The Clinical Investigator Site Audit Process-Driven Good Clinical Practice Terry Winchell* GCP Innovative Dynamics, LLC, 7400 Kansas Ave., Kansas City, Kansas 66111-2639, USA Summary This article describes a process-driven approach to the conduct of a Good Clinical Practice (GCP) audit at a clinical investigator site and to the assessment of systemic GCP compliance in just a few days with little or no background information. The technique involves looking at the site and resulting observations from a systemrelated point of view, with the primary goal of finding flaws in methods of operation as opposed to looking for isolated errors. Then, expanding the impact of corrective actions to the maximum extent (i.e. to all systemic flaws). To put it simply, it is a process-driven approach with the ultimate goal of getting the GCP system under satisfactory control. Copyright # 2008 John Wiley & Sons, Ltd. Key Words: audit; Clinical Quality Assurance; clinical investigator; clinical research; GCP Overview This article is going to be brief, at least much briefer than it could have been concerning the topic. The goal is to outline a basic approach regarding the conduct of the most common of all Good Clinical Practice (GCP) audits and inspections, namely: the GCP audit of a clinical investigator site. The article will not go into detail regarding specifics of a checklist, regulations, or referencing all previous related articles that have been written on this topic. Rather it will attempt to stand on its own and provide a general approach to conducting an effective GCP audit at a clinical research site without the benefit of reviewing the database beforehand (as the Food and Drug Administration (FDA) routinely does) and while *Correspondence to: T. Winchell, GCP Innovative Dynamics, LLC, 7400 Kansas Ave., Kansas City, Kansas 66111-2639, USA. E-mail: twinchgcp@msn.com working under time constraints that are always present in industry. This is no easy task. It takes a lot of skill to do an effective Clinical Quality Assurance (CQA) review in just a few days at a site that has often never been visited by the Quality Assurance (QA) auditor, and there may be very limited background information available. Most of the time at the site, say at least 75%, should be spent on review of the clinical trial study data, i.e. the source documents and Case Report Forms (CRFs), with primary emphasis on the former. Reason being that these documents form the very foundation for the marketing application. Source documents are for most practical purposes the documents where information is recorded first. The way this is accomplished at a clinical research site is critical to valid study data. This goes beyond consistency checking (source data versus CRF) that the study monitor routinely does and attempts to review the Copyright r 2008 John Wiley & Sons, Ltd. Qual Assur J 2007; 11, 138 142. Published online in Wiley InterScience (www.interscience.wiley.com).412
The Clinical Investigator Site Audit Process-Driven Good Clinical Practice 139 methods used to actually collect and record the information, e.g. by following FDA s unofficial ALCOA standard. ALCOA stands for Attributable, Legible, Contemporaneous and Complete, Original and Accurate [1]. How can one person do this in just a few days? Certainly one person can look at several records, tour the facility, ask questions, and review the regulatory binder, but how can one get a real feel for whether the study is actually acceptable and will pass an FDA inspection at any level of scrutiny? I am not sure that many auditors even attempt to step into this subjective realm but are rather satisfied to take a snap shot of the trial, finding some isolated and possibly a few systemic problems, but not going much further than that. After all, stepping into the pass/fail realm can be dangerous. What if you are wrong? What do you do if the audit fails? Rightfully, the assessment of the overall acceptability of a clinical trial after just examining a few records for a relatively short period of time is a subjective and formidable task. It can be done, although not without some risk including the lingering possibility that there could be other information not seen, heard, or recognized that could change the evaluation. Therefore, the goal of this approach is to give the auditor the best opportunity to see the most complete picture at a research site in a short amount of time with limited background information. In my experience the methods discussed here do that: they typically yield a number of systemic GCP observations (even at good sites), and after seeing government inspections occur at research sites which have been previously audited with this method, comparison of the results have been born out numerous times. By results, I mean the final classification of the inspections, not an exact duplication of the individual observations made (industry auditor versus FDA inspector). The observations will rarely (if ever) be identical since there are many factors that must align for that phenomenon to occur, i.e. the records examined, time spent during visit, background experience and motivation level of inspector/auditor, information on study data outliers available to the auditor and inspector prior to the visit, complaint information where applicable, etc. The primary concept involved in this type of GCP review is to look at the research site from a systemic (method of operation or processdriven) point of view. This common thread, looking for systemic flaws, carries through the entire process; not just during the time on site, but during the report writing and recommended corrective/preventive action (CAPA) processes as well. This is not a systems audit per se, that is the examination of a single GCP system (i.e. informed consent, serious adverse events (SAEs), etc.) from beginning to end. It is in a sense a systems audit in a much larger context. The entire GCP system is being evaluated in one grasp. There will always be numerous things wrong with every clinical research trial. Isolated errors inevitably