A Summary of the New MHRA ‘GXP’ Data Integrity Guidance and Definitions – March 2018

A Summary of the New MHRA ‘GXP’ Data Integrity Guidance and Definitions – March 2018

For over 20 years, there have been Health Authority regulations governing the use of Electronic Records and Electronic Signatures (eReS) for GxP purposes. These regulations (the US part 11, the EU Annex 11, and their ilk globally) are arguably among the most elegant, concise, and consistent across jurisdictions (with differences mostly limited to context and emphasis rather than substance).

That being said, there has been a considerable amount of confusion in interpreting and applying the eReS regulations as both the Regulators and those in Industry have evolved their understanding of these regulations as the various guidance documents have emerged, been rescinded, revised, re-issued, clarified, etc.

This latest guidance document (which can and should be read in its entirety here (21 pages): https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/687246/MHR), is very mature in its outlook and takes what has come before and builds upon it. The result adds a huge amount of clarity by specifically expounding on the general theme “This what we want, yes it means exactly that, and yes we understand the practical considerations and resource impact of what we want”.

Some key items in the guidance include:

• Its application is intended across all GxP areas (Excepting Medical Devices – which I found interesting)
• The principles of data integrity (which are separate from those of data quality) are meant to be adaptable, and are designed to evolve with Technology and promote a risk-based approach.
• The non-technical aspects of data integrity are addressed, including the organizational responsibility to create a culture and environment (controls) that ensures that data is complete, consistent, and accurate in all forms (They focus on the oft neglected idea that PEOPLE are part of the process).
• They revisit both ALOCA and ALCOA+ (Attributable, Legible, Contemporaneous, Original, and Accurate + Complete, Consistent, Enduring, and Available. They go on to clarify that these two acronyms are differing ways of explaining the same expectations.
• Differing paper, electronic, hybrid scenarios are discussed as are the ideas around Risk, Risk mitigation, and documentation around both. Warnings are made about poor organizational controls and the over-reliance on a system’s validated state.
• Challenges and considerations around designing data processes and controls are discussed in some detail.
• Key definitions are explained in some detail for: Data, ALCOA, Raw = Source Data, Metadata, Data Integrity, Data Governance, Data Lifecycle, Recording & collection of data, Data transfer & migration, Data Processing, Data Exclusion, True Copy, Transactional data, Audit Trail, Reconstructability, Electronic Signatures, Data review and approval, Data Retention/Backup/Archival, System Access, the Admin Role, Validation, and IT Suppliers including Cloud providers).

~TJK

Advertisement

New Proposed Auditing Course: Considerations for an eData Quality Audit Program

We’ve submitted this course proposal for the April SQA Quality College in Anaheim. Feedback has been good, but even if it isn’t picked up for this venue…it will eventually happen *somewhere*:

Instructors: Timothy J. Kuhn and Conrad Kawaguchi

Target Audience: Seasoned Auditors with little eData/CSV experience or CSV professionals with little auditing experience.

 Course Objectives

• Establish and differentiate between the eData Audit Function and the Operational CSV Quality Roles.

• List the considerations for the GxP eData Audit Program (Contributing to other GxP Audits, Independent Focused Data Integrity Audits, etc.)

• Explore the various roles that the eData Auditor may serve as part of an audit (SME, Co-Auditor, Audit Lead)

• Define and list the desired skill set for the eData Audit Team

• Break down the various types of audits and risk areas for each: GLP Labs, Central Clinical Labs, Central Readers (eCG, Imaging, etc.), ePRO (Electronic Patient Reported Outcomes – AKA Diaries), Acquisition Due Diligence, GMP Manufacturing Sites and Vendors, PV, eSystem Validation, Databases, IT Infrastructure, Cloud Providers, Software Providers, SaaS vendors, Pharma, Device, Combo Product, and others.

