DATA INTEGRITY A Learning Curve
Rashida Najmi, Sr VP Global Quality, Regulatory and Pharmacovigilance, Piramal Enterprises Ltd.
Dear friends and fellow professionals in the pharmaceutical community…
Data Integrity – these two words, in the recent past, have impacted companies, personnel and investors – damaging the perception of ‘Brand India’. Having pursued my career as a quality professional for over 3 decades and having closely tracked the regulatory space, I would like to present my views on this challenge that ‘Brand India’ is facing, and the steep learning curve that India based firms are going through, as they seek to overcome this challenge. Over the past few years I have observed a change in mindset, with Indian firms willing to acknowledge the problem, a crucial first step before developing a solution. I would like to state that these are my views only and respectfully acknowledge that there could be alternate perspectives on this issue. India is not yet at the finish line, but in my view, in a better position than before. The views captured here are not only centered on India but apply to the pharmaceutical industry in general.
India plays a leading role in pharmaceutical imports to the West, supporting the entire drug value chain: from discovery through development, commercial manufacturing of New Chemical Entities, and finally life cycle management and supply of generic drugs. India has also been instrumental in improving affordability and acce-ssibility of medicines, world-wide. The dependence on Indian pharmaceutical firms, especially the US, places the US regulatory agency – FDA in the onerous position of ensuring that all medicines from India, meant for public consumption in US are safe and efficacious as claimed. Let us also not forget that the FDA bases a lot of its decisions on the data that a company submits: therefore, when there is doubt on any data observed by the FDA during a site audit, it leads to the whole dossier being questioned. I have had some candid discussions with FDA inspectors over the years, and can vouch that there is little interest in identifying data integrity concerns if they do not exist. But, in my personal experience, the agency will like you to earn their trust: they will put you at scrutiny at first until they are confident about your company’s quality culture, ethics, systems, and personnel.
When the noise around ‘Data Integrity Issue in India’ reached a crescendo in 2014, some of the firms in India went into ‘denial mode’, with a view that the FDA have been unfair and were ‘targeting’ the said firms. I did not (and do not) subscribe to this view. Based on my discussions with the regulatory agency, it is my belief that FDA was interested in ensuring that the right protocols were being followed, and their initial experience in India, did not provide them with that comfort. Things have changed a lot since then, and I am pleased to see that both, the companies, and the regulators are working together to address this issue. The results in the past year have demonstrated the significant strides the Indian life sciences industry has made towards compliance and quality.
The concern around data integrity at most companies – not only on the ones based out of India – is intermingled with the cultural background of personnel on the shop floor, lack of awareness on the regulations around data security, and finally, a lack of design control to prevent such issues. In geographies with monarchial legacy, people are used to following orders without questioning if they are right. In countries where the personnel come from this lineage, the cultural values dictate that saying ‘no’ to their manager is considered disrespectful, and hence such companies thrive on the value system of the leader. Hence, there is a real concern in companies that culturally fit the description above, and where management choose to cut corners to achieve business goals. In addition, some of these companies have low tolerance for people that voice their concerns, and that prevents employees from owning up to errors and resorting to data manipulation to save their jobs.
Let us look at some other practices – all of us who have studied in the eastern world can relate to some of the practices followed by us when we were in school. There is a rough book and then there is a fair copy. During live lectures, notes are taken in a rough book as it may have corrections and mistakes. The notes are then copied again in the fair book excluding the mistakes such that the fair copy is clean. The fair copy is submitted for endorsement by the teacher and grades are allocated for neatness. Employees who grew up with this concept struggle with concomitant recording and they write on a sheet of paper or back side of label etc., and then later transcribe onto a batch record. The intent at times is not to change the data but to enter the data ‘neatly’; however this is not acceptable within the ALCOA principles.
