External fraud

External fraud is an act committed by a third party that leads to data theft, data loss, and function disruption. People with technology skills can access (hack) the computer systems of pharmacies to steal or manipulate patient information for financial or nonfinancial reasons. For example, cell phone service provider T-Mobile experienced ongoing security problems that led to the publication of celebrity Paris Hiltons personal information and the telephone numbers of many Hollywood stars (Brian, 2005). One can only imagine the problems that could arise if patient data contained in a pharmacy s database were to be exposed, stolen, or manipulated. 

The introduction of GCP has accelerated the need for quality control and quality assurance, particularly in the field of clinical research. Quality control is carried out by the staff who are responsible for the particular activity, working to SOPs that cover all the tasks under scrutiny. SOPs not only need to be written but must also be updated regularly. Quality assurance is the process which seeks to confirm that SOPs have been observed this is accomplished by the process of auditing. Internal audit departments should be under a separate management from the medical department. Regular audits can not only assure external bodies, such as regulatory authorities, that proper procedures have been followed, but also serve to deter those rare attempts at fraud on the part of clinical investigators, which occasionally become evident. ... 

Only experienced quality auditors, such as the chemists who are knowledgeable in the analysis being audited, should conduct external audits. Audit findings give rise to corrective action that is implemented and documented by laboratory operations personnel. However, even the most detailed and frequent audits may be ineffective in disclosing data fraud (Popek, 1998b). External audits are expensive and are usually conducted for government project or major industry client work. 

It should be demonstrated that measmes have been taken to protect the computer based system throughout its entire lifetime against physical attack, intentional and non-intentional intrusion, fraud, virases and so on [12,13]. Safety systems should not be coimected to external networks when justification cannot be made that it is safe to do so. 

The best protection against fraud is to have a culture of trust and integrity supported by internal and external audits. No code of ethics is going to prevent large-scale fraud. A code of ethics can help people to understand the difference between a business (free) lunch and a bribe. 

---