Course Description: Electronic Data (eData) is pervasive in the GxP world and auditors in that GxP eData space need to understand what is most important in these areas. This course will explore considerations in establishing an eData audit program, give auditors with little Technology/eData/Computer System Validation(CSV)/IT saavy the understanding needed to assess the eData/eSystems they encounter in the course of their existing GxP audits, and expand the understanding of eData auditors beyond the software vendor audit so as to know what is most important in GxP audits. The course will demonstrate “what to look for” for a variety of audits, both technology-focused and more conventional areas in which technology has “encroached”.

 

~TJK

Computer Inspection Checklist from PMDA

I’m not a big fan of using checklists during audits, but it is always good to see which ones are being used by the regulators to better understand their thinking and priorities. This one from Japan came up during the quarterly Society of Quality Assurance CVIC (Computer Validation Initiative Committee) on which I sit.

PMDA Checlist CSV

 

~TJK

FDA FY 2010 Inspectional Observation Summaries

The FDA has recently updated their published  483 inspection results here. This is really a great resource as it breaks the findings down by regulation and how often it was cited. The link is to the 2010 483 that I stumbled upon. The parent site has multiple years and in sortable formats:

http://www.fda.gov/ICECI/Inspections/ucm250720.htm

~TJK

 

21 CFR part 11 Update

Folks, it looks like some of our US regulations and guidance documents have been flagged for update by FDA….including everyone’s favorite, 21 CFR part 11 (source Cerulean’s email newsletter). I don’t anticipate major changes, just clarification on their intent.  Everyone enjoy your Friday.

New Guidance Agenda for 2009 Released by FDA

The FDA’s CDER has published its list of expected guidance documents and revised regulations to be issued this year (2009).

Readers of our 2009 forecast will find many items on the list familiar:

· 21 CFR Part 11

· Process Validation

· Adaptive Clinical Trial Design

· Contract manufacturing

· Various marketing, promotional and labeling guidance

· “Dear Healthcare Professional Letters” for recalls

TJK

The glass is half full/empty?

As a QA professional I scrutinize the systems, processes, and results (data) of my client groups (the operational areas….i.e., the people who do the real work). This can be very frustrating for people; especially those who work hard, do good work, and aren’t used to having someone doubt them or subject them to the third degree….physicians often have a particularly difficult time with this.

I understand this and strive to make my intrusion on their daily work as unobtrusive as possible. I also try to explain to them exactly what my thought processes are and the rationale for my questions. One of the things I like to tell my client groups/auditees is that I am an optimist who’s paid to be a pessimist. That’s simple and to the point and it seems to convey my position to my client groups/auditees rather well.

More accurately, I’m an optimist who’s paid to be the exact right combination of the guy who sees the glass half full, the glass half empty, and the cracks in the glass. They pay me to see the good, the bad, and the ugly; to take a good system and try and break it…..just to see if someone can.

Below, I’ve assembled a few (real) scenarios that I think illustrate my role:

1) In this case, I was auditing at a Clinical Investigators site (a doctor’s office). At one point in our exit interview he felt that I (a non-physician) was questioning his medical opinion. To which I told him, “I would never question your medical opionion; I’m not qualified…..but based on your source notes, I can’t tell what your medical opinion was….or even that you had one”. Understanding stole across his face…..Documentation. That’s what was missing. He was doing the work in a stellar fashion,  but not documenting it sufficiently.

2) Another physician was less convinced of the need to explicitly document his diagnosis. “Any clinician would immediately have the same diagnosis…its self-evident!”. Again as a non-physician, I told him that I was sure he was right, but that FDA would likely send a “non-clinician”; someone who would look at his documentation in a manner more akin to that of an attorney than of a medical professional….”Oh, I think I understand what you’re telling me now.”

