Falsification and error

At the heart, data integrity is a lot about culture. There are technical requirements, but mostly we are returning to the same principles as quality culture and just keep coming back to Deming. A great example of this is the use of the fraud triangle and human error.

The fraud triangle was developed by Donald Cressey in the 1950s when investigating financial fraud and embezzlement. The principles Cressey identified are directly relevant to data integrity, and to quality culture as a whole.

Falsification Triangle
Element Exists When To Break
Incentive or Pressure Why commit falsification of data? Managerial pressure or financial gains are the two main drivers here to push people to commit fraud. Setting unrealistic objectives such as stretch goals, turnaround time or key performance indicators that are totally divorced from reality especially when these are linked to pay or advancement will only encourage staff to falsify data to receive rewards. These goals coupled with poor analytical instruments and methods will only ensure that corners will be cut to meet deadlines or targets. Management must lead by example – not through communication or establishing data governance structures but by ensuring the pressure to falsify data is removed. This means setting realistic expectations that are compatible with the organization’s capacity and process capability.
Rationalization or Incentive To commit fraud people must either have an incentive or can rationalize that this is an acceptable practice within an organization or department. Staff need to understand how their actions can impact the health of the patient. Ensure individuals know the importance of reliable and accurate data to the wellbeing of the patient as well as the business health of the company.
Opportunity The opportunity to falsify data can be due to encouragement by management as a means of keeping cost down or a combination of lax controls or poor oversight of activities that contribute to staff being able to commit fraud. Implement a process that is technically controlled so there is little, if any, opportunity to commit falsification of data.

Mistakes are human nature – we all have fat finger moments. This is why we build our processes and technologies to ensure we capture these errors and self-correct them. These errors should be tracked and trended, but only as a way to drive continuous improvement. It is important to have the capability in your quality systems to be able to evaluate mistakes up-to-and including fraud.

It helps to be able to classify issues and determine if there are changes to governance, management systems and behaviors necessary.

Events should be classified based on how intentional they are

Human error should be built into investigative systems. Yes, whenever possible we are looking for technical controls, but the human exists and needs to be fully taken into consideration.

The best way to ensure data integrity is the best way to build a quality culture.

System Model

Making Learning a Part of Everyday Work

Cultivating expertise, in short learning, is critical to building a quality culture. Yet, the urgency of work easily trumps learning. It can be difficult to carve out time for learning in the inexorable flow of daily tasks. We are all experienced with the way learning ends up being in the lowest box on the 2×2 Eisenhower matrix, or however you like to prioritize your tasks.

For learning to really happen, it must fit around and align itself to our working days. We need to build our systems so that learning is an inevitable result of doing work. There are also things we as individuals can practice to make learning happen.

What we as individuals can do

Practice mindfulness. As you go about your daily job be present and aware, using it as an opportunity to ability to learn and develop. Don’t just sit in on that audit; notice and learn the auditor’s tactics and techniques as you engage with her. Ask product managers about product features; ask experts about industry trends; ask peers for feedback on your presentation skills. These kinds of inquiries are learning experiences and most peers love to tell you what they know.

Keep a to-learn list. Keep a list of concepts, thoughts, practices, and vocabulary you want to explore and then later later explore them when you have a few moments to reflect. Try to work a few off the list, maybe during your commute or at other times when you have space to reflect.

Build learning into your calendar. Many of us schedule email time, time for project updates, time to do administrative work. Make sure you dedicate time for learning.

Share meaningfully. Share with others, but just don’t spread links. Discuss why you are sharing it, what you learned and why you think it is important. This blog is a good example of that.

What we can build into our systems

Make sure our learning and knowledge management systems are built into everything we do. Make them easy to use. Ensure content is shared internally and leads to continuous improvement.

Ensure learning is valued.

Plan for short-term wins. There is no nirvana, no perfect state. Ensure you have lots of little victories and shareable moments. Plan for this as part of your schedules and cycles.

Learning is a very effective lever for system improvement. At the very least it gives us the power to “add, change, evolve or self-organize system structure” (lever 4) and can also start giving us ways to change the paradigm (lever 2) and eventually even transcend paradigms (lever 1).

