未分類

Is Data Integrity Important?

I am frequently requested by pharmaceutical companies, vendor companies, and others to conduct private seminars on “data integrity.”

However, most people do not understand the true purpose of data integrity.

There are far too many people working at pharmaceutical companies, consultants, and seminar instructors who assert things like, “We must address data integrity because otherwise we will be cited by regulatory authorities.” Which direction are they facing in their work? Avoiding regulatory citations is self-preservation, not for the benefit of patients. Is such an attitude truly acceptable?

In the first place, the requirements for pharmaceuticals are safety, efficacy, and quality.

The Primary Importance: Patient Safety

Data integrity is most important, first and foremost, for ensuring patient safety. The reliability of records (whether electronic or paper) must not be compromised by analytical errors, transcription errors, calculation errors, programming errors, intentional or accidental alterations, or falsification. Whether there is malicious intent or not, data changes due to careless mistakes such as transcription errors can sometimes have significant impacts (health hazards) on patients.

Next comes the efficacy of pharmaceuticals, which is primarily assured during clinical development. Clinical raw data and similar records fall into this category. The required attributes for clinical raw data are defined by the ALCOA principles.

Understanding ALCOA and Its Evolution

The ALCOA framework, introduced by the FDA in the early 1990s, originally consisted of five core principles: Attributable, Legible, Contemporaneous, Original, and Accurate. However, as regulatory expectations evolved and the complexity of data management increased, this framework expanded to ALCOA+ and subsequently to ALCOA++.

ALCOA+ adds four critical attributes:

  • Complete: Data must be fully documented with nothing omitted
  • Consistent: Documentation should be chronological and orderly
  • Enduring: Records must be maintained for the duration specified by regulatory authorities
  • Available: Documents must be accessible when needed for reference or audit purposes

ALCOA++ further incorporates:

  • Traceable: Maintaining a robust audit trail with a clear sequence of activities
  • Risk-based oversight and formal audit trail reviews

This evolution reflects the pharmaceutical industry’s response to increasing regulatory scrutiny from the FDA, EMA (European Medicines Agency), MHRA (Medicines and Healthcare products Regulatory Agency), WHO (World Health Organization), and other global regulatory bodies. All these agencies have issued comprehensive data integrity guidelines that emphasize management responsibility, risk-based controls, and routine review of source data.

The Third Priority: Product Quality

Lastly, there is the quality of pharmaceuticals. Process parameters and manufacturing records during the pharmaceutical manufacturing process need to be preserved as-is until the designated deadline.

In this way, data integrity importance has a hierarchy of priorities. Above all, it is necessary to devote substantial resources to ensuring patient safety. This is particularly true for Out-of-Specification (OOS) results in Quality Control (QC) laboratories.

The Critical Issue of OOS Management

When OOS results occur, it is essential not only to investigate the cause and prevent recurrence but also to avoid inappropriately recalculating OOS data, changing programs, or simply concluding that it was a laboratory error. An OOS result that cannot be negated may require disposal of the entire batch/lot.

Regulatory Expectations for OOS Investigations

The FDA’s guidance on “Investigating Out-of-Specification (OOS) Test Results for Pharmaceutical Production” (revised in 2022, Level 2 revision) establishes clear expectations. When an OOS result is confirmed, it indicates that the batch does not meet established standards or specifications and should result in the batch’s rejection in accordance with 21 CFR § 211.165(f) and proper disposition.

The OOS investigation process should follow a structured approach:

  1. Immediate Actions: Quarantine the affected material within one working day to ensure no suspect product enters commerce
  2. Phase I – Laboratory Investigation: Verify calculations, transcription, units, instrument logs, calibration status, and system suitability data
  3. Phase II – Expanded Investigation: If laboratory error is not confirmed, expand investigation to production processes, raw materials, and other relevant areas
  4. Documentation: All investigations must be thoroughly documented with unique identifiers, reviewed and approved by quality unit management

In FY 2023, the FDA cited 21 CFR 211.192 (failure to thoroughly investigate unexplained discrepancies) thirty times in warning letters, making it one of the top five drug-GMP violations. This underscores the critical importance of proper OOS investigation procedures.

In the case of expensive products, there may be concerns about cost losses, hesitation to dispose of products, and a desire to manipulate data to somehow achieve passing results. However, when considering patient safety, more stringent processes must be established.

Risk-Based Approach to Data Integrity

On the other hand, data related to product quality presents lower risks compared to safety-related data. Therefore, strict management like that required for QC laboratory data is not necessary.

Modern Regulatory Perspective on Risk Assessment

Current regulatory guidance from the FDA, EMA, WHO, and the draft EU GMP Chapter 4 (released in July 2025 for public consultation) emphasizes a risk-based approach to data integrity. This means that pharmaceutical companies should focus their resources on aspects of their data management systems that present the highest risk to patient safety and product quality.

