A Summary of the New MHRA ‘GXP’ Data Integrity Guidance and Definitions – March 2018

A Summary of the New MHRA ‘GXP’ Data Integrity Guidance and Definitions – March 2018

For over 20 years, there have been Health Authority regulations governing the use of Electronic Records and Electronic Signatures (eReS) for GxP purposes. These regulations (the US part 11, the EU Annex 11, and their ilk globally) are arguably among the most elegant, concise, and consistent across jurisdictions (with differences mostly limited to context and emphasis rather than substance).

That being said, there has been a considerable amount of confusion in interpreting and applying the eReS regulations as both the Regulators and those in Industry have evolved their understanding of these regulations as the various guidance documents have emerged, been rescinded, revised, re-issued, clarified, etc.

This latest guidance document (which can and should be read in its entirety here (21 pages): https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/687246/MHR), is very mature in its outlook and takes what has come before and builds upon it. The result adds a huge amount of clarity by specifically expounding on the general theme “This what we want, yes it means exactly that, and yes we understand the practical considerations and resource impact of what we want”.

Some key items in the guidance include:

  • Its application is intended across all GxP areas (Excepting Medical Devices – which I found interesting)
  • The principles of data integrity (which are separate from those of data quality) are meant to be adaptable, and are designed to evolve with Technology and promote a risk-based approach.
  • The non-technical aspects of data integrity are addressed, including the organizational responsibility to create a culture and environment (controls) that ensures that data is complete, consistent, and accurate in all forms (They focus on the oft neglected idea that PEOPLE are part of the process).
  • They revisit both ALOCA and ALCOA+ (Attributable, Legible, Contemporaneous, Original, and Accurate + Complete, Consistent, Enduring, and Available. They go on to clarify that these two acronyms are differing ways of explaining the same expectations.
  • Differing paper, electronic, hybrid scenarios are discussed as are the ideas around Risk, Risk mitigation, and documentation around both. Warnings are made about poor organizational controls and the over-reliance on a system’s validated state.
  • Challenges and considerations around designing data processes and controls are discussed in some detail.
  • Key definitions are explained in some detail for: Data, ALCOA, Raw = Source Data, Metadata, Data Integrity, Data Governance, Data Lifecycle, Recording & collection of data, Data transfer & migration, Data Processing, Data Exclusion, True Copy, Transactional data, Audit Trail, Reconstructability, Electronic Signatures, Data review and approval, Data Retention/Backup/Archival, System Access, the Admin Role, Validation, and IT Suppliers including Cloud providers).

~TJK

Advertisements

Server Crash – what would the impact be?

I was reading Eric Zeman’s post on the recent Nokia server crash in which *data was lost*.finlandnokia

Server Crash Deletes 3 Weeks’ Worth of Nokia User Data

posted Yesterday, 12:35 PM by Eric M. Zeman
updated Yesterday, 1:40 PM

Updated: clarified which Ovi service was affected.

A cooler problem at one of Nokia’s facilities led to a series of catastrophic failures that ended in crashed servers. The servers in question housed user data from Nokia’s Contacts on Ovi service including contact information, photos and other data that had been synced from end-user handsets to Ovi. Despite Nokia’s attempts to repair the problem, the most recent back-up it could restore was dated Jan. 23. Anything uploaded or synced between Jan. 23 and Feb. 9 was completely lost. Nokia apologized for the problem and asked users to give it a second chance.

Now, these are guys who know technology….who know what they’re doing. If they can lose data, anyone can….what impact would this have on a Pharma company? Data losses are not acceptible in this field. This fits in the “things that make you say hmmmm” category for Pharma and related industries.

~TJK