The pharmaceutical industry has to meet various traceability challenges throughout the life cycle of a drug, from the R&D stage through to actual use. The way the highly sensitive data underpinning this traceability is managed by regulations issued by (inter)national drug regulatory authorities.
The entire drug industry, extending beyond life sciences, is subject to international regulations that are generally referred to as “Good Manufacturing Practices”. Data integrity is a fundamental responsibility for this industry and is essential for guaranteeing the safety, quality, identity, purity and effectiveness of its products and processes, and therefore protecting the health and safety of patients. The industry’s regulatory authorities are now particularly attentive to data integrity, following numerous breaches identified in recent years during audits and inspections. In 2015, the MHRA (the UK Medicines and Healthcare products Regulatory Agency) published the world’s first guidance on data integrity. Since then, other guidelines have been published by all of the industry’s other major agencies, including the WHO, the FDA (the US Food & Drug Administration), the EMA (European Medicines Agency), the ANSM (the French Agency for the Safety of Medicines and Health Products), etc.
The acronym ALCOA+ (Attributable, Legible, Contemporaneous, Original, Accurate, plus Complete, Consistent, Enduring and Available) sums up the regulatory requirements for data concerning product quality and operational traceability.
These requirements concern the whole of the data life cycle, from when the data is acquired through to when it is archived, encompassing verification, processing, use and communication and covering both electronic and paper-based data.
“We must be capable of reconstituting the life cycle of any given data and understanding everything that has happened. To achieve this aim for its industrial clients, Assystem works with their data managers to ensure they can prove their compliance if they are subject to a regulatory audit or inspection from ANSM for instance”.
Every data operation implies multiple risks of data alteration, both voluntary and involuntary.
Because electronic records are often volatile, they are particularly vulnerable. This vulnerability can only be overcome by strictly applying a high-quality management system, which currently have organisation structures, procedures and checks that are mostly manual.
It is for this specific vulnerability that blockchain can provide a brand-new technical solution.
The first blockchain emerged in 2009, with bitcoin, following the publication of a whitepaper in 2008 by Satoshi Nakamoto setting out the principles of a peer-to-peer electronic cash system without the need for a trusted third party. It is precisely this elimination of third-party involvement that has driven the development of blockchain technology. In 2015, the integration of smart contracts – a concept popularised by the creation of Ethereum – made it possible for the blockchain to run code and opened up blockchain to a wide variety of automated transactions. Reaching technological maturity and having met with significant success, the first blockchain applications took the form of cryptocurrencies and even now, the vast majority of applications are still focused on cryptocurrencies and inter-bank transactions.
Subsequently, the immutable digital ledger – the chain of blocks at the heart of the blockchain – started to be used for traceability-based applications. In life sciences, private blockchains and blockchain consortia begin to be created with a view to ensuring the traceability of drugs. In parallel, healthcare players begin to take an interest in blockchain for managing patient files and running clinical trials.
Blockchain may offers a new answer to combating counterfeit drugs thanks to enhanced traceability.
“Pharmaceutical companies believe that their own in-house quality systems meet their needs to pass drug agency inspections. However, with the advent of blockchain technology, it is now possible to more effectively guarantee data integrity. Assystem Care is convinced that the industry will adopt this technology, especially as it is so easy to access. It is even possible that regulatory authorities will ultimately require its use for the most sensitive data”.
Blockchain technology offers the possibility of storing data in a way that is practically unbreachable. To explain how it does this, we need to look at the different technologies used within blockchain.
Blockchain is a collection of technologies which, put end to end, create an unbreachable ledger (with all changes recorded). Among the available blocks, there are encryption blocks (cryptographic hash function of files), chains of blocks (linked to one another), the decentralised network (peer-to-peer) and the consensus algorithm designed to ensure reliability in a network involving several nodes.
The blockchain is based on the construction of a chain of data – the ledger – in which each new piece of data is linked to the previous one by a cryptographic hash function. This means that the only way a change made to data upstream could remain undetected is if all of the chains are reconstructed downstream.
