A Summary of the New MHRA ‘GXP’ Data Integrity Guidance and Definitions – March 2018

A Summary of the New MHRA ‘GXP’ Data Integrity Guidance and Definitions – March 2018

For over 20 years, there have been Health Authority regulations governing the use of Electronic Records and Electronic Signatures (eReS) for GxP purposes. These regulations (the US part 11, the EU Annex 11, and their ilk globally) are arguably among the most elegant, concise, and consistent across jurisdictions (with differences mostly limited to context and emphasis rather than substance).

That being said, there has been a considerable amount of confusion in interpreting and applying the eReS regulations as both the Regulators and those in Industry have evolved their understanding of these regulations as the various guidance documents have emerged, been rescinded, revised, re-issued, clarified, etc.

This latest guidance document (which can and should be read in its entirety here (21 pages): https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/687246/MHR), is very mature in its outlook and takes what has come before and builds upon it. The result adds a huge amount of clarity by specifically expounding on the general theme “This what we want, yes it means exactly that, and yes we understand the practical considerations and resource impact of what we want”.

Some key items in the guidance include:

  • Its application is intended across all GxP areas (Excepting Medical Devices – which I found interesting)
  • The principles of data integrity (which are separate from those of data quality) are meant to be adaptable, and are designed to evolve with Technology and promote a risk-based approach.
  • The non-technical aspects of data integrity are addressed, including the organizational responsibility to create a culture and environment (controls) that ensures that data is complete, consistent, and accurate in all forms (They focus on the oft neglected idea that PEOPLE are part of the process).
  • They revisit both ALOCA and ALCOA+ (Attributable, Legible, Contemporaneous, Original, and Accurate + Complete, Consistent, Enduring, and Available. They go on to clarify that these two acronyms are differing ways of explaining the same expectations.
  • Differing paper, electronic, hybrid scenarios are discussed as are the ideas around Risk, Risk mitigation, and documentation around both. Warnings are made about poor organizational controls and the over-reliance on a system’s validated state.
  • Challenges and considerations around designing data processes and controls are discussed in some detail.
  • Key definitions are explained in some detail for: Data, ALCOA, Raw = Source Data, Metadata, Data Integrity, Data Governance, Data Lifecycle, Recording & collection of data, Data transfer & migration, Data Processing, Data Exclusion, True Copy, Transactional data, Audit Trail, Reconstructability, Electronic Signatures, Data review and approval, Data Retention/Backup/Archival, System Access, the Admin Role, Validation, and IT Suppliers including Cloud providers).



Week of Mar 25th 2018 | FDA Sent These Warning Letters to Pharma Companies | FDAZILLA BLOG

Image result for fdaNew warning letters out! These are largely GMP-specific. Like no other agency, FDA is reknowned for updating regulations via warning letter (rather than the onerous process of getting an actual new or updated regulation approved)….so it is good to always keep an eye on these to be clear on “FDA’s current thinking”. YMMV. In any case, check out the full information at the link below!

Source: Week of Mar 25th 2018 | FDA Sent These Warning Letters to Pharma Companies | FDAZILLA BLOG

FDA posted 8 warning letters this week, including:


New Proposed Auditing Course: Considerations for an eData Quality Audit Program

We’ve submitted this course proposal for the April SQA Quality College in Anaheim. Feedback has been good, but even if it isn’t picked up for this venue…it will eventually happen *somewhere*:

Instructors: Timothy J. Kuhn and Conrad Kawaguchi

Target Audience: Seasoned Auditors with little eData/CSV experience or CSV professionals with little auditing experience.

 Course Objectives

• Establish and differentiate between the eData Audit Function and the Operational CSV Quality Roles.

• List the considerations for the GxP eData Audit Program (Contributing to other GxP Audits, Independent Focused Data Integrity Audits, etc.)

• Explore the various roles that the eData Auditor may serve as part of an audit (SME, Co-Auditor, Audit Lead)

• Define and list the desired skill set for the eData Audit Team

• Break down the various types of audits and risk areas for each: GLP Labs, Central Clinical Labs, Central Readers (eCG, Imaging, etc.), ePRO (Electronic Patient Reported Outcomes – AKA Diaries), Acquisition Due Diligence, GMP Manufacturing Sites and Vendors, PV, eSystem Validation, Databases, IT Infrastructure, Cloud Providers, Software Providers, SaaS vendors, Pharma, Device, Combo Product, and others.

Course Description: Electronic Data (eData) is pervasive in the GxP world and auditors in that GxP eData space need to understand what is most important in these areas. This course will explore considerations in establishing an eData audit program, give auditors with little Technology/eData/Computer System Validation(CSV)/IT saavy the understanding needed to assess the eData/eSystems they encounter in the course of their existing GxP audits, and expand the understanding of eData auditors beyond the software vendor audit so as to know what is most important in GxP audits. The course will demonstrate “what to look for” for a variety of audits, both technology-focused and more conventional areas in which technology has “encroached”.



FDA FY 2010 Inspectional Observation Summaries

The FDA has recently updated their published  483 inspection results here. This is really a great resource as it breaks the findings down by regulation and how often it was cited. The link is to the 2010 483 that I stumbled upon. The parent site has multiple years and in sortable formats:




21 CFR part 11 Update

Folks, it looks like some of our US regulations and guidance documents have been flagged for update by FDA….including everyone’s favorite, 21 CFR part 11 (source Cerulean’s email newsletter). I don’t anticipate major changes, just clarification on their intent.  Everyone enjoy your Friday.

New Guidance Agenda for 2009 Released by FDA

The FDA’s CDER has published its list of expected guidance documents and revised regulations to be issued this year (2009).

