Global regulatory collaboration relating to data integrity remains a priority for MHRA and its international partners.
In October 2016 I attended international data integrity workshops in China, hosted by CPAPE with regulatory support from CFDA, EDQM, EMA, MHRA, WHO and the USFDA China office. The workshops considered the recent publication of additional data integrity regulatory guidance from EMA, USFDA, CFDA, WHO, PIC/S and MHRA and the impact of organisational behaviour on data governance.
During the workshops, regulators discussed their findings from inspections where breaches in data integrity had been identified. Issues relating to pressure, motivation, and ultimate disconnection between front line employees and their managers were hot topics; and the inspectorate blog provides an opportunity to share some of this experience.
Behavioural elements of data governance
An MHRA data integrity post published on 25 June 2015 acknowledged the importance of organisational behaviour on the success of data integrity control measures. Written procedures and technical controls are well described in existing regulatory guidance, and typically focus on the ability or opportunity for data manipulation by those with access. However, regulatory guidance does not address the influence of management behaviour and personnel training, each of which contribute to pressure (or incentive - the reason for amending, deleting or falsifying data) and rationalisation (how an individual can justify their actions).
These three elements (pressure, opportunity and rationalisation) are often referred to as the Cressey fraud triangle. While the majority of compliance issues are related to bad practice rather than fraud, the Cressey model provides insight into behavioural factors which canbe useful indicators into the health of an organisation’s data governance efforts. This blog post will look at incentive and rationalisation. The opportunity aspects of the triangle are described in the regulatory guidance documents and my previous data integrity blog posts.
Pressure
Management must lead by example; not just by risk-based resourcing of the data governance plan, but also addressing the pressure to falsify data, e.g. by setting realistic expectations which are compatible with the organisations capacity and process capability. Pressure can come from two perspectives:
- fear of reprisal after failing to meet expectations or giving ‘bad news’, or
- reward schemes which incentivise output far in excess of what is reasonably achievable.
This is even more important when personnel are given problematic equipment and/or poor methods to work with, as these are often reliant on routine workarounds. Senior and middle management are highly unlikely to have full awareness of these issues, yet often fail to create an environment which encourages reporting from staff.
Performance metrics can also contribute to this pressure. Instead of assessing performance based on a ‘zero defects’ or ‘right first time’ indicator, perhaps measures relating to ‘released when correct’ may be more appropriate?
Rationalisation
It is vital that everyone understand that their individual actions impact public health, no matter how remote from the patient the task may seem. This can be achieved by empowerment of personnel at all levels of the organisation, together with an understanding of the importance of reliable and accurate data.
Clear ‘visibility to the patient’ can make it harder for someone to rationalise that their actions don’t matter, or that their data is of low importance.
When creating a culture that reduces the rationalisation of data manipulation, there should be a way for personnel to challenge well established processes or colleagues seen as ‘subject matter experts’, and see positive outcomes from reporting problems. The way in which this working environment can be achieved may differ between organisations, product categories and geographical locations.
The second post in this series will illustrate these issues through a scenario based on situations typically encountered during inspections, and the changes in organisational approach which can address some of the problems identified.
Don’t miss the next post, sign up to be notified by email when a new post is published on the Inspectorate blog.
Access our guidance on good practice for information on the inspection process and staying compliant.
10 comments
Comment by Alan Buffery posted on
Interesting to see a remark on performance metrics. This would be a good topic for a future blog. Martin Lush of NSF (previously David Begg Associates) wrote an article for his in-house magazine on KPIs which could be plagiarised and amended. Encouraging good behaviours and avoidance of promoting bad behaviours would be worthwhile to emphasize.
Comment by Mark Birse posted on
Thanks Alan. Metrics and KPIs are a topic that we have discussed at length with other regulators - especially the USFDA following creation of the CDER Office of Product Quality in 2015. I agree that it would be a good topic and one we hope to bring later this year. Also keep an eye out for our 2016 GMP metrics which will soon be posted.
Comment by Boudy Konig posted on
Dear David,
Thanks for sharing your blog and addressing the role model of management in Quality Managment Systems i.e. Data Integrity.
Comment by Kristel Van de Voorde posted on
Thank you for your interesting blog. I have always advocated to have metrics on how good people correct things and invest in good CAPA rather than zero audit or inspection findings. Thank you for emphasizing this.
Comment by Gerry McAuley posted on
A useful, welcome article which accords with the work of the BioPhorum Operations Group's Human Performance team. Fraud is rare and even then it has to be seen in light of the environment that allowed it to happen. It is the systemic issues including management practices dysfunctional KPIs that drive the wrong behaviours which must be addressed. Looking forward to seeing Part 2 and the plan for changing
Comment by Swapan Bandyopadhyay posted on
In my study of last 30 years of working with pharmaceutical industry in India, I observed that the methods and SOPs are more responsible for causing the data integrity issue rather than the management's control procedures. One makes the mistake rest all try to protect the losses and indulged into data issues. If QBD is followed strictly then these data integrity issues will disappear.
Comment by Gireesh T posted on
Dear David, thanks for sharing the actual reasons for DI. According to me DI policies, trainings don't really help to prevent DI for any organisation. Only good culture,professionalism,continuous interaction with down the level people and atmosphere, creatibg good mind set and setting no deadlines for batch release.
Comment by ravichandran posted on
Industries now concentrating on CoQ to avoid data integrity issues. Cressey FRAUD TRIANGLE seems to be good concept to take it forward with team to understand basic cause for DI issues.
Comment by Chinmoy Roy posted on
Since Data Integrity is a process oriented activity, focus on the 5P model for Data Integrity is critical. It is not management but the management style that is important and the 5P model is key.
Comment by Rashid Mureed posted on
Agreed as we have experience as on today that the majority of compliance issues are related to bad practice due to lack of knowledge and training.
Thanks Mr. David for giving valuable insights of Data Integrity to Pharma World. We are regularly follow your posts especially related to GMP (DI aspect) as you are in few number of persons across the World those have expertise on data integrity.