Chromatography data systems (CDSs) have had a starring role in many regulatory citations involving falsification and fraud
in analytical laboratories regulated by Good Manufacturing Practices (GMP). In this instalment of "Questions of Quality" we
will examine the citations and identify the technical and procedural controls required to ensure data integrity within these
systems. Although focused primarily on the pharmaceutical industry, the principles described here are applicable to all laboratories
working to established quality standards.
There has been a growing increase in the number of laboratories found guilty of falsification and fraud when chromatography
data systems (CDSs) operating in Good Manufacturing Practices (GMP) regulated laboratories have been inspected by the United
States and the European regulatory agencies. The inspection focus has changed: Instead of wading through reams of paper printouts,
the inspection now reviews the electronic records in the CDS. The reason for this change in focus initially began with the
Able Laboratories fraud case in 2005 (1). Up until this point, the company had had multiple US Food and Drug Administration
(FDA) inspections with no non-compliances. That was until a whistle blower called the local agency office to raise concerns
about the working practices that were not entirely compliant with the regulations.
Some of the innovative analytical techniques employed were a combination of:
- Copy and pasting chromatograms from passing batches to failing ones;
- Extensive reintegration of chromatograms to ensure passing results;
- Adjustments of weights, purity factors, and calculations to ensure acceptable results.
This was how an original result of 29%, which would fail a specification of >85%, was falsified to a passing result of 91%
(2). At the heart of the fraud was a CDS, which, when investigated by the FDA, had an audit trail that identified the individuals
responsible for the falsification of data. Identification of the problems in the laboratory led to the closing of the company
in 2005 (2) and the criminal prosecution of four individuals in 2007 (3).
The Able Laboratories fraud case has led to a review of the FDA's inspection approach. This has resulted in the rewrite of
Compliance Programme Guide (CPG) 7346.832 for Pre-Approval Inspections (PAI). There are three objectives contained within
the guide, one of which is objective 3 — the data integrity audit — that is focused on the laboratory (4). Before this came
into effect in May 2012, FDA inspectors were given training in data integrity, including training by Monica Cahilly from Green
Mountain Quality Assurance. The training focused on the computer system and the records it contains rather than the paper
output. This focus on the CDS in regulated GMP laboratories has seen an increasing number of warning letter citations in the
last 2 to 3 years.
In Europe, the UK's MHRA (Medicine's and Healthcare products Regulatory Agency) announced in December 2013 (5) that they expected
companies to focus on data integrity in their self-inspections under EU GMP Chapter 9 (6). This applies not only within an
organization but also in their supply chain. The website also helpfully supplies an e-mail address for whistle blowers.
MHRA has recently written to all major CDS suppliers requesting copies of their software so that they can understand how each
individual software package works. In early April 2014, the MHRA inspectors, together with inspectors from other European
regulatory agencies, had the same data integrity training as the FDA. Life is getting interesting for chromatographers in