CLINICAL TRIAL SUBJECTS’ PARTICIPATION IN OUR CLINICAL STUDIES IS A PRECIOUS AND SELFLESS GIFT. WE ARE OBLIGATED TO DO EVERYTHING IN OUR POWER TO ENSURE THEIR CONTRIBUTION IS MANAGED IN SUCH A WAY THAT ITS INTEGRITY IS BEYOND QUESTION.

CONCLUSION

WHAT CAN YOU DO TO PROTECT THEIR GIFT?

• Created• Modified• Maintained

• Risks to data integrity• Likelihood of the risk occurring (i.e., becoming an issue)• Impact if the risk occurs

CONTACT: Jamie Colgin, ASQ CQACertified Information Systems Auditor, Certified in Risk and Information Systems ControlColgin Consulting, Inc. | www.colginconsulting.com | jcolgin@colginconsulting.com

Map the data flow for your studies

Identify where data are:

Identify the:

Compute a risk score (likelihood X impact) for each risk

PERFORM A DATA INTEGRITY RISK ASSESSMENT

GIVE P.I. ACCESS TO DATA

If you choose to keep data out of the EDC system, then identify all data “relevant to patient care” and ensure the P.I. has access to it “at all times during and after the trial.” (GCP Guide, MHRA)

Document these decisions in agreements with vendors and P.I.s

LIMIT SELF-EVIDENT CORRECTIONS

Don't let self-evident corrections become "a substitute for a formal query process." (GCP Guide, MHRA)

Prospectively identify and document all allowable self-evident corrections, including who can make them

Ensure the P.I. has agreed to all allowable self-evident corrections

Ensure there is a process for informing the P.I. of all self-evident corrections made to their subjects' data during the study

HIRE TECH-SAVVY MONITORS

Vendors under contract to sponsors have become an extension of the clinical investigator site, and e-data presents new risks to data integrity

Design your monitoring plans to incoporate results from your risk assessment

Hire GCP- and tech-savvy monitors to

SECURE CLINICAL TRIAL DATA

When data are stored outside of applications that provide audit trails, implement additional controls to ensure:

• Access is limited to the appropriate people• Access is monitored• Changes to data can be detected

IMPLEMENT RISK MANAGEMENT PLANS

• Mitigate the risk• Detect when the risk occurs• Recover after the risk occurs

• Monitor the vendors on a regular basis• Watch for warning signs at the vendors and the clinical investigator sites

For risks with high risk scores, document how

• Retrieved • Transmitted

• eCRFs • eDiaries • Electronic lab reports • Digital medical images • IVRS/IWRS

EXAMPLES OF ESOURCE OR ELECTRONIC CLINICAL TRIAL DATA INCLUDE:

When clinical trials are run this way, the P.I. has authority and control over the integrity of their subjects’ data.

“There should be no loss of quality when an electronic system is used in place of a paper system.”

PREMISE SCOPE

“Electronic Systems, (including instruments, software and services) used in clinical trials in the creation/capture of electronic clinical data.”

Investors have access to all data “relevant to patient care”... “at all times during and after the trial.”

INTENDED CONTROLS

“Adequate controls should be in place to ensure confidence in the reliability, quality, and integrity of the electronic source data.”

“Source data in clinical investigations used to fill the predefined fields in the eCRF, according to the protocol.”

PREMISE SCOPE

eSource is entered into the eCRF by1. Manual transcription or 2. Automated transfer

INTENDED CONTROLS

FDA: “Electronic Source Data in Clinical Investigations”

EMA: “Expectations for electronic source data and data transcribed to electronic data collection tools in

clinical trials”

INTRODUCTION

WHICH EVER SIDE OF THE POND YOU’RE ON, REGULATORS AGREE: CLINICAL DATA INTEGRITY IS ESSENTIAL

WHERE ARE THE REAL RISKS TO CLINICAL DATA INTEGRITY?... OR HAS EDC BECOME IRRELEVANT?

