How Blockchain Technology applied to Audit Trail Records improves Quality and Data Integrity

By Beat Widler and Dimitri Stamatiadis 30 Oct, 2018

Endpoint Adjudication Audit Trail and Blockchain

Data integrity in regulated procedures is guaranteed by systematic transparency. In computer-based data management systems this is commonly known as the “Audit Trail”, a continuous recording of all actions and values in a “secure” ledger. Recent cases of fraud have cast doubt on the solidity of such dispositions and call for a more stringent control of Audit Trail Records. Blockchain technology can be the answer.

The Honor System
Drug manufacturing is a complex and highly regulated business. Medicinal products contain active substances which will deliver their beneficial effect only if they are produced at high standards and delivered as prescribed by health professionals. The methods of manufacturing and control are described in great detail in the marketing authorization application (MAA) dossiers and strictly enforced by regulatory agencies through regular inspections of the manufacturing sites. 
But how regular are these inspections really? Drug manufacturing occurs in many places around the globe. Eighty percent of the generic drugs sold in the USA (accounting for $242 billion, and growing) are manufactured in foreign countries and if 40% of the US-based factories are inspected by the FDA, this percentage falls to 11% when it comes to plants located abroad . So, to date, most of the quality procedures for the management of deviations and CAPA (Corrective and Preventing Actions) rely on self-reporting and simply assume the truthfulness of the information submitted: The honor system.

Software systems used in drug development and manufacturing are validated against a set of rules (collectively called GxP) and must integrate an automatic and independent recording of all actions and data called the “Audit Trail”. However, if there is an intent to cheat then the host of regulated data can switch-off the automatic audit trail functionalities without leaving a trace. This is of great concern to Health Authorities as well as bona fide sponsors and other stakeholders as suspicions about the integrity of audit trail information undermines public and regulators’ trust in the integrity of data altogether.

The case of Ranbaxy
How resilient can honor be in the face of profit? How bad can a small deviation from specs be? And another, and another...? Once a fraud, always a fraud. How can confidence be restored after a sordid tale such as the one described below has become public?

Ranbaxy is a generic drug manufacturer based in India with more than a billion dollars sales in the USA who recently pleaded guilty to seven federal criminal counts of making intentionally false statements to the FDA and agreed to pay $500 million in fines. Ranbaxy lied to regulators and forged documents. The company produced data suggesting that their processes were clean and working well but the data was constructed and false. Company scientists were directed to substitute high quality ingredients with cheaper, lower-quality ingredients. Often the data was just made up. Some ingredients had even failed purity tests.

Ranbaxy is not alone in this situation. Several companies have been found to breach the CGMP rules in the past and paid extravagant fines for it. And it does not end there. Following the discovery of manufacturing irregularities, whether during own inspections or, as was the case for Ranbaxy, thanks to a whistle-blower, the FDA can issue warnings and ultimately impose a forced company make-over, known as a consent decree.  Considering all payments, the costs associated with a consent decree can become very high. It is estimated that the costs incurred by Warner-Lambert for a 1993 consent decree was nearly $1 billion. In 2000 Schering-Plough paid an initial fine of $500 million and spent even more to correct its manufacturing facilities. Abbott Laboratories has spent almost $1 billion resulting from a consent decree issued in 1999, including a fine of approximately $100 million . And the FDA does not look for affordable solutions. Restoration of sustainability is the only focus. A major requisite term of a consent decree may be a commitment to have every released batch certified to be CGMP.

Solving today’s problems with yesterday’s technology
And these are the “good guys”! The “bad guys” are not even identifiable. Counterfeit medicines have plagued the global pharmaceutical market for decades. Very little is known about the conditions under which these products are made. In the best case they are pale imitations of the original drugs, in the worst they may contain harmful ingredients, dangerous impurities, degraded chemical compounds or simply no compound at all. 

Regulatory agencies have issued directives, such as the 2011 EU directive 2011/62/EU aiming at “preventing the entry into the legal supply chain of falsified (medicinal) products” and imposing the use of unique identifiers and anti-tampering devices on packaging boxes. A complex process for generating and reporting those codes to the EU Hub and verifying them by National Medicines Verification Systems is put in place to ensure tracking and tracing. Packs for export outside of the EU, free samples, recalled, withdrawn or stolen goods and returned damaged packs are clearly identified in an effort to bare counterfeit medicines from fooling patients, doctors and pharmacists.  Still, “The WHO also reports that the US Food and Drug Administration estimates that more than 10 percent of medicines in circulation in both developed and developing countries are counterfeit.” 

Drug development is no exception to fraud
The ICH Guideline for good clinical practice E6(R2) came into effect on 14 June 2017. Under Paragraph 8 “Essential documents for the conduct of a clinical trial” it is stated that “The sponsor should ensure that the investigator has control of and continuous access to the CRF data reported to the sponsor. The sponsor should not have exclusive control of those data.” However, with the rapid expansion of electronic data capture (EDC) systems, efforts were made to store all data in a single validated repository hosted either by the sponsor or by a service provider (CRO, EDC vendor) and therefore under direct or indirect control of the sole sponsor company. The solution suggested by regulators was to print-out the e-CRF data and file it as paper or as a local PDF copy. How about that!

Blockchain and the tiebreak
Blockchain technology is a robust way of securing data. So robust that it is capable of supporting virtual currencies, such as the Bitcoin, without the need for banks, vaults, safes or keys. Imagine a list (like a spreadsheet) where, by nature, you can only write. Imagine that, in addition, every second, all new entries (anywhere in the world) are grouped (to form a block) and this block is then copied on a thousand different computers across the network (added to the chain). One can easily imagine that going back to change anything in such a setting is impossible. The data is safe and permanently stored in the blockchain.
Regarding the source documents mistrust issue, one can export the e-CRF audit trail data to the Blockchain, deliver at trial end a “Blockchain Integrity Report” to the investigator (and at request to inspectors) and finally include “Blockchain Integrity Report into QA section of the Clinical Study Report.

Does it have a cost?
What doesn’t? But it is very clear from the experience so far that the collective cost of remediation of non-compliance far exceeds the cost to remain in compliance. With an added value, not the least, of having happy regulators and happy patients. Who offers more?


The Complete Manual / Reference Book with all the topics related to the Independent Endpoint Adjudication Committees Management




Download Ethical eAdjudication for Endpoint Adjudication Dossier

Solution Description