HCCA Research Compliance Conference May 31-June 3, 2015
1
Establishing Risk-Based Monitoring for Clinical Research
Frank Estala Kathy James
Clara Vorpahl Anna Taranova
The speakers have no relevant financial and non-financial relationships to disclose.
The opinions presented are our individual opinions, based on our experience and do
not represent those of anyone else, including the UTHSCSA, University Health
System or their affiliates.
HCCA Research Compliance Conference May 31-June 3, 2015
2
Moderator: ◦ Frank Estala, BA, Research Compliance Manager,
UT-Health Science Center at San Antonio
Speakers:
◦ Kathy James, CHC, CHSP, Assistant Compliance Officer , UT-Health Science Center at San Antonio
◦ Clara Vorpahl, BA, Senior Research Compliance Specialist, UT-Health Science Center at San Antonio
◦ Anna Taranova, MD, MS, CCRP, Senior Research Director, University Health System
HCCA Research Compliance Conference May 31-June 3, 2015
3
In this breakout session we will discuss ◦ The effectiveness of risk-based monitoring (RBM)
for research oversight and quality assurance
◦ FDA guidance and regulatory expectations for RBM implementation
◦ Unified Compliance Framework: implementation and sustainability of RBM
To enhance human subject protection
To Improve quality and integrity of data
Stay in tune with FDA current practices
To protect institution
To protect and train investigators
To reflect current trends in clinical trial enterprise
HCCA Research Compliance Conference May 31-June 3, 2015
4
Expectations: ◦ Compliance monitoring activities should be
comprehensive, planned, adapted to changes in the internal and external environments as they arise, and based on a realistic and documented assessment of the compliance risks faced by the organization.
Silos – physical and communication divisions
Duplication of work
Gaps in oversight
Low effectiveness of follow-up
The need for uniform standards
Lack of Resources
Negative perception of compliance
HCCA Research Compliance Conference May 31-June 3, 2015
5
Things change. We need to adapt to changes
Used with permission from Don Mayne. Wretched Mess Research Cartoons(2009)
HCCA Research Compliance Conference May 31-June 3, 2015
6
ACRP: ◦ “In the context of the global clinical trial industry,
risk-based monitoring is an evolving concept that aims to increase the quality and efficiency of clinical trials by using advances in technology. The intent is to do that while still maintaining a strong commitment to patient safety, data integrity, and regulatory compliance.”
Conduct a risk assessment to identify and evaluate risks to critical study data and process
Design a monitoring plan tailored to address important and likely risks identified during risk assessment
Enhance human subject protection and quality of data by focusing oversight on the most important aspects of study conduct and reporting
HCCA Research Compliance Conference May 31-June 3, 2015
7
Description of Monitoring Approaches
Communication of Monitoring Results
Management of non-compliance
Ensuring Quality Monitoring
Monitoring Plan Amendments
Clinical Investigator Training
Factors to consider when developing a monitoring plan: ◦ Complexity of study design
◦ Types of study endpoints
◦ Clinical complexity of the study population
◦ Experience of the Investigator (and coordinator)
◦ Electronic Data Capture
◦ Safety of the investigational product
◦ Stage of the study
◦ Quantity of data
HCCA Research Compliance Conference May 31-June 3, 2015
8
Management of non-compliance: ◦ Processes for addressing unresolved or significant issues
(e.g., significant non-compliance with the investigational plan, suspected or confirmed data falsification) identified by monitoring, whether at a particular site or across study sites
◦ Processes to ensure that root cause analyses are conducted where important deviations are discovered and that appropriate corrective and preventive actions (e.g., additional training on a study or site level) are implemented to address issues identified by monitoring
◦ Other quality management practices applicable to the clinical investigation (e.g., reference to any other written documents describing appropriate actions regarding non-compliance)
Clinical Investigator Training ◦ Without meaningful training prior to the conduct of a
study and of appropriate instruction during the study (e.g., when changes are made to the protocol), CIs and their staff may have difficulty carrying out a trial correctly.
Monitoring activities should include sufficient time for discussion of CI’s and site staff’s responsibilities, feedback, and additional training.
