Data Integrity

General Overview

Dr. Carmelo Rosa

Director Division of Drug Quality I
September 5, 2018
Baltimore, MD
 DISCLAIMER: The views and opinions expressed in this presentation are those of the
authors and do not necessarily represent official policy or position of the Food and Drug
Administration

www.fda.gov 2
 Objectives
• Present a general picture of the concept of data
integrity
• Discuss the US FDA’s expectation regarding data
integrity
• Examples of WLs citing breaches of DI
• Examples of EU Non-Conformance Reports due
to breaches of DI found
• Discuss the do’s and don’ts and questions to be
answered when breaches in data integrity is
found by regulators or self identified
www.fda.gov 3
 Data Integrity (DI) Again?
• DI has been a hot topic for the past 5 years,
but it’s not a new issue for regulators or
industry.
• DI discussion has generated more questions
than answers about what is a breach in the
integrity of data and what is not.
• The high number of DI findings has resulted in
publications of guidance documents.
• DI breaches may be CGMP violations.

www.fda.gov 4
 What is Data Integrity?
• Degree to which the data is complete, consistent, accurate,
trustworthy, and reliable, and that these characteristics of data
are maintained throughout the data lifecycle. The data should
be collected and maintained in a secure manner, such that they
are attributable, legible, contemporaneously recorded, original
or a true copy and accurate.
• Assuring data integrity requires appropriate quality unit and risk
management systems, including adherence to sound scientific
principals and good documentation practices.

WHO Annex 5, Guidance on Good Data and Record Management

www.fda.gov 5

What is Data Integrity?
Back to Basics:
Data integrity ‒ requirements
for complete, consistent, and
accurate data.
The concept of data integrity
underpins CGMP.
Applies to CGMP and Good
Clinical Practice (ICH E6).
www.fda.gov
ALCOA
ATTRIBUTABLE-traceable to
a unique person
LEGIBLE-no pencil, no
correction, no liquid fluid, no hidden
field that won’t allow access, no
deletion, overwriting
CONTEMPORANEOUS no
backdating, no prefilling, date and
time
ORIGINAL or true copy-in paper
world (analytical worksheet); e-world
(FTIR-spectra, injection sequence,
electronic backup copy of the source
TF-IR spectra file, compare to the
original electronic data confirming
ALL metadata is in the electronic
copy set.
ACCURATE- verification and
confirmation through QMS 6
 Problem Statement
“Testing into compliance,” data manipulation,
data deletion/record destruction, misreporting,
disregarding failing and/or questionable results,
all leading to possible breaches in the integrity
of critical data, has become one of the most
important and relevant topics currently
discussed by industry and regulators from
around the world.

www.fda.gov 7
 Basic Principles

• A breach in data integrity is a

fundamental failure of the Quality
System.

www.fda.gov 8
 DI: Reflection of a Firm’s
Quality System Maturity
Level 4: Routinely acts preventively as described in level
3. Fully institutionalizes and reinforces (rewards) a
vigilant culture that makes lasting manufacturing & 4
system improvements.
3
Level 3: More proactive. Increasingly detects emerging
adverse trends, surfaces major issues, and makes 2
meaningful manufacturing & system improvements.
1

Level 2: Nearly always reactive, but there is willingness

to change. Patchwork corrections are the norm.

Level 1: Small problems ultimately snowball into larger

ones, and management becomes aware only when there
is a crisis.
www.fda.gov 9
 Data Integrity: Not a New Concept
Principles from the paper-and-ink era still apply:
• 21 CFR § 211.68 requires that backup data are exact and
complete, and secure from alteration, inadvertent erasures, or
loss
• § 212.110(b) requires that data be stored to prevent
deterioration or loss
• §§ 211.100 and 211.160 require that certain activities be
documented at the time of performance and that laboratory
controls be scientifically sound
• § 211.180 requires true copies or other accurate reproductions
of the original records; and
• §§ 211.188, 211.194, and 212.60(g) require complete
information, complete data derived from all tests, complete
record of all data, and complete records of all tests performed.
www.fda.gov 10
 When may FDA Issue an Import Alert,
Warning Letter, Injunction, etc.?

