A March 30, 2011, Food and Drug Administration (FDA) Warning Letter to Ningbo Smart Pharmaceutical Co. revealed that it had reported conformance to specifications on certificates of analysis, when in fact no testing was done—among other issues.
The FDA rather understatedly informed Ningbo Smart, “It is essential that your firm only report results to customers when you have actually performed the analysis.”
However, FDA was quick to advise the Chinese active pharmaceutical ingredient (API) manufacturer of the full implication of its testing and reporting practices. “This serious CGMP [current good manufacturing practice] violation raises concerns regarding the reliability and integrity of other data generated by your firm.”
This was the same language used by the FDA in the Jan. 28, 2010, Warning Letter to Xian Libang Pharmaceutical Co. in Shaanxi, China, for using the infrared spectra for one lot of incoming material to support the release of subsequent material.
The term “data integrity” is not just casual language. It is a direct reference to the FDA Application Integrity Policy (AIP) that the FDA invokes when there is evidence of fraud, bribery, or other acts that impact the validity of data used to support marketing applications.
The FDA Application Integrity Policy List is the list you don’t want to be on.
When the FDA uses the term “data integrity” as it did with Ningbo Smart, it is another way of saying, “Why should I trust any data out of your firm?” As a result, FDA halts its review of pending new drug applications and proceeds to withdraw approved applications.
Remember, Ranbaxy was put on that list in 2009 for claims of falsifying data on product shelf life. Ranbaxy reported that it had tested compounds at room temperature when products were actually stored in a refrigerator. In addition, it tested data at different time points than claimed in drug applications.
But notice that the FDA places the blame for the failure at Ningbo Smart squarely on the quality assurance unit (aka QCU).
• “Failure of your quality unit to ensure that materials are appropriately tested and the results are reported.”
• “Failure of your QCU to exercise its responsibility to ensure the APIs manufactured at your facility are in compliance with CGMP, and must meet established specifications for quality and purity.”
• “Your QCU released API lots to the U.S. without assuring that all the required tests are performed.”
• “Your QCU also failed to detect that your [certificates of analysis] COAs stated that… conformed to specifications, although the test was not performed.”
In fact, the ultimate slight was the FDA’s recommendation that Ningbo Smart hire a third-party auditor, with experience in detecting data integrity problems, to assist the company in evaluating its overall compliance with CGMPs. I’ve reported previously in my Sept. 25, 2010 QA Pharm that such recommendations are a vote of no confidence in the QCU.
So what can a QCU do to prevent data integrity problems?
1. Encourage your company to establish a data-integrity policy to show that you are serious about falsification of data, and that it is a cause for termination. Train on this policy.
2. Establish a general standard for good documentation practices so that even the most innocent recording issues cannot be perceived as fraudulent. Train on this standard.
3. Establish a specific procedure on sampling/testing requirements and laboratory data-recording to be clear about incoming, in-process, and final testing requirements. Train on these procedures.
4. Provide specific training for secondary reviewers and approvers to ensure good documentation practices are followed and suspicious results and trends are investigated.
It is impossible to prevent someone who is intent on falsifying data. However, even well-meaning (but uninformed) people can give the impression of fraudulent data by erasures, unexplained cross-outs, incomplete blanks on forms, varying significant figures, signing documents after the fact, and omitting or inserting data without explanation. Such sloppiness, at the least, gives an impression of a questionable lot history, and at the most—fraud.
The FDA correctly criticizes the QCU at Ningbo Smart. The QCU is responsible for establishing a compliant quality-management system that is capable of detecting and self-correcting in order to maintain a state of control.
The QCU must be able to demonstrate that it has established and trained on policies and procedures that are designed to take data integrity seriously.
Let this be a reminder to take second looks at your data integrity program. Go forth.