Dealing with the data integrity dilemma


The Indian pharmaceutical sector has been growing exponentially over the last few years. According to India Brand Equity Foundation (IBEF), it accounts for close to 2.4% of the global market in terms of value terms and 10% in terms of volume. IBEF also states that the sector is expected to grow at a Compound Annual Growth Rate (CAGR) of 15.92% to US$ 55 billion by 2020 from US$ 20 billion in 2015.

While there are several growth opportunities, the pharma sector has its own set of challenges. These include increased regulations, mergers and acquisitions, push toward harmonization and data integrity issues. Data integrity has emerged as a leading cause for concern.

All pharmaceutical companies are required to maintain data records for the drugs manufactured by them. These data records can be in electronic and paper formats or in combination. Data integrity asserts that data records should demonstrate that the product manufactured by an organization is of required quality and safe for consumption. Data integrity is mandatory (under applicable regulatory requirements) for the pharmaceutical industry, as decisions regarding quality, safety, purity and compliance are made basis the data recorded and reported.

Regulatory coverage of data integrity

Regulatory authorities such as US Food and Drug Administration (US FDA), UK’s Medicines and Healthcare Products Regulatory Agency (MHRA), Health Canada and others have strict provisions around maintaining data integrity in companies. The MHRA guidance on data integrity is gaining momentum and has seen increased inspections by regulators, making quality compliance an utmost priority for pharmaceutical organizations. Schedule L1 of the Drugs and Cosmetics Act, 1945 in India also mandates pharmaceutical organizations operating in India to adhere to data integrity and security. Strict action is taken against errant companies for non-compliance with the respective laws of the land. For instance, for companies that are unable to comply with Good Manufacturing Practices (GMP), regulators have the authority to issue observational letters such as Warning Letters, Statement of Non-Compliance and Form 483.

Media reports and regulatory websites have indicated that many regulators have signed confidentiality agreements, enabling them to share confidential (non-public) information about drug products or inspections. These include data integrity concerns, i.e., the transfer of information from one regulator to another for the purpose of providing assistance in conducting inspections. In addition, it may lead to them taking regulatory action on the basis of a previous regulator’s inspectional observations. The result could potentially be a domino effect of sanctions and product recalls.

Making the wrong moves?

A glance at some of the recent observational letters such as Form 483, warning letter and statement of non-compliance issued by various regulators indicate the widespread nature of data integrity issues. While the majority of these were highlighted in Quality Control (QC), they were also seen in other departments such as manufacturing, quality assurance and regulatory.

For instance, a partially filled QC test data sheet or pre-filling of room temperature may be perceived as human error or lethargy. However, global regulators have stern views and state that lack of data integrity is commonly a case of “just fraud”. There have been many public reports indicating an increased number of warning letters on data integrity and non-compliance issued to pharmaceutical companies in India by regulators. The issues range from failure to record ongoing activities and backdating documents to trial runs (or conducting tests till the product is compliant) and data manipulation.

Taking the right steps for sound business practices

Breach of data integrity could have an adverse reputational and business loss, which may result in devaluation of stock prices and market share. Hence, organizations need to build and drive a culture of ethics and quality compliance that should be led by the senior management. Employees should also be taken through training programs emphasizing on the importance and requirements of data integrity. The MHRA guidance on data integrity also addresses the importance of staff training on data integrity principles and the role of senior management in mitigating the potential risk to data integrity.

With regulators’ increased focus on quality and compliance, the remedy for organizations is to get proactive in their approach and conduct regular data integrity reviews. These will help identify potential data integrity gaps. Companies can use this information to design and implement effective corrective and preventive action plans. Timely and proactive efforts to achieve quality compliance will further mitigate the risk of quality problems.

Follow @EY_India and track #EYForensic for regular updates

One thought on “Dealing with the data integrity dilemma

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.