Data Integrity Focus, Part III: What Is the Problem with Hybrid Systems?

March 1, 2019
R.D. McDowall

R.C. McDowall is the principle of McDowall Consulting and director of R.D. McDowall Limited, and "Questions of Quality" column editor for LCGC Europe, Spectroscopy's sister magazine.

LCGC North America

LCGC North America, LCGC North America-03-01-2019, Volume 37, Issue 3
Pages: 180–184

A hybrid system is the worst possible choice for managing your regulated data.

Regulatory authorities globally have concerns about hybrid computerized systems. These are the worst possible computerized system to have in your laboratory from a regulatory perspective. Here, we discuss what a hybrid system is, and explain why there is such a fuss about them.

This article is the third in a six-part series dealing with data integrity. The first discussed a data integrity model to present the scope of data integrity and data governance program for an organization (1). The second discussed data process mapping to identify data integrity gaps in a process involving a chromatography data system (CDS), and looked at ways to remediate these gaps (2). The CDS was described originally as a hybrid system, and I mentioned that this subject would be the topic of this third article.

What is a Hybrid System?

First, it is important to define what we mean by a hybrid computerized system. The best definition and description is found in the World Health Organization (WHO) guidance (3):

This refers to the use of a computerized system in which there is a combination of original electronic records and paper records that comprise the total record set that should be reviewed and retained.

An example of a hybrid approach is where laboratory analysts use computerized instrument systems that create original electronic records and then print a summary of the results.

The hybrid approach requires a secure link between all record types, including paper and electronic, throughout the records retention period.

Where hybrid approaches are used, appropriate controls for electronic documents, such as templates, forms and master documents, that may be printed, should be available.

A schematic of a hybrid computerized system is shown in Figure 1. There are a number of electronic records within the computerized system, and these must be securely linked with the paper printouts that are signed by the analyst and reviewer. Often, the focus is only on the paper printout and not the electronic records when, in fact, it should be the other way around; e-records are the critical data, and signed paper printouts are only a small part of the records.


Figure 1: A schematic of a hybrid system consisting of electronic records and signed paper printouts (4).

Unable Able Laboratories

Able Laboratories is the classic data integrity case study that can be summarized as "You can't falsify data into compliance." This now defunct generic pharmaceutical company had passed several US Food and Drug Administration (FDA) inspections before a whistleblower called to alert the agency about fraudulent quality control (QC) work. Inspectors quickly found that data were being falsified on an industrial scale, using a variety of means such as copy and paste, manipulation of weights, and chromatographic integration (5). The heart of the falsification effort was a CDS in which the audit trail that could not be turned off identified who had falsified which data and when. The reason why the agency had missed the falsification is that the inspectors focused on paper printouts alone. As a result, there were changes to the way FDA and other regulatory agencies inspect computerized systems with updated regulations (6,7) and guidance (3, 8–11), as we will discuss now.

What the Regulators Want

In addition to providing a definition of hybrid system, the WHO good records management practices guidance also notes, in Appendix 1, under special risk factors in the Attributable section (3):

The use of hybrid systems is discouraged, but where legacy systems are awaiting replacement, mitigating controls should be in place.

In such cases, original records generated during the course of [good practice] GXP activities must be complete and must be maintained throughout the records retention period in a manner that allows the full reconstruction of the GXP activities.

A hybrid approach might exceptionally be used to sign electronic records when the system lacks features for electronic signatures, provided adequate security can be maintained. The hybrid approach is likely to be more burdensome than a fully-electronic approach; therefore, utilizing electronic signatures, whenever available, is recommended.

Replacement of hybrid systems should be a priority.

Have you got the message? Hybrid systems are not liked, and using them to ensure data integrity will cost you time and effort. The WHO guidance goes about as far as a regulatory guidance can go by stating that hybrid systems are discouraged, and that they should be replaced as a matter of priority. The Pharmaceutical Inspection Co-operation Scheme (PIC/S) PI-041 Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments also notes in section 9.3 (10):

Increased data review is likely to be required for hybrid systems.

