The present invention relates to systems and methods for obtaining, modifying and certifying data. More specifically, it relates to systems for securing and validating the inputting, manipulating, accessing and certifying of laboratory data and information such as test, measurements, test results, and test reports, especially during the development, pre-market evaluation and production of chemical and pharmaceutical products.
During the development and production of many pharmaceutical and chemical products it is necessary to perform various tests and evaluations and maintain various records, then to manipulate the results of these tests and evaluations and prepare various reports that interpret and summarize those results. Such activities are generally performed in accordance with a set of laws and guidelines provided by the agency, such as the FDA, which controls or approves the market-release of the products and Standard Operating Procedures (SOP""s), prepared by the manufacturer""s internal Quality Assurance department (QA), or by an independently contracted auditor.
It is estimated that in the pharmaceutical laboratory 70% or more laboratory staff time is spent on documentation related to these tests, not actual laboratory operations. Cycle times from sample arrival to certificate of analysis are often quoted at 10 to 15 days. The QC/QA review cycle often challenges the data or the analysis, generating investigations to support the conclusions. Out of spec or out of trend results discovered during review are well beyond the time of the operation that generated them. To reduce cycle time in the laboratory, it is imperative to present error free, valid measurements.
Several computer-based data management systems specifically intended for use in such analytical laboratories have been designed over the years and are known generically as Laboratory Information Management Systems (LIMS). LIMS systems and chromatography data systems are common systems in pharmaceutical labs. While these systems often archive the analytical results, and provide reports, they are usually oriented too late in the process to insure original data integrity.
The inventors believe that a critical need exists to capture, validate and secure laboratory data as close to the source as possible. Technology is needed which performs this function with simple equipment and clear interfaces for laboratory personnel and instruments.
Under presently intended procedures, authorized analysts are provided with SOP""s and, using properly calibrated instrumentation, perform the aforementioned tests and manually record the aforementioned data in accordance therewith. Once all data has been collected, it is transcribed into a batch record within a computer for interpretation and manipulation, and thereafter, for compilation into such reports as might be dictated by the SOP. The agency, auditor, or QA inspector can view the report(s), while simultaneously viewing the SOP and the supporting data to interpret the report and judge both its validity and its acceptability.
The approval and certification agencies for pharmaceutical products and many chemical products, such as the FDA, generally require the performance of such tests and evaluations and the production of such reports in conjunction with both development and production. Performance of these tests, access to the resulting data, and ability to manipulate it must be strictly limited to only qualified and authorized individuals, and only properly calibrated and specified equipment may be used. These requirements result in a tremendous physical and logistical problem, as the evaluation periods can be lengthy and huge quantities of data often accrue. Since present methods fail to recognize many anomalies in these requirements until the report-writing phase, that being the final phase in the process, tremendous delays and expense result when such anomalies prove results erroneous or invalid, polluting the batch record and causing the need for extensive re-testing so late in the process.
LIMS systems of some sort have always been essential tools in such research and development labs, in-process testing labs, and quality assurance labs as are involved in such testing and reporting. Typically, a LIMS is a software program loaded into the computer that receives the data collected from the instruments, either electronically or manually, manipulates and interprets it, maintains it, and presents it for independent inclusion in the required report(s). This information can thus be sorted and organized within the batch record or externally into various report formats based upon the type of report required.
As recently as the nineteen-seventies, laboratory notebooks and handwritten notes were the preferred tools used to track and record information. Thereafter, although handwritten notebooks are still in use today for certain data, custom-designed LIMS were configured by individual laboratories to allow certain analytical instruments to communicate directly with the main server. Such xe2x80x9cin-housexe2x80x9d systems, which are still being used to this day by many labs, can take considerable time and cost to develop, can require considerable resources and attention to maintain, yet still require many manual steps and documentation stages in order to satisfy most approval and certification requirements.