occur, but unless they involve a critical element of a GCP system or have a significant impact on the core principles of GCP (data validity, subject welfare, or investigational product control), they will not push the trial into ultimate failure [2]. Assessment of the overall systemic GCP wellbeing of a trial is essential to a CQA examination. Most industry audits occur inside of one business week and that is really pushing the time envelope for some companies who may expect it to be done in 1 or 2 days. I believe this time frame (1 2 days) is quite inadequate and much less than what FDA (or any other regulatory authority) routinely requires. And remember, they (FDA) often have the benefit of previewing the database for suspect trends beforehand, or may be acting on a complainant s inside information (Table 1). Audit Approach Facility Tour The recommended starting point for a GCP audit is a brief tour of the facility. Nothing monumental will normally be discovered during
140 T. Winchell Table 1. Audit components 1. Facility Tour 2. Data Review 3. Interviews with Staff 4. Pharmacy 5. Regulatory Binder 6. Electronic Records (if applicable) 7. Checklist this tour which may last for only 30 min or so. However, the point of the tour is not to find significant deficiencies, at least at this stage. The real goal is for the auditor to get a general view of the study setting, equipment used, and the feasibility of what he/she will later view in the study records. For example, if there is only one ECG machine, how could ECGs be collected on three study subjects at about the same time? Data Review After the tour, I prefer to go directly into the clinical study data because this is getting right to the heart of the audit and always takes by far the most time. Some clinical records should be examined from the beginning, middle, and end of the trial for the obvious reason that study conduct, workloads, personnel, and sometimes methods (albeit rarely) can change over time. Choosing a record from the beginning of the study is a good practice because this will often be the weakest link in the chain. The research site is likely to make more errors at the beginning because of limited familiarity with the trial protocol and procedures. If the early records look good, while not a guarantee, it may be an indicator that others will be as good or better. I use a study subject records sampling plan of the square root of N þ 1 (N being the number of subjects enrolled or dosed), with a minimum of 3 and a maximum of 12 subject records to select a routine sample. This approach originates from a military sampling plan that FDA used across industries (foods, drugs, cosmetics, etc.) for many years. This number can vary and is not an absolute or required standard. The next point may be surprising to some: Spend considerable time looking at the first sample subject record as thoroughly and in as much detail as reasonably possible. The real goal here is not to find isolated errors in this record, although those will be discovered too, but rather to understand the site s system for collecting and recording data. In GCP, every research site has a unique system of operation (with the theoretical exception of a well quality-controlled Site Management Organization (SMO)), and, therefore, is much different from a Good Manufacturing Practice (GMP) facility whereby one basic system is applicable to the production of many standardized products. In GCP, there can be numerous different systems (i.e. 30, 40, 100, or more sites) that are essentially producing a single customized product for every multi-center protocol. And, these do not normally have the benefit of a devoted on-site Quality Control (QC) or Quality Assurance (QA) unit, nor are they under the control or even ownership of the sponsor. This is a unique situation in GCP, as the degree of control is not the same as in GMP or Good Laboratory Practice (GLP) operations. Once the recording system is understood, the audit should shift into second gear, stepping back somewhat from the details and expanding the scope into a bigger picture view of other subject records, focusing on the primary protocol-required data such as dosing, laboratory tests, inclusion/exclusion criteria, informed consent (IC), adverse events, concomitant medication, study schedules, source documents, and any systemic flaws that were noted during the initial review of a single record. The goal of the latter is to verify if previously noted systemic flaws extend across many subject records. Additional GCP systemic items may be noted as well and the audit approach should have the flexibility to go in any direction (re-reviewing previous records, adding additional records, narrowing or expanding the focus to cover details of suspected trends, etc.) in sufficient depth to understand the nature and scope of the observations made. At this stage of the process, it is helpful to draw a chart with subject numbers and initials down the left-hand vertical column and the
The Clinical Investigator Site Audit Process-Driven Good Clinical Practice 141 various data points to be examined horizontally across the top of the page. This can be useful in spotting a trend across subjects and is an effective manual technique that can facilitate some compensation}in a rudimentary fashion}for not having a complete database across subjects or sites that can been screened with a trained eye beforehand, as is the case after the marketing application (i.e. New Drug Application (NDA)) has been assembled. Interviews with Staff The data review will typically lead to questions for study staff interviews. Various individuals that actually worked on the trial (if possible) should be called in and asked about how they arrived at various recorded information and how source data was collected. This is also the time to ask for explanations of any unlikely or conflicting information that has been found during the document review. The variety of questions that can arise here is nearly infinite, but the real goal of the interviews is to drill deeper into the site s system