Data is critical throughout the drug life cycle in pharmaceutical, biotech, and other healthcare facilities, especially during the clinical research, drug manufacturing, and testing phases. As a result, every pharmaceutical company should have a standard for ensuring that all data collected and tested is as complete and accurate as possible.
The importance of data integrity in drug manufacturing cannot be overstated as this information is used to track trends and ensure that the products meet FDA standards. Maintaining reliable and accurate information at all times helps facilities ensure data compliance. This protects consumers’ health and safety as well as the companies’ reputation.
What is Data Integrity?
Data integrity is the state of a data set’s validity, completeness, consistency, and data accuracy. It entails maintaining correct data by following regulations and data standards. Data integrity is the basis for data management, preventing crucial information from being lost.
In addition, data integrity plays an important role in the day-to-day operations of facilities and ensures compliance with cGMP (current Good Manufacturing Practices) for pharmaceuticals and FDA guidelines. By having a clearly defined standard to follow, facilities can ensure their data is accurate and complete.
Types Of Data Integrity
Physical integrity is associated with correctly storing and retrieving accurate data. However, virus attacks, design flaws, power outages, natural disasters, and other factors can cause data loss.
As long as the availability of storage devices (or their components) is not compromised, physical integrity can be maintained by continuous backups to alternate media or copies in another location. The redundancy will ensure that any corruption of data can be detected and restored if necessary.
This type of integrity deals with preserving the correctness of a piece of data in a given environment or context. Software bugs, design flaws, and human errors are potential challenges to data integrity.
If a logical integrity error exists in the data, it can be repaired by rewriting it with new data.
Four Types Of Logical Integrity:
Entity Integrity is a data integrity rule that states that every table must have a unique primary key and not null. The unique values avoid duplicate data and double data entry.
Referential Integrity refers to the correctness and consistency of data between links or references of two or more tables.
Domain Integrity specifies the allowed data type values such as integer, character, or decimal, as well as data length. It ensures that all data in a field includes valid data.
User-Defined Integrity refers to a set of terms or rules for adding data that are set by a specific user.
Data Integrity Risks
Several factors can compromise the integrity of data stored in a database. Here are a few of them
- Human error: Individuals jeopardize data integrity when they enter information incorrectly, duplicate or delete data, fail to follow cGMP standards, or make mistakes during procedure implementation.
- Transfer errors: Data loss occurs during the transfer of information from one location in a database to another.
- Bugs and viruses: When spyware, malware, or viruses infiltrate a computer and hack, corrupt, or alter the data, a data integrity breach can occur.
- Hardware issues: Sudden computer functionality problems, compromised hardware, or server crashes can delete data or prevent user access to data.
How To Achieve Data Integrity
1. Risk-Based Validation
- Validation should be limited to GxP-compliant systems. Ensure that processes handle data quality and reliability.
- Having the system vendor qualify and certify the systems may be more cost-effective.
- Estimate the validation complexity of your system using the ISPE’s GAMP5 (Good Automated Manufacturing Practice) categorizations and determine whether to perform it in-house or outside expert to do it for your firm.
- Your data validation rules or master plan should include the steps you’ll take to assess crucial metadata, such as audit trails and other facts.
- Ensure that your quality management system specifies the frequency, roles, and responsibilities for system validation.
- Keep track of all electronic data storage locations, including printouts and PDF reports, throughout validation.
- Schedule numerous re-evaluations after your initial validation.
2. Choose the Right System and Service Providers
- Ensure that your service providers are well-versed in the appropriate rules.
- Systems must be purpose-built. Obtain confirmation of a software’s suitability for the application in which it will be utilized.
- Learn about the corporate culture and data management maturity of your suppliers.
- Inquire about the processes in place to maintain data integrity and audit those systems if feasible.
3. Go Over your Audit Trails and Make Sure They’re Intact
An audit trail must be an indestructible record of all data in a system, including any modifications to a database or file. To be relevant in GxP compliance, an audit trail must be able to answer the following questions.: Who? What? When and Why?
- Define the GxP-relevant data and make sure it’s in an audit trail.
- Test the audit trail, assign roles, and set deadlines.
- The complexity and planned usage of the system should decide the scope of an audit trail assessment.
- Understand what audit trails are made up of discrete event logs, history files, database queries, reports, or other methods that show system events, electronic records, or raw data included inside the record.
4. Change Control
- Ensure that system software upgrades, especially when incorporating new features, are intended to comply with evolving data integrity requirements.
- Keep up with changes by collaborating with suppliers and updating your systems as needed.
- When new hardware or other system inputs are added to the system, choose systems that are straightforward to update.
Data Integrity Assessment Checklist
Here are 15 data integrity assessment questions that will help you to identify potential data integrity risks in your facility.
- Is the system certified/validated in accordance with an established life cycle management process?
- Is each user of the system assigned a unique username and password?
- Is the user locked out after a certain number of failed login attempts?
- Is there a time limit to the system’s inactivity before it shuts down automatically?
- Are there controls in place to track current users and their level of access to electronic systems?
- Is there a mechanism to review user access regularly?
- Is there any data security in place to safeguard the privacy of information?
- Do all users of the system understand their respective roles and responsibilities about maintaining data integrity?
- Is the system’s “administrator” in charge of or examining data?
- Do the electronic documents have a regular backup to a secure location on a pre-determined basis?
- Is there a way to verify the data is being kept safe?
- Is it possible for uninvited people to change electronic data or records? Is it feasible to document authorized changes in an audit trail?
- As part of the process acceptance, are you reviewing the audit trail, and are you conducting ongoing audits?
- Are you following the organization’s data policies on who can access sensitive data of patients?
- Is it possible to prevent people from printing or copying data?
If you answer ‘No’ to any of the above-mentioned questions, then there is a potential data integrity risk that needs to be resolved.
Data Integrity may appear to be intimidating; however, there are numerous steps that facilities can take to ensure data is being stored and transmitted properly. The key is to start with a strategy and implement it piece by piece so that the data integrity plan is both comprehensive and effective.