In certain countries, there is a trend of asking one’s team member to do one’s own work by delegation. This goes to the extent of delegating authority to use one’s password at workplace without knowing the implication of this act. Managers reveal their password to their juniors to perform electronic reviews and approval. The realization that this is the equivalent of giving someone else the authority to sign your bank checks comes in much later. The fact is that your password stands for your signature and is legally binding and represents ‘you’- any issues that come up will need to be hence addressed by ‘you’. Language barrier add an additional layer of complexity to the data integrity situation. English not being the native language, employees are sometimes not eloquent enough to address questions to the satisfaction of the regulatory inspector.
Several instances of data integrity concerns reported globally have similar causes. Let us look at a few:
- Lack of willingness to spend on compliance needs. Eventually, ends up spending ten times the amount to hire international consultants for remediation once the firm is in data integrity turmoil.
- Resource constraints leading to inadequate staffing in quality divisions.
- Lack of independence of quality division. Many firms have their quality control reporting into operations. Quality control is the final safety net for the product before it steps out and most patient safety decisions by QA are based on the data that QC generates.
- Quality is the responsibility of Quality function and not a company-wide culture.
- Lack of top management commitment to quality.
- Lack of interest from the leadership on regulatory inspections, its readiness and its outcome.
- Quality function is pushed to take decisions in favor of meeting business numbers instead of compliance.
- Quality is not a collective responsibility in the organization.
- Not spending in hiring a competent quality team. Your quality leaders must understand regulations well as they will interpret and execute the standards as expected.
- Build lots of circles of policing and reviews rather than invest in building a culture of compliance and integrity.
- Common culture of backdating like meeting agenda, meeting minutes, circulars, secretarial papers etc slowly seeps into the company’s culture and eventually into quality system documents as well.
- Low spend on electronic system and automation, which are key to real time recording and data integrity.
- Low tolerance to accept shop floor errors.
Our research has shown that firms that run into issues of warning letter and import bans weaken their brand, lose investor and customer confidence, and hence take a significant hit to their market share and revenues. It also takes a long time (if at all) to regain the trust that is lost, with investors, customers and regulators. It is our view that companies look at their internal structures, systems, people and culture to address the issues above. The time spent is worth the benefit that can be achieved.
How do we avoid occurrence of data integrity issues?
First and foremost is ‘Quality Ownership’ at all levels in the company from Chairman, Board and CEO to the shop floor personnel. The Head of Quality cannot by himself/herself drive data integrity or the Quality culture. Senior Management must ensure that quality team is not pressurized to take steps that compromise Quality and Compliance for business needs. The time spent by top leaders in quality reviews, in discussing quality issues if any, sets the tone on how leadership views quality and compliance, which then cascades all the way down leading to a healthy quality culture. At Piramal, for example, our CEO emphasizes that Quality is a collective responsibility and incorporates Quality into the goals of all employees within the organization.
Another crucial aspect is autonomy of quality function and its independence from business. The Head of Quality must be empowered to push back, as needed, when he/she feels that compliance may be compromised, without the fear of business impact. It is important to hire a competent quality leader and team who can hold custody for quality and orchestrate your quality band so that it is synchronous and does not miss a beat. I feel that it is important to have a strong in house quality group rather than external consultants. Consultants can play a key role in identifying gaps in your Quality structure, but I would not recommend that you transfer ownership of Quality in your company to a consultant.
I would highly recommend doing what is right for the longer term, than because it is dictated by regulatory guidance. If you do the right thing it will be acceptable by all regulatory standards. This brings me to the quality culture and quality health. Your company should have a culture of compliance and continuous improvement. This is a key role of company’s quality group and will put you ahead of any regulatory mandate as and when they are released with exception of specific ones that come as a regulation due to knowledge of FDA on a global level.
Embrace a culture of accepting mistakes and allow people to own up to their errors. This will prevent manipulation due to fear of retribution. I recommend that this be explicitly communicated to operators, chemists, and technical teams. This will be your answer to preventing several on the floor data alterations. Do also keep in mind that it is important to provide adequate training on data integrity (ALCOA) to all concerned.
