CONCLUSION CLINICAL TRIAL SUBJECTS’ PARTICIPATION IN...
Transcript of CONCLUSION CLINICAL TRIAL SUBJECTS’ PARTICIPATION IN...
CLINICAL TRIAL SUBJECTS’ PARTICIPATION IN OUR CLINICAL STUDIES IS A PRECIOUS AND SELFLESS GIFT. WE ARE OBLIGATED TO DO EVERYTHING IN OUR POWER TO ENSURE THEIR CONTRIBUTION IS MANAGED IN SUCH A WAY THAT ITS INTEGRITY IS BEYOND QUESTION.
CONCLUSION
WHAT CAN YOU DO TO PROTECT THEIR GIFT?
• Created• Modified• Maintained
• Risks to data integrity• Likelihood of the risk occurring (i.e., becoming an issue)• Impact if the risk occurs
CONTACT: Jamie Colgin, ASQ CQACertified Information Systems Auditor, Certified in Risk and Information Systems ControlColgin Consulting, Inc. | www.colginconsulting.com | [email protected]
Map the data flow for your studies
Identify where data are:
Identify the:
Compute a risk score (likelihood X impact) for each risk
PERFORM A DATA INTEGRITY RISK ASSESSMENT
GIVE P.I. ACCESS TO DATA
If you choose to keep data out of the EDC system, then identify all data “relevant to patient care” and ensure the P.I. has access to it “at all times during and after the trial.” (GCP Guide, MHRA)
Document these decisions in agreements with vendors and P.I.s
LIMIT SELF-EVIDENT CORRECTIONS
Don't let self-evident corrections become "a substitute for a formal query process." (GCP Guide, MHRA)
Prospectively identify and document all allowable self-evident corrections, including who can make them
Ensure the P.I. has agreed to all allowable self-evident corrections
Ensure there is a process for informing the P.I. of all self-evident corrections made to their subjects' data during the study
HIRE TECH-SAVVY MONITORS
Vendors under contract to sponsors have become an extension of the clinical investigator site, and e-data presents new risks to data integrity
Design your monitoring plans to incoporate results from your risk assessment
Hire GCP- and tech-savvy monitors to
SECURE CLINICAL TRIAL DATA
When data are stored outside of applications that provide audit trails, implement additional controls to ensure:
• Access is limited to the appropriate people• Access is monitored• Changes to data can be detected
IMPLEMENT RISK MANAGEMENT PLANS
• Mitigate the risk• Detect when the risk occurs• Recover after the risk occurs
• Monitor the vendors on a regular basis• Watch for warning signs at the vendors and the clinical investigator sites
For risks with high risk scores, document how
• Retrieved • Transmitted
• eCRFs • eDiaries • Electronic lab reports • Digital medical images • IVRS/IWRS
EXAMPLES OF ESOURCE OR ELECTRONIC CLINICAL TRIAL DATA INCLUDE:
When clinical trials are run this way, the P.I. has authority and control over the integrity of their subjects’ data.
“There should be no loss of quality when an electronic system is used in place of a paper system.”
PREMISE SCOPE
“Electronic Systems, (including instruments, software and services) used in clinical trials in the creation/capture of electronic clinical data.”
Investors have access to all data “relevant to patient care”... “at all times during and after the trial.”
INTENDED CONTROLS
“Adequate controls should be in place to ensure confidence in the reliability, quality, and integrity of the electronic source data.”
“Source data in clinical investigations used to fill the predefined fields in the eCRF, according to the protocol.”
PREMISE SCOPE
eSource is entered into the eCRF by1. Manual transcription or 2. Automated transfer
INTENDED CONTROLS
FDA: “Electronic Source Data in Clinical Investigations”
EMA: “Expectations for electronic source data and data transcribed to electronic data collection tools in
clinical trials”
INTRODUCTION
WHICH EVER SIDE OF THE POND YOU’RE ON, REGULATORS AGREE: CLINICAL DATA INTEGRITY IS ESSENTIAL
WHERE ARE THE REAL RISKS TO CLINICAL DATA INTEGRITY?... OR HAS EDC BECOME IRRELEVANT?
