Blatant Data Manipulation and Password Sharing Still Taking Place

Blatant data manipulation – for example, falsifying visual inspection particle counts for finished parenteral products – was highlighted in a Form 483 from a 2023 drug manufacturing facility inspection.

In addition, observations from a different 2023 inspection cataloged egregious data integrity lapses, including the use of shared passwords and erasable markers to record GMP data.

At the 48th annual International GMP Conference held in early March 2024 at the University of Georgia in Athens, Georgia, Parexel Vice President, Technical-Strategic Compliance Consulting and former FDA Drug National Expert Investigator Ileana Barreto-Pettit reviewed the 483 and provided her expert commentary on the observations. She did not identify the companies receiving the 483s.

“Routine” Data Manipulation

According to the form 483 from a May 2023 inspection of an India based pharmaceutical company, the visual inspection data “appeared to be routinely manipulated” to keep the numbers of particles below the reject limits set by the company for its finished parenteral drug products (see Figure 1, Visual Inspection Data Manipulation by Company Inspectors and Supervisors: Form 483 Excerpt).

 

 

Barreto-Pettit speculated the reason for the data manipulation to keep the detected particle limits low was “because they didn’t want to investigate.”

In addition, “since some inspectors were not very good at detecting these defects, they shared.” She quipped, “It’s like, ‘Okay, you detect this for me. Because I didn’t detect any count. You give me some of your numbers.’”

Barreto-Pettit pointed to the observation that visual inspection records for multiple operators were identical. “I applaud this investigator because this takes a lot of time to do. You have to request so many records of different batches and put them next to each other” to identify identical records. One of the investigators conducting this inspection was Justin Boyd, a high profile FDA investigator who, according to Redica records, has an overall 74.8% 483 issuance rate and a 16.8% rate of 483s he issues resulting in an FDA warning letter.

Nine different manual visual inspectors for different sets of trays inspected had identical numbers for the same categories. This had been happening since 2021 as noted in the 483 for this 2023 inspection.

“To make it even worse, multiple supervisors were involved,” the former FDA National Expert Investigator commented. “It is absolutely incredible to me.”

“This is not an OTC manufacturer,” the former FDA investigator explained. “This is not a mom and pop place. This is actually a big company. You do not expect to see something like this. This is very troubling. This is manipulation. This is not a lack of controls because you didn’t have a good process. This is manipulation of data. This is the worst kind.”

Fundamental Data Integrity Issues Found in Another Inspection

An inspection of a different company, based in South Korea, in September 2023 included a focus on documentation. The 483 notes that the laboratory used to generate data in support of the application being evaluated in the pre-license inspection lacked adequate controls for data integrity. “There is no means of determining with absolute certainty the true reliability of all test data, with a third party independent assessment of the test data not performed.”

When the FDA does pre-approval inspections, investigators are going to compare the data that was submitted in the application with the raw data, Barreto-Pettit explained.

The laboratory had opened an investigation to evaluate controls for data integrity as noted in the 483.

Data integrity deficiencies identified in the deviation report, “included but are not limited to shared administration passwords, lack of data backup, and lack of audit trails…”

However, “An assessment to determine how the use of the lab in support of submission data to the agency affects already commercially marketed products has not been completed.”

In other words, the same lab the company used for the application was also being used for products that were in the market, causing a concern by the agency due to a lack of confidence in data being produced by the laboratory. Data integrity shortcomings found on inspection include:

• Sticky notes with equipment passwords on PCs
• Use of shared administrator’s account
• Uncontrolled spreadsheets to track samples and document test results

“We are not talking about anything sophisticated,” Barreto-Pettit stressed. “Everybody knows you cannot have sticky notes with your password on the computer. This is what we did 20 years ago. And this is still happening.”

She added that since it was a pre-approval inspection it was pre-announced, “which means they knew the FDA was coming. It was not a surprise unannounced inspection. And they have this? Unbelievable.”

Erasable Markers Used to Record GMP Data

In another example of poor data integrity controls – one which Barreto-Pettit characterized as a lack of understanding of “data integrity 101” – Thailand-based S & J International Enterprises Public Company Limited was given an FDA warning letter for using erasable markers to document GMP data including in areas such as:

• Weight verification checks for balances and scales
• Room cleaning checklists
• Employee health and hygiene checks
• Operator shoe cleaning
• Pest control checks
• Facility and equipment checks, and
• Temperature and humidity monitoring in manufacturing areas.

According to the letter, “You stated that these temporary records are scanned and retained. However, you could not provide the permanent version of these records and stated that only production staff and production supervisors, and not the QU, have access to the scanned sheets and logs.”

Barreto-Pettit commented, “But the good thing is that they scanned those temporary records and retained them.” They thought that was okay. Because even though they were erasable markers, which is the same as pencil, they thought it was OK because they were scanning them.”

Also curious is that the scanned documents were only available to production staff and that the quality unit had no access to them. In its regulations, FDA is clear that the quality unit must have access to manufacturing documentation and perform review and approval functions, as put forth in 21 CFR 211.22(a):

CFR § 211.22 Responsibilities of quality control unit

(a) There shall be a quality control unit that shall have the responsibility and authority to approve or reject all components, drug product containers, closures, in-process materials, packaging material, labeling, and drug products, and the authority to review production records to assure that no errors have occurred or, if errors have occurred, that they have been fully investigated. The quality control unit shall be responsible for approving or rejecting drug products manufactured, processed, packed, or held under contract by another company.

The FDA investigator did  express concerns in this area, stating, “Without adequate and complete batch records, you cannot assure the uniformity of your drug products from batch to batch and may impact your ability to adequately investigate any product deviations.”