The effort and resources applied to assure data integrity should be commensurate with the risk and impact of a data integrity failure. Risk assessments should evaluate:

  • The criticality of the data to product quality and patient safety
  • The potential impact of failures in data integrity
  • Direct risks to product critical quality attributes
  • The data lifecycle from creation through retention and disposal

In the first place, when manufacturing products, one would not deliberately think about manufacturing poor-quality products. Moreover, if there are abnormalities in equipment, emergency stops would be performed. In other words, manufacturing records capture things as they are, and there is no motivation to falsify them. Security and audit trails are not critically important in this context.

The Risk of Misunderstanding Data Integrity

People who do not understand the essence of data integrity mistakenly believe that data integrity requirements must be factored into all processes and that all computer systems must comply with them.

Now, here is a question: If your training records were falsified, would it cause health hazards to patients? The answer is No.

The Economic Impact of Disproportionate Compliance

Many consultants preach the importance of data integrity and demand compliance with everything. However, if pharmaceutical companies spend these compliance costs indiscriminately, they will be reflected in drug prices and ultimately become a burden on patients. Wasteful costs should not be incurred.

This does not mean that training records are unimportant. Proper training documentation is essential for ensuring that personnel are qualified to perform their assigned tasks. However, the level of control and the specific data integrity measures applied should be proportionate to the actual risk to patient safety and product quality.

Implementing Practical Data Governance

Modern data governance systems should be:

  • Integrated into the Pharmaceutical Quality System (PQS): As emphasized in the 2025 draft EU GMP Chapter 4 revisions
  • Risk-based: Focusing resources where they matter most for patient safety
  • Lifecycle-oriented: Covering data creation, processing, verification, reporting, retention, archiving, and retirement
  • Technology-enabled: Utilizing electronic signatures, audit trails, automated controls, and secure backup and recovery procedures
  • Culture-driven: Senior management must establish and maintain a quality culture that supports transparent reporting of deviations and data integrity lapses

Current Regulatory Landscape (2025)

As of 2025, the regulatory environment for data integrity has become increasingly sophisticated and globally harmonized:

Key Regulatory Developments:

Regulatory Body Key Guidance/Standard Year Focus Areas
FDA Data Integrity and Compliance with Drug CGMP: Questions and Answers 2018 ALCOA principles, 21 CFR Part 11, system validation
FDA Investigating OOS Test Results (Level 2 Revision) 2022 Structured investigation process, batch disposition
EMA GMP Data Integrity Q&A (Revision 2) 2021 ALCOA+, audit trails, hybrid systems
EU Draft GMP Chapter 4 (Documentation) 2025 ALCOA++, data governance, PQS integration, AI systems
EU Draft Annex 11 (Computerised Systems) – Revised 2025 IT security, cloud systems, AI integration
WHO TRS 1033 Annex 4: Guideline on Data Integrity 2021 ALCOA+, risk-based approach, global harmonization
PIC/S Good Practices for Data Management (PI-041) 2021 International inspection standards
USP Draft <1029> Good Documentation Practice 2025 ALCOA++, laboratory documentation standards

The 2025 EU GMP Chapter 4 revisions represent a fundamental shift, introducing:

  • Mandatory integration of data governance into the Pharmaceutical Quality System
  • Recognition and control requirements for hybrid systems (paper and electronic)
  • Formal emphasis on ALCOA++ principles
  • Requirements for metadata control and data lifecycle management
  • Validation Master Plan as a mandatory master document
  • Comprehensive training requirements for data governance and data integrity principles

Conclusion: Balancing Compliance and Patient-Centricity

The fundamental question we must always ask is: “For whom are we ensuring data integrity?” The answer must always be: for patients.

Data integrity is not about avoiding regulatory inspections or achieving perfect compliance scores. It is about:

  1. First and foremost: Protecting patient safety through rigorous control of safety-critical data, particularly in QC laboratories where OOS results could indicate potentially harmful products
  2. Second: Ensuring the efficacy of medicines through reliable clinical data that meets ALCOA++ standards
  3. Third: Maintaining product quality through appropriate documentation and controls proportionate to risk

By applying a risk-based, patient-centric approach to data integrity, pharmaceutical companies can allocate resources effectively, avoid unnecessary compliance costs that ultimately burden patients, and maintain focus on what truly matters: delivering safe, effective, and high-quality medicines to those who need them.

The evolution from ALCOA to ALCOA++ and the increasing emphasis on data governance, risk-based controls, and integrated quality systems reflect a maturing understanding across the global pharmaceutical industry. However, the core principle remains unchanged: data integrity exists to serve patient safety, not regulatory appeasement.

Note: This article reflects regulatory guidance current as of January 2026, including draft guidances published in 2025. Pharmaceutical companies should monitor ongoing regulatory developments and consult with qualified compliance professionals for implementation guidance specific to their operations.

Is Part 11 Compliance Mandatory for Cloud Systems? Previous post Guidelines on Legal Compliance for Marketing Authorization Holders and Manufacturers Next post

Related post

Comment

There are no comment yet.