Even with the use of a LIMS, once data has been collected, it must first be downloaded, either manually or electronically, into the LIMS"" batch record file. Each such recordation thus created presents an additional need for preservation and additional point of possible transcription error. Additionally, the recording of such data, which is generally proprietary, in and from numerous locations, increases the potential for access to this data by unauthorized individuals and presents a serious security concern.
Generally, data is either recorded manually or stored within a data collection system associated with the collecting instrumentation itself. For example, if an electronic scale is used, the weight data collected will normally be stored in a memory within that scale. Although this data can be transferred electronically to the server to minimize error, the need to maintain and report details about that original record is not eliminated.
Since the introduction of customized LIMS, great strides have been made in the electronic interfacing of instrumentation and data manipulating equipment. These have made feasible and provided an incentive for the development of a truly universal system to connect all instrumentation with both the server and the SOP""s to thereby integrate all data, procedures, and results into one cohesive batch record which can produce one cohesive and inclusive report. This further provides an opportunity to reduce the record-keeping burden by minimizing record maintenance requirements, to improve security, and to expedite the evaluation process. Further, the cumbersome need to manually compare and interpret test results against the SOP can be eliminated and the discovery of invalidities and discrepancies prior to the final stage of the process can be realized.
By linking the testing, recordation and manipulation of resulting data, the generation of reports directly with the process itself, and by doing so while maintaining electronic control over access to this data to those who are so qualified and authorized, as provided by the present invention, it becomes possible to greatly streamline and expedite the approval process and ensure data validity.
It is an object of the present invention to provide a laboratory data management system in which access to data and authorization to manage that data are linked directly with the computer and instrumentation to provide resulting data whose validity is ensured.
It is an object of the present invention to provide a laboratory data management system in which data access is more rigidly secured.
It is an object of the present invention to provide a laboratory data management system in which data manipulation is more rigidly secured.
It is a further object of the present invention to provide such a system in which unauthorized access to or manipulation of data is impossible.
It is a further object to provide a system in which security is improved through the elimination of many written records and in which the unauthorized access to data records can be significantly reduced.
It is a further object to provide a system that is more universally adaptable to a variety of laboratory environments.
It is still a further object to provide a data management system that verifies that procedures are being properly followed on a real-time basis by authorized and qualified individuals to ensure that improprieties are recognized immediately.
It is still a further object to provide a data management system that verifies that operators are qualified to perform tests and access information on a real-time basis.
It is a further object to provide a data management system that verifies that equipment is properly calibrated on a real-time basis to ensure that variations are recognized immediately.
Further objects and advantages of the present invention will be best appreciated and more fully understood in reference to the herein-described preferred embodiment and the appended drawings.
The present invention is a universally adaptable Process-Linked Data system (PLD) for managing and reporting laboratory data wherein the procedures of the SOP itself are used to manage the performance of tests, to receive and record the resulting data, and to generate the required reports.
A unified data acquisition system is provided to simplify the laboratory environment. Since collecting data in conformance with the latest federal regulations (21CFR Part 11) requires that the data sources be identified, that the data be put into a secure repository and that access be restricted to authorized personnel, the present PLD Record Storage system will provide a compliant repository for electronic records in the laboratory.
The PLD Procedure Execution and Management system provides for primary data capture as an integral part of executing standard test procedures in the laboratory. Only authorized personnel may perform transactions that add, change, or affect data in any way. Means of identifying the persons performing the transactions is required.
Grouped identifiers are not allowed by FDA regulations. Since conventions for user ID""s and passwords vary from one company to another, a customer SOP must be prepared to specify user name and password practices. The present PLD system has settings to allow enforcement of the uniqueness, frequency of change and re-use requirements specified in the SOP. When biometric identification of individuals is used, the system can also ensure that unique individuals are identified.