• Significant or systemic CGMP violations

or deviations that could result in a drug
quality defect with potential adverse
patient health consequences;
• Repeat violations or deviations;
• Refusal or delay of an inspection; or
• Significant data integrity violations or
deviations

www.fda.gov 11
 Enforcement and Advisory Tools

2018 Enforcement and

Advisory Actions

Jan 1 to June 30 , 2018

Excludes pharmacy compounding-related
actions
www.fda.gov 12
 U.S. FDA Warning Letters Related to DI
Issues

• Period: 10/2012 to 07/2018

• WLs issued related to DI deficiencies: 111
– DI issues related to production only: 16
– DI issues related to laboratory only: 65
– DI issues related to production and laboratory: 30

www.fda.gov 13
 U.S. FDA WLs – DI issues related to production
activities API vs. FDP

1/2012- 7/2018
www.fda.gov 14
 Europe Reg. Authorities NCRs with DI Issues

NCRs Evaluated NCRs with Data Integrity Issues

156 77

Approx. 49% of Europe Agencies Non

Compliance Reports, had DI issues

www.fda.gov 15
14 EU Non-Compliance Reports
12
by System & Year
10

0
2012 2013 2014 2015 2016 2017 2018

Laboratory Manufactoring Manufactoring/Laboratory

Manufactoring/Quality Quality Refused Inspection
Manufactoring QS
 Non-Compliance Inspection Reports with Data Integrity
(Falsification) Issues

Data Source:
http://eudragmdp.eudra.org/inspections/gmpc/searchGMPNonCo
mpliance.do; Search: 1/1/12 to 8/16/18 (Include withdrawn
documents)
www.fda.gov 17
 Falsification Rate in Inspection Types (Non-Compliance Reports)

Manufacturing & Manufacturing

Lab, 35% Manufacturing,
43% Laboratory
Manufacturing & Lab

Laboratory, 12%

Europe Non Compliance Reports Evaluated Period 1/1/12 to

8/16/18

www.fda.gov 18
 What Regulators
Find Is Truly The
Tip of Iceberg
CGMP ‒ “minimum”
requirements
Data integrity underpins
basic CGMP principals
Breaches of DI are
observed in the U.S.,
China, India, Europe,
around the world
www.fda.gov http://khongthe.com/wallpapers/nature/tip-of-the-iceberg-90839.jpg 19
 Common Terminology When Data
Integrity is Found

• Falsification of data
• Alteration of data and events
• Misleading information,
statements or facts
• Misrepresentation of what
really happened
• Untruthful statements
• Deceit
• Forgery
www.fda.gov 20
 Common Terminology When Data
Integrity is Found

• Releasing failing product as if they had passed

• Testing into compliance
• Not saving electronic or hard copy data that
would confirm the failing results
• Making up microbiological test (EM) results
• Question – Why would firms tolerate this
behavior?

www.fda.gov 21
 Data Integrity Failure Examples

– Lack of controlled access to computer systems

– “Trial” HPLC injections outside a quality structure
– Deleted data
– Not recording activities contemporaneously
– Backdating
– Fabricating data
– Copying existing data as new data
– Discarding or deleting results with no justification and
re-running/retesting samples to present better results

www.fda.gov 22
 Why Data Integrity Matters
▪ DI is the foundation of pharmaceutical quality
▪ Breach in DI (records/electronic) erodes
confidence/breaks trust of regulator and public.
▪ FDA CGMP surveillance inspections are usually
focused to determine adherence to CGMP, not
to verify all data. Changing due to recent
events.

23
www.fda.gov 23
 Why Data Integrity Matters
Data integrity breaches cast doubt on all results and records.
• When we find firms making up microbiological data during
inspection, can/should we trust what we see during an
inspection?
• When DI practices are found, will retesting be sufficient to
overcome the breach and assure products released are
within specifications, safe, and effective?
• Is the data submitted to support pending or approved drug
applications, and used to release batches, reliable, truthful,
accurate, original?
• Can we be confident in providing these drugs to our
patients?

www.fda.gov 24
 Why Data Integrity Matters
“…the term ‘current good manufacturing practice’
includes the implementation of oversight and
controls over the manufacture of drugs to ensure
quality, including managing the risk of and
establishing the safety of raw materials, materials
used in the manufacturing of drugs, and finished
drug products.”

