Building Business Processes that Optimize Accurate and Reliable Data · 2015-10-03 · Building...

Building Business Processes that

Optimize Accurate and Reliable Data

2nd FDA/PQRI Conference on

Advancing Product Quality

5-7 October 2015

N. Bethesda, MD, US

Presentation by:

Monica J. Cahilly, M.S.

Green Mountain Quality Assurance, LLC

mcahilly@GMQA.net

2

Copyright of slide materials marked with the symbol (c) 2007-2015 GMQA LLC

is held by Green Mountain Quality Assurance LLC. Use of copyright materials

is restricted and these materials shall not be reproduced or distributed to anyone

not attending the training workshop without contractual licensing of the

materials or other express written permission of Green Mountain Quality

Assurance LLC.

(c) 2007-2015 GMQA LLC

OUTLINE

• What is “Data Integrity”?

• Good Documentation Practices

• Data Life Cycle

• Quality Management Systems

• Management Governance

• Data Integrity in a Global Context

• Q&A

(c) 2007-2015 GMQA LLC 3

(c) 2007-2015 GMQA LLC 4

External

Environment:

Economic, Societal,

Political, Legal, etc.

Internal Environment:

Quality Management

System ,

Management Culture

& Governance

Data Life Cycle

Good

Documentation

Practices

Data Integrity—A Growing

Concern

• Data Integrity (IEEE)* = “The degree to which a collection of data is complete, consistent, and accurate.”

* FDA Glossary of Computer Systems Software Development

Terminology (8/95)

FDA.gov 5

Data Integrity—A Growing

Concern

• Data Integrity (MHRA)* = The extent to

which all data are complete, consistent and

accurate throughout the data lifecycle.

– Data integrity arrangements must ensure that

the accuracy, completeness, content and

meaning of data is retained throughout the

data lifecycle.

*MHRA Data Integrity Definitions and Guidance March 2015

GOV.UK 6

What assures Data Integrity?

• Data Integrity (IEEE)* = “The degree to

which a collection of data is complete,

consistent, and accurate.”

– Good Documentation Practices are followed

– Content of Data is trustworthy and reliable,

i.e., the data is ‘valid’

• Achieved through: process validation and control,

data review practices, etc.

(c) 2007-2015 GMQA LLC 7

Creation & Processing of Data

• Good Documentation Practices

– A = Attributable

– L = Legible

– C = Contemporaneous

– O = Original

• or Certified Copy of Original

– A = Accurate

(c) 2007-2015 GMQA LLC 8

Good Documentation Practices

• Legible• Contemporaneous• Permanent

– Ink, preferably black– No pencil or white out

• Attributable• Traceable• Date Stamped• Changes with single line cross-out to retain original

entry, reason, initials, date• Accurate

(c) 2007-2015 GMQA LLC 9

21 CFR Part 11 = Good Documentation Practices for Electronic Data

• Legible• Contemporaneous• Permanent

– Ink, preferably black– No pencil or white out

• Attributable• Traceable• Time/Date Stamped• Changes with single line cross-out to retain original

entry, reason, initials, time/date• Accurate

(c) 2007-2015 GMQA LLC 10

Audit Trails

Time-date stamps

Metadata, Corroborating Paper Records, etc.

Log-on (e.g., User ID / password), E-Sigs

Annotation tools

Time-date stamps, late entry notation

Enforce saving of processing

Validation

No over-writing, Enforce saving of steps

The Paradigm Shift• How do we think about “data” and how do we

design our business processes?

• How do we validate systems that generate source

data with direct impact on patient safety, product

quality, application integrity…?

• How do we manage risks across the entire DLC?

(c) 2007-2015 GMQA LLC 11

(c) 2007-2015 GMQA LLC 12

External

Environment:

Economic, Societal,

Political, Legal, etc.

Internal Environment:

Quality Management

System ,

Management Culture

& Governance

Data Life Cycle

Good

Documentation

Practices

Data Life CycleIn the Broader Context of QbD / Pharma Product Life Cycle

• Do I have all my data?

– Design of data collection: protocol, process, method

– Data Life Cycle controls for data + metadata

• Has my data been objectively processed?

– Controls to Prevent & Detect Testing Toward Outcome

• Am I reviewing all my data?

– Printouts versus Source Electronic Records

– Review of Audit Trails

• Am I reporting all my data?

– Controls to Prevent & Detect Selective Reporting

(c) 2007-2015 GMQA LLC 13

Data Life Cycle

(c) 2007-2015 GMQA LLC 14

•Source eData

•Re-processing events

•Failures

•Objective Reporting

•Transparency in Failures

•Tracking & Trending Failures

•Objective Processing

•Handling Failures

•Design of Data Collection

•Transfers of Data + Metadata

Data Collection

Data Processing

Data Review

Data Reporting

What is the relevance of

Data Integrity?