Terminal xe2x80x9csessionsxe2x80x9d must be established during which an identified individual is making data entries or controlling the collection of data from instruments. The terminal device may not be left unattended while the session is active. If the operator leaves the terminal device, she/he must close the session to prevent unauthorized entries. It is common to have an automated data collection activity that was started during a valid session continue after the session is closed. Another need is to enable a different individual (either to take over in case the original person is no longer available, or to act with higher authority) to initiate a terminal session and interact with ongoing data collection. The new individual must be properly identified and all data tagged with his identity.
The access control records of PLD are themselves stored in the PLD data base. The system allows for biometric identification of people and creates terminal sessions. Operators are able to log out. A reminder is displayed to attend the terminal at all times until log out. Terminal sessions may be resumed by any authorized person. All data collected is tagged with the operators identity.
The PLD Access Control System includes an enumeration of individuals together with the list of authorized activities and the list of authorized values for various security attributes. The access control system compares the security attributes of both the record and the individual to find a match before access to the record is granted. The system will only accept transactions from authorized individuals. Eligibility is based on user training on specific procedures. Access to training records is needed to determine eligibility. Enforcement by the system is an installation configuration switch. Supervisor approval is needed for non-eligible personnel to perform procedures.
21CFR Part 11 does not mandate electronic signatures, but without them associated paper documents must be produced, linked and signed. The present system supports a fully xe2x80x9cpaperlessxe2x80x9d system. An electronic signatures is an integral part of the present system.
An audit trail for each data field is maintained containing the entire data history. All changes are identified with the information including who performed the change (by entering the password or signature) and when was the change performed. A record of the data before the change was performed is kept. The reason for changes to the data are recorded.
Audit trail records must never be changed. They must contain unquestionable ties to the live data. No xe2x80x9crollbackxe2x80x9d facilities are available. The audit trail will grow over time and must be supported by hardware and software that introduces minimal delays in transaction processing.
There are three identification components: the operator, the equipment and the sample. This system will positively identify each of these.
Once the SOP is loaded into the PLD, a Method Instruction set (MI) is created which defines the test parameters and materials needed, prepares instructions for the instrumentation and test personnel, opens a batch record file, sets up a report outline, and follows the performance of each activity through to either a failure or successful conclusion. The system is equipped to either prompt the personnel to input each and every piece of information needed or obtain that data directly, and the system is equipped to either halt the process or alert the user whenever a specification is not met, an invalid test parameter is encountered, or erroneous or missing data is sensed, to avoid the possibility of having such discrepancies go unrecognized until later in the process or to propagate into other areas of the system.
This system even accepts data from Electronic Clipboard devices for manual input where an observation is made by lab personnel or where there is no means other than transcription to capture instrument readings.
The clipboard may be coupled to a vision device that can read barcode and alphanumeric displays, converting these displays into text. The clipboard device will also support infra red and wireless LAN communication to the data server.
A Secure Shell for PC based legacy instruments inserts itself at the application/operating system interface. It behaves mostly like a device driver for disk storage and/or printer devices. To the application it provides the entire Application Programming Interface (API) currently used by the application. Additional functionality is provided by dialog and data storage that is external to the legacy application. The dialogs acquire all additional information needed, maintain audit history, and prevent record corruption.
Data may be taken electronically from an instrument when the sample is processed. In this case the data is transmitted directly to the secure repository. Data may also be acquired from instruments operated by networked computers. The resulting analysis record filed on the networked computer is accessed and extracted data is transmitted directly to the secure repository. The detailed report of analysis is recorded in the repository also to support the extracted data. The Electronic Clipboard is used as the user terminal for control of the data transfer.
The instrument interfacing can be performed by personnel who understand the communication interface description of the instrument. An interface generator is used to generate interface descriptions that will be run in the server. Conventional programming is not required. A process for installing interface instructions into the system is available. The repository is physically and logically secured. The readings and associated ID""s are immutable. The identity of the operator is verified when a terminal session is begun. The operator training records and the equipment calibration records are accessed before measurements are taken to alert the operator. A specific override is required by the operator to continue. The storage of the data includes means to capture or construct the state of operator training and equipment certification at the time of measurement.