This is true as a second person reviewing hybrid records must review both paper and electronic records plus the linkages between the two types of records as shown in Figure 1, making the review more labor intensive and slow. As Newton and McDowall noted, the second person review may take longer than the actual chromatographic run (12).

 

The World Consists of Hybrid Systems

OK, saying that the world consists of hybrid systems is not quite accurate, but, in many laboratories, standalone hybrid computerized systems are used. Even networked systems with the technical controls to be used electronically can be deployed in hybrid mode, because this approach is seen as a tried and trusted option. This viewpoint is wrong, and dangerously so.

There are now more stringent controls placed on hybrid systems, especially if it is a standalone workstation. Regulatory guidance notes that hybrid systems will probably result in more review work compared with an electronic process, and at the same time regulatory exposure will increase over time as interpretation becomes tighter. By failing to replace hybrid systems, management must accept accountability for its inaction when an inspector calls and finds a data integrity problem. To understand the situation from the perspective of the regulations, we need to go back in time to the last century.

Understanding the "c" in cGMP

Have you ever wondered why the FDA Good Manufacturing Practice (GMP) regulations have the word current in the title? To find out why we need to go back in time to September 29, 1978, and the publication of FDA's Current Good Manufacturing Practice (cGMP) regulations in the Federal Register (13). You may ask why we should bother with something that was published in the mists of time, when all we need to do is an Internet search as find the GMP regulations on the web. Not quite, dear reader. If you bother to read the regulations you will find that there is no definition or explanation of the word current in the regulation (for the purists, there is also no mention of current in the definitions of cGMP in 21 CFR 210).

The way that current was intended to be used will be found in preamble comment 17 of the regulations published in 1978 (13). It is built into the GMP regulation from the beginning, and not slipped in as an afterthought. In the scope section of the regulation (21 CFR 211.1), it states that:

(a) The regulations in this part contain the minimum current good manufacturing practice for preparation of drug products for administration to humans or animals.

The 21 CFR 211 regulations are stated to be the minimum expected. The problem with the pharmaceutical industry is that these regulations are typically interpreted as "These directives are all we will do." This divergence from the intent of the regulation is the start of some data integrity problems. We can delve further into an understanding of current in comment 17 of the 1978 preamble to the GMP regulations (13); here is a discussion on the use and meaning of the word current is as follows:

One comment recommended that the word “current” be deleted since it is obvious that the latest regulations to be published are current, and therefore the use of the word “current” is superfluous....

Several of these comments reflect, the Commissioner believes, a misunderstanding regarding the use of the word “current”....

The Congress intended that the phrase itself have a unique meaning and that the good manufacturing practice regulations represent sound current methods, facilities and controls for the production of drugs to assure safety…

Although the practices must be “current” in the industry, they need not be widely prevalent. Congress did not require that a majority or any percentage of manufacturers already be following the proposed mandated practices, as long as it was a current good manufacturing practice in the industry, i.e. that it had been shown to be both feasible and valuable in assuring drug quality (13).

The intent of the US GMP regulations has been that as science, analytical instrumentation, and technologies advance, then so too must the pharmaceutical industry. Even if an advance is not widely used in the industry, if it can ensure an improvement in drug quality, then it comes under the purview of the "c" in cGMP.

However, the problem is that reality in regulated laboratories does not match regulatory intent. Once a pharmaceutical organization has developed an interpretation of the regulation, it is reluctant to change for several reasons, such as the cost of new technology, validation costs, the cost of updating a registration dossier, and perceived or actual inflexibility of the inspectorate to accept such advances. The companies often prefer to remain with older processes that do not reflect the most effective and efficient ways of working, if they have not had any problems in the past.

