Data Integrity in Clinical Trials the Sponsor Perspective Maximilian Stroebe, GSK Vaccines Three differences to Commercial Manufacturing Long process chains Source Data, Clinical Sites and Outsourcing Trial specific Clinical sites CROs Programming Database configurations System use 1
Most Critical Processes in Clinical Trials Source Data to Submission Clinical Site Systems > EDC > DM > Stats > RA > Health Authority e.g. ECD, LIMS, EPR Adverse Events to Reporting Systems of First Recording > AE db > Signal Detection > Health Authority e.g. CRM, Call Center Clinical Trial Material to Use Manuf. > QC Labs > Release > IRT > Distribution > Env. Monitoring > Usage > Recovery Risk higher where the raw data is! Risk high for central databases. Extra compliance attention to etmf: needs to contain True Copies, maintaining dynamic nature of data. Few boxes, many web based systems Many processes involve data only (AEs, Source Data) Unlike in manufacturing, the computerized systems are not physical boxes in a company building Many client server systems, often hosted by vendors or providers Processes need to be actively analyzed to find gaps System inventories can mislead 2
Multi system landscape How is data moved from system to system? Metadata? Can I see in the last system who has originally entered the data? Can I trust previous reviews and approvals? Which changes have been performed on the way? Which data has been deleted on the way? Any unprotected systems on the way? E.g. xls files on a Sharepoint? Which is my last system? etmf, Archive System? A true copy may be retained in a different electronic file format to the original record, if required, but must retain the equivalent static/dynamic nature of the original record. [MHRA] Source Data All information in original records and certified copies of original records of clinical findings, observations, or other activities in a clinical trial necessary for the reconstruction and evaluation of the trial. Source data are contained in source documents (original records or certified copies). (CPMP/ICH/135/95) 3
Control Triangle in Clinical Studies Health Authorities: compare Source Data at sites to submitted data Subjects PI: Records Source Data Sponsor: collects, analyzes, and submits Source Data What changes if Source Data is electronic only? No paper at sites to inspect? EMA: Reflection paper on expectations for electronic source data [ ] in clinical trials Scope: 1. Electronic Case Report Forms (e CRFs) 2. Electronic patient data capture devices for epro 3. Instruments supplied to investigators for recording clinical data 4. Instrumentation or electronic [ ] where analysis, tests, scans, imaging, evaluations, etc. are performed in support of clinical trials. 5. Electronic Health Records. 4
EMA: Specific to esource Data: Topic 3: Control The investigator should maintain the original source document or a certified copy. Source data should only be modified with the knowledge or approval of the investigator. The sponsor should not have exclusive control of a source document. Source documents should be protected against unauthorized access. EMA: Electronic Health Record Systems at Clinical Sites Sponsor must assess EHR systems for GCP compliance, e.g. Data used for the study fully attributable Monitor, Auditor, Inspector direct access, but not to non subject data Are copies complete and accurate? 5
Multi organization landscape Sponsor Principal Investigator GP? Hospital? University? Central laboratory Radiology System vendor Hosting provider Outsourced System Admins? Clinical Research Organizations Outsourced Call Centers Is all staff trained on GCP? Are Quality Agreements in place with all parties? Project Character of Clinical Trials Per Trial, different Countries Clinical Sites CROs Computerized Systems (e.g. ediaries) Analytical endpoints/laboratories IMP Logistics 6
Trial specific applications ecrfs SAS Data Standards Interfaces to Outside What to Do? Cultural Change Involve/Train Business Process Owners Involve/Train Procurement Start with high criticality areas Work risk based 7
Risk Based Approach ICH E6 Starting Point: Critical Process and Data Identification Then: Risk Identification, Evaluation, Identification, Control, Communication, Review, Reporting How to identify risks meaningfully Performed by a cross functional team, especially including experts from the business process. Create brainstorm like atmosphere. Helpful questions to structure the discussion: 1.Consider all 5 system components (Hardware, Software, Processes, People, Documentation) 2.Walk along the Data Life Cycle and all Data Flows 3.Which business processes will use a specific computerized system? For complete list, see GAMP GPG on GCP Systems 8
Conclusion Understand the Business Processes and Risks Map the Data Flow, including Outside Which systems are on the data flow? Are all systems on the way validated for the use in question? Work strictly risk based Involve Business and Procurement Keep your source data under control and get it properly into the submissions and etmf Thank you for your Attention!!! Questions are Welcome! 9
Terminology CSV and DI Data Integrity The extent to which all data are complete, consistent and accurate throughout the data lifecycle. [MHRA GxP Data Integrity Definitions and Guidance for Industry] Computerized System Validation Achieving and maintaining compliance with applicable GxP regulations and fitness for intended use by the adoption of principles, approaches, and lifecycle activities within the framework of validation plans and reports, and the application of appropriate operational controls throughout the life of the system. [GAMP] This requires an understanding of the computerised system's function within a process. [MHRA] 10