Impact on:

• Patient Safety

• Product Quality

(c) 2007-2015 GMQA LLC 15

Risk Management

Methodology

• Risk Management Programs—ICH Q9

– Risk Assessment

– Risk Mitigation and Control

– Risk Communication

– Risk Review

Risk Management

Risk Assessment

Risk Mitigation

and Control

Risk Communi-

cation

Risk Review

16(c) 2007-2015 GMQA LLC

Create Data

Process Data

Review Data

Report Data

Create Data

Transfer Data

Store Data

Retrieve Data

Data Life Cycle =

Business Process + Data Flow

(c) 2007-2015 GMQA LLC 17

Create Data

Process Data

Review Data

Report Data

Create Data

Transfer Data

Store Data

Retrieve Data

Data Life Cycle =

Business Process + Data Flow

(c) 2007-2015 GMQA LLC 18

Data Life Cycle Risk Analysis

(c) 2007-2015 GMQA LLC 19

Instrument Data

Excel LIMS

23

27

18

Create Data

Process Data

Review Data

Report Data

Create Data

Transfer Data

Store Data

Retrieve Data

Data Life Cycle =

Business Process + Data Flow

(c) 2007-2015 GMQA LLC 20

We Consider Printouts to be the

“Raw Data” / the “Official Record”

Confidential and Proprietary to

GMQA LLC 21

Risk-Based Approach to

SLC and DLC

• “Critical” Thinking Skills for Data Reviewer

– What are the reviewer’s “blind spots”?

– Only looking at what you EXPECT to see?

– Or asking, WHAT COULD HAVE GONE WRONG?

Confidential and Proprietary to GMQA

LLC 22

Risk-Based Approach to

SLC and DLC

• “Critical” Thinking Skills for Data Reviewer

– What about ERROR PATTERNS?

• Frequency

• Pattern

• Determinate or Indeterminate

• Failure Effect

• Impact

Confidential and Proprietary to GMQA

LLC 23

Create Data

Process Data

Review Data

Report Data

Create Data

Transfer Data

Store Data

Retrieve Data

Data Life Cycle =

Business Process + Data Flow

Confidential and Proprietary to

GMQA LLC 24

Preserving Relationships between

Data + Data Attributes (‘Metadata’)

throughout Data Life Cycle

6.5

What?

When?

Why?

Who?

Confidential and Proprietary to

GMQA LLC 25

Risk Management of

Data Transfer and Storage

Instrument Data

File ShareStorage System

M A

Confidential and Proprietary to

GMQA LLC 26

Framework for Optimizing

Data Life Cycle• Subjective vs Objective Control

• Complex vs Simple

• Manual vs Automated

• Open-ended vs Well-defined

• Inconsistent vs Consistent

Confidential and Proprietary to GMQA

LLC 27

What is Goal of

Data Process Mapping?

• Process Understanding.

• Knowledge Management.

• Quality Risk Management.

• Business Process Improvements:

– Efficiencies, Effectiveness, Cost Reductions

Confidential and Proprietary to GMQA

LLC 28

Deming: “Quality costs less not more.”

Population of GxP Data:

Meaningful Decision-Making

Confidential and Proprietary to

GMQA LLC 29

(c) 2007-2015 GMQA LLC 30

External

Environment:

Economic, Societal,

Political, Legal, etc.

Internal Environment:

Quality Management

System ,

Management Culture

& Governance

Data Life Cycle

Good

Documentation

Practices

Quality Management Systems

Key to Data Integrity

• Training Program

• Risk Assessment & Management

• Validation (Computer, Method, Process)

• Data Life Cycle

• Investigations Program

• Data Review Program

– Critical Thinking Skills

(c) 2007-2015 GMQA LLC 31

Quality Management Systems

Key to Data Integrity

• Quality Audits & Inspections

• Vendor/Contractor Management

– Agreements

– Monitoring

• Management Culture & Controls

– Transparency & Accountability

– Tracking and Trending

– Risk Profiling

(c) 2007-2015 GMQA LLC 32

Creating a Management Culture to

Assure Data Integrity• Transparency

• Accountability

• Lead by Example

• Staying Continuously & Actively Involved

• Process Ownership / Personal Responsibility

• Set Realistic Expectations

• Fair and Just Consequences & Rewards

• Collaboration and Team Camaraderie

• Staying “Current” with the “C” in CGxPs

(c) 2007-2015 GMQA LLC 33

Global Community for Healthcare:

Medicines for All

• Safe

• Effective

• Quality

• Affordable

• Accessible

• Ethically Produced

34

Summary:

Data Integrity Compliance Goals• Accuracy, reliable design, consistent intended

performance of record systems, both paper document systems and computerized systems

• Data Controls (both paper and electronic) to ensure authenticity, integrity, confidentiality, readily retrievable, accuracy, consistency, completeness throughout Data Life Cycle

• Signature Controls (both hand-written and electronic) to ensure legally-binding

• Quality Systems and Management Governance in place to assure data integrity

Confidential and Proprietary to GMQA

LLC 35

Questions / Comments

(c) 2007-2015 GMQA LLC 36

Monica J. Cahilly, M.S.

Green Mountain Quality Assurance, LLC

mcahilly@GMQA.net

www.greenmountainQA.com