Personal computers have been used for controlling chromatographs since the 1980s, and they have typically been designed to be used in the same way, as a hybrid system. Publication of 21 CFR 11 regulations (14) in 1997 allowed the use of electronic signatures, but widespread adoption has not occurred. Large pharmaceutical companies have implemented site or global CDS with electronic signatures, but smaller companies typically have not gone in the same direction, preferring to have standalone systems, often from several different suppliers, which can be argued as crass stupidity.

Hybrid System Configuration and Data Integrity Issues

A typical hybrid system is shown in Figure 2 and consists of three components:

  • Analytical instrument, such as a chromatograph

  • Controlling workstation, where the CDS software is loaded and where data are stored

  • Printer

Figure 2 shows the potential data integrity problems that fall into three categories: business efficiency and continuity, IT data integrity, and laboratory data integrity. One of the major problems with hybrid systems is protecting the data and associated metadata with effective backup and recovery processes. If backup is left to the laboratory, it will inevitably fail, because backup is not the main function of a chromatography laboratory.


Figure 2: Typical configuration of a hybrid chromatography data system and potential data integrity problems (4).

 

Are You Lazy?

Most hybrid systems print paper as if it is going out of fashion. Depending on the sadists in the Quality Assurance (QA) department, often each page must be initialled by the tester, and again by the reviewer, which is an error prone, tedious, and non-value-added task. The printouts must also be checked against the electronic records that were created or used in the analysis.


Figure 3: A schematic of the generation and review of hybrid records (4).

A simple way to reduce the amount of paper printed from a hybrid system is outlined in Appendix 1 of the WHO data integrity guidance (3). Shown in Figure 3 is a controlled and uniquely numbered review form (10,15) for the creation and review of the records created during an analysis using a hybrid system. The form is linked to the analytical procedure and standard operating procedure (SOP) for review of laboratory records. The steps are as described below.

  • At the start of the analysis, a uniquely numbered version of the form is issued to the tester, who documents the start and end date and time of the analysis (to help the second-person reviewer search audit trail entries), as well as documents the records created, modified, and the location where they are stored.

  • Chromatograms and data are reviewed by the analyst on screen. The only printout from the CDS is the test summary of the reportable results and analysis information.

  • The results printout and review form is signed by the tester.

  • When records are ready for review, a second analyst reviews files electronically on screen with no printouts; this makes the task simpler and quicker.

  • The reviewer checks the data files and contextual metadata files generated by the performer of the test, and documents these on the review form. The applicable audit trail entries are also reviewed between the analysis start and end times and dates, and documented.

  • Checks for falsification of data are included in the form, as this will be reviewed during data integrity audits and, if applicable, data integrity investigations.

  • If changes are required to be made, these are documented and sent back to the tester to update. When the review is complete, the reviewer then signs the form. If required by laboratory procedures, there may be space on the form for an approval or QA signature.

This approach reduces the volume of paper printed, but also allows a faster review, as the cross check between the electronic and paper is far smaller than now.

Eliminate Hybrid Systems

Working with hybrid systems–computerized systems that generate electronic records with signed paper printouts–is the worst possible world to be in. The laboratory must manage two incompatible media formats: paper and electronic records. The best advice is to eliminate these systems by using electronic systems to ensure both regulatory compliance and business efficiencies, as we discussed in the second part of this series (2).

Why Are You Still Buying Hybrid Systems?

I could have entitled this subheading "Why are suppliers still selling hybrid systems?" However, given that suppliers respond to market forces, it is the responsibility of customers to put pressure on suppliers to design adequate systems for today's data integrity world. Laboratories that have assessed and remediated current systems are perpetuating the problem when new systems are purchased, because they are typically:

  • standalone

  • hybrid

  • involve data being stored in directories created in the operating system rather than in a database

For further discussion regarding CDSs, please refer to the four-part series written for LCGC North America by Chris Burgess and myself (16–19).

The Year-End Slush Fund Spend?