Food and Drug Administration Safety and Innovation Act, Sec. 711
Enhancing the Safety and Quality of the Drug Supply

www.fda.gov 25
 Why Data Integrity Matters

Drug can be deemed adulterated under section

501(a)(2)(B) of the FD&C Act because data integrity
breach is a violation of CGMP.
– Under U.S. law, adulterated drug is subject to
detention.
– Generally, significant CGMP issues require re-
inspection.
– Firms must fix problems and be re-inspected.

www.fda.gov 26
 Who is Responsible
for the Integrity of
the Data ?

www.fda.gov 27
 Everyone involved in the “manufacturing” is
responsible for assuring the integrity of the data.
“What you see, hear and say matters” Otherwise,
we are silent conspirators.

www.fda.gov 28
 Factors That May Be Associated With DI
Problems
1. Production-first business model (driven by
economic pressure), where allocating
resources and robust systems to predict,
prevent, and detect DI issues are not a priority.
2. More CMOs manufacturing and testing of
drugs occurring under different quality
systems, where often the owner or sponsor of
the drug has little control, oversight, or access
to the contracted operations.

www.fda.gov 29
 Factors That May Be Associated With DI
Problems
3. Incorporation of new technology, software, and
systems without the appropriate understanding
of the gaps and challenges, and risk-based
controls needed to prevent and detect DI
practices.
4. Deficient or immature quality system.
5. Systems and SOPs are outdated, little training
and oversight by QA/QC, complacent approach.

www.fda.gov 30
 Factors That May Be Associated With DI
Problems

6. Complex supply chain/more globalization.

7. Firms relying on regulators to serve as
QU to find the problems.

www.fda.gov 31
 “Regulatory Significance Considerations”
General Considerations During Review of DI Cases:

❖ Impact of the CGMP violations/deviations on the product

attributes (drug quality, released, pending/approved
applications);
❖ Associated risk of the substandard product or deficiency to the
patient;
❖ Clinical significance;
❖ Batches released, submitted to support drug approved and
pending applications;
❖ Firm’s compliance history (e.g., a history of serious
deficiencies, or failure to prevent the recurrence of violations),
showing pervasive behavior;

32
www.fda.gov 32
 “Regulatory Significance Considerations”
❖Nature of the violation (e.g., was the firm aware of the DI
issues & failed to correct, or were they discovered by
FDA and the firms was unaware);
❖Was it an inadvertent or minor error ? (e.g., mathematical
calculation error and does it have a significant impact on
product quality);
❖Severity, likelihood of harm, affected product in market;
❖State of control (pattern or single instance, how do you
know);

www.fda.gov 33
 “Regulatory Significance Considerations”
❖ How does a firm mitigate the impact of a deficiency?
❖ Has the firm voluntarily corrected and prevented recurrence?
❖ Assessment of scope and extent of the problems
❖ Can the firm detect or prevent future problems?
❖ Has the firm addressed the issue in a systemic or global manner?
Have similar violations been cited at other sites?

www.fda.gov 34
Four contact slides with uncounted colonies found in the
waste bin.

Contact slides from Grade B area (e.g., aseptic corridor for autoclave; gown
hood of the cleanroom) retrieved from waste bins.
35
 A Picture Tells a Thousand Words!

www.fda.gov 36
Sterility test data sheets dated January 20, 2016,
found in a waste bin.

37
 FDA compliance information online:
www.fda.gov/AboutFDA/CentersOffices/Of
ficeofMedicalProductsandTobacco/CDER/u
cm081992.htm

www.fda.gov 38
 Acknowledgements
• Rick Friedman, Deputy Director, Office of
Manufacturing Quality, Office of Compliance, CDER
• Rebecca Parrilla, Senior Policy Advisor, Office of
Manufacturing Quality/Division of Drug Quality I/
Branch 2/Office of Compliance, CDER
• Brooke Higgins, Senior Policy Advisor
Office of Manufacturing Quality/Division of Drug
Quality I, Branch 2, CDER
• Justin Boyd, CSO-Investigator, CBER

www.fda.gov 39