© 2016 by Colgin Consulting, Inc. All Rights Reserved.

emai

l

Regular data transfers to sponsor per data transfer plans

“Dispenses” ediary to subject

ELECTRONIC CENTRAL ECG READ REPORT

Reviews ECGRevises device interpretation, as necessary

CARDIOLOGIST

CENTRAL ECG READER*

Takes ECGTransmits data to central reader

MEDICAL TECHNICIAN

ECG DEVICELogs onto deviceAnswers questions

SUBJECT

CLINICAL RESEARCHCOORDINATOR

• Reviews all reports received• Reviews eCRF data Enters data into EDC System

DATA ENTRYTECHNICIAN

Print out

CLINICAL INVESTIGATOR SITE

eDIARY DEVICE

LABINSTRUMENT LIMS REPORTING

SYSTEM

ELECTRONICLAB REPORT

CENTRAL CLINICAL LAB*

E-DIARY PROVIDER*

eDIARY SYSTEM

Visit 5 Labs

Blood Drawn?

Y N

Visit 5 Diary

Diary Dispensed?

Visit 5 ECG

ECG Performed? Y N

Medical History

Concomitant Meds

Adverse EventsEDC SYSTEM**

Analyzes data per SAPCreates datasets, tables, listings,and figuresStores outputs on file shareUses the data stored on the file server

STATISTICIAN/STATISTICAL PROGRAMMER

SPONSOR

Y N

eDIARY PRINT OUT

SAS SERVER FILE SERVER SFTP SERVER

programs more files

* Clinical Service Providers, or Trusted 3rd Parties: They are not CROs. ** Hosted by EDC Providers: They are not CROs.

transmit original ECG

Key safety data don’t go in EDC

Demographics

Data from all sources reside in directories on a file server

transmit ediary data

••

••

••

In a highly simplified way, the process looks like the diagram below: all the data from all sources come to the P.I. and get entered in the EDC system.

P.I.s have access to all the data they need Data go into eCRFs

• •

* Clinical Service Providers, or Trusted 3rd Parties: They are not CROs. ** Hosted by EDC Providers: They are not CROs.

Takes ECGTransmits data to central reader

MEDICAL TECHNICIAN

CENTRAL ECG READER*

CLINICAL INVESTIGATOR SITE

Reviews ECGRevises device interpretation, as necessary

CARDIOLOGIST

ECG STRIP

ELECTRONIC CENTRAL ECG READ REPORT

ECG DEVICE

Logs onto deviceAnswers questions

SUBJECT

“Dispenses” diary to subject

CLINICAL RESEARCHCOORDINATOR

SERVERS

STATISTICIAN/STATISTICAL PROGRAMMER

SPONSOR

Reviews all reports receivedReviews eCRF data

P.I.

Enters data into EDC SystemDATA ENTRY TECHNICIAN

E-DIARY PROVIDER*

Print out

eDIARY SYSTEM

LABINSTRUMENT

LIMSREPORTING

SYSTEMELECTRONICLAB REPORT

Visit 5 Labs

Blood Draw Date __ /__ /____

Blood Draw Time __ __ ___

Hematology

HgB ___ ___

RBC ___ ___

Chemistry

Glucose ___ ___

D D M M Y Y Y Y

H H M M AM/PM

Units

Units

Units

Visit 5 Diary

Diary Date __ /__ /____

Diary Time __ __ ___

D D M M Y Y Y Y

H H M M AM/PM

Q 1. ___________________

Q2. ___________________

Q3. ___________________

Q4. ___________________

Q5. ___________________

Visit 5 ECG

ECG Date __ /__ /____

ECG Time __ __ ___

D D M M Y Y Y Y

H H M M AM/PM

RR Interval __ sec.

P Wave __ sec.

QTc Interval __ msec.