Coherence and Quality

Sonja Blignaut on More Beyond wrote a good post “All that jazz … making coherence coherent” on coherence where she states at the end “In order to remain competitive and thrive in the new world of work, we need to focus our organisation design, leadership and strategic efforts on the complex contexts and create the conditions for coherence. “

Ms. Blignaut defines coherence mainly through analogy and metaphor, so I strongly recommend reading the original post.

In my post “Forget the technology, Quality 4.0 is all about thinking” I spelled out some principles of system design.

PrincipleDescription
BalanceThe system creates value for the multiple stakeholders. While the ideal is to develop a design that maximizes the value for all the key stakeholders, the designer often has to compromise and balance the needs of the various stakeholders.
CongruenceThe degree to which the system components are aligned and consistent with each other and the other organizational systems, culture, plans, processes, information, resource decisions, and actions.
ConvenienceThe system is designed to be as convenient as possible for the participants to implement (a.k.a. user friendly). System includes specific processes, procedures, and controls only when necessary.
CoordinationSystem components are interconnected and harmonized with the other (internal and external) components, systems, plans, processes, information, and resource decisions toward common action or effort. This is beyond congruence and is achieved when the individual components of a system operate as a fully interconnected unit.
EleganceComplexity vs. benefit — the system includes only enough complexity as is necessary to meet the stakeholder’s needs. In other words, keep the design as simple as possible and no more while delivering the desired benefits. It often requires looking at the system in new ways.
HumanParticipants in the system are able to find joy, purpose and meaning in their work.
LearningKnowledge management, with opportunities for reflection and learning (learning loops), is designed into the system. Reflection and learning are built into the system at key points to encourage single- and double-loop learning from experience to improve future implementation and to systematically evaluate the design of the system itself.
SustainabilityThe system effectively meets the near- and long-term needs of the current stakeholders without compromising the ability of future generations of stakeholders to meet their own needs.

I used the term congruence to summarize the point Ms. Blignaut is reaching with alignment and coherence. I love her putting these against the Cynefin framework, it makes a great of sense to see alignment for the obvious domain and the need for coherence driving from complexity.

So what might driving for coherence look like? Well if we start with coherence being the long range order (the jazz analogy) we are building systems that build order through their function – they learn and are sustainable.

To apply this in the framework of ICHQ10 or the US FDA’s “Guidance for Industry Quality Systems Approach to Pharmaceutical CGMP Regulations” one way to drive for coherence is to use similar building blocks across our systems: risk management, data integrity and knowledge management are all examples of that.

Document Management

Today many companies are going digital, striving for paperless, reinventing how individuals find information, record data and make decisions. It is often good when undergoing these decisions to go back to basics and make sure we are all on the same page before we proceed.

When talking about document management we are really discussing three major types or functions:

  • Functional Documents provide instructions so people can perform tasks and make decisions safely effectively, compliantly and consistently. This usually includes things like procedures, process instructions, protocols, methods and specifications. Many of these need some sort of training decision. Functional documents should involve a process to ensure they are up-to-date, especially in relation to current practices and relevant standards (periodic review)
  • Records provide evidence that actions were taken and decisions were made in keeping with procedures. This includes batch manufacturing records, logbooks and laboratory data sheets and notebooks. Records are a popular target for electronic alternatives.
  • Reports provide specific information on a particular topic on a formal, standardized way. Reports may include data summaries, findings and actions to be taken.

Often times these types are all engaged in a lifecycle. An SOP directs us to write a protocol (two documents), we execute the protocol (a record) and then write a report. This fluidity allows us to combine the types.

Throughout these types we need to apply good change management and data integrity practices (ALCOA).

All of these types follow a very similar path for their lifecycle.

document lifecycle

Everything we do is risk based. Some questions to ask when developing and improving this system include:

  • What are the risks of writing procedures at a “low level of detail versus a high level of detail) how much variability do we allow individuals performing a task?) – Both have advantages, both have disadvantages and it is not a one-sized fits all approach.
  • What are the risks in verifying (witnessing) non-critical tasks? How do we identify critical tasks?
  • What are the risks in not having evidence that a procedure-defined task was completed?
  • What are the risks in relation to archiving and documentation retrieval?

There is very little difference between paper records and documents and electronic records and documents as far as what is given above. Electronic records require the same concerns around generation, distribution and maintenance. Just now you are looking at a different set of safeguards and activities to make it happen.