Rammell Consulting Limited

MHRA Draft Guidance on GxP Data Integrity….. a Few Thoughts


In July 2016 the Medicines and Healthcare products Regulatory Agency (MHRA) released a definitions and guidance document on the topic of data integrity for GxP regulatory data. The public consultation period closed on 31 October 2016. However, I’ve been hearing an increased interest in this topic over recent days so have provided my perspective.

I provided an official response to the consultation request and if you are interested you can read it here. In summary, I welcome the effort to provide some clarity by the MHRA on this topic, as well as promoting consistency between the different GxPs. However, I have a big concern about proportionality and am worried that once this guidance becomes final, industry will take a knee-jerk response and apply disproportionate measures to ensure data integrity and alignment with the guidance. We need to remember that many of the electronic systems that are in use hold “regulated data” in some shape or form but errors that concern data integrity will have little or no impact on data reported to regulatory agencies or ultimately to the safety and well-being of the public. I would not like to see “heroic measures” employed by industry to secure data integrity and for regulatory inspectors to expect perfect systems when the data within the IT systems really does not justify this approach. Remember, it is the regulatory agencies that are encouraging us to “take a risk-based approach“!

In addition, I thought there were many inconsistencies and ambiguities within the draft document. For example, there are three different terms used to describe a copy and these are used interchangeably: true copy; certified copy; and verified copy. The term “dynamic data” is introduced within the guidance without a definition and is then used in a way that does not give the reader a clear understanding of what is meant by this term. And the term “durable storage” is used without explaining exactly what this term means.

Finally, I think the requirements described for the long-term retention of audit trails, electronic signatures and other “dynamic data” are in conflict with the requirement to maintain accessibility and usability over an extended period of time (in excess of 25 years for GCP-regulated data). Given that we’re being encouraged to adopt a risk-based approach, I would expect to see some pragmatism in the document to give readers some realistic options for long-term digital preservation, whilst maintaining data integrity.

I shall look forward to seeing the final published guidance document!