For compounding pharmacies regulated under section 503B, electronic record data integrity concerns are increasing in regulatory and customer visibility. The concepts of good data integrity practices is not new. Yet an organization can inadvertently open itself up to serious problems with their electronic record integrity if proper operating and computer system validation procedures are not followed.
A recent FDA 483 illustrates this point. On April 11, 2018 Pharmedium Services, LLC was issued a Form 483 at the conclusion of the inspection which included several observations on electronic record data integrity. Specifically, evidence that electronic records “… meet requirements to ensure that they are trustworthy, reliable and generally equivalent to paper records.” was a common theme in the observations. The organization’s SOPs called for a Corporate/Management review of the quality system to be performed. The intent of the review is to ensure that quality system was in place, running, and being maintained. The FDA found that meetings were not always conducted and that minutes were not captured and/or maintained. Meetings minutes, for the purpose of providing evidence that the SOP is being followed, were needed but not found in all cases. Furthermore, the process for maintaining, storing, and controlling access of the minutes was not established. For more information on this 483, please see our recent blog post
This, of course, calls into question the organization’s compliance with the SOP. The takeaway with this observation is that if an organization is going to establish controls for a quality system, it is important to ensure those controls are actually in place and documented.
Observation 4C states that the “…firm is using a supply chain tracking software. Your firm upgraded from version [redacted] on approximately [redacted]”. A customer complained that an expired lot of product was shipped to them, which then triggered an investigation by the organization. The investigation identified “the Shipping Supervisor was unaware that the current system allowed the picking of expired product…”.
There are a couple ways to avoid this kind of observation. First, the supply tracking software are validated to GxP an industry standard (such as ISPE GAMP 5). Once validated, the software should be controlled through a change management process that ensures that upgrades are assessed and appropriately acted on. Make sure the process, and any Quality Management System process, is documented in a formal procedure. Next, in validation, ensure that the system requirements are gathered and documented. One has to understand the system’s intended use and then test it. Workflow analysis with appropriate subject matter experts is useful at this point. A risk analysis of the system and/or critical requirements is also a good idea. This will set a precedent for how upgrades and system changes might be managed in the future. When a system upgrade is presented by the vendor, assess the release notes against the system requirements so that testing and retesting of new and existing requirements can be done if needed. Lastly, a determination of need and execution of documented training on the new features or changes to the system should be done.
483’s and/or warning letters related to data integrity are avoidable if internal procedures are followed and an appropriate system lifecycle processes is implemented. One can be confident that their systems are FDA compliant and meeting business needs by validating systems to meet industry standards and best practices and then maintaining that validated state through the life of the system.
Have a question on Computer Systems Validation, or application of Data Integrity principles, contact Kevin Marcial.