Medical History

Concomitant Meds

Demographics

Adverse Events

automated transfer to eCRF

transmit completed ediary

EDC dat

a ex

trac

tion

s

CENTRAL CLINICAL LAB

EDC SYSTEM**

eDIARY DEVICE

••

•

•

••

••

••

••

Analyzes data per SAPCreates datasets, tables, listings, and figuresStores outputs on file shareUses the data stored on the file server

IN THEORY...

printed copies of reports

email e

lectronic la

b report

email central ECG read report

IN ACTUAL PRACTICE...Sponsors are choosing to keep data maintained by vendors out of the EDC system, relying on the vendors to communicate results to the P.I.P.I.s don’t always have access to all relevant data.Data may be stored in formats and on platforms that do not support monitoring access or audit trails.

• ••

THERE ARE GAPS BETWEEN EXPECTATIONS AND ACTUAL PRACTICE. THESE GAPS CREATE REAL RISKS TO CLINICAL TRIAL DATA INTEGRITY.

••

••

ECG STRIP

P.I.

The application the cardiologist uses to change the interval markers was designed for clinical practice, not clinical trials. As a result, there is no audit trail on who made the changes to the markers, when the change was made, or what the original values were.

RISK

“The audit trail implemented in the <redacted> repository does not capture all actions for creating or modifying the image and annotation files.”

Form FDA 483, 2SEP10, FEI Number 3008410340 (Note: for a central image reader)

REGULATORY ACTION

RISKRISKRISK

REGULATORY ACTION

The eDiary audit trail is not shared with the P.I., preventing them from seeing the coordinator was logged on to the perform subject actions.

“…five pain assessments for Subject 09-006 were entered into the LogPad by the study coordinator, rather than by the subject…. In your written response, you indicated that your study coordinator entered data directly into the LogPad, based on information she received either from the nursing staff or from study subjects…. You indicated that by the time you became aware of this practice, your site had enrolled 8 subjects into the study, and all of them had completed the trial. You also indicated that the monitors challenged the validity of the pain data… Based on your written response, we have concerns that your

study coordinator may have inappropriately entered data into the LogPad for other subjects, as well…. By failing to ensure that pain-assessment data were entered only by the subjects, as required by the protocol, you compromised the validity and integrity of data collected at your site.”

FDA WL 5JUN13, 13-HFD-45-05-02 (Note: for a clinical investigator)

RISK

P.I.s may have so many disparate sources of data to review that it becomes impossible to effectively oversee study conduct and subject safety (e.g., ECG machine output vs. corrected reports from the central reader).

P.I.s may not get all the information they need from

RISKS

Health Canada

“The sponsor did not implement systems and procedures to ensure the required study information was communicated to and/or reviewed by appropriate study personnel in a timely manner.”

REGULATORY ACTION

vendors to adequately oversee study conduct (e.g., raudit trails on e-diaries).

Sponsors may have agreements with vendors about self-evident corrections that may not be formally agreed to by the P.I., resulting in changes to subject data without the P.I.’s consent or awareness.

23NOV15 Control Number 17182021OCT15 Control Number 16032315JUN15 Control Number 1632279JUN15 Control Number 16155125MAY15 Control Number 15739322JAN15 Control Number 169800

(Note: Lack of publicly available detail makes interpretation challenging)

•

•

•

••••••

RISK

No process for granting, reviewing, monitoring, or revoking access, resulting in inappropriate access levels (e.g., clinical study manager can delete files)

RISKS

“…your SOP lacks details concerning how you ensure the security of data, and how changes to the files are managed and documented. Furthermore, you failed to monitor access and record changes (via an audit trail) of electronic statistical data and statistical analyses. Thus the quality and integrity of your data and analyses cannot be ensured.”

REGULATORY ACTION

Files are stored in easily editable formats that do not support audit trails, resulting in unattributable changes that obscure previous values (e.g., data changed in a txt file or an Excel spreadsheet)

FDA WL 11MAR14, 14-HFD-45-02-01(Note: for a GLP lab)

• •