Well, we go to the World Health Organization. Their guidance is Guidance on Good Data and Record Management Practices, and in their introduction, section 1.4, they talk about the adoption of a quality culture within the company that encourages personnel to be transparent about failures so that management has an accurate understanding of risks, and can then provide the necessary resources to achieve expectations and meet data quality standards. Then they go on in this document to actually define a quality culture as management with the support of the quality unit. Notice that they’ve pulled out management being supported by the quality unit, so they’re not talking about the quality management. They’re talking about all management across all organizational levels and organizational functions being supported by quality. They should establish and maintain a working environment that minimizes the risk of noncompliant records and erroneous records and data. An essential element of the quality culture is the transparent and open reporting of deviations, errors, omissions and aberrant results at all levels of the organization, irrespective of hierarchy.
I think those are so prevalent, the concept of quality culture. Now, the FDA hasn’t actually tackled this in their guideline, but I know that they’re very concerned about it and they have been active participants with both ISPE and PDA in working on documents that try to measure quality culture.
Erika Porcelli Do you anticipate at some point that quality culture will become embedded in the FDA’s current guidance, or do you think it will always just be an additional consideration? Based on what you know is going on right now in the industry?
Sue Schniepp I think that that’s a very good question. I’m not sure if we’ll see it in terms of guidelines. We may see it in terms of inspectional practice, and I think there’s some effort, so I can tell you, for instance, that the PDA has come up with … (The Parenteral Drug Association) came up with a model, a tool that attempts to measure quality culture at an organization. Now, how this is done is by tying behaviors of an organization to attributes of certain quality aspects, and this tool walks you through, it’s kind of like a self-audit tool in a way, but you’re measuring behaviors linking to attributes. And so if we go towards some of the behaviors, like if we look at understanding quality goals, one of the attributes would be impact on product quality, and so a behavior would be how your employees understand that and can articulate that thought.
So this has come out, and I believe it’s in final form now and has already been through the pilot. What I can tell you is that over 100 regulators from the MHRA and the US FDA have been trained on the quality culture assessment tool that was issued by PDA. Some of the comments, and I won’t tell you if they’re from FDA or MHRA, We can apply the quality culture attributes to improve how we assess firms in noncompliance context. These are direct quotes from the regulators who have taken the class. “As industry becomes aware and comfortable with this tool, it can be a powerful tool for evaluating contact manufacturing organizations and business partners.” “I will consider quality culture when reviewing data from the industry.” “This course does help identify quality culture issues in a company.” “This may help us to evaluate the quality of a pharmaceutical company.”
“As industry becomes aware and comfortable with this tool, it can be a powerful tool for evaluating contact manufacturing organizations and business partners.”
So I think you’re going to see potentially more questions or requests for documentation that show that your management is engaged in this whole quality culture and data integrity issue, and one of the easiest places to kind of get at this in your company, to address it now before it comes up in an inspection, of course is with your quality management review, or the management review, which is typically put together by quality. But in the management review, and that is clearly defined in regulations and guidelines, you’re going to talk about personnel needs, you’re going to talk about downtime on lines, scrap rates, yield rates, any significant investigations that are going on in your facility. So I think there’s an actual easy way to kind of start creating this roadmap of quality culture, and that you have it in your organization. There’s always issue elevation procedures where you have a specific procedure that you need to bring forward to management, issues that need to be elevated that are not being solved at a certain level in the organization, and pulling that forward. All of those current elements should be in existence at a company, and they will go, those documents, if you piece them together, will certainly go towards proving that you have a quality culture.
Another area where you could certainly begin to explore your quality culture, if asked, is in your audit schedules. Are you auditing your contract manufacturers? What’s your relationship there? How do you feed them information and work on the resolutions to your audit observations? Certainly now your internal audits are not typically … Regulators don’t ask for them. They just want to know that you did an audit schedule and you held to the audit and performed your internal audits, but you can use the information that you gather in your internal audit and how you respond and fix it, as again, a way to show that you are taking this quality culture seriously, that you are trying to improve, and that you are working on the information that you’ve uncovered or revealed through these audits.