It may be necessary to implement alternative training (e.g., teleconferences, webcasts, online training modules) and communication methods (see section III.B.1) for providing and documenting ongoing, timely training
HCCA Research Compliance Conference May 31-June 3, 2015
9
Operate in accordance with all Federal and State laws and regulations and Institutional policies: ◦ Office for Human Research Protections (OHRP) guidelines CFR
45.46 and FWA for HHS/NIH supported clinical and non-clinical
research
◦ Food and Drug Administration (FDA) Code of Federal
Regulations (21 CFR Part 50, 54, 56, and 312) for Drug, Devices,
Biologics
◦ Health Insurance Portability and Accountability Act (HIPAA) for
protection of personal, identifiable health information
◦ Medicare/Medicaid Billing Compliance
◦ State requirements (i.e. next of kin/LAR, etc)
◦ UT Health Science, VA and University Health System policies and
IRB guidelines - Encompass all areas of research
FDA Risk Based Monitoring guidance
Filling the gaps
Create culture of unified compliance
Increased effectiveness of oversight
Unified tools: ◦ Co-monitoring
◦ Standardized approach and tools
◦ Increased number of compliance reviews
◦ Collaborative corrective action plans
HCCA Research Compliance Conference May 31-June 3, 2015
10
Establish compliance standards to be followed by all affiliates and faculty to reduce the prospect of research misconduct;
Engage affiliates to ensure transparency and communication
Identify specific research compliance risk areas and recommend the development and implementation of necessary changes in practice
Effectively communicate compliance standards and procedures to all research staff by requiring participation in training programs or by disseminating publications that explain in a practical manner what is required;
Consistently enforce standards through monitoring and appropriate enforcement mechanisms
Take all reasonable steps to respond appropriately to detected noncompliance and to prevent further similar occurrences
Utilize monitoring and auditing systems reasonably designed to detect research misconduct, including self-reporting and compliance anonymous line.
Initial Reasons for Selection Focus are Different but Goal is Identical – Ensure Compliance
Compliance Office – Risk Assessment Tool
Cancer Center – DSMC
Health System – Institutional impact
HCCA Research Compliance Conference May 31-June 3, 2015
11
Risk Considerations ◦ To Subjects/Patients
◦ To Data
◦ To Institution
◦ Investigator
◦ Privacy
◦ Financial
◦ Liability
◦ Others
Clinical Research Compliance
HIPAA (especially HIPAA in research)
Billing Compliance
Unified Reporting and Monitoring Tools
Educational opportunities
HCCA Research Compliance Conference May 31-June 3, 2015
12
Compliance Risk Assessment Tool Sections
Protocol Risk
FDA Risk
Budget/Billing Risk
IRB Risk
PI Risk
7 Major Categories ◦ Regulatory Documents – Affiliate Approvals, FDA 1572s &
1571s, CVs/Licenses, Credentialing, Training, Staff Signature Logs
◦ IRB Submissions – Protocols, Progress Reports, Amendments, Approval Letters, Approved Ads, IBs, Consent Forms and HIPAA Authorizations
◦ Physical Space & Storage – Investigational Product ◦ Subject Files/Inclusion/Exclusion Criteria – Screening Logs,
Eligibility Supporting Documents ◦ Subject Files/CRFs/Source Documents/Consent Forms –
Documentation of Consent Process, Completion of Forms, Review for Possible AEs
◦ Billing and Participant Payments – Documentation of Accountability
◦ FDA Sponsor Investigator – Ensuring Sponsor Investigator is Fulfilling FDA Requirements
HCCA Research Compliance Conference May 31-June 3, 2015
13
5 Special Sections
IRB Section – Elements of Consent, Special Consent Situations, Confirmation of IND or Exemption
CTO Section – MCA Performed, Accuracy of Billing Grid, Subject Payment Accountability
OSP Section – Fulfillment of Contract Obligations
COI Section – Management of COI
Metrics and Outcomes – Customer Service Oriented
What is reviewed
HCCA Research Compliance Conference May 31-June 3, 2015
14
Unified Framework in Action
Entrance Meeting
Site/Pharmacy Visit
Exit Meeting
Corrective Action Plan
Responsible Parties
Responses/Deadlines
CAPA Completion
Continued Stakeholder Involvement
Commitment
Regular Meetings
Parallel Improvement of Tools/Process
Customer Feedback
HCCA Research Compliance Conference May 31-June 3, 2015
15
The Risk Assessment Instrument : ◦ is a 26-item tool designed to measure the risk of
regulatory noncompliance in human subject research.
◦ The instrument is divided into five subscales: Protocol, FDA, Budget & Billing, IRB, and Principal Investigator.
◦ The risk assessment items were developed from compliance tools developed at the institution, instruments shared from other institutions and experiential knowledge of the developing team.
