The recently published guidance on data integrity provides an extensive description of the MHRA expectations of data integrity across the GxPs. This is not a new regulatory requirement but guidance on how to meet the requirement. Compared to other GxPs, GDP world is technically simpler, has risks that are common to other GxPs as well as some specific to pharmaceutical wholesaling. What follows are some examples of data integrity issues I have seen in my role as a GDP inspector.
Does it matter?
As an inspector, when reviewing data I ask myself ''does this data matter (i.e. is it critical) and if so, can I trust what I see?''
When presented with a thermometer that indicates ambient storage ranges it is easy to cast doubt on a reading that shows the minimum temperature of 5oC and a maximum of 36oC. The possible explanations were easy to test. Was the thermometer calibrated? Did it show signs of damage? Did staff know how to use the device? I decided that the temperature monitoring was important in this case and I couldn’t trust the records. The thermometer turned out to be not calibrated and staff didn’t know how to use it.
Such outlying data is easy to spot, but when we are faced with data that looks within trend we are less likely to question whether it is valid; however, the integrity of data can be just as unreliable even though it all appears within the expected range. Poor quality of data is often unintended and may be due to poor training or use of poor equipment.
One example of intended falsification of data used a weakness in a process for re-palletising stock combined with lack of oversight by the owner of the stock. A trailer of medicines was delivered to a third-party warehouse to be re‑palletised from standard to smaller pallets and shipped onwards – the pallet number and total gross weight were now different. It was only when the pallets were broken down at Goods In at the final destination that shortages were identified with a couple of outers missing from each pallet. This may have been avoided or detected earlier if better data governance was applied by the stock owner, perhaps using stricter control of the process, having a witness for building the pallets and more detailed recording and review of records.
Data is critical if it has a direct bearing on patient health or GDP compliance and cannot be reconstructed. The extent of data governance should be commensurate with the level of criticality of the data and may take the form of higher level of data review, more through process design and more attention on addressing potential causes of poor data integrity e.g. poor equipment qualification and weak quality culture.
GDP computerised systems
The advance of computerised system and application development has enabled operators to carry out activities at an increasingly fast pace including flash transactions, sometimes without having sight of stock. The intention to use non-trackable software such as WhatsApp for quality-critical event reporting has been proposed by wholesalers – and refused on the grounds of not being capable to comply with DI requirements; however, the use of computerised systems is encouraged providing they are appropriately qualified and controlled, especially if they are bespoke to your organisation. The GxP Data Integrity guidance provides a lot of information on this topic.
The use of robots and electronic audit trails can lead to a false sense of security in relation to data integrity. The simple act of ensuring that stock is delivered to the right address can fail when an electronic proof of delivery signal cannot be picked up either in remote Africa or in mid-Wales and work-arounds are created. Additional problems of maintaining a full audit trail arises when stock changes from one organisation or department to another, for example delivery of a consignment through a network of third-party couriers leading to an incomplete document audit trail. Also, some couriers only retain their track and trace records for a few weeks before destroying them.
Where records are converted from one form to another, e.g. hard copy supplier invoices converted to pdf, or hard copy temperature records transcribed into an electronic record, then these should be confirmed as being accurate and complete by a person of appropriate seniority. This process should also be assessed for potential failure modes, for example when converting hard copy supplier invoices to pdf there may be more than one version of the document (same original but with different annotations on it). Both versions may therefore need to be retained. In addition, some double-sided documents may incorrectly be only scanned single-sided. Copying such documents can be tedious and is often delegated to an office junior, but the implications of not having a complete, accurate and legible set of scanned records will mean you will not be able to trace activities and will not comply with regulations.
Do you excel?
The use of spreadsheets deserves a special mention. I am a great advocate of spreadsheets for managing and presenting data, and their versatility and ease of use has led to wide application within GDP. When data contained within the spreadsheet cannot be reconstructed elsewhere and is essential to GDP activity then the data governance measures need to rigorous. There needs to be caution when number-rounding, converting from one unit of measure to another or from numbers to graphs.
If the spreadsheet has multiple users it may be impossible to ascertain who (Attributable) made an entry, whether entries have been over-written and replaced (permanent), and when the data entries had been made (Contemporaneous). If the spreadsheet is not version-controlled and managed as a controlled document, then there may be different versions in use (Original). Where formulae and other functions are used there is potential for these to be corrupted without being detected (Accurate).
Possible ways of gaining appropriate control include restricting the use of spreadsheets only for non-critical data and locking down cells or sheets within it so write access is restricted. Another potential solution is to use the spreadsheet to create a hard copy version which is version-controlled, approved and dated, locked down and managed as the controlled version. In this case it is the approved version that needs to be used as the working document, not the unapproved spreadsheet used to create it. this approach can be useful when data is not entered frequently such as a staff training matrix that may only be revised a few times each year or confirmation of supplier or customer authentication carried out every fortnight.
Where Macros or formulae are used within a spreadsheet these should be defined (e.g. within an operating procedure), tested for accuracy and protected against unauthorized changes. Confirming these are not corrupted should be part of regular data integrity review.
Whether it is hard copy or soft, having data and records you know are accurate and complete not only meets minimum GDP requirements, but surely is also the foundation with which to make sound and confident business decisions.
Don’t miss the next post, sign up to be notified by email when a new post is published on the Inspectorate blog