© 2016 by Colgin Consulting, Inc. All Rights Reserved.
emai
l
Regular data transfers to sponsor per data transfer plans
“Dispenses” ediary to subject
ELECTRONIC CENTRAL ECG READ REPORT
Reviews ECGRevises device interpretation, as necessary
CARDIOLOGIST
CENTRAL ECG READER*
Takes ECGTransmits data to central reader
MEDICAL TECHNICIAN
ECG DEVICELogs onto deviceAnswers questions
SUBJECT
CLINICAL RESEARCHCOORDINATOR
• Reviews all reports received• Reviews eCRF data Enters data into EDC System
DATA ENTRYTECHNICIAN
Print out
CLINICAL INVESTIGATOR SITE
eDIARY DEVICE
LABINSTRUMENT LIMS REPORTING
SYSTEM
ELECTRONICLAB REPORT
CENTRAL CLINICAL LAB*
E-DIARY PROVIDER*
eDIARY SYSTEM
Visit 5 Labs
Blood Drawn?
Y N
Visit 5 Diary
Diary Dispensed?
Visit 5 ECG
ECG Performed? Y N
Medical History
Concomitant Meds
Adverse EventsEDC SYSTEM**
Analyzes data per SAPCreates datasets, tables, listings,and figuresStores outputs on file shareUses the data stored on the file server
STATISTICIAN/STATISTICAL PROGRAMMER
SPONSOR
Y N
eDIARY PRINT OUT
SAS SERVER FILE SERVER SFTP SERVER
programs more files
* Clinical Service Providers, or Trusted 3rd Parties: They are not CROs. ** Hosted by EDC Providers: They are not CROs.
transmit original ECG
Key safety data don’t go in EDC
Demographics
Data from all sources reside in directories on a file server
transmit ediary data
••
••
••
In a highly simplified way, the process looks like the diagram below: all the data from all sources come to the P.I. and get entered in the EDC system.
P.I.s have access to all the data they need Data go into eCRFs
• •
* Clinical Service Providers, or Trusted 3rd Parties: They are not CROs. ** Hosted by EDC Providers: They are not CROs.
Takes ECGTransmits data to central reader
MEDICAL TECHNICIAN
CENTRAL ECG READER*
CLINICAL INVESTIGATOR SITE
Reviews ECGRevises device interpretation, as necessary
CARDIOLOGIST
ECG STRIP
ELECTRONIC CENTRAL ECG READ REPORT
ECG DEVICE
Logs onto deviceAnswers questions
SUBJECT
“Dispenses” diary to subject
CLINICAL RESEARCHCOORDINATOR
SERVERS
STATISTICIAN/STATISTICAL PROGRAMMER
SPONSOR
Reviews all reports receivedReviews eCRF data
P.I.
Enters data into EDC SystemDATA ENTRY TECHNICIAN
E-DIARY PROVIDER*
Print out
eDIARY SYSTEM
LABINSTRUMENT
LIMSREPORTING
SYSTEMELECTRONICLAB REPORT
Visit 5 Labs
Blood Draw Date __ /__ /____
Blood Draw Time __ __ ___
Hematology
HgB ___ ___
RBC ___ ___
Chemistry
Glucose ___ ___
D D M M Y Y Y Y
H H M M AM/PM
Units
Units
Units
Visit 5 Diary
Diary Date __ /__ /____
Diary Time __ __ ___
D D M M Y Y Y Y
H H M M AM/PM
Q 1. ___________________
Q2. ___________________
Q3. ___________________
Q4. ___________________
Q5. ___________________
Visit 5 ECG
ECG Date __ /__ /____
ECG Time __ __ ___
D D M M Y Y Y Y
H H M M AM/PM
RR Interval __ sec.
P Wave __ sec.
QTc Interval __ msec.