Erika Porcelli Well, that’s very interesting. I know that you’re involved in a lot of committees and have a lot of discussions around data integrity and quality culture, both nationally and internationally. Are you finding that there are common themes from country to country with regard to the global agencies, or is it really driven from a regional perspective? For instance, does India experience different issues and findings than, say, Europe or the US? Or can you not even get that granular with it?
Sue Schniepp Again, an excellent question. I would not get that granular with it. I would say that the data integrity issues being experienced are global, and they range from purposeful malfeasance data integrity issues, where people have knowingly and willingly provided false documentation, and then there’s the benign neglect or the benign data integrity where they didn’t know it’s the document correction. “When do you correct a document? How do you correct a document?”
Some of the traditional ways of data integrity, you know, the one line, “initial, date, put the reason for the correction,” some of that ability or knowledge has been lost, and some of that is because the people who were experienced at the time when all of this broke originally in the 80s, right, have moved on, retired, and we’ve gone to electronic systems. There’s a lot of pushes on this that have actually created the data integrity the way it is now, right? So what are some of those pushes, right? What are the industry changes that have happened? So we had the emergence of the generic industry, certainly since the 1980s. We’ve seen biosimilars coming into play. Virtual companies are big, where they actually don’t have a manufacturing facility and they’re contracting everything out.
Along with virtual companies, we have the rise of the contract manufacturing organization. We’ve had compounding pharmacies now, and 503-B outsourcing facilities enter into the game. A lot of institutional knowledge has been lost through mergers and acquisitions, and I think the biggest push on this is the emergence of information technology in those electronic systems. All of those pushes have created a new landscape for data integrity issues, so it’s kind of hard to equate it back to the history just to say that the whole industry is struggling as these pushes have come forward, and it’s global, because all of these conditions, the generic industry, biosimilars, virtual companies, CMOs, they’re global in nature.
“A lot of institutional knowledge has been lost through mergers and acquisitions, and I think the biggest push on this is the emergence of information technology in those electronic systems.”
Erika Porcelli Yeah. I think that’s a really good point, and if you can, I’d like to get your thoughts too on leadership within manufacturers. In your opinion, do you think they kind of … I know everybody talks about data integrity. It’s a big topic. We talk about quality culture, but starting at the very highest level within organizations, do you think they really understand data integrity, what that looks like? Because like you said, it could be correcting a document. It could be blatant changing of information, et cetera. And then subsequent to that, how quality culture plays into it as well.
Sue Schniepp I think that the senior management or the upper level management at companies is, they’re becoming more and more aware as the landscape has changed, and there have been, like I said, ISPE and PDA have been actively involved in the quality culture. Now, this really kind of started this whole push on quality issues, of quality culture, really started when the FDA came out with their original metrics. And the metrics, it’s a very complicated issue in terms of the metrics document, where they were asking … It was kind of a surveillance. Companies were to submit certain quality metrics to the agency before inspection.
Now, the idea of the metrics was to actually get a handle on companies that might be experiencing problems in the manufacturing arena and to be able to ward off what we call drug shortages. Now the drug shortages, so the whole purpose of the metrics were trying to prevent drug shortages from happening. In other words, to be able to read the tea leaves and say, “Oh, look, their investigations are taking too long. That might be a signal that they’re having some manufacturing issues.” Then it ties into with this concept of aging facilities, where all the lines being run are not necessarily modern today.
So what came out of that, though, was the concept that you can have all the metrics in the world, but if you don’t have the right culture behind it, they’re meaningless. So that’s when we started to weave in this concept of quality culture, and that was back in, oh, 2013, 2014, 2015, where this conversation, so it’s only been four years where we’ve really … The industry has really been pressing on the concept of a quality culture. I think the more that we press and expose it and talk about what it means and educate the industry, I think you’ll see more and more senior-level management people adapting this type of approach and understanding the links between the behaviors and the attributes, and how important quality culture and that transparent environment is, in making sure that your data does have integrity throughout the product life cycle.
