Suggestions for improving Data Integrity in pharma industry

This is a continuation of an earlier article in this issue, where  the importance of ‘Data Integrity’ was elaborated. The opinions are generalized to a certain extent, only to drive home the point and does not reflect any apathy for the Indian pharma.This part  gives an insight for  carving  out a path to improve the ‘Data Integrity ‘ in Indian pharma industry which could improve its reputation  in the developed countries. This is a long path through a complicated MAZE.

The first step to crossing the maze is understanding ‘Data Integrity’.The Google Wikipedia defines Data Integrity as the  quality of correctness, completeness, wholeness, soundness and compliance with the intention of the creators of the data. It is achieved by preventing accidental or deliberate but unauthorized insertion, modification or destruction of data in a database. Data Integrity is one of the six fundamental components of information security.

The term Data Integrity has the following meanings:

• The condition that exists when data is unchanged from its source and has not been accidentally or maliciously modified, altered, or destroyed.
• The condition in which data are identically maintained during any operation, such as transfer, storage, and retrieval.
• The preservation of data for their intended use.
• Relative to specified operations, there is  a prior expectation of data quality.
• According to Peter Scotese, “Integrity is NOT a 90  per cent thing, NOT a 95 per cent thing-Either you have it or don’t have it”.

It is like pregnancy-One is either pregnant or is not pregnant.

FDA’s expectations is that ‘data’ and ‘information’ in records and application mustfollow the ACT principles,which spells out as- Accurate, Complete, and Truthful.

In everyday life in Indian Pharma, we tend to be tolerant of some minor inadequacies we may notice and have not made it a big issue, but such ‘tolerance’ is like a serious cancer and could develop a ‘Company culture’ which could be construed as ‘Data Integrity’ aspect.

The following are also construed to be ‘data of doubtful Integrity’

• Leaving blank spaces in a GMP document.
• Correcting the data  by covering the original data and making it indiscernible.
• Correcting data without signature, date and annotation of reason for correction.
• Entering data in advance (prior to the date/time).
• Using unauthorised  photostat copies
• Practice of Pre or Post dating a document including referral documents like SOP’s.
• Destroying original documents,
• Pass words being used by more than one person for activities which have designated authority,
• Documents which donot have dates /proof of dates and proof of being ‘control documents’.
• Falsification of data leads to doubtful Data Integrity.
• Falsification means any of the following;
• Documentation that occurs ---
• In advance of operations,
• For operations that never occurred,
• Well after the fact (backdating),
• Signing off for someone else
• Signing for something you know to be inaccurate.
• Signing for review’ without reviewing,
• Not reporting known instances of  unethical practices to Management,
• Presenting data which is indefendable,
• Cover up of  an occurrence which otherwise could have resulted in financial loss to the  Company.
• Entering another person’s initial or name  in a blank space in the BPR,
• Delays in document retrieval also could be construed as ‘Data Integrity’ as we frequently come across  some Inspectors who openly express that ‘If this document is not made available within the next (mts/hours), then I would consider that it does not exist’
• Changing or modifying entries made by some one else when there is an obvious mistake.

Many of these are not seriously taken by the personnel (Supervisors and Managers) in everyday life. However such actions  and even in-actions are construed as signs of lack of ‘data integrity’ in the Regulated world.

From the above, it is very clear that ‘Data Integrity’ issue need not be motivated from cutting corners and saving money (as popularly believed), But, can be prevalent due to ‘ignorance’ and ‘callous/careless’ attitude down the line.

It is true that the perception of what is ‘data of doubtful Integrity’ could be different from country to country. In other words, what is believed to be a ‘simple documentation error’  by some Companies could be construed as a  ‘serious Data Integrity’ issue by the American customer/ Authorities.

In summation, Data Integrity is timely recording of accurate and complete information by the person performing and verifying the processing and testing.

FDA’s perception of Data Integrity:
Lack of Data Integrity includes ‘Data and records which are not acceptable or are misleading’.
The characteristics of data that lack Integrity are:

• Untrue, made up, false, no source in an Event.
• Omission of significant data in submissions that is determined to be ‘material’ to the review.
• Inaccurate/inappropriate; For example, during testing, first results fail, the retest passes ,there is no lab Investigation and the retest data is submitted and there is no mention of  it being ‘retest’ data.

Transcription errors if not noticed by the reviewers are construed to be ‘data integrity’ issues.

In some recent Inspections the following incidences were cited by FDA Authorities as examples  which raised doubts on ‘Data Integrity’.

FDA inspectors say they had to ask several times for annual reports (which took a week to receive), and for data as basic as lists of new, discontinued and rejected products, Inspectors had to wait a full week, and ask about 10 times, before they received a basic organizational chart showing the chain of command at the facility.  Inspectors asked for a list of CAPAs, but only received those that were entered into the facility’s new computer system. It took four more working days to get a list including previous ones on the older system.

Requests for maintenance logs of the HPLC and dissolution apparatus apparently never made it in time. The facility’s QC team leader’s classic response? “Maintenance logs are all electronic, but no one in the lab has access.”

This was an extreme example, perhaps, but even the best facilities run the risk of having data access and integrity problems due to organizational silos and lack of a point person in charge of data integrity and stand-by contingency arrangements. The facility in question  had changed over to a new computer system. Actually this could happen in most drug manufacturing plants, where, staffers had left or been downsized. The objective of this is to ‘reduce dependence on persons and rely on systems’.

Given cases like this, it may be no surprise that FDA now plans to conduct a series of focused inspections to evaluate manufacturers’ compliance with and understanding of 21 CFR Part 11, which covers the transmission of digital records and signatures.

