Global regulatory collaboration relating to data integrity remains a priority for MHRA and its international partners.
In October 2016 I attended international data integrity workshops in China, hosted by CPAPE with regulatory support from CFDA, EDQM, EMA, MHRA, WHO and the USFDA China office. The workshops considered the recent publication of additional data integrity regulatory guidance from EMA, USFDA, CFDA, WHO, PIC/S and MHRA and the impact of organisational behaviour on data governance.
During the workshops, regulators discussed their findings from inspections where breaches in data integrity had been identified. Issues relating to pressure, motivation, and ultimate disconnection between front line employees and their managers were hot topics; and the inspectorate blog provides an opportunity to share some of this experience.
Behavioural elements of data governance
An MHRA data integrity post published on 25 June 2015 acknowledged the importance of organisational behaviour on the success of data integrity control measures. Written procedures and technical controls are well described in existing regulatory guidance, and typically focus on the ability or opportunity for data manipulation by those with access. However, regulatory guidance does not address the influence of management behaviour and personnel training, each of which contribute to pressure (or incentive - the reason for amending, deleting or falsifying data) and rationalisation (how an individual can justify their actions).
These three elements (pressure, opportunity and rationalisation) are often referred to as the Cressey fraud triangle. While the majority of compliance issues are related to bad practice rather than fraud, the Cressey model provides insight into behavioural factors which canbe useful indicators into the health of an organisation’s data governance efforts. This blog post will look at incentive and rationalisation. The opportunity aspects of the triangle are described in the regulatory guidance documents and my previous data integrity blog posts.
Management must lead by example; not just by risk-based resourcing of the data governance plan, but also addressing the pressure to falsify data, e.g. by setting realistic expectations which are compatible with the organisations capacity and process capability. Pressure can come from two perspectives:
- fear of reprisal after failing to meet expectations or giving ‘bad news’, or
- reward schemes which incentivise output far in excess of what is reasonably achievable.
This is even more important when personnel are given problematic equipment and/or poor methods to work with, as these are often reliant on routine workarounds. Senior and middle management are highly unlikely to have full awareness of these issues, yet often fail to create an environment which encourages reporting from staff.
Performance metrics can also contribute to this pressure. Instead of assessing performance based on a ‘zero defects’ or ‘right first time’ indicator, perhaps measures relating to ‘released when correct’ may be more appropriate?
It is vital that everyone understand that their individual actions impact public health, no matter how remote from the patient the task may seem. This can be achieved by empowerment of personnel at all levels of the organisation, together with an understanding of the importance of reliable and accurate data.
Clear ‘visibility to the patient’ can make it harder for someone to rationalise that their actions don’t matter, or that their data is of low importance.
When creating a culture that reduces the rationalisation of data manipulation, there should be a way for personnel to challenge well established processes or colleagues seen as ‘subject matter experts’, and see positive outcomes from reporting problems. The way in which this working environment can be achieved may differ between organisations, product categories and geographical locations.
The second post in this series will illustrate these issues through a scenario based on situations typically encountered during inspections, and the changes in organisational approach which can address some of the problems identified.
Don’t miss the next post, sign up to be notified by email when a new post is published on the Inspectorate blog.
Access our guidance on good practice for information on the inspection process and staying compliant.