You know the situation: A month before the end of the financial year, your boss puts his or her head round the door of the laboratory and says nonchalantly, "We have money to spend before the year end. Any ideas?" This question initiates a mad panic, because three quotes have to be generated, the capital request raised and walked around for signature, the purchase order raised, and an empty box delivered to stores. What a quality way to purchase instrumentation and software. It is extremely unlikely that the overall system has been adequately assessed for compliant functions and technical controls for data integrity. The staff only focus on the bright shiny instrument. However, this reaction perpetuates the data integrity problem. But this problem always occurs in other organizations, doesn't it?

Summary

We have defined what a hybrid system is, and why it is not recommended by regulatory authorities. The biggest problem with hybrid systems is the synchronization of two incompatible media. However, the hybrid problem is perpetuated by dumb suppliers who do not design software for electronic working and data acquisition directly to a network storage area. The problem is compounded by stupid laboratories that keep purchasing applications with inadequately designed compliance functions to give data integrity assessors a job for life.

References

(1) R.D. McDowall, LCGC North Am. 37(1), 44–51 (2019).

(2) R.D. McDowall, LCGC North Am. 37(2), 118–123 (2019).

(3) WHO Technical Report Series No. 996 Annex 5 Guidance on Good Data and Records Management Practices. World Health Organization, Geneva, Switzerland (2016).

(4) R.D. McDowall, Data Integrity and Data Governance: Practical Implementation in Regulated Laboratories (Royal Society of Chemistry, Cambridge, UK, 2019).

(5) Able Laboratories Form 483 Observations, 6 July 2005; Available from: http://www.fda.gov/downloads/aboutfda/centersoffices/officeofglobalregulatoryoperationsandpolicy/ora/oraelectronicreadingroom/ucm061818.pdf.

(6) European Commission Health and Consumers Directorate-General, EudraLex: Volume 4 Good Manufacturing Practice (GMP) Guidelines, Chapter 4 Documentation, E. Commission, Ed. (Brussels, Belgium, 2011).

(7) European Commission Health and Consumers Directorate-General, EudraLex: Volume 4 Good Manufacturing Practice (GMP) Guidelines, Annex 11 Computerized Systems, European Commission (Brussels, Belgium, 2011)

(8) MHRA GMP Data Integrity Definitions and Guidance for Industry 2nd Edition. Medicines and Healthcare Products Regulatory Agency, London, UK (2015).

(9) MHRA GXP Data Integrity Guidance and Definitions. Medicines and Healthcare Products Regulatory Agency, London, UK (2018).

(10) PIC/S PI-041 Draft Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments, Pharmaceutical Inspection Convention/Pharmaceutical Inspection Co-Operation Scheme, Geneva, Switzerland (2018).

(11) EMA Questions and Answers: Good Manufacturing Practice: Data Integrity. 2016; Available from: http://www.ema.europa.eu/ema/index.jsp?curl=pages/regulation/general/gmp_q_a.jsp&mid=WC0b01ac058006e06c#section9.

(12) M.E. Newton and R.D. McDowall, LCGC North Am. 36(8), 527–529 (2018).

(13) Current Good Manufacturing Practice for Finished Pharmaceuticals, in Code of Federal Regulations Title 21 Part 211, 43(190), 45014–45089 (U.S. Government Printing Office, Washington, DC, USA, 1978).

(14) Food and Drug Administration, 21 CFR 11 Electronic Records; Electronic Signatures, Final Rule (FDA, Washington, DC, USA, 1997).

(15) FDA Guidance for Industry Data Integrity and Compliance With Drug CGMP Questions and Answers (Food and Drug Administration, Silver Springs, MD, 2018).

(16) R.D. McDowall and C. Burgess, LCGC North Am. 33(8), 554–557 (2015).

(17) R.D. McDowall and C. Burgess, LCGC North Am. 33(10), 782–785 (2015).

(18) R.D. McDowall and C. Burgess, LCGC North Am. 33(12), 914–917 (2015).

(19) R.D. McDowall and C. Burgess, LCGC North Am. 34(2), 144–149 (2016).

R.D. McDowall is the directorof R.D. McDowall Limited in the UK. Direct correspondence to: rdmcdowall@btconnect.com