Data Integrity Violations at an OTC Manufacturer

During an inspection, the US FDA identified significant violations in the area of data integrity and documentation at a manufacturer of OTC pharmaceuticals in Thailand. The violations identified relate to incomplete laboratory data, manipulated records and inadequate control of electronic systems.

Missing or Manipulated Laboratory Data

The FDA complained that laboratory records did not contain complete and reliable original data to support the chromatographic analyses performed. Several cases of falsified laboratory tests were documented, in which, according to the laboratory manager, tests were fabricated in preparation for the FDA inspection. A senior QA manager also confirmed that laboratory tests were deliberately falsified or invented. In addition, the manufacturer was unable to provide original data on raw material and finished products analyses. The existing laboratory records were not sufficient to prove the quality of the tested substances.

In its response to the inspection deficiencies (Form 483), the manufacturer acknowledged that the laboratory system lacked sufficient procedures and controls to ensure data completeness and integrity. The FDA found the response to be inadequate because it did not provide a comprehensive assessment of the full extent of the data integrity deficiencies.

Inadequate Controls over Electronic Systems

The FDA also found that appropriate restricted access and control mechanisms were not implemented for electronic laboratory equipment used for release testing and stability testing. This made it possible for employees to delete or modify electronic data.

The inspectors documented numerous cases of deleted electronic raw data. In addition, laboratory employees had administrator rights that allowed them to change files, folders and the date and time of laboratory tests. In addition, raw electronic data was not completely retained. Relevant data from analysis systems, which would be required to prove product quality, was missing.

In its response, the manufacturer acknowledged a lack of documentation control and stated that it had taken initial steps to close gaps in data integrity. However, the FDA considers the response to be inadequate because the review had not been extended to all other laboratory devices and no assessment of the impact of the deleted data had been made. 

Measures required by the FDA

The FDA requires the manufacturer to conduct a comprehensive review of the data integrity violations. The scope of the data integrity problems should be described and all forms of data falsification (deletion, modification, backdating) should be disclosed. Interviews with current and former employees should be conducted for this purpose. In a risk analysis, the manufacturer should assess the impact of the data integrity violations on the quality of the manufactured medicinal products and on patient safety. A management strategy plan should describe the corrective actions to ensure data integrity in all GMP-relevant areas. In addition, the manufacturer should inform the FDA whether a Chief Integrity Officer will be appointed who is authorised to receive anonymous reports and independently investigate potential violations.

Finally, the FDA refers to its guideline on data integrity.

The Warning Letter issued to the OTC manufacturer can be found on the FDA website.