Data integrity remains one of the most cited issues during MHRA inspections. Between 2016 and 2023, nearly 40% of all critical and major GMP findings reported by the Medicines and Healthcare products Regulatory Agency (MHRA) related to lapses in data integrity, from missing audit trails and shared user credentials to undocumented reprocessing and poor record governance. (Source: MHRA GMP Inspection Deficiency Data Review, 2023).
These failures rarely come from deliberate falsification. Most issues come from weak systems, inconsistent procedures, or the lack of responsibility for data accuracy. Understanding why they occur and how to prevent MHRA data integrity failures is essential for maintaining compliance under MHRA’s GxP Data Integrity Guidance and Definitions.
Understanding MHRA’s Data Integrity Expectations
The MHRA defines data integrity as “the extent to which all data are complete, consistent, and accurate throughout the data lifecycle.”
In this context, data lifecycle means every stage where data is generated, processed, reviewed, stored, and retrieved – whether on paper or electronically.
The 2018 MHRA guidance applies to all GxP areas – GMP, GDP, GLP, and GCP and aligns closely with EU Annex 11 and 21 CFR Part 11, requiring equivalent control over both paper and electronic records.
Its expectation is clear:
“Manufacturers and testing laboratories must be able to show the integrity and reliability of all data used to make product quality decisions.”
This makes data integrity not just a regulatory condition but the foundation of every batch release, deviation closure, and analytical decision.
Phase I: Detection- Where MHRA Finds Failures?
MHRA inspection reports reveal consistent patterns of non-compliance across laboratories and manufacturing sites. Below are the most frequent types of MHRA data integrity failures identified over the past decade.
- Unrecorded or Rewritten Raw Data
Analysts often maintain temporary notes or unnumbered rough sheets before transferring information to official logbooks. MHRA considers this a breach of contemporaneous recording.
In a 2019 inspection at a UK sterile manufacturing site, inspectors noted that analysts maintained unverified “pre-run worksheets” later used to create final results, with no retention of originals.
- Disabled or Ignored Audit Trails
In several findings between 2017–2022, the MHRA reported systems where audit trails were either turned off or never reviewed. Annex 11, Clause 9 explicitly requires that “audit trails be available and regularly reviewed.” When these reviews are absent, even valid data loses regulatory credibility.
- Shared User Credentials
A recurring issue involves shared logins on analytical instruments. In a 2020 MHRA inspection of a contract testing laboratory, multiple analysts logged into HPLC software using a single generic “QC” ID, preventing traceability. This violates ALCOA+’s Attributable principle and Annex 11, Clause 12 on user management.
- Manual Data Overwriting
Instances where chromatograms are reprocessed and overwritten under the same filename, without justification, are seen as falsification. The MHRA’s 2018 guidance notes that “results must not be deleted or replaced without recorded justification and approval.”
- Inadequate Backup and Recovery Validation
Sites frequently fail to verify that backup files can be restored accurately. A 2021 inspection found “archived HPLC data could not be retrieved due to unvalidated restoration procedures,” creating permanent data loss.
These recurring failures highlight how most breaches come from weak systems rather than intent. Addressing them requires a platform that builds compliance into every step of data handling. AmpleLogic offers exactly that – a unified, low-code system that prevents such issues through automatic audit trails, unique user access, and validated data backup controls.
Phase II: Root Cause-Why Data Integrity Fails?
MHRA data integrity failures are classified not as isolated errors but as symptoms of systemic weakness. The following factors are commonly observed during inspection investigations.
- Hybrid Paper–Electronic Systems: Gaps appear where handwritten data are transcribed into unvalidated spreadsheets or LIMS systems, creating opportunities for omission or alteration.
- Lack of Validated Configuration: Instruments and LIMS not validated per Annex 11 Clause 4 fail to demonstrate data reliability.
- Weak Governance and Oversight: QA often lacks visibility of audit trail reports or periodic system checks.
- Cultural Shortcuts: Analysts defer data entry to meet testing schedules, compromising contemporaneity.
- Inadequate Management Review: Failure to trend data integrity deviations or CAPA effectiveness over time.
The MHRA’s Section 3 – Governance Systems stresses that “data integrity is a shared responsibility across the organization, led by senior management and quality assurance.”
Phase III: Prevention Controls for Inspection
Preventing MHRA data integrity failures requires embedding controls into both processes and systems. The table below shows important MHRA data integrity expectations and their preventive measures.
Platforms like AmpleLogic’s Low-Code Quality Suite integrate these preventive features directly into daily operations, automatically enforcing audit trail visibility, user control, and validated workflows, rather than relying on manual checks and work.
Phase IV: Continuous Verification
Preventive controls are only effective when paired with consistent oversight. MHRA inspectors expect to see evidence of ongoing governance through:
- Data Flow Mapping: Identify and document every point where critical GxP data are generated, processed, and archived. This mapping forms the foundation for data integrity risk assessment.
- Periodic System Audit: Perform independent QA audits to verify user access logs, audit trail reviews, and data backup validation. According to MHRA Section 9.1, “routine independent verification is a requirement of a data governance system.”
- CAPA Effectiveness Review: Every data integrity deviation should be linked to a CAPA record. Effectiveness must be verified after implementation, not just documented.
- Supplier and Vendor Oversight: When third-party systems or contract labs are involved, ensure data integrity clauses are embedded in quality agreements and verified during vendor audits.
AmpleLogic’s integrated CAPA and supplier management modules simplify this linkage by connecting audit observations directly to system-driven CAPAs and closure verification in its QMS system.
Learning from Past MHRA Findings
MHRA publishes periodic summaries of inspection deficiencies. A review of the 2019–2023 data reveals the most common phrases appearing in data integrity-related observations:
- “Audit trail functionality disabled or never reviewed.”
- “Analyst notes transcribed without retention of originals.”
- “Shared passwords used across multiple workstations.”
- “Uncontrolled spreadsheets used for critical calculations.”
- “Incomplete backup validation testing.”
Each phrase reflects a direct breach of ALCOA+ principles. The prevention of such failures depends not on after-the-fact corrections but on system design, ensuring that errors cannot occur unnoticed or unrecorded.
Conclusion
Across MHRA inspections, one pattern stays constant: data integrity fails where systems depend on people instead of structure. Spreadsheets, manual logs, and disconnected instruments leave too many points for error and too little proof of control.
Platforms such as AmpleLogic’s Low-Code Quality Suite, along with AI-powered support, incorporate these controls, helping companies automate compliance and minimize integrity risk. It eliminates that risk by standardizing how data are created, reviewed, and approved. It’s a validated, low-code system that automatically enforces audit trails, user access, and backup verification. For companies that want reliability instead of repeated inspection findings, AmpleLogic offers a clear, system-driven approach to maintaining continuous data integrity.
