What is Data Integrity?

In recent years, interest in data integrity has been growing among pharmaceutical and medical device companies. In Japan, data integrity is often translated as “データの完全性” (data completeness). However, I feel uncomfortable with this translation.

Data integrity is defined by international regulatory authorities such as the FDA (U.S. Food and Drug Administration), EMA (European Medicines Agency), PIC/S (Pharmaceutical Inspection Convention and Pharmaceutical Inspection Co-operation Scheme), and WHO (World Health Organization) through the principles known as “ALCOA” or “ALCOA+”. ALCOA consists of the following five elements:

• Attributable: It is clear who created the data and when it was created
• Legible: Data is readable and understandable
• Contemporaneous: Data is recorded at the time of the activity
• Original: Data is the original or a True Copy
• Accurate: Data is correct and free from errors

Furthermore, recent regulatory guidance (particularly from MHRA and PIC/S) recommends “ALCOA+” which adds the following elements to ALCOA:

• Complete: Data is complete without omissions
• Consistent: Data is consistent without contradictions
• Enduring: Data is retained throughout its lifecycle
• Available: Data is retrievable and reviewable when needed

In other words, “completeness” mentioned in the original text is indeed one important element of data integrity, but it by no means represents the whole picture. The translation of data integrity as “data completeness” does not accurately convey the essential meaning of data integrity.

Next, let us examine accuracy in detail. Proving data accuracy is by no means easy. For example: Was the analytical instrument used properly inspected, calibrated, and validated? Were the reagents within their expiration dates, and were the correct types and amounts of reagents used? Were there any transcription errors in the analytical results? Were there any calculation errors? Furthermore, was the qualification of the reference standards confirmed, and was the analytical method properly validated? Are there records that allow third parties to objectively verify all of these factors?

Consistency means that throughout the entire data lifecycle, there are no alterations or falsifications between data records, and there are no contradictions among data. The reproducibility and traceability of data, as well as the maintenance of complete audit trails, are crucial. An audit trail is a record of all creation, modification, and deletion of data, which must clearly document “who, when, what, and why” any changes were made.

Enduring and Secure mean that data must not be lost or subjected to unintended alterations, whether intentional or accidental. Data must be protected with appropriate backups throughout the product lifecycle and retained for the required period. Additionally, access restrictions are necessary to prevent unauthorized viewing or modification of data.

When people hear “data integrity,” many immediately associate it with data fraud or falsification. However, that is not the essence. Whether accidental or intentional, if data is unintentionally altered (falsified), patient safety cannot be ensured. In other words, events where data is changed through intentional falsification and events where data is changed through carelessness or procedural deficiencies have the same potential impact on patients.

In fact, many data integrity violations identified during regulatory inspections are not intentional fraud but rather stem from inadequate procedures (lack of checking mechanisms), inappropriate system design, insufficient training and education, or inadequate risk assessment. Analysis of Warning Letters from the FDA and EMA reveals that such unintentional violations constitute the majority of cases. Therefore, proper development and periodic review of procedures, implementation of comprehensive data integrity education, and system design based on a risk-based approach are extremely important.

At data integrity seminars, electronic records are often the focus of discussion, with reference to FDA 21 CFR Part 11 (regulations concerning electronic records and electronic signatures). I also feel uncomfortable with this approach. While Part 11 certainly defines important regulatory requirements for electronic record systems, the principles of data integrity are universal and independent of the medium.

Data integrity applies equally to both paper-based and electronic records. This is because data integrity violations in paper-based media and those in electronic records both pose equal risks of health hazards to patients. In fact, major regulatory guidance documents such as the FDA’s “Data Integrity and Compliance With Drug CGMP” guidance (December 2018), EMA’s “GMP Data Integrity Guidance,” WHO’s “Guidance on good data and record management practices,” and PIC/S’s “Good Practices for Data Management and Integrity in Regulated GMP/GDP Environments” (PI 041-1, revised July 2021) all emphasize the importance of data integrity in both paper-based and electronic records.

For paper-based media, requirements include the use of indelible writing instruments such as ballpoint pens, single-line strikethrough corrections with signature and date, sequential numbering of record sheets, and diagonal lines through unused pages. For electronic records, audit trail functionality, access restrictions, electronic signatures, data backup, and computerized system validation (CSV) are necessary. Although the media differ, the essential requirement to meet the ALCOA+ principles remains unchanged.

In conclusion, data integrity is not merely a compliance issue but a fundamental requirement for ensuring patient safety and product quality. Pharmaceutical and medical device companies are required to foster a culture of data integrity throughout their organizations and pursue continuous improvement.