The Pharmaceutical industry is faced with many challenges as it relates to data and the integrity of data. In addition to maintaining information regarding the quality of data and how drugs are produced and tested, there are also inherent risks associated with the alteration, falsification and theft of critical data. These risks may come from outside of the organization by those seeking a competitive advantage or they may very well come from those within the organization, either by intention (falsification) or by human error.
The FDA mandates that all records are complete and accurate while preventing the loss, misuse and deterioration of stored data. The FDA also requires companies to maintain many data points through the process: testing data, what data and testing is attributed to whom and at what time, as well as insure that the data is original, legible and accurate. Factor in manufacturing, labeling, advertising, efficacy, fraud and financial risk and it becomes clear that the risks and costs are high in terms of compliance in the pharmaceutical industry.
FDA Issues Draft Guidance on Data Integrity
In April of 2016, the FDA issued the long-awaited data integrity draft guidance which sought to address the rise in data and record-keeping lapses. The draft also defined key terms such as data integrity, meta data, electronic signatures, audit trail and backup. Also addressed were the concerns surrounding shared log-ins, how often and by whom should audit trails should be reviewed and the use of electronic signatures. Within the draft cGMP guidance, it is interesting to note some of the key definitions:
Refers to the completeness, consistency, and accuracy of data. Complete, consistent, and accurate data should be attributable, legible, contemporaneously recorded, original or a true copy, and accurate.
Means a secure, computer-generated, time-stamped electronic record that allows for reconstruction of the course of events relating to the creation, modification, or deletion of an electronic record. An audit trail is a chronology of the “who, what, when, and why” of a record. Electronic audit trails include those that track creation, modification, or deletion of data.
Audit Trail Review
FDA recommends that audit trails that capture changes to critical data be reviewed with each record and before final approval of the record. Audit trails subject to regular review should include, but are not limited to, the following: the change history of finished product test results, changes to sample run sequences, changes to sample identification, and changes to critical process parameters.
Data Integrity Violations – 2016
ULedger Data Assurance
ULedger addresses these issues with our Data Assurance product. Key capabilities:
Uledger Data Assurance provides a platform that provides document level content verification, immutable audit trail coupled with identity authentication. This allows for certainty in data creation and subsequent activity.
Independent 3rd Party Record
Uledger has developed proprietary Blockchain solutions that enables our clients to create a permanent and independent 3rd-party record of any type of data, whether it’s an electronic medical record, image, contract, journal entry, email or any other type of data. Our audit trail solution logs the creation of data and the activity of that data going forward. Our Blockchain approach creates indisputable proof of the evolution of data to information and finally to fact.
ULedger offers our Blockchain Data Assurance audit logs for both companies that choose to archive and maintain control of their data and for those who take advantage of our distributed archival solution. In both scenarios, the audit trail is independent, corroborated by multiple nodes, and provides a record of a “fact” at any point in time, ensuring that history cannot be re-written.
Identity Authentication and Tracking
ULedger uses cryptography and other technology to authenticate the identity of the person, computer or other ‘entity’ that creates and changes data. This identity authentication is imperative for tracking data, providing proof about the data and identifying the source of security breaches. This identity is permanently logged on your blockchain audit trail and cannot be tampered with by a bad actor.