The Risk Assessment Instrument design : ◦ The developers weighted some items based on their
collective experience reviewing studies. ◦ Risk assessment scores were calculated for 51
compliance reviews performed over the past two years and correlated with the actual findings of noncompliance from these reviews.
Tool improvement and validation: ◦ We are currently analyzing the data to determine the
nature and extent to which the tool, subscales and individual items predict findings of regulatory noncompliance.
Continues improvement: ◦ We will use the results to further refine the items and
weighing strategy.
HCCA Research Compliance Conference May 31-June 3, 2015
16
REDCap database
Unified Compliance Framework transparent components
Shared reporting
Monitoring Process using REDCap:
HCCA Research Compliance Conference May 31-June 3, 2015
17
Easy access for Affiliates, including scheduling and communication of results
Federal Regulations
State Regulations
Institutional Policies
Affiliates Policies
HCCA Research Compliance Conference May 31-June 3, 2015
18
• A researcher may be given access to someone’s PHI when a “valid authorization” is obtained from that person.
• A “valid authorization” must includes all of the elements that are required by the privacy rule.
• The person has the right not to agree to the authorization and the right to later revoke their authorization.
• The authorization will state how long it will be in effect.
• If signed by a 3rd party, that person’s authority to give authorization on behalf of the subject needs to be documented.
• Researcher may only collect, use or disclose a subject’s PHI in the manners described in the authorization that was signed by the subject, unless a waiver or alteration is approved by the IRB.
◦ A patient (or subject) has a right to know about PHI being disclosed without an authorization and so may request that a covered entity provide an accounting of all disclosures made without an authorization.
◦ For that reason, the covered entity that permits a researcher to access PHI without an authorization will likely ask him/her to provide a list of the records accessed.
HCCA Research Compliance Conference May 31-June 3, 2015
19
HIPAA Authorization by Research Participant
Waiver or Alteration of HIPAA Authorization by IRB/Privacy Board
De-Identification of Data
Limited Data Set & Data Use Agreement
Admission, discharge, and service dates
Date of birth
Date of death
Age (includes ages 90 or over)
Five digit zip code or any other geographic
subdivision, such as state, county, city, precinct
HCCA Research Compliance Conference May 31-June 3, 2015
20
All databases, including data containing PHI from research studies will need the following:
◦ A designated administrator
◦ Security measures taken for data security-encryption
◦ Policies on research databases to define location and when other approvals needed.
Person or entity that carries out, assists with the performance of, or performs a function, service or activity for a covered entity using that entity’s PHI
Contractual agreement Subject to compliance with HIPAA privacy and
security rules
Examples
HCCA Research Compliance Conference May 31-June 3, 2015
21
Determination whether an unauthorized use or disclosure of unsecured PHI is a “breach” requiring notification
Risk assessment completion
Individual notification of breach
HHS notification on-line
Examples
Authorizations/Waivers/Alterations
Locations for conducting research-affiliates
Appropriate security of PHI
Reportable events
Communication with affiliates for HIPAA incidents/breaches
HCCA Research Compliance Conference May 31-June 3, 2015
22
Encryption of emails to external email domains
Mobile device management
Use of USBs, CDs, etc.
Access to electronic health records
Others?
Collaborative Efforts: ◦ Sponsored Programs Office
◦ Clinical Trial Office
◦ Affiliated sites
◦ Subcontracting for external services
◦ Billing Accuracy
HCCA Research Compliance Conference May 31-June 3, 2015
23
The investigational item or service itself, unless otherwise covered outside of the clinical trial
Items and services provided solely to satisfy data collection and analysis needs and that are not used in the direct clinical management (e.g. add’l blood draws for biomarker assay
Items and services customarily provided by the sponsors free of charge for any enrolled subjects
Items/services required solely for the provision of the investigational item
Clinically appropriate monitoring of the effects of the IP
Items and services that are needed for reasonable and necessary care arising from the provision of an investigational item/service. In particular, for the diagnosis or treatment of complications
Items or services that are typically provided absent a clinical trial
Coverage types used on the billing grid for the coverage analysis: ◦ Invoice-R – Research event to be invoiced to Sponsor or funding
agency
◦ NB – Non-Billable – Is not a clinical service (will not generate a CPT code).
◦ Q0 – Investigational item/service in Qualified Clinical Trial (QCT) reported to a third party payer. Must be billed with V70.7 diagnosis code, Q0 modifier and NCT# (ClinicalTrials.gov registration number).
◦ Q1 – Routine item/service in a Qualified Clinical Trial (QCT) billed to a third party payer. Must be billed with V70.7 diagnosis code, Q1 modifier and NCT# (ClinicalTrials.gov registration number).