Readers of our 2009 forecast will find many items on the list familiar:

· 21 CFR Part 11

· Process Validation

· Adaptive Clinical Trial Design

· Contract manufacturing

· Various marketing, promotional and labeling guidance

· “Dear Healthcare Professional Letters” for recalls


The glass is half full/empty?

As a QA professional I scrutinize the systems, processes, and results (data) of my client groups (the operational areas….i.e., the people who do the real work). This can be very frustrating for people; especially those who work hard, do good work, and aren’t used to having someone doubt them or subject them to the third degree….physicians often have a particularly difficult time with this.

I understand this and strive to make my intrusion on their daily work as unobtrusive as possible. I also try to explain to them exactly what my thought processes are and the rationale for my questions. One of the things I like to tell my client groups/auditees is that I am an optimist who’s paid to be a pessimist. That’s simple and to the point and it seems to convey my position to my client groups/auditees rather well.

More accurately, I’m an optimist who’s paid to be the exact right combination of the guy who sees the glass half full, the glass half empty, and the cracks in the glass. They pay me to see the good, the bad, and the ugly; to take a good system and try and break it…..just to see if someone can.

Below, I’ve assembled a few (real) scenarios that I think illustrate my role:

1) In this case, I was auditing at a Clinical Investigators site (a doctor’s office). At one point in our exit interview he felt that I (a non-physician) was questioning his medical opinion. To which I told him, “I would never question your medical opionion; I’m not qualified…..but based on your source notes, I can’t tell what your medical opinion was….or even that you had one”. Understanding stole across his face…..Documentation. That’s what was missing. He was doing the work in a stellar fashion,  but not documenting it sufficiently.

2) Another physician was less convinced of the need to explicitly document his diagnosis. “Any clinician would immediately have the same diagnosis…its self-evident!”. Again as a non-physician, I told him that I was sure he was right, but that FDA would likely send a “non-clinician”; someone who would look at his documentation in a manner more akin to that of an attorney than of a medical professional….”Oh, I think I understand what you’re telling me now.”

3) A third physician tried to correct me on calling study participants “subjects” rather than “patients”….”subject sounds so cold and uninvolved”. To this, I explained my position that a “patient” is someone who comes to a doctor looking for something tried and true to make them better. A study “subject” is someone who is taking a gamble out of philanthropy, desperation, or a combination of both….someone that, with their informed consent, we are putting in some measure in harms way. They deserve our highest respect and greatest level of care. Patients are very important; study Subjects are doubly so. This doctor seemed a little irritated at my little philosophical tirade (short though it was), but he seemed to understand the point I was making…I guess he thought I was an idealist of some sort…

4) While meeting with a team that was conducting validation testing on  a clinical computer system, some on the team were frustrated by the level of testing that I was recommending (requiring?). “Well in an ideal world, we would test everything…..”….I had to correct him, “In an ideal world, software testing wouldn’t be necessary because everything would work right out of the box in a perfect and unqualified way…We test our software to ensure that it is actually working like we think it is”. He didn’t like that response, but at least he was quiet”.

Are there any others with anecdotes or questions relating to GxP?


Geeky Pharma Plates

I’m not much for vanity decorations on cars. License Plates, Bumper Stickers, Decals, whatever, they usually just annoy me. I don’t really care to know about the political leanings, sports affiliations, or group memberships of my fellow drivers….save through good conversation. I do so love good conversation. So when I am subjected to reading about these things, billboard style, on the back of their cars as I drive to wherever, I’m more prone to be annoyed than amused.

All that being said, I have noticed a recent trend on these car adornments to embrace the rather geeky technical aspects of the Pharma industry. For example, the other day while driving with my wife, we spotted a car sporting Pennsylvania plates with the ID number “21CFR11”. Now for those of you out of the know, 21 CFR part 11 is the US regulation governing the use of electronic records and electronic signatures in FDA-regulated functions (like drug development or manufacture). I can’t think of a Geekier thing to put on one’s car…I mean, that probably tops “I love Linux” as a mantra.

Another plate I saw a while back, this time from New Jersey, read “PHASE4”. That plate was a co-worker’s at a previous employer. Again, for those out of the know,  with Phase 4 referring to studies performed for a possible new indication (use) for an already approved drug. Again, pretty geeky.

Living in NJ as I do with its high concentration of Pharma companies, I suppose it was just a matter of time. Now, I am interested in both Phase 4 and especially 21 CFR part 11, but I think I’ll keep that off my car.

For those interested in these topics, I’ve pulled the following information from the FDA website for your reference:

Phases of an Investigation

An IND may be submitted for one or more phases of an investigation. The clinical investigation of a previously untested drug is generally divided into three phases. Although in general the phases are conducted sequentially, they may overlap. The three phases of an investigation are as follows:

Phase 1 includes the initial introduction of an investigational new drug into humans. These studies are usually conducted in healthy volunteer subjects. These studies are designed to determine the metabolic and pharmacological actions of the drug in humans, the side effects associated with increasing doses, and, if possible, to gain early evidence on effectiveness. Phase 1 studies also evaluate drug metabolism, structure-activity relationships, and the mechanism of action in humans. The total number of subjects included in Phase 1 studies is generally in the range of twenty to eighty.

Phase 2 includes the early controlled clinical studies conducted to obtain some preliminary data on the effectiveness of the drug for a particular indication or indications in patients with the disease or condition. This phase of testing also helps determine the common short-term side effects and risks associated with the drug. Phase 2 studies usually involve several hundred people.

Phase 3 studies are intended to gather the additional information about effectiveness and safety that is needed to evaluate the overall benefit-risk relationship of the drug. Phase 3 studies also provide an adequate basis for extrapolating the results to the general population and transmitting that information in the physician labeling. Phase 3 studies usually include several hundred to several thousand people.


this slide presentation from the 2002 DIA that summarizes Part 11.