The title of this article might seem unusual, but it is true—and fundamental to most companies who make/market/sell pharmaceuticals and medical devices. You see, when it comes to improving data integrity, there are two basic approaches: (1) create a program office to lead the data integrity improvement efforts—I call this the Quick Hit approach; (2) roll improvements into your existing quality system as needed, or as issues are identified—the Slow Burn approach. Both approaches have their merit, depending on your starting situation.
If you assess your data integrity situation and find that overall your situation is good, but some added emphasis on data integrity is needed, along with new definitions in a corporate glossary and added courses to fill in some gaps in understanding, then the Slow Burn approach makes perfect sense for your organization. Why absorb the added costs of re-organizing, moving personnel, and such to make modifications that can be handled by existing staff over the course of 6-18 months? This was the approach of my former employer.
On the opposite side, if your assessment reveals important gaps, numerous vulnerabilities with contract acceptors and suppliers, fundamental documentation and configuration gaps, then you need to make improvements at a more rapid pace—the Quick Hit approach is justified. This will rally resources to get your company into a compliant situation more quickly. The added costs of this approach are still far less than the costs of a Warning Letter or Statement of Non-Compliance.
But no matter your approach—one of the above, or some variation—at some point, data integrity MUST become a routine part of your operations. The special assignments, sponsored projects, and program offices must end, and procedures and training must ensure that the gains are maintained. Your organization must transition from “all hands on deck” to “just another day at the office”. This transition to routine practice is critical: fail to put adequate controls in your process and you risk returning to risk-laden purchased equipment, processes that permit data errors or falsification without detection and people who lack an understanding of their important role in protecting the patient and the organization from harm. Those hard-won gains must become routine.
It is all about the transition.
Originally published by Mark Newton (Principal) on 18 June 2018