◦ R – Research – Research charge being covered by Sponsor or funding agency, but does not require specific invoicing.
◦ SOC – Standard of Care – Routine care procedure being charged as part of a non-qualified clinical trial to a third party payer; no additional codes or modifiers needed.
HCCA Research Compliance Conference May 31-June 3, 2015
24
Risk Assessment Review: MCA – Medicare Coverage Analysis
Billing Grid – Study Events Calendar
RABT – Research Account Billing Trigger – Creation of the
Research Account
CTA – Clinical Trial Agreement – Office of Sponsored
Programs and Clinical Trial Office Budgets/Awards. Internal
or Sponsors
Research Protocol – Sponsor or Investigator Protocol
ICF – Informed Consent Form – English Consent Form, VA
Consent, and Translated Consents
To compare language on Clinical Trial Agreement to protocol procedures
To accurately review dates of service per protocol visit schedule
To account for possible unscheduled visits that might generate billing
HCCA Research Compliance Conference May 31-June 3, 2015
25
Additional items for review
• Patient/Subject Information – Name, DOB, etc.
• Range of Service Dates – In contrast with protocol visit schedule
• Affiliated site information – MRI, Radiology, Lab facilities, etc.(when applicable)
• If possible, all documentation from any external care provided to the patient during the range of dates
Coverage analysis:
A process by which a determination is made regarding the responsible party for each service involved in a clinical trial: ◦ (Research or Routine/Standard/Usual Care)
HCCA Research Compliance Conference May 31-June 3, 2015
26
Services provided off-site – Hospitalization or referral to clinic possible resulting in a SAE/AE
Facility charges - Additional labs, MRIs, etc.
Medications – Addition medications for adverse effects
How were charges billed?
Patient coverage information (Insurance, Medicare, etc.)
Are there modifiers present on the claim (Q0, Q1, V70.0)
Have regulatory changes occurred that might affect billing (amendments to contracts or protocols).
Who is responsible financially?
Is there language in the Clinical Trail Agreement addressing coverage for SAEs/AEs
Is the language for costs to the subjects detailed in the informed consent
How will Refund/Rebills be handled?
HCCA Research Compliance Conference May 31-June 3, 2015
27
Duplicate Billing
Omitted Billing
Insufficient Documentation
Absence of Modifiers
Inconsistent terminology (CT Agreement, Protocol, ICF)
Other
Some Basic Questions to Ask:
1. What regulations and policies apply?
2. Am I following the IRB approved protocol/study plan?
3. Are responsibilities and delegated roles clearly defined
4. Is the study a qualifying trial
5. Does your institution conduct risk-based assessments for compliance?
HCCA Research Compliance Conference May 31-June 3, 2015
28
Used with permission from Don Mayne. Wretched Mess Research Cartoons(2009)
CAPA
Concierge services
OCR GCP
Focused Audience Training (PI, Clinical Staff, Residents/Fellows, etc.)
Training on demand
HCCA Research Compliance Conference May 31-June 3, 2015
29
Unified exit meetings
Increase in Collaborative efforts
Expanded Compliance Coverage
Continuing Training Opportunities
Regular Stakeholder Meetings ◦ Working group meeting
◦ Updated monitoring tools
Clinical and Translational Science Award Preferred Model:
The CTSA grant was awarded by the National Institutes of Health (NIH) in 2008 to integrate clinical and translational research and career development across the South Texas area.
To accomplish this requires collaboration with many different organizations and input from many sources.
We are CTSA Partners
HCCA Research Compliance Conference May 31-June 3, 2015
30
REDCap is a mature, secure web application for building and managing online surveys and databases, it is securely stored on a secure server, offers many options, streamlines the process
As members of the CTSA community, we use REDCap—a self-managed, secure, web-based solution that is designed to support data collection strategies for research studies.
REDCap tool provides functionality and features enabling researchers to rapidly develop databases for collection and managing research data.
Can be used by members from multiple sites and institutions.
HCCA Research Compliance Conference May 31-June 3, 2015
31
Some common examples from our recent compliance reviews.
Collaboration of affiliates – is the most effective for institutional compliance
Shared Vision – Protecting human subjects together (no silos)
Keeping up with Authorities and Regulations
Adjust practices with changing environment
Stay on top of educational opportunities
Build a positive compliance culture
Create relationships and sustain compliance efforts
HCCA Research Compliance Conference May 31-June 3, 2015
32