The Warning Letter to Ningbo Smart Pharmaceutical Company (dated 3/3011) revealed that they had reported conformance to specifications on Certificates of Analysis when in fact—no testing was done. (Among other issues.)
In understated language, the FDA informed Ningbo Smart, “It is essential that your firm only report results to customers when you have actually performed the analysis.” In addition, the FDA was quick to advise the Chinese API manufacturer of the full implication of their testing and reporting practices. “This serious CGMP violation raises concerns regarding the reliability and integrity of other data generated by your firm.”
This was the same language used by FDA in the Warning Letter (January 28, 2010) to Xian Libang Pharmaceutical Company (located in Shaanxi, China) for using the infrared spectra for one lot of incoming material to support the release of subsequent material.
The term “data integrity” is not just casual or accidental language. It is a direct and exact reference to the FDA Application Integrity Policy (AIP) that FDA invokes when there is evidence of fraud, bribery or other acts that impact the validity of data used to support marketing applications. The FDA Application Integrity List is the list you don’t want to be on.
When FDA uses the term “data integrity” as it did with Ningbo Smart, it is another way of saying, “Why in the world should I trust any data coming out of your firm?” As a result, FDA halts its review of pending new drug applications and proceeds to withdraw approved applications.
Remember, Ranbaxy was put on that not-so-fun list in 2009 for claims of falsifying data on product shelf life. Ranbaxy reported that it had tested compounds at room temperature when products were actually stored in a refrigerator. In addition, it tested data at different time points than claimed in drug applications.
Notice that the FDA places the blame for the failure at Ningbo Smart squarely on… yes, the Quality Unit.
- “Failure of your quality unit to ensure that materials are appropriately tested and the results are reported.”
- “Failure of your QCU to exercise its responsibility to ensure the APIs manufactured at your facility are in compliance with CGMP, and must meet established specifications for quality and purity.”
- “Your QCU released API lots to the U.S. without assuring that all the required tests are performed.”
- “Your QCU also failed to detect that your COAs stated that…conformed to specifications, although the test was not performed.”
In fact, the ultimate slight was FDA’s recommendation that they hire a 3rd party auditor, with experience in detecting data integrity problems, to assist them in evaluating their overall compliance with CGMPs. I’ve reported previously (blog post from 9/25/10) that such recommendations are a vote of no confidence in the QCU.
So what can a QCU do to prevent data integrity problems?
- Encourage your company to establish a data integrity policy to show that you are serious about falsification of data and that it is a cause for termination. Train on this policy.
- Establish a general standard for Good Documentation Practices so that even the most innocent recording issues cannot be perceived as fraudulent. Train on this standard.
- Establish a specific procedure on sampling/testing requirements and laboratory data recording to be clear about incoming, in process, and final testing requirements. Train on these procedures.
- Provide specific training for secondary reviewers/approvers to ensure Good Documentation Practices are followed and suspicious results and trends are investigated.
It is absolutely impossible to prevent someone who is intent on falsifying data. However, even well-meaning (but uninformed) people can give the impression of fraudulent data by erasures, unexplained cross-outs, incomplete blanks on forms, varying significant figures, omitting/inserting data without explanation, signing documents after the fact, etc. Such sloppiness at the very least gives an impression of a questionable lot history, at the most—fraud.
The FDA correctly criticizes the QCU at Ningbo Smart. The QCU (a.k.a. Quality Assurance) is ultimately responsible for establishing a compliant Quality Management System (QMS) that is capable of detecting and self-correcting in order to maintain a state of control. The QCU must be able to demonstrate that it has established and trained on policies and procedures that are designed to take data integrity seriously.
Let this be a reminder to take a second looks at your data integrity program. Go forth.
republished and adapted from The QA Pharm