Pharma companies need to fine-tune their security policies and implement best practices to safeguard data integrity By Prathiba Raju
Maintaining data to ensure traceability of a drug batch to its origin is the most important responsibility of a pharmaceutical company. Data integration asserts that medicines are accurate, complete, attributable, legible, intact and maintained within their original context, including their relationship to secondary data records. It is a worrying trend that Indian pharma companies have been regular defaulters. Between 2004 and 2012, there has been a seven-fold rise in issuance of warning letters by the US Food and Drug Administration (US FDA) to Indian companies and the trend continues even now.
The CRISIL analysis of the FDA warning letters reveals that there has been an increase in letters being issued to India which was nearly 70 per cent in 2015 and around 37 per cent till August, 2016. Additionally, 14 per cent of the FDA-approved plants in India were on import alerts. Since January 2010, there have been 65 regulatory actions such as issuance of warning letters and import alerts on domestic drug makers.
Noting that the pharma industry has to strengthen its systems and controls to address data integrity issues effectively, Akshay Chitgopekar, Director, CRISIL Ratings, said, “Analysis of warning letters in the last six years shows that data integrity issues are cited in more than 85 per cent of cases relating to domestic plants compared to less than 25 per cent for Canada and Germany.”
Further, the CRISIL ratings on 283 pharma companies indicated that in past three years, 16 of them have been under regulatory scrutiny. This has reduced their exports to the developed markets, leading to a slowdown in revenue growth and dipped it to single digits in two years from over 20 per cent earlier, resulting in a sharp fall in the operating profitability as well. However, ratings on more than 80 per cent of these pharma companies have remained unchanged.
Apprising that the data integrity is fundamental in a pharma quality system, as it ensures that medicines are of the required quality, Rajiv Joshi, Partner, Fraud Investigation and Dispute Services, EY India, said, “It’s evident from regulatory actions worldwide that the lack of data integrity can have an adverse impact on manufacturers, stakeholders but above all on patients who consume the drugs. Hence, it is of paramount importance to ensure robust and continuous compliance with data integrity norms by the pharmaceutical sector, to boost regulatory confidence and regain patient trust.”
When it comes to pharma, data integrity is a requirement throughout a product’s lifecycle — from R&D to product development, clinical trials, manufacturing, testing and dispatch. A company that is desirous of manufacturing and exporting to any regulated market must comply with data integrity norms, which is an inherent subset of current Good Manufacturing Practices (cGMP), Good Laboratory Practices (cGLP) and Good Clinical Practices (cGCP) norms.
Spelling out the importance of data integrity further, Anil Khanna, Independent Strategic Consultant and Investment Banker, suggested that it impacts the quality, efficacy and safety of the drug that a consumer takes with a blind faith in the company it belongs to.
“When it comes to safety, quality and data integrity issues, before Ranbaxy issue flared up, regulators in the US and Europe accepted the data submitted by an Indian pharma company at the face value. They never questioned it. However, Ranbaxy episode in 2013 changed the scenario. What was euphemistically called as ‘data documentation issue’ was actually a case of systemic manipulation of manufacturing records. Ranbaxy was the tipping point,” Khanna said.
Three years ago India-based Ranbaxy Laboratories had to pay a fine of $500 million for gross violation in methods of testing medicine and for manufacturing substandard drugs in a settlement agreement with the US Department of Justice.
“Though the issue of data integrity is a worldwide issue, Indian pharma is under an increased scrutiny by the regulators, after the Ranbaxy episode,” Khanna informed.
This is a clear indication that increased awareness for data integrity norms is the need of the hour for both regulatory authorities as well as pharma manufacturers. Timely enforcement by Indian regulators will definitely help the Indian pharma sector.
Need of concerted efforts
Improving data integrity requires concerted effort as it’s vital and needs continuous recording of information which is getting generated within the lifecycle of a new discovery, a new cure and its translation from the lab into a patient’s body; be it oral dosage, injectable or otherwise. Hence, the integrity of this record or data is critical to ensure if at a later point there is a need to validate potential gaps. This is evident from the spate of regulatory inspections and resultant regulatory actions that pharma and medical device companies globally are experiencing.
“A proactive approach to assess the quality systems is recommended instead of reactive approach which may involve remediation activities undertaken after possible backlash from regulators. A proactive approach also helps in managing the opportunity cost and unnecessary business distractions, resulting from the remediation efforts,” Joshi said.
Informing that documentation should be clear, accurate and identifying the ‘who-what-when-where-why-how’ along with anomalies, Sudesh Anand Shetty, Partner Lifesciences Head, KPMG, shared that the data integrity should follow ALCOA — attributable, legible long lasting, complete, original and accurate —method as the data integrity needs to be both inherent and explicit.
“Like people mature, so do regulations. Perhaps, we need increased visibility into the coverage and frequency of inspections, as also train our inspectors for focused data integrity checks – which our industry is being beaten up for in the recent past. Indian regulatory bodies like Central Drugs Standard Control Organisation (CDSCO) and Drug Controller General (India) (DCG(I) are now defining clear inspection checklist for inspectors – which will provide guidance on how inspections are to be conducted, which aspects are to be seen, etc. Indian Pharmaceutical Association (IPA) is also in the process of defining data integrity guidance for the Indian pharma industry. So while the impetus and initiative are there, combining these with hands on-trainings conducted by experienced data integrity personnel will bolster our norms and implementation far more than ever before,” says Shetty.
A senior official from CDSCO requesting anonymity informed Express Pharma that data integrity is crucial, but such problems need to be focused. For that they are upgrading the skill of the employees working in pharma manufacturing companies via a certification programme, which will help them to understand the importance of data integrity and IT integration.
“The certification programme developed by Lifescience Skill Sector Development Council will be effective from 2018. The objective of the course will be to enhance and enable organisations to effectively meet quality standards. It will help and improve domestic drug makers to come out with quality pharma products and be aware and comply with the procedures. The course is mandatory as no person can be employed without a formal diploma or degree,” the senior CDSCO official stated.
The EY survey ‘Analyzing the state of Data Integrity Compliance in the Indian pharmaceutical industry’ notes that Government of India is more vigilant and is emphasising on GMP compliance guidelines as it focuses on the ‘Make in India’ initiative, and commitment to battling fraud and corruption, the pharma industry is being watched very closely to recoup and lead the initiative.
“The government is more vigilant and is emphasising on GMP compliance guidelines set by global, central and state regulators. While the pharma industry is committed to gear up on quality and compliance, the remedy for the industry now is to get more proactive in its quality compliance drives. The same can be done by adopting regular internal and external data integrity assessments to identify gaps if any, such as to identify if laboratory test data files have been deleted outside of routine archiving process, monitor data to identify potential trial runs, re-processed files and use of common or shared login ID and password. The company will then have to get into the root cause of these issues and address the gaps without camouflaging or hiding facts, as data integrity essentially is, “do as you say, and say as you do,” the EY report says.
The report further adds that even companies with a good track record with regulators and regardless of the existing or anticipated GMP compliance concerns should initiate periodical