Chromatography data systems (CDSs) have had a starring role in many regulatory citations involving falsification and fraud in analytical laboratories regulated by Good Manufacturing Practices (GMP). In this instalment of "Questions of Quality" we will examine the citations and identify the technical and procedural controls required to ensure data integrity within these systems. Although focused primarily on the pharmaceutical industry, the principles described here are applicable to all laboratories working to established quality standards.
There has been a growing increase in the number of laboratories found guilty of falsification and fraud when chromatography data systems (CDSs) operating in Good Manufacturing Practices (GMP) regulated laboratories have been inspected by the United States and the European regulatory agencies. The inspection focus has changed: Instead of wading through reams of paper printouts, the inspection now reviews the electronic records in the CDS. The reason for this change in focus initially began with the Able Laboratories fraud case in 2005 (1). Up until this point, the company had had multiple US Food and Drug Administration (FDA) inspections with no non-compliances. That was until a whistle blower called the local agency office to raise concerns about the working practices that were not entirely compliant with the regulations.
Some of the innovative analytical techniques employed were a combination of:
The Able Laboratories fraud case has led to a review of the FDA's inspection approach. This has resulted in the rewrite of Compliance Programme Guide (CPG) 7346.832 for Pre-Approval Inspections (PAI). There are three objectives contained within the guide, one of which is objective 3 — the data integrity audit — that is focused on the laboratory (4). Before this came into effect in May 2012, FDA inspectors were given training in data integrity, including training by Monica Cahilly from Green Mountain Quality Assurance. The training focused on the computer system and the records it contains rather than the paper output. This focus on the CDS in regulated GMP laboratories has seen an increasing number of warning letter citations in the last 2 to 3 years.
In Europe, the UK's MHRA (Medicine's and Healthcare products Regulatory Agency) announced in December 2013 (5) that they expected companies to focus on data integrity in their self-inspections under EU GMP Chapter 9 (6). This applies not only within an organization but also in their supply chain. The website also helpfully supplies an e-mail address for whistle blowers.
MHRA has recently written to all major CDS suppliers requesting copies of their software so that they can understand how each individual software package works. In early April 2014, the MHRA inspectors, together with inspectors from other European regulatory agencies, had the same data integrity training as the FDA. Life is getting interesting for chromatographers in regulated laboratories!