Medical History
Concomitant Meds
Demographics
Adverse Events
automated transfer to eCRF
transmit completed ediary
EDC dat
a ex
trac
tion
s
CENTRAL CLINICAL LAB
EDC SYSTEM**
eDIARY DEVICE
••
•
•
••
••
••
••
Analyzes data per SAPCreates datasets, tables, listings, and figuresStores outputs on file shareUses the data stored on the file server
IN THEORY...
printed copies of reports
email e
lectronic la
b report
email central ECG read report
IN ACTUAL PRACTICE...Sponsors are choosing to keep data maintained by vendors out of the EDC system, relying on the vendors to communicate results to the P.I.P.I.s don’t always have access to all relevant data.Data may be stored in formats and on platforms that do not support monitoring access or audit trails.
• ••
THERE ARE GAPS BETWEEN EXPECTATIONS AND ACTUAL PRACTICE. THESE GAPS CREATE REAL RISKS TO CLINICAL TRIAL DATA INTEGRITY.
••
••
ECG STRIP
P.I.
The application the cardiologist uses to change the interval markers was designed for clinical practice, not clinical trials. As a result, there is no audit trail on who made the changes to the markers, when the change was made, or what the original values were.
RISK
“The audit trail implemented in the <redacted> repository does not capture all actions for creating or modifying the image and annotation files.”
Form FDA 483, 2SEP10, FEI Number 3008410340 (Note: for a central image reader)
REGULATORY ACTION
RISKRISKRISK
REGULATORY ACTION
The eDiary audit trail is not shared with the P.I., preventing them from seeing the coordinator was logged on to the perform subject actions.
“…five pain assessments for Subject 09-006 were entered into the LogPad by the study coordinator, rather than by the subject…. In your written response, you indicated that your study coordinator entered data directly into the LogPad, based on information she received either from the nursing staff or from study subjects…. You indicated that by the time you became aware of this practice, your site had enrolled 8 subjects into the study, and all of them had completed the trial. You also indicated that the monitors challenged the validity of the pain data… Based on your written response, we have concerns that your
study coordinator may have inappropriately entered data into the LogPad for other subjects, as well…. By failing to ensure that pain-assessment data were entered only by the subjects, as required by the protocol, you compromised the validity and integrity of data collected at your site.”
FDA WL 5JUN13, 13-HFD-45-05-02 (Note: for a clinical investigator)
RISK
P.I.s may have so many disparate sources of data to review that it becomes impossible to effectively oversee study conduct and subject safety (e.g., ECG machine output vs. corrected reports from the central reader).
P.I.s may not get all the information they need from
RISKS
Health Canada
“The sponsor did not implement systems and procedures to ensure the required study information was communicated to and/or reviewed by appropriate study personnel in a timely manner.”
REGULATORY ACTION
vendors to adequately oversee study conduct (e.g., raudit trails on e-diaries).
Sponsors may have agreements with vendors about self-evident corrections that may not be formally agreed to by the P.I., resulting in changes to subject data without the P.I.’s consent or awareness.
23NOV15 Control Number 17182021OCT15 Control Number 16032315JUN15 Control Number 1632279JUN15 Control Number 16155125MAY15 Control Number 15739322JAN15 Control Number 169800
(Note: Lack of publicly available detail makes interpretation challenging)
•
•
•
••••••
RISK
No process for granting, reviewing, monitoring, or revoking access, resulting in inappropriate access levels (e.g., clinical study manager can delete files)
RISKS
“…your SOP lacks details concerning how you ensure the security of data, and how changes to the files are managed and documented. Furthermore, you failed to monitor access and record changes (via an audit trail) of electronic statistical data and statistical analyses. Thus the quality and integrity of your data and analyses cannot be ensured.”
REGULATORY ACTION
Files are stored in easily editable formats that do not support audit trails, resulting in unattributable changes that obscure previous values (e.g., data changed in a txt file or an Excel spreadsheet)
FDA WL 11MAR14, 14-HFD-45-02-01(Note: for a GLP lab)
• •