Risk acceptance for missing DHR info and saving records

Quality_Goblin

Involved In Discussions
Hi All,

I am the Document Control Specialist at my company, and I am struggling to find a closed loop solution for how to deal with past document errors. I am saving DHR packets for closed jobs and there are several instances where in-process inspection documents are missing information, a routing step wasn't logged into the ERP system, a typed FAIR wasn't saved in the job records - just to name a few. We had tried a solution where I was sending out a risk acceptance memo to the department leads where they would explain in brief why, as a company, we accept the risk of whatever instance happened with that job, and I would attach that memo to the record and save it. The department leads are now finding those to be cumbersome, and the list of errors that need justification is piling up and its the same issues over and over. Does anyone have a suggestion on how I can maybe come up with a blanket solution? A better template or document that I can add to these records? We obviously can't go back and fix the errors, but I want something to show that we recognize the errors and have made an effort to correct them currently and for the future.

We are getting better at reviewing closed job documents in real time rather than giving me piles to review from the past 6-12 months, so that is a plus, and we are creating a better data recording system that will prevent missing data on documents in the future.

Some of the errors were done by people no longer with the company, and now part of the issue is the department leads finding time to respond to each memo in a timely manner so I can save these records, especially if I am finding the same mistakes over and over again. I am at a loss on how to acknowledge these issues,
any help is appreciated, thank you!!
 

Mazza

Starting to get Involved
I inherited a similar problem when moving to a new company e.g. batch records were inadequately completed (missing information, missing data, missing signatures etc etc), batch records missing (inadequate storage/archiving).
Rather than tackle each one individually, we raised a CAPA, did a big risk assessment covering all past discrepancies (so you could review all of your outstanding job documents, compile a list of findings and assess the impact) and then purely focused on improvements to the process.
 

Quality_Goblin

Involved In Discussions
I inherited a similar problem when moving to a new company e.g. batch records were inadequately completed (missing information, missing data, missing signatures etc etc), batch records missing (inadequate storage/archiving).
Rather than tackle each one individually, we raised a CAPA, did a big risk assessment covering all past discrepancies (so you could review all of your outstanding job documents, compile a list of findings and assess the impact) and then purely focused on improvements to the process.


Thank you. I have thought about doing this too. However, I was just reminded by my boss that unfortunately we are reviewing DHRs because of a minor nonconformance we got in an audit last year so we cannot put a CAPA on the CAPA the auditor found. Looks like I am stuck reviewing each one individually for the time being. But going forward, I think we might end up doing something similar.
 

Tidge

Trusted Information Resource
As this is in a Medical Devices subforum, I'll reply with some personal experiences. I will offer a caveat up front: A system similar to what I am going to propose is very prone to "making the perfect the enemy of the good". Apply critical thinking to save everyone headaches.

For each piece of "work" (we manufacture some components ourselves in the shop, we build subassemblies, and manufacture finished goods) we created a DHR (and call it that) but many people would recognize it as a (somewhat detailed) "job traveler". This form requires the recording of certain information (*1) and then at the completion of the job there is a small team of "DHR Reviewers" who have the job to catch the sort of defects in the DHR.

Personally: I don't find the concept of a team of people who just stare at paperwork to be a high-value-add choice for an organization, I would have leveraged peer-review by people who already have to fill out the paperwork as this (in my experience) tends to raise the level of competence of everyone and can catch issues closer to "real time". Apply sampling of peer-reviewed records by a supervisor and internal auditor as necessary. My current company has a peculiar aversion to peer review(*2) and tends to believe more that there exist some small class of "smart people" that can always catch mistakes that other people make in any (and every) area by records review.

(*1) Some critical thinking needs to be applied to what gets recorded in (and attached to) the DHR. I wouldn't go overboard with recording everything anyone can imagine... don't fight previous battles with the form, rather set it up to record what is necessary to be recorded (for compliance, for safety, for business).

(*2) I've tried to understand this aversion, as near as I can tell it derives from
  1. Many people don't know what other people do, don't want to know what other people do, and don't want to appear critical of others
  2. Many people don't want other people to know what they do, and don't want other people "judging them" (especially peers they may consider to be inferiors)
  3. We have a (terrible, IMO) tendency to encourage specialization, such that there may literally only be one person who knows how to do (or is expected to do) particular job assignments. As an aside: we had a period of assembly non-conformances due to parts which never should have passed inspection, and the true root cause was "nobody liked inspecting these parts" and so the inspection was always given to a single associate who was inspecting them incorrectly. That particular associate was a piece-of-work for many reasons, but separating them from the company was NOT an effective corrective action for this problem.
 

