Electronic Data Integrity

Data Integrity: Empowering Quality Healthcare Safely

Data integrity is a prerequisite for the regulated healthcare industry due to a direct impact on product quality and patient safety. Electronic data and computerized systems have introduced new challenges to maintaining data integrity, as it is much easier to change electronic data and records than it is to change a paper or other physical record. 

FDA mandates the electronic data integrity through 21 CFR Part 11 and 21 CFR Part 820 regulations. Health Canada has adopted Pharmaceutical Inspection Cooperation Scheme’s (PIC/S) good guidance for computerized systems in regulated GXP environments, while the European Commission details electronic data integrity requirements in EU EudraLex Annex 11. 

As the life sciences industry is focused on leveraging its computerized systems to significantly improve and expand its resources, the regulatory authorities such as FDA, EMA, MHRA, Health Canada have put much emphasis on data integrity in recent years, because they uncovered serious cases of data integrity breaches. For example, FDA recently announced that they would be regularly conducting inspections focusing on 21 CFR Part 11 requirements. UK MHRA also set an expectation that the aspect of the data integrity and traceability would be covered during inspections from the start of 2014.

Due to increasing complexity of computerized systems landscape and lack of a balance between cost, schedule and appropriate level of compliance, the regulated organizations and its vendors often struggle to implement the most effective and defendable compliance standards, and, as a result, are at a disadvantage when it comes to data integrity.

qointa has specialized in providing a broad range of solutions and services relevant to Electronic Data Integrity and Computerized Systems Compliance, including, but not limited to, the following:

  • • GAMP5 and FDA 21 CFR Part 820 QSR-based QMS

    • Comprehensive, easy-to-follow SOPs, policies and tools for FDA compliance

    • Initial deployment / harmonization

    • Scalable “As-Needed” approach

    • Integration with client’s current quality system

    • QMS maintenance activities from periodic reviews to updates to ongoing training

    • QMS expansion due to organizational growth and changes

    • Periodic Audits/Assessments

    • Preparation and training for Audits

    • Representation during Audits

    • Full closure of Audit findings

  • • Risk-Based CSV framework (GAMP5) development

    • Validation and Quality planning

    • Requirements development and management

    • Technology and vendor evaluation

    • Design and code reviews

    • Qualification/Testing efforts (IQ, OQ, PQ), from planning to script authoring, to execution, to defect documentation and resolution

    • Risk assessments and management

    • Defensible documentation for entire system lifecycle

    • Configuration and Change Controls

    • SOPs development and roll-out

    • Validation training

    • Service Level Agreements

    • Disaster Recovery planning and testing

    • Periodic Review of current system compliance and validated state

    • Hands-on leadership and implementation

    We have an expertise to offer CSV services across a diverse system and technology portfolio, including:

    • eClinical systems, including Clinical Trial Management (CTMS), Clinical Data Management (CDMS), Electronic Data Capture (EDC), electronic Patient Reported Outcome(ePRO)/electronic Diary (eDiary), electronic Trial Master File (eTMF), pharmacovigilance and drug safety, Clinical Data Warehouse, etc.

    •Laboratory Data Acquisition and Information Systems, including LIMS, Electronic Lab Notebook, Chromatography, Mass Spectrometry, Scientific Data Management, laboratory equipment, etc.

    • Manufacturing Process Control Systems

    • Manufacturing Execution Systems

    • Quality Workflow and Document Management Systems

    • Enterprise Resource Planning Systems

    • Cloud based systems

    • Service-Oriented Architecture and Middleware based systems

    • Medical Device software

    • Custom software

    • IT Infrastructure

  • • Part 11 Compliance Audits / Gap analyses and Risk analyses

    • Remediation planning and implementation

    • Establishing full Compliance

    • Part 11 technical controls

    • Part 11 procedural controls

    • Data Integrity controls across the record lifecycle

    • Part 11 training at “as needed” level of detail, from overview to highly detailed

    • Specific data integrity techniques to master

    • Mock Part 11 inspections and gap analyses

  • • Infrastructure compliance assessments

    • As-Built and To-Be Design

    • Prospective/retrospective qualification:

    - Qualification of the Data Center

    - Qualification of the hardware and layered software

    - Qualification of the network and its components

    - Qualification of the data storage solutions

    - Qualification of the data backup, recovery and disaster recovery mechanisms

    • Establishing security procedures and security measures

    • On-going maintenance of controls and Guidance

    • Full program implementation

    • ASTM E2500 and GAMP principles