Breaches of Data Integrity (BDIs)
Thomas Cosgrove, JD, Acting Director, Office of Manufacturing and Product Quality, FDA/CDER and Carmelo Rosa, Director, FDA/DIDQ, discussed breaches of data integrity (BDIs) and the FDA’s current inspection and compliance-related activities with regard to BDIs.
“Data integrity is one of today’s most important issues because it gets to the foundation of the relationship between industry and the FDA,” said Cosgrove. “Although regulatory issues can be painful, there is always a way forward but this becomes less true when we are dealing with false and misleading data.”
Cosgrove encouraged attendees to embrace the importance of ensuring data integrity. “Could breaches of data integrity occur in your firm?” he asked as he ran down a list of examples of data integrity issues from the past year. He cited examples where inspectors found clear instances of deliberate information fraud and cases of “missing data,” or found suspect paperwork ripped up and stuffed in trashcans or discovered unlabeled vials with their contents dumped down drains.
Rosa elaborated on the current extent of BDIs and discussed the variety of ways in which data integrity is breached. He began by asking: “What is data integrity and how is data integrity violated?”
He defined BDIs as acts of “falsification, document adulteration, forgery and providing misleading information,” among other terms, all of which are related to information. “BDIs break trust,” said Rosa. “We need to understand the extent of the problem and make clearer whether cases of breaches of data integrity are isolated or extensive.”
Inspectors, he said, need to “dig deeper” during inspections and noted that it ‘takes time’ to understand systems and how they can be manipulated. He also suggested that evaluation is needed to determine the differences between an intentional deception and a ‘mistake.’
“Senior management cannot be left off the hook by claiming ‘we did not know,’” said Rosa, who explained how the FDA is increasingly working with international regulatory and inspection partners to uncover BDIs at foreign facilities. “Ignorance does not take away from responsibility. Folders and files are easily deleted or altered.”
One way to uncover BDIs, said Rosa, is for inspectors to do more “outside of the box” thinking. Single- day audits and simple checklists may not be adequate to understand how data can be manipulated, how information destroyed and false records kept.
“BDIs may occur because firms have no internal checks and balances, or because management lacks the expertise to discover them, or because there is no management verification of data,” suggested Rosa. “Regardless, BDIs cannot be ignored.”
He concluded that the numbers of BDIs will increase as inspectors dig deeper and that industry and regulators need to work together to solve the BDI problem.