What Data Integrity Means to Device Manufacturers

August 28th, 2015 by

Data SecurityData integrity is an ever-increasing concern in life sciences, with medical device manufacturers feeling much of the conformity backlash. There continues to be heightened regulatory focus on diverse cybersecurity topics, including data integrity.

Public and private sector organizations face a litany of consensus standards. Unfortunately, most regulatory agencies can’t offer direct advisement on effective governance methodologies. Information Security consulting may be a valuable source of clarification for quality assurance, security and legal personnel who work in the regulated industries. 

What Is Data Integrity?

Any computer data created, modified, shared or otherwise accessed by medical devices, their users or their manufacturers must satisfy at least the following criteria:

  1. The information must be accurate.
  2. The information’s accuracy must be verifiable.
  3. The data concerning the information must conform to 21 CFR Part 11 in all respects.

Data and devices that fall short of these benchmarks may also fail to satisfy acceptable integrity standards when confronted with direct regulatory oversight. 

Manufacturers should ensure their products employ patient, sample, device-status and other data in a secure fashion. Those that can’t, often pursue quality management system (QMS) improvements to close compliance gaps. 

Medical devices are typically multifunctional and as such, their potential data vulnerabilities could lie in any of their hardware or software aspects. Effective quality-management strategies based on accepted practices may make validation and other common cloud computing compliance practices easier to execute successfully in today’s regulated environments. 

How Can Companies Respond to Regulation? 

Users access medical data and devices via multiple channels and interfaces, and data entry, networking and monitoring practices change with time. As such, the practical definitions of data integrity methodologies and standards have traditionally been derived from established customs. 

Guidance publications issued by the U.S. Food and Drug Administration as recently as October 2014, for instance, cite the agency’s reliance on prior consensus standards published by a variety of technical and professional bodies. While some of these earlier guidelines reflected life sciences practices, others focused on principles that originated in the IT domain and various other fields.

Modern corporations are tasked with making sense of the history behind GxP regulations. Next, they have to identify the guidelines and definitions that apply to their specific business activities. Finally, device makers must create quality systems that let them conform to current cybersecurity regulations in their unique GxP environments as well as respond to relevant changes.

Formulating and Executing an Effective Plan

Data integrity compliance deviations can be difficult to predict. Suppose you and a competitor both build analogous devices around similar CPUs or other hardware. You’d both still have vastly different compliance requirements based on your choice of programming methodologies, and if each of you followed a unique coding strategy, you could fare quite disparately under similar scrutiny. 

Incorporating existing hardware into a design is an industry standard nowadays. The advent of various cost-effective CPUs, SOICs (system-on-a-chip) and software components may result in combinations that leave data exposed.

The fact that hardware systems can be operated in many ways only increases potential risk. To apply regulatory guidelines effectively, companies need to come up with data verification and protection strategies that address as many weaknesses and realistic product usage situations as possible. 

GxP-CC’s global experience with diverse QMS implementations, medical devices and software standards helps GxP organizations realize improved understanding of what it takes to maintain compliance.

Contact us today to learn how to keep up as data integrity requirements evolve.


About this author:


Dr. Hussein has over 15 years of experience in the GMP industry as a successful advisor for top medical device and pharmaceutical companies. In 2008 Dr. Hussein was named as an assessor for project management in the “German Society for Project Management” (GPM). Dr. Hussein holds a Master’s in Physics and a Master’s in Biomedical Engineering from the University of Hannover in Germany. He also holds a PhD in Physics from the University of Luebeck in Germany.

Leave a Reply

Your email address will not be published. Required fields are marked *