“You’ll see more and more senior-level management people adapting this type of approach and understanding the links between the behaviors and the attributes, and how important quality culture and that transparent environment is, in making sure that your data does have integrity throughout the product life cycle.”
Erika Porcelli Absolutely. When you think about it, it does make sense that quality culture would have a significant contribution into the data integrity. So yeah, I appreciate that insight. So do you think … Obviously this is a global, this has global sight to it, and I know there’s a lot of efforts within the industry worldwide to do harmonization across a number of different activities. Do you anticipate that at some point in the future, the agencies will be able to share this data with one another? And I know it’s kind of a far reach out there, but as we kind of start to look at some of the programs, like the medical device single audit program and things like that, it would seem as though there might be an effort to perhaps have some data sharing take place in the future.
Sue Schniepp Absolutely. And I do believe that they’re beginning this process. There are, of course, mutual recognitions or mutual understandings between different regulatory authorities, including the FDA. PICS is a big part of that, the Pharmaceutical Inspectorate Team Cooperative. A lot of regulatory authority organizations belong to that, and I think that’s where we’re going to see this kind of unification, an exchange of data and concepts on data integrity. I think it’s coming, and I think that the whole entire industry global wants to learn. We do have to understand, too, that because of the global industry, there’s cultural differences between India, China, Europe, America, South America, and so this is going to take some time to get all of the regions of the world on the same level because of cultural issues. But I think it will happen. I think it has to happen. I think all of the regions in the world have to be unified in how they deal with data integrity, what it means, and how they’re going to move the drugs across the border and have assurance that they’re of good quality, regardless of where they come from.
Erika Porcelli Yeah. That makes a lot of sense. I know we’re kind of bumping up on our time here, and I just wanted to see if there’s anything else you feel is relevant or important to share with our listeners today.
Sue Schniepp I think what I would leave you with is that quality culture … I know we’re talking about data integrity, but I would say that quality culture, a recognition in your organization bringing that concept forward, that your data is only as good as the culture of your company, is really an important concept, that you need to be able to identify and bring forward issues to your management in a free and open environment, and understand that it will be taken seriously. I think one of the important elements of that is to really come up with a good, solid, quality risk management plan where you’re going to really look at your organization and determine where your risks are that compromise product quality, and come up with an action plan of how to remediate it, or if it happens, what are the steps to take at the time that you’re going to remediate it? And what I mean by this is, let’s say you are making a product and you have a sole supplier of an excipient. Well, if something happens to that sole supplier, that is a risk that that product could go into drug shortage. So why not start now trying to identify a second supplier source for that material?
“…that your data is only as good as the culture of your company, is really an important concept, that you need to be able to identify and bring forward issues to your management in a free and open environment, and understand that it will be taken seriously.”
That would be part of your quality risk management plan as you look through your product portfolio, and then you can bring that to management and begin the process of doing that assessment and kind of remediating that gap. And quality risk management plans are very comprehensive. They’re livable, breathable documents. There’s a lot of activity around them, and you can’t just do it and let it sit. You have to do it and kind of constantly work at it. And a lot of this, and if we do this right, if the industry does some of these things right and correct, what you’ll find is when you come to post-approval changes, you want to make a change in your dossier, it’s going to be a whole lot easier for you to get that through regulatory authorities on a global level because you’ve taken the time to look at your risk, mitigate your risks, right? And have the quality culture in place that will help you to get your post-approval changes through the system much quicker than if you did not have all these things linked together.
Erika Porcelli Absolutely. I think it’ll be interesting to see how all of this unfolds in the coming year and moving forward into the next two or three years as well. Sue, thank you for taking the time to provide us with your insight. I really appreciate your effort this morning. To learn more on data integrity and quality culture, visit www.rcainc.com. You’ll find scientific posters, white papers and articles that we’ve published that discuss both data integrity as well as quality culture. And thank you to our listeners for tuning into this episode of RCA Radio. Be sure to subscribe to be the first to know when we upload a new episode. Thank you everybody.