Mazza

Starting to get Involved
Thank you. I have thought about doing this too. However, I was just reminded by my boss that unfortunately we are reviewing DHRs because of a minor nonconformance we got in an audit last year so we cannot put a CAPA on the CAPA the auditor found. Looks like I am stuck reviewing each one individually for the time being. But going forward, I think we might end up doing something similar.
Agreed, you shouldn't do a CAPA for a CAPA but you still could some sort of large risk assessment as part of your audit CAPA, maybe taking into account the number of DHRs you have already reviewed and the level of risks you have already assessed. Do you have a general picture of the scope and level of the DHR errors and do these issues impact the overall safety of your product(s)? If the answer is no, I would risk assess and move on.
 

Quality_Goblin

Involved In Discussions
Agreed, you shouldn't do a CAPA for a CAPA but you still could some sort of large risk assessment as part of your audit CAPA, maybe taking into account the number of DHRs you have already reviewed and the level of risks you have already assessed. Do you have a general picture of the scope and level of the DHR errors and do these issues impact the overall safety of your product(s)? If the answer is no, I would risk assess and move on.
The DHR errors are around three main issues: Incomplete in-process inspections due to the monitoring and measurement tools not filled out by the operator, Incomplete in-process inspections due to not enough samples being collected, and ERP logins or QC Log submissions not being completed. These are things that we have trained our staff on over and over again. As I am new to the industry and this position, I am trying to create a valid reason why (despite the staff being trained), we are accepting this risk and how to assess it.

I have looked at the standard and compared it to our SOP to see if we are over-correcting things that don't need to done. But I noticed that Section 8.2.6 states "As appropriate, records shall identify the test equipment used to perform measurement activities". Considering that a good portion of these DHR nonconformances were due to operators not filling out what tools they are measuring with on the in-process sheets, I am at a loss on how we can write a risk acceptance. Granted this is something that the auditor hasn't caught before, but I would like to be proactive now rather than reactive and get another NC for this.
 

Tidge

Trusted Information Resource
Considering that a good portion of these DHR nonconformances were due to operators not filling out what tools they are measuring with on the in-process sheets, I am at a loss on how we can write a risk acceptance. Granted this is something that the auditor hasn't caught before, but I would like to be proactive now rather than reactive and get another NC for this.
I don't have 'chicken little' tendencies, but what has been described doesn't sound acceptable to me. I think you have two (broad) paths:

1) If it is acceptable to never have recorded the information, revise your process such that you don't have to record any of the missing information moving forward. Written another way: If the mouth says the info isn't needed, put the money where the mouth is. Getting rid of the requirement to record is the Action Item.

2) Remediate.
a) make a plan to find all incomplete records.
b) the plan has to provide for assessing the impact of incomplete records.
c) the plan has to provide for what to do based on the outcomes of the assessments.

The second option has more Action Items, and will have better-targeted effectiveness checks than the first option. Obviously there is also the need to address the root cause(s) of the defects, which will have its own set of Action Items.
 

FRA 2 FDA

Involved In Discussions
Why not deem the original CAPA ineffective (at least in part as it certainly seems to be for this issue) and open a new CAPA to address this? As far as addressing this issue goes, it sounds to me that at least some of this missing information could be critical (if these measurements are important and somewhere along the line a piece of measuring equipment is found to be faulty/ OOT, how would anyone ever know what product was affected if the equipment IDs are never recorded??) I'd implement a DHR release policy whereby a product is not cleared for sale until the DHR has been reviewed for completeness and released by the proper authority. If the company can't get product out the door, people will start taking the documentation requirements seriously. And if your company doesn't care enough that vital information pertaining the the quality and potential safety/efficacy of their product is missing to support this, well.... you have a much bigger problem and should be focusing on getting outta there.

If there are missing items that are not critical, I agree with @Tidge , get rid of those fields/requirements so that the info isn't "missing" and leaving holes in your documentation.
 
Last edited:

Tagin

Trusted Information Resource
The DHR errors are around three main issues: Incomplete in-process inspections due to the monitoring and measurement tools not filled out by the operator, Incomplete in-process inspections due to not enough samples being collected, and ERP logins or QC Log submissions not being completed. These are things that we have trained our staff on over and over again. As I am new to the industry and this position, I am trying to create a valid reason why (despite the staff being trained), we are accepting this risk and how to assess it.

I see no reason to find this behavior acceptable. Clearly there is no consequence for these trained people being sloppy and irresponsible. Simple as that.

Management needs to manage. They need to hold these people accountable. If management is so incompetent/unwilling to act, then you are stuck.

Yes, you could reduce your documentation requirements some to accommodate all this incompetence, but it sounds to me like the more lax you make it, even more liberties will be taken, so that even basic information will be missing/incorrect.

I would be sure to raise the issue to management in written form for CYA purposes, rather than proactively collude in what is essentially a cover-up of chronic pattern of documentation failures.
 

Ed Panek

QA RA Small Med Dev Company
Leader
Super Moderator
We cant ship the product until QA has signed off on the batch record. In your shipping SOP, you can add this so your warehouse team will need to see your signature to ship products. Your company can make all the errors it wants to but nothing leaves until you say so.

Do you report to the CEO or executive management? If not this is a you need management help. If management refuses to give QA that level of control thats a red flag.
 
Top Bottom