As an organization, abandon any practice which is not acceptable to integrity of data. Say goodbye to backdating signatures even for administrative documents. Delays may occur but not compromising the process will bring long term benefits. Inculcate a practice of preserving the original copy with the right explanation if there is a need to reproduce. Do not share your password. When your staff observe such practices from leaders it automatically flows down to the shop floor.
Respecting your quality division and resourcing it appropriately is important. Most of the times, role played by the quality team is not acknowledge by most companies unless there is a citation of non-compliance. Acknowledge them when everything is going right because they are doing their job well with support from other functions. Your quality team are torch bearers that collectively drive quality in the right direction. It is essential to have a high performing and competent quality team. Do not micro-manage, but hire right, train right, and then empower them to drive the culture.
Procedures and systems within the organization must not be overly complicated. Strive to have simple and easy to execute systems. Make your forms user friendly. Include visual management and mistake proofing in your forms whether paper based or electronic. Provide prompt and easy detection of error so that investigation can be prompt. I am a strong believer of a concurrent batch review by quality and quality on floor. Phase your batch record at logical cut-offs and have QA presence on shop floor to review it phase by phase. This helps fixing issues in parallel and enables faster batch release. Concerns if any on data integrity can be identified, investigated and resolved promptly. Inculcate into your leaders the need to make rounds into the shop floor while it is in operation: this build connections with personnel, respect, and also make the leaders aware of the ongoing challenges in a manufacturing environment.
All organizations that strive for a strong quality track record must also budget sufficiently for compliance. The cost of poor compliance is onerous and sucks you into a whirlpool of issues. Spending what is legitimate is important to keep up your compliance with the latest requirement. Invest on IT tools for compliance, helps constant reminders for outstanding items and timely closure, and has data integrity controls. Most importantly, make your employees aware of importance of person based IT access and its significance.
Do not neglect your compliance dashboard in rush to put batches out of the door. Keep healthy traction on investigation, aberration closures, internal audits, annual product reviews, management meetings etc. This is a silent killer and once derailed is difficult to recover and may tempt people on data integrity manipulation for no real reasons.
The most imperative in my opinion is judging your company’s quality health. It should not be left to feeling or sense. Convert this intangible parameter to a tangible measurement. This is highly essential to channelize your effort and time towards the site that needs it the most. Develop internal tool to measure this. Run several trials to validate, so that it is not misdirecting. For quality leads, responsible for several facilities, this will serve as an important tool to prioritize their band width. A focused audit and remediation on data integrity for a particular site based on this knowledge could be a plan of action.
Keep close watch on the regulatory landscape. In past few years it has been extremely dynamic. Do not miss tracking all the draft guidance to enable proactive compliance. A lot has and is happening on data integrity requirement as well recently, requiring involvement of management and extending data integrity governance on the suppliers.
Be proactive while recruiting and assessing personnel. A culture of integrity begins with the right hire. Conduct extensive reference and back ground checks for key roles. Introduce them to your data integrity policy and bring up awareness during induction and on boarding. Do not be tolerant to individuals who may have compromised compliance, however good they are otherwise. Set the right precedence. We have a white paper in our organization which explains the steps to be taken by the facility if they identify perceived data integrity concerns. There is an option to go for forensic inspection by a third party for data integrity issues as well. It is crucial to address concerns early and prevent them from taking root. Institute reward or recognition for people who demonstrate your company values. At Piramal, we have a top level award for a person who practices our values in his/her work life.
I wish to conclude my thoughts here, and sincerely hope that these will provide with some pointers as you strive to build a culture of data integrity within your organization. Let us aim to move the needle of Quality from “Compliance to Culture”.
Will be happy to answer questions, feel free to write at Rashida.firstname.lastname@example.org
The author Rashida Najmi is senior vice president in a leading global role for all Piramal Enterprises pharma businesses. She heads the Quality for 13 Piramal sites located in North America, UK, EU and India. She is also responsible for oversight of the CMO locations. She has been with Piramal for the past 12 years and have been successful in setting an exemplary trend of Quality record. She possesses 30 years of total experience in the pharmaceutical quality field.