3) A third physician tried to correct me on calling study participants “subjects” rather than “patients”….”subject sounds so cold and uninvolved”. To this, I explained my position that a “patient” is someone who comes to a doctor looking for something tried and true to make them better. A study “subject” is someone who is taking a gamble out of philanthropy, desperation, or a combination of both….someone that, with their informed consent, we are putting in some measure in harms way. They deserve our highest respect and greatest level of care. Patients are very important; study Subjects are doubly so. This doctor seemed a little irritated at my little philosophical tirade (short though it was), but he seemed to understand the point I was making…I guess he thought I was an idealist of some sort…

4) While meeting with a team that was conducting validation testing on  a clinical computer system, some on the team were frustrated by the level of testing that I was recommending (requiring?). “Well in an ideal world, we would test everything…..”….I had to correct him, “In an ideal world, software testing wouldn’t be necessary because everything would work right out of the box in a perfect and unqualified way…We test our software to ensure that it is actually working like we think it is”. He didn’t like that response, but at least he was quiet”.

Are there any others with anecdotes or questions relating to GxP?

~TJK

Geeky Pharma Plates

I’m not much for vanity decorations on cars. License Plates, Bumper Stickers, Decals, whatever, they usually just annoy me. I don’t really care to know about the political leanings, sports affiliations, or group memberships of my fellow drivers….save through good conversation. I do so love good conversation. So when I am subjected to reading about these things, billboard style, on the back of their cars as I drive to wherever, I’m more prone to be annoyed than amused.

All that being said, I have noticed a recent trend on these car adornments to embrace the rather geeky technical aspects of the Pharma industry. For example, the other day while driving with my wife, we spotted a car sporting Pennsylvania plates with the ID number “21CFR11”. Now for those of you out of the know, 21 CFR part 11 is the US regulation governing the use of electronic records and electronic signatures in FDA-regulated functions (like drug development or manufacture). I can’t think of a Geekier thing to put on one’s car…I mean, that probably tops “I love Linux” as a mantra.

Another plate I saw a while back, this time from New Jersey, read “PHASE4”. That plate was a co-worker’s at a previous employer. Again, for those out of the know,  with Phase 4 referring to studies performed for a possible new indication (use) for an already approved drug. Again, pretty geeky.

Living in NJ as I do with its high concentration of Pharma companies, I suppose it was just a matter of time. Now, I am interested in both Phase 4 and especially 21 CFR part 11, but I think I’ll keep that off my car.

For those interested in these topics, I’ve pulled the following information from the FDA website for your reference:

Phases of an Investigation

An IND may be submitted for one or more phases of an investigation. The clinical investigation of a previously untested drug is generally divided into three phases. Although in general the phases are conducted sequentially, they may overlap. The three phases of an investigation are as follows:

Phase 1 includes the initial introduction of an investigational new drug into humans. These studies are usually conducted in healthy volunteer subjects. These studies are designed to determine the metabolic and pharmacological actions of the drug in humans, the side effects associated with increasing doses, and, if possible, to gain early evidence on effectiveness. Phase 1 studies also evaluate drug metabolism, structure-activity relationships, and the mechanism of action in humans. The total number of subjects included in Phase 1 studies is generally in the range of twenty to eighty.

Phase 2 includes the early controlled clinical studies conducted to obtain some preliminary data on the effectiveness of the drug for a particular indication or indications in patients with the disease or condition. This phase of testing also helps determine the common short-term side effects and risks associated with the drug. Phase 2 studies usually involve several hundred people.

Phase 3 studies are intended to gather the additional information about effectiveness and safety that is needed to evaluate the overall benefit-risk relationship of the drug. Phase 3 studies also provide an adequate basis for extrapolating the results to the general population and transmitting that information in the physician labeling. Phase 3 studies usually include several hundred to several thousand people.

and

this slide presentation from the 2002 DIA that summarizes Part 11.

~TJK

ALCOA – A standard for evidence

In my current role (Clinical Quality Assurance), I support groups that are involved in validating electronic systems for use within clinical trials. That is, they are conducting testing of these computer systems and generating evidence of that testing, its results, problems encountered, and the resolution of those problems.

I used the word “evidence” above very deliberately and with special meaning. The expectation of regulatory bodies (like FDA, EMEA and member agencies, Health Canada, etc.) is that the evidence that is generated in any manufacturing or research endeavor that relates to health products must be strong enough to make a case in a court of law. Furthermore, they assign the burden of proof to those making the claim. That is, they assume that a drug is unsafe, that a device is ineffective, or that data is fraudulent until it is proven otherwise. This is a new paradigm for many who work in Pharma (and related industries) as it runs counter to our “Innocent until proven guilty” sensibilities.