Yet, in a blockchain, the ledger is both distributed and duplicated on a network of servers – the nodes. Altering the ledger on one of these nodes would not be sufficient to carry out a modification: over half of the nodes would have to be accessed in order for the whole network to validate the modification. By guaranteeing that no one can access over half the nodes it makes it impossible to falsify the ledger.
Lastly, the unique nature of the ledger is ensured thanks to the consensus algorithm which manages the addition of new blocks via a validation process spread across all of the servers. It also resolves synchronisation problems when several blocks are created simultaneously, thereby making sure the ledger retains its integrity.
The nature of the consensus algorithm determines whether the block chain is public , i.e. open and available to everyone, or private, i.e. reserved for a single operator or a consortium of operators, when access is shared between several entities working together as a group but without any single one entity having access to more than half of the nodes. It is private blockchains that can be used for data integrity applications.
Ensuring the integrity of data throughout its lifecycle is a major issue for the life sciences sector, and particularly in the pharmaceutical and biotechnologies industries.
By way of example, let’s look at the use of blockchain technology for data relating to the production of drugs, covering audit trails, batch files, analysis certificates and other information that the regulatory authorities would likely want to see during an inspection.
Technically, this means using blockchain as a way of certifying data, achievable via an automated process and without the constraint of involving a trusted third party.
By enabling the data recipient to directly and automatically verify the authenticity of that data, we can replace and simplify a whole set of mostly manual procedures and verifications that until now were needed to access the data, control its distribution and ensure the traceability of any changes.
This new possibility gives users an unparalleled level of assurance and the data itself an unprecedented level of reliability, while at the same time generating major productivity gains by streamlining the processes in quality management systems.
We believe there are two main potential uses for blockchain in the pharmaceutical industry.
The first use concerns data integrity for major industrial players with a worldwide organisational structure and manufacturing units spread across different countries. It is essential for this type of player to be able to capitalise on the knowledge of processes, ensure standard manufacturing procedures and guarantee the traceability of all of the data it produces.
The second involves the use of a data integrity approach based on ledgers that are distributed and shared by the industry itself, whereby industry players group together with a view to sharing best practices and investments, and presenting a “united front” so as to more effectively meet regulatory requirements.
In order for blockchain technology to be successfully used in the pharmaceutical industry, a diversified ecosystem will need to be put in place, notably with a blockchain custodian (which must be a neutral player to counter any concerns of the regulatory authorities), industry participants and tech firms (which will implement the solution in partnership with industry-specialised engineering firms in order to configure the system and meet the relevant regulatory requirements).
A diversified ecosystem will need to be put in place, notably with a blockchain custodian that can prove its neutrality.
This constitutes a totally unprecedented approach, with an ecosystem coming together to drive a technological breakthrough enabling the whole industry to generically improve its quality and safety performance. In view of the fundamental importance of quality and safety in the pharmaceutical industry, this can only be carried out if a group of industry players works together with a blockchain custodian that knows the industry but can prove that it is neutral. Based on these principles, Assystem Care has launched a project to demonstrate the potential of blockchain technology for the pharmaceutical industry and to offer new data integrity services.
As part of this project, we have set up a consortium called “Granit”, structured around a “neutral” blockchain custodian, Polepharma, Europe’s leading pharmaceutical cluster. This consortium is made up of industrial players and other stakeholders in the pharmaceutical sector, including manufacturers, suppliers and subcontractors. Granit’s objective will be to create a new service for authenticating records related to the production of drugs and it will include any participants that wish to join it. Assystem Care will provide support and assistance for deploying the ledger among the consortium’s members, in partnership with the blockchain technology provider, the start-up RedLab.
“The greater the number of independent participants sharing this ledger, the more secure the ledger will be. For both regulatory authorities and life sciences industrial players, blockchain will therefore become the guarantee of data reliability and authenticity for the entire pharmaceutical industry”.
About the expert
Head of CSV-DI / Assystem Care
Hervé has 20 years’ experience in the life sciences sector, specialised in engineering, regulatory consulting and CQV for production plant and equipment. He is currently the Computer System Validation & Data Integrity Officer at Assystem Care’s Tech centre: SPC (Solutions and Performance Centre).