12 Strategies for Managing and Assuring the Reliability and Trustworthiness of non-Electronic Data

Assuring the integrity of non-electronic data is just as important as assuring the reliability of electronic data. Assuring the reliability of paper data is also an exercise in developing systems, policies and procedures by applying the fundamentals and principles of data integrity discussed in the previous paper. Traditionally, records and data have been documented using one of two systems:

Notebooks and logbooks, and
Worksheets

When recording data in notebooks or logbooks, or on worksheets, those notebooks, logbooks and worksheets should of pre-paginated. Worksheets should be paginated in the format page x of total pages, to assure there are no missing pages. In addition, each book and worksheet should have a unique identifier. Books and worksheets should be issued in a controlled manner by a specific individual. A log should be maintained for each book and worksheet issued, to whom it was issued and when it was issued. The log should also record when the book was completed and archived. If books are later copied for archiving, appropriate controls should be established to prevent subsequent data entry.

When using books, the data should be entered directly on to page in a consecutive manner. Pages should not be left blank for later data entry.

If information needs to be attached to a page of a book or a worksheet, such as balance or pH meter printouts, or photographs. These should be attached with acid free glue and sticky tape. The printout or photograph should be signed and dated such that the signature and date cover both the printout or photograph and the page. In addition, the book and page number or worksheet number should be written on the printout or photograph.

It is important to establish a standard format for recording dates. These must be unambiguous, acceptable formats include: 4 Feb 2016, Feb 4, 2016 or 4 February 2016. Formats that represent the month with a number are unacceptable as these are ambiguous.

13 Strategies for Detecting and Handling Non-Compliance with Data Integrity Policies and Procedures

Non-compliance with data integrity policies and procedures has the potential to result in some extremely serious consequences for both individuals and the organisation.

In the health products sector the most significant consequence is the potential of substandard products being delivered to patients, whose systems have been compromised by disease, which could cause further and even fatal complications. In addition, there are significant regulatory consequences that can include fines, injunctions, seizure of products and the total failure of the business. There are also significant potential consequences for individual employees who fail to comply with data integrity policies and procedures which can include dismissal from employment, disqualification from employment in the health products sector and criminal exposure.

In some of the sectors where organisations have been accredited under ISO 17025 although there are no potentially fatal consequences for the organisation’s clients. Non-compliance with data integrity policies can still result in substandard data being delivered. This can result in erroneous decisions being made, which could adversely affect the client’s commercial interests.

In light of this it is imperative that your organisation establishes mechanisms to monitor compliance, to detect and investigate incidences of non-compliance. The first step in this process is to identify and understand the vulnerabilities which could result in non-compliance. These could include:

 Unauthorised access to computer systems

 Inappropriate user privileges

 Corruption and loss during data transfer activities

 Introduction of computer malware

 Loss of data due to some disaster

 Accidental or deliberate deletion of data, records and documents

 Misplacement of data files, records and documents

 Human error

 Selective reporting

The next step in the process is to implement mechanisms which are designed to monitor the vulnerabilities and detect incidences of non-compliance. These could include:

 Audits. Audits should be carried out on a regular basis and include

 Instrument audit trails to ensure there are no unaccounted entries for which no corresponding reports exist. The presence of unaccounted entries would suggest that ‘trial or demo analysis’ are be carried out, coupled with selected reporting.

 Instrument usage logbooks for unexplained entries. This, again, would suggest that ‘trial or demo analysis’ are be carried out, coupled with selected reporting.

 Laboratory notebooks for uncompleted work or unreported results.

 Reconciliation of issued laboratory notebooks, worksheets and batch records

 Review of all records compiled during operations, together with associated audit trails. It is important that reviewers should be trained in the meanings of all audit trail entries, and in particular, should understand which are the most significant.

 Investigation of client complaints and review of client feedback.

 Investigation of staff reports of concerns regarding colleague work patterns or conducts. Employees should be encouraged to confidentially report any concerns they may have regarding the integrity of their colleague’s work.

 Monitoring employee’s work output. An excessively high sample throughput by a laboratory analyst may be indicative of so called ‘dry labing’, that is reporting results but not carrying out the tests.

The final part of this strategy is once an incident has been identified, that could affect the reliability and trustworthiness of data or records, is to carry out an investigation. Investigations of potential data integrity issues should follow the same pattern an any other irregularity. In particular, the investigation should focus on determining the root cause of the event. As once this has been identified more effective corrective and preventative actions can be implemented. For an investigation to be meaningful it must be:

 Thorough, investigations should consider all aspects associated with the event.

 Timely, investigations should be completed in a timely manner and usually within thirty business days of being initiated. In addition, any corrective and preventative actions should be implemented within defined time lines

 Unbiased, investigations should be carried out without any preconceived perceptions, for example a conclusion of ‘analyst error’ must only be reached if there is significant convincing evidence to support such a conclusion

 Well-documented, all the findings of an investigation should be well documented, the use of appropriately designed forms can assist this

 Scientifically defensible, sound scientific principles should be applied to all investigations. A good scientific principle to apply is that of Occam’s razor which can be formulated as “hypothesis should not be made more complicated than necessary to explain the known facts”.

If the normal investigation process is going to be used to investigate data integrity issues. The DIMMP can simply make reference to those procedures. However, any specific differences should be described.

14 Corrective and Preventative Strategies

Once you have identified the root cause of the data integrity issue the then need to take steps to correct the situation and to prevent a reoccurrence. It is important to understand the differences between corrective action and preventative actions:

 Corrective actions address issues that have already occurred, this requires that you understand what has happened and use root cause analysis to identify fundamental reasons why the event happened.

 Preventative actions proactively address potential issues before they occur. This requires you to conduct trend analysis to identify potential events and address them before they become issues.

Corrective actions will usually be the result of an adverse finding. This could be as a result of an internal or external audit, or an issue being identified during the routine checking of data and records. Irrespective of how the issue was identified, it must first be fully investigated to identify the root cause and remediation implemented to correct the issue. The next step is to identify and implement corrective actions to prevent a reoccurrence. The investigation and the process of identifying and implementing remediation and corrective actions must be fully documented. The investigation, remediation and identification of corrective actions will usually follow the same procedures used to handle any other quality deviation.

Preventative actions will usually be the result of a customer recommendation, of an adverse observation or warning letter issued to another organisation or of emerging regulatory expectations. A preventative action is a proactive measure taken to prevent an issue arising. Although preventative actions can usually be handled through change control procedures, a specific procedure for identifying preventative actions is usually necessary.

15 Conclusions

In the current quality and regulatory environment organisations that are subject to regulation or accreditation should have a comprehensive plan to assure the reliability and trustworthiness of their records and data. However, as this paper has shown establishing a comprehensive data reliability management system is a significant undertaking and it is often helpful to seek expertise from outside of the organisation.

Please Click Here to Find Out How David Trew Consulting Ltd can Help Your Laboratory Achieve Comprehensive Data Integrity

Page

Please Click Here to Find Out How David Trew Consulting Ltd can Help Your Laboratory Achieve Comprehensive Data Integrity

Page

1 2 3 4 5

PDF PDF