When good employees turn bad (or just sloppy) – controlling the 3 drivers for data integrity violations
Data Integrity Violations
Data Integrity violations or data errors can happen in 3 ways: fat finger errors (an accidental lapse by an operator), falsification (a rogue operator who enters false results) and fraud (collusion by a number of people). In this blog post, we’ll investigate how to reduce the risk of all three.
With the dramatic revelations of VW’s falsified vehicle emissions data, data integrity violations are a topical issue globally. GMP auditors have long focused on data integrity during audits and this focus is unlikely to diminish.
As a manager in a GMP facility, you are responsible and accountable for data integrity. If a regulator detects data integrity violations at your facility, then it will take a long time and a lot of work to regain that broken trust.
It’s Management that has the ultimate responsibility for ensuring the effectiveness of a production quality system (PQS). This can only be achieved with proper design, the application of QRM principles and the training of your staff.
Where to start? Think MOM
To reduce the risk of data integrity violations, think MOM – Motive, Opportunity and Means. Let’s discuss each of these.
The motive to commit a data integrity violation can come from a number of sources. Often it’s that drive to reach production targets and get product out the door that can lead to disastrous unintentional consequences.
It could also be a lack of resources, so staff are rushed and make mistakes. It could be due to personal issues for staff as such a crisis at home or a health issue. One statistic published a few years ago claimed that 25% of all products recalled in the US were batches released in the last 3 days of a quarter. If you have ever worked for a US owned company with their strong quarterly focus, you will understand how may happen!
‘Motive’ is possibly the hardest driver of data integrity violations to detect and design out. Procedural controls, a data integrity SOP and ethics training are all key. An open and forgiving organisational culture where errors, slips or falsification can be reported without fear of retribution is also important.
Opportunities for data integrity errors can be controlled, but must be balanced with the practicalities of staff requiring access to perform their duties.
Auditors often see staff using a single log on (with the password written on a Post It note beside the terminal for handy reference!), a lack of group access policies with monitoring and enforcement is also common.
Any computer system with GMP implications should have access level rules established and enforced. These rules should define staff roles, responsibilities and authorities, including those required for effective data governance programmes. Leadership is essential to establish and maintain a company-wide commitment to data reliability as an essential element of the production quality system (PQS). Managers in the organisation should demonstrate good data integrity and recognise it through regular Gemba walks.
The means to change or falsify data is perhaps the easiest to control. Technical controls such preventing operators from making time and date changes (on any equipment), removing the Windows snipping tool (the electronic equivalent of White Out), not allowing any PDF editing tools, and preventing analysts from deleting files are all easy to implement.
Taking a pragmatic approach
It’s important not to become too over-zealous with your approach to data integrity. It’s easy to think that you have to implement a ‘police-state’ where you can’t trust anyone to do the right thing.
A much better approach is a pragmatic one: Write and train on a few key policies and procedures, encourage your leadership team to walk the talk, and train your critical thinkers to design robust processes or workflows.
When designing these processes or workflows, sensible productivity opportunities will be identified and adopted, balancing risk. Part of that process is assessing the criticality of the data associated with each process. Data in laboratory or manufacturing records is critical as this directly affects the product release quality control test results. Make your effort to prevent data integrity violations proportional to the risk – so spend your time working to improve data integrity within your laboratory and manufacturing processes, not your say environmental logging.
When reviewing and designing a process which generates critical data, you should try to design people out of the process. GMP requires a continuous improvement culture, so you should routinely critically examine all your business processes, not only for business risk and process efficiency, but also to remove data integrity violation opportunities.
Data Integrity Training
Since last year’s GMP and Validation Forum where PharmOut hosted one of the world’s leading experts in this area, Sion Wyn, we have been working hard on developing a practical in the trenches experiences Data Integrity Training Course to be held in Melbourne and Sydney.
Data integrity, Quality Metrics, Continuous Product Quality Review and other industry hot topics will be discussed in detail at this year’s 2016 GMP and Validation Forum.