of operation, getting a closer view of site procedures and data collection, not just to confirm why one record does or does not match another. Some of these staff interviews can be very revealing if not surprising, but the auditor must be armed with the right specific questions to draw out the information to make the interviews really effective. Therefore, data review prior to undertaking this task is a prerequisite. Pharmacy The pharmacy area is likely seen on the initial tour of the facility, but it should be looked at in more detail later during the visit. The degree of scrutiny is dependent upon the study, but the area where drug is stored and any recordkeeping related to the study medication is always a key, often independent area where additional source data can be compared and verified. If significant discrepancies, conflicting records, mixing or dosing errors are observed or blinding is questionable, additional time will be required either during the audit or upon a follow-up visit by the monitor or Clinical Research Associate (CRA). Regulatory Binder Finally, the regulatory binder (investigator site file) is examined. This may involve roughly half a day (approximately 15% in case of 3-day audit) of the time on site and can also disclose some systemic observations. For example, Institutional Review Board (IRB)/ethics committee (EC) approvals, the content of the IC, and the processing of Investigational New Drug (IND) Safety Alerts are by their very nature systemic to the conduct of a clinical study. Sometimes correspondence files reveal significant information. Electronic Records Electronic records are not as yet a significant common component of most clinical investigator sites audits. Occasionally, electronic records can originate from electronic CRFs, Interactive Voice Response Systems (IVRS), or source data that is first recorded electronically. The latter is routinely the primary concern and responsibility of the clinical investigator site. FDA has not yet devoted considerable effort to examining electronic records during investigator site inspections but there are a series of questions that are routinely asked if electronic records are used (see Electronic Records and Signatures at: http://www.fda.gov/ora/compliance ref/bimo/7348 811/48-811-3.html). These questions could become critical if a research site was relying on electronic records to satisfy any GCP regulation requirements of 21 Code of Federal Regulations (CFR), and particularly so where the requirements are directly related to adequate and accurate safety and efficacy source data [3]. Clinical research sites should therefore be prepared to adequately answer those questions. Some hospitals routinely use electronic source data capturing methods. A detailed audit of this process alone would take considerable time, likely involve specialized personnel, and be a largely independent task. It is, however, a
142 T. Winchell systemic process. If a research site is not able to adequately address the FDA inspection program questions relative to 21 CFR Part 11 electronic records requirements, particularly in regards to source data recorded electronically, this should be listed as a system-related observation in the audit report. Checklist To conduct investigator site audits it is helpful to have a checklist, covering at minimum everything included in a routine government inspection (for FDA inspections of Phase II IV sites see www.fda.gov/ora/compliance ref/bimo/7348 811/ default.html). This should not imply that one is bound by or even conscious of the checklist while the audit is being conducted, but rather that it is used to assure nothing is forgotten before leaving the site. Its real use is a memory prompt to review all appropriate items rather than a confining box that one must stay within. If used in the latter sense, a checklist can inhibit a really effective GCP review. isolated errors, and then, expanding the impact of corrective actions to the maximum extent (i.e. to all systemic flaws). To put it simply, it is a process-driven audit approach with the ultimate goal of getting a GCP system under satisfactory control [4,5]. We could go on for pages about the details of the checklist, GCP regulations, the most effective (system-related) reporting format, assessment of findings, CAPA recommendations, etc., but that was not the intent. The objective of this article was to provide some conceptual insights regarding how to conduct a GCP audit at a clinical investigator site in order to assess overall systemic GCP compliance. This is never an easy task, which calls for individuals who demonstrate the necessary experience, motivation, alertness and skill for such endeavors, along with the right audit approach. Approaching the GCP audit from a systemic point of view increases the value of the observations made, and if extended into systemic corrections, hits the real (root cause) target of lasting correction [5]. Conclusion There is nothing particularly different about the areas being covered with this approach. The same regulations (e.g. 21 CFR Parts 11, 50, 54, 56, 312.50, 312.60, 812 etc.) and guidelines such as ICH E6 are the common standards for GCP compliance (in the USA). What is somewhat unique in this audit approach is how the observations are perceived, eventually reported and finally recommended for correction. It means looking at the site and the resulting observations from a system-related point of view, with the primary goal of finding flaws in methods of operation as opposed to looking for References 1. Winchell T. Source documentation: What s the mystery? GCPj 2004; 11(5): 26 29. 2. Winchell T. The heart of GCP. SOCRA Source 2006; February(47): 41. 3. Food and Drug Administration. Guidance for Industry: Computerized Systems Used in Clinical Investigations. May 2007. Available at www.fda.gov/ohrms/dock- ETS/98fr/04d-0440-gdl0002.pdf, accessed 15 June 2007. 4. Winchell T. The process-driven audit, & GCP. SOCRA Source 2005; November(46): 16 17. 5. Winchell T. Auditing for a systemic improvement in GCP. GCPj 2005; 12(10): 21 22.