The FDA has been using the ALCOA acronym as a guide to their expectations regarding evidence (both paper-based, electronic, and hybrid) for years and most other health inspectorates have similar expectations. As such, it is immensely useful in developing strategies to prospectively generate strong evidence in both research and manufacturing endeavors. The breakdown and meaning for ALCOA is as follows:

Attributable – It should be clear who created a record and when. Likewise, it should be clear as to who amended a record, when, and why. That last one, the “why” (the reason for change) is an important area in which there are frequently gaps. There is some room for “self evident” reasons for change, but many take an overly broad definition of “self evident”. It is always best to explain why an entry is being changed.

Legible – This would seem to be a common sense requirement. If evidence is illegible, then what good is it, right? Surprisingly, there are some who challenge this point…quite often the challengers are physicians.

I audited a physician once who essentially refused to write his dates in a legible fashion. There was even a note to file that he had “difficulty” in writing the year. When I first read the note, I was thinking he might have some physical problem that made writing difficult for him (e.g., carpal tunnel, MS, etc.). However, after reading it again and meeting with the physician, it was clear that this was not the case. Not to reinforce stereotypes about physician’s handwriting, but jeeze. That was an awkward topic to broach in the audit closeout let me tell you.

Contemporaneous – Alright, now if there’s a fifty-cent word in the mix here, this is it. FDA is fond of this one, and those who know me know that I am as well. It comes off as a bit of a pompous blow-hard word. If there were a simpler word that packed the same meaning, I’d probably use that one instead. So far, I’m unaware of one. Anyway, in terms of evidence, it means the evidence or test results are recorded as they are observed.

The contemporaneousness of records ties very much into the attributability of those same records for the simple reason that FDA has expressed that all signatures or initials must be accompanied by a date that indicates when the signature or initials were appended to the document. It seems to be related to their method of evaluation of data; they want to be able to reconstruct the occurrences around the data. Right in there with that, they expect that all recorded dates be the current date at the time of the entry and that late entries be clearly designated as such. E.g.:
“On 31 Dec 1999, I observed that the refrigerator was broken, however, since the world was due to end any minute, I made no entry. When the world did in fact continue on 01 Jan 2000, I called for service and ensured that sample preparations were moved to another unit.” –TJK 23 Jul 2008

Original – Records are expected to be original; this is a basic scientific principle. In school (where, amongst other things, I studied Chemistry), we had to keep a lab notebook. That notebook was expected to be an original record of our observations within the laboratory. We were not to use scratch paper and then carefully and neatly copy the lab data into pristine lab notebooks….that would lessen their strength as evidence.

In fact, I had a friend back all those years ago who was a laboratory teaching assistant. One of his tasks at the end of semester was to grade lab notebooks. One day, while I was waiting for him to finish up his grading work so that we could head out for some entertainment on a Saturday night; he pressed a stack of lab notebooks into my hand and muttered something about making myself useful.

He then instructed me to look through the notebooks for a stain….something that indicated that the student had spilled something from the lab on their notes while they were recording in them. “Why?” I naively asked.
“Because, the lab is a messy place….if these students (all of whom are on the cusp between two grades) actually completed their notebooks in the lab, they would have spilled something at some point…..something pretty like a cobalt compound would be nice….and therefore can qualify for the “Stain Bonus” and have their grade bumped up the half-point to the next level.

I like telling that story….because FDA seems to think a lot like that.

Accurate – Honesty is first consideration here and thoroughness is the second. Make sure of the information that you are recording is correct and make sure you’re telling the “whole truth”. I don’t have any illustrative stories for this one other than that Regulatory Inspectors are highly trained to detect Fraud. There’s a very fine line between Fudging a result and outright Fraud. Regulatory Inspectors are renowned for not seeing that fine line and “not knowing how it is”. Tell the truth and be sure that your records do too. Transparency is a good thing…in fact it is one of the key goals of ALCOA.