An optional means for storing the expected value or range of values for measurements is provided. When expected values are specified, the data entering storage is compared to the expected values. An alert is provided to the operator when the measurement differs from expected values.
Devices for sample, operator and equipment ID capture are easy to use and require minimal change to present laboratory procedures. The data entry devices are primarily menu and select list oriented. Pen based and touch screen techniques are preferred.
In order to collect primary data at the source, either a wired connection or a local data terminal is available. This system will have a personal terminal. The personal terminal is easy to carry and to enter data on, can be set on the lab bench and used there or in the hands, has an operation time of at least 4 hours before routine service (such as battery charging or changing) must be performed. The terminals are recharged when not in use. In normal use, no cords are connected to the terminal. An optional use will connect the terminal to the network by a data cable. The system has either no connecting wires, or quickly plugable wires to small connection ports with high life connectors. The system displays the same dialogues from the system that are displayed on conventional PC devices. The system is able to provide positive identification of the device used. The system is able to scan bar codes for identification of samples, reagents, instruments, etc. Ethernet and TCP/IP are the preferred communication among devices connected by wires. IrDA standards are applied to devices that may communicate by infrared beams.
Once the data is obtained at remote data taking stations such as the aforementioned analytical instrumentation, it is transferred instantaneously to the main server for recording only in the batch record file, without being recorded at the remote data taking stations, to eliminate the need for record maintenance and auditing at those remote devices. Users are identified, and their authorizations and certifications are evaluated immediately. The functions that they can perform and the records that they can access are controlled by the PLD system. Equipment specifications and calibrations are confirmed immediately, and both raw and manipulated data are and need only be recorded in and reported from the batch record file. The resulting report integrates the test results directly with the procedure to provide a singular document which can be read and understood without the need to maintain and refer to other documentation such as notebooks, calibration records, user qualification certificates, instrumentation records and computer files.
Structured Query Language (SQL) standards are used for data access and a SQL database product is used under the present system.
Since each reading, observation or other report is called for by a specific prompt from the pre-approved procedures, and it is collected and stored in a tightly coupled fashion to that part of the procedure record for each sample, record maintenance is greatly reduced while security is greatly increased. The processing needed to interpret and move the data out of the instrumentation and into the batch record is done at the time the data is collected, not later when the report is prepared.
The distinct advantage of this approach will be apparent when information is being reviewed for compliance or other reasons later. Since the data is stored with the procedure and can be readily displayed, the original systems do not need to be consulted or preserved. The main advantage of this system becomes apparent when we consider the security and authentication requirements of the federal laws. By moving the data to a common procedure storage system, preferably without invoking any storage in the data collection system, all the record keeping requirements can be fulfilled in one system rather than many.
In the past, access control or security features of computer systems identified individuals and enumerated the functions that those persons were allowed to perform. Some examples of these functions might be; edit, operate, create procedures, administrate, etc. The data that results from these operations are usually stored in a file system or database, and complete security is obtained by only allowing the designated programs to operate on the data.
The present invention provides a system where individuals are identified and the record categories that they can manipulate are enumerated. A record storage system enforces the required authority for an individual to manipulate records, regardless of the processing system being used. This means that any record being retrieved is tested against the read authority of the individual. Likewise updates and creation of new records require that authority in the individual.
Finally, the audit trail required by federal law is built into the data storage system instead of the data processing system, as is the case in prior art systems. Since records must be stored for the duration of a defined record retention period, all activities performed on these records must also be recorded. Many different processing systems may come into being over this long duration, and it may be desirable to use not-as-yet-developed tools and equipment. There is a great advantage to having the audit trail generated and maintained by the storage system, without the need for special processing in every program.
Further advantages of the present invention will be best appreciated and more fully understood in reference to the herein described preferred embodiment and the appended drawings. of which the following is a brief description.