According to CDR IIeana Baretto Pettit, the following are the top reasons for 483’s in 2009 :

• The responsibilities and procedures applicable to the Quality Unit are not in writing. Ref 21 CFR 211.22(d).This was cited in 151 cases in 2009 and was also the highest in 2008.
• Written production and process control procedures not followed. Ref; 21 CFR 211.100(b). This was cited in 79 cases. Part of this was due to documentation prior to execution, or at a later date. It also covered issues of In-process failures not recorded. This was the 5th most cited reason for 483 in 2008, but in 2009 it moved to number 3.

3. There is default in not thoroughly reviewing reasons for failure. Ref; 21 CFR 211.192. This was cited in 77 cases. This gains seriousness as the investigation did not include the other batches which were released , Also, the conclusion was not supported by substantial evidence.
4. Control procedures not established to validate the processes that may be responsible for causing variability .Ref 21 CFR 211.110(a).Cited in 75 cases. This gets manifested as Frequent OOS(Out of specifications) yield and frequent OOS of  in-process or finished product results.
5. Employees are not given training in good manufacturing practices. Ref; 21 CFR 211.25(a).Cited in 61 of the 483’s.
6. From this it is quite clear that ‘proper documentation’ and the ‘Data Integrity’ are the TOP issues.

Indian scenario
Due to the differences in regulatory perceptions across the continents and further the different extent of enforcement is different states in India it is very likely that the understanding of requirements could vary.

Over commitments
For the US buyer, a simple statement that ‘the product is developed and is available for supply,’ could mean completion of the steps given below-at the least.;

• Vendor control-evaluation, periodic audit for cGMP requirements, long term contracts, agreements for Changes and Change control system. This applies  for all inputs including the packing materials
• Development  report for the product
• Development of methods for routine analysis, stability indicating methods for stability, Cleaning validation method including the quantification data for detection and recovery
• Detailed training for all the personnel involved in any of the steps for the storage, testing and processing of the ingredient and the products
• Process Validation reports
• Stability reports with total traceability
• Annual product review listing out the deviations, change controls, product complaints including Pharmaco- vigilance etc.

Many Indian companies, generally tend to be very eager to claim readiness for supplies and the prospective clients are subsequently often disappointed when the customers/regulators investigate. This statement is a generalized opinion as there are some Indian  Companies which are good at this.

Normally, the above listed activities require a minimum of 9-12 months ( based on three  month stability) and enormous resources even for a Generic product and add up substantial costs. It is for this reason that pharmaceutical products are more expensive in Regulated markets. In typical cost structure in the developed markets for a generic drug, the cost of Inputs is in the region of 15-20 per cent of the selling costs. The manufacturing and other costs (amortized development costs) make the ‘total’ cost of goods in the region of 45-50 per cent of the selling price. It is this type of high margin cushions which makes Companies not to hesitate taking a ‘hit’ for loosing some batches.

It is important to note that the processing costs are almost equal to the cost of inputs. This is quite different from the costing figures for the ‘price controlled products in the  competitive Indian market’. If we  decide to be in regulated markets,we should be able to demand more price and spend the same to meet the required standards and documentation standards.

Recommendations
Considering all the requirements and appropriately costing the product after considering all the activities/processes involved, making adequate provisions for possible losses of some batches is a good route to success for establishing in the developed market.

In addition to this, another critical requirement is the CEO driving the ‘Zero tolerance’ policy to actions leading to doubtful Integrity and setting examples to deter employees getting into the ‘data integrity’ issues.

Once the company has made up its mind to get into the US pharma market, for that matter any regulated markets, the Company has to be prepared for the required levels of changes in some aspects.

It is important to realize that the establishment of ‘Data integrity’ and ‘Quality’ comes with higher costs. This is the part of the reason that drugs in these developed markets are 5-20 times the cost in India. The developed markets today expects the ‘Quality’ they are used to, but expect this along with ‘low cost’ –which the Indian Pharma Industry at times may readily offer with a hope of getting business. This is the beginning of the problems. We should strongly resist this and fight for ‘level playing ground’. Let us not be allured with low costs and later trapped in the ‘Data Integrity and Quality trap’. Many Companies do not mind higher prices for better reliability.

It is also important for the companies to fully understand the requirements of the customer and the regulators in detail and provide an adequate time plan, create adequate system framework and resources to deliver the requirements as per mutually agreed plan. To reach this stage, a detailed check list of questions to be asked and answered before acceptance of the contract could be helpful.

Another important aspect is ‘timely communication’ to the customers in developed countries. Surprises and shocks are something which are equally detested by the US companies and the regulators.

It is not at all difficult for Indian pharma to navigate through the Maze. This only requires ‘determination and mind set’ and like ‘charity’ starts at home, Data Integrity practices should be seriously pursued in all seriousness in every day life by everyone in the company as a ‘Top-down’ approach with the heads of companies professing principles of ‘Data Integrity’ at every opportunity.

Hope, Indian pharma will be able to benefit from the outsourcing activities, which is actually booming, without the lingering doubt of ‘data integrity’ and make India a dependable destination for the US market and achieve the heights achieved by the  Indian software Industry to become the preferred country for outsourcing finished dosage forms.

It is good to believe that there is LIGHT at the end of the tunnel through out the journey through the MAZE. This is the day when Indian pharma is acclaimed as the ‘best destination for  pharma outsourcing without any second thoughts on ‘Quality and Integrity’.

Long Live India