The take home idea here is that the concepts embodied in ALCOA will help provide evidence that is convincing. Without that, claims that your drug is safe and effective, that this particular lot of medicine is safe for human consumptions, etc. will fall on deaf ears.

Hopefully, this is a topic that is helpful and interesting. I’d love to hear any thoughts, both positive and negative, on it. Also, for those who are interested in the background and Regulatory references for this material, you may want to take a look at this page on First Clinical Research. It has a good Q&A section as well as links to some really great presentations from Stan Woollen (formerly of FDA). If the link ever gets broken, let me know and I should be able to get the materials to you.

~TJK

SQA Conference

This weekend, I leave for the week-long SQA conference in Memphis, TN. SQA is the Society of Quality Assurance (www.sqa.org), an organization of Quality Assurance Professionals in the Pharmaceutical (and related) industries. I didn’t make it last year, but I’ve been several times in the past and its usually a really great conference for training, sharing ideas, and “re-centering” away from the store, so to speak. We QA people spend a significant portion of our lives clarifying what it is we do…Its nice to spend some time with people  like Don Barzini (in The Godfather) who “don’t need to be told”.

I’m going to be taking a couple of pre-conference training courses, one on basic GLP (which I haven’t done directly in my career) and another on current (advanced) topics in GCP. I had hoped to present this year (probably on the use of Technology in Clinical Research), but with the job change and such, there really wasn’t time to prepare anything….and it was unclear whether I’d be able to go until about a month ago. Next year for sure.

I’ll try to post an ongoing log of my experiences at the conference and associated commentary. Perhaps it will be of interest to those are unfamiliar with the conference or those who just can’t make it this year (budgets being particularly tight at a number of Pharma companies at this point).

~TJK

Welcome and Introduction

Welcome to my Blog. I’ve had this domain (www.tjkuhn.com) for many years now, but it has mostly served as just a placeholder for “something” in the future. Not long ago, I became excited about blogging after listening to a book-on-tape of Robert Scoble and Shel Israel’s book on the subject, Naked Conversations. Since then, I’ve been reading blogs and planning my own contributions, but have been struggling as to how to start. I’ve come to the conclusion that it really doesn’t matter how I start, just that I do. So here I go, midstream and mid-thought.

I’m a Quality Assurance professional working in the Pharmaceutical sector. In that role, I see a lot of things. The point of this blog is to share some of that. Additionally, I’m hoping that through the related ongoing dialog on the blogosphere that I will be able to learn new things, broaden my perspective, and refine my own positions.

We will see how my blog develops, but for now, I’m planning on covering a wide range of compliance, bioethics, and technology issues. My initial target audience will be professionals working in (or in conjunction with) the Pharma industry. I’ll be looking at things from the GxP perspective. That being said, I can easily envision posting information that may be interesting or useful to consumers who are interested in the health care system; its past, present, & future; and why it works like it does. We will have to see.

Now it is time for disclaimers. I have a favorite that I’ve seen around the web (though I can’t seem to find it now):

The views expressed within are opinions. They are not necessarily those of my employer, not necessarily mine, and probably not necessary.

Let me explain:

1) Nothing on this site, neither explicit nor implied, should be construed as an official or unofficial position of my employers (past, present, or future).

2) Some of the items I post will be borrowed ideas. If I know where something comes from, I will attribute it. Please let me know if you know of the source of an idea that I haven’t and I’ll gladly add appropriate references.

3) My posts will include items with various degrees of polish. Some of them I’ve been thinking about and developing for decade(s)….and some of them I thought of ten minutes ago. My thoughts will likely change over time. Please challenge me if you feel my position on any topic is misguided. That is part of the point of this blog and I will be very thankful for the input.

4) I serve as an advisor to my clients on compliance issues. If I work with you (and doubly so, if I do not), opinions that I express here are just that….opinions. Do not construe anything I write here as definitive, official, well-researched, or prescriptive. If you want something official, please contact me directly.

With that, let’s get on with the dialog.

Best,

~T. J. Kuhn