Data Integrity is not a new requirement in medical device and pharmaceutical industries – it features heavily in Chapter 4 of the EU GMP, GAMP5 Guidelines and in 21 CFR Part 11, published back in 1997, calls for companies “…to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records, and to ensure that the signer cannot readily repudiate the signed record as not genuine”.

However recently the issue of data integrity in these industries is becoming a hot topic among regulators – in particular in Europe and North America. The FDA issued 74 warning letters with findings on data integrity issues between January 2014 and January 2016. Although some of the issues were not deliberate there were many intentional manipulations with backdating of documents, the destruction of original data and unrecorded deviations among the discoveries.

Heightened concern about the quality of data has been reflected in the number of new guidelines on data integrity being issued by the worlds’ leading regulatory bodies. In 2016 alone new and proposed guidelines have been published by the United States Food and Drug Administration (FDA), World Health Organization (WHO), European Medicines Agency (EMA) Pharmaceutical Inspection Co-operation Scheme (PIC/S) and the Medical Healthcare Regulatory Agency (MHRA) in the UK. In March 2017 the International Society of Pharmaceutical Engineering have issued a new GAMP guide on Records and Data Integrity. These guidelines have been issued in an attempt to remove any ambiguity regarding the levels of data integrity expected from pharmaceutical manufacturers and suppliers to ensure required product quality.

Data Integrity refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate.

The acronym ALCOA+ defines the framework required to achieve and maintain data integrity. You can save our quick reference guide with the Data Integrity fundamentals ALCOA + below:

We will explain each requirement in more detail :

Attributable

Data and records must be linked to the unique individual who produced the record or data. Details should contain who performed an action or created a record in addition to the time of the activity.

Traditionally with paper records this detail is captured by the user signing and dating the document. With electronic records each user must have their own separate account for their exclusive use. It is also imperative that the companies’ data governance policies ensure that computer accounts are only accessed by the authorised user otherwise this will compromise the organisations ability to trace a record to its creator – this could be considered a breach of data integrity guidelines and may result in criminal exposure.

Individuals that sign must understand what they are signing for, understand what their signature means and the implications associated with their signatures. Whether the signature is electronic or handwritten it should be unique to each individual and signing someone else’s name or initials is considered fraud.

Legible

If a record cannot be read or understood by eye or electronically it is worthless. Each record must be readable and retained in a permanent format.  A second person review is often used as a means of  highlighting any ambiguities.

For paper records this would mean that no pencil or correction fluid should be used – only indelible ink and changes should be crossed out, initialled and dated. The paper records should be retained and archived. Electronic records should include (but not limited to) enforced saving, no deletion, hidden and voided records must be visible and changes should be captured in the Audit Trail. Back-up and archival procedures should be implemented and followed.

Contemporaneous

This means that the actions, decisions, results, measurements or data should be recorded as they take place.

For paper based records this means no back dating or pre-completion of records. Accuracy of records may be compromised by delaying completing records until the end of the day. Electronic records must be saved immediately after the data is entered, modified or deleted. It should be accompanied by a date and time stamp and should flow in order of execution. Data should never be back dated.

Original

All records and data must be in the same format it was originally generated. Data should be entered directly into the computer system or recorded directly onto the document to reduce errors when transferring information from one document or system to another.

Accurate

The data and records must reflect what happened. They should be complete, truthful and free from errors. All changes should be dated and signed by the person making the change and amendments should be explained.

+ Complete Information critical to recreating the event

Data or records must contain complete information to enable the recreation of the event. This would include any repeat analysis. If everything is not documented or disclosed it will undermine the confidence in the record or data reliability.

+ Consistent Good Documentation Practices including capturing changes made

You should be consistent with Good Documentation Practices and the sequence of events should be completed in a logical order and all date and time stamps should be in the correct sequence. All apparatus that produce date and time stamps should be synchronised.

+ Available Records can be reviewed at any time during period

All records should be readily available for inspection, audit and review for the lifetime of the document.

+ Enduring Record exists for the entire period needed

The record and data must exist for the entire period needed. Electronic data must be easily retrievable even if technologies advance.

At Dataworks our highly skilled CSV & Software Engineers provide a full range of Data Integrity services as part of our offering including: Data Integrity assessments, remediation software and validation services.

Contact Us today if you would like to learn more about Data Integrity and our services in this area.