Research Documentation: What
to Write, What to Save, How to
Store It
Tracy Rightmer, JD, CIP
Compliance Manager
December 8, 2009
AAHRPP ANNOUNCEMENT



For the past year Yale has been preparing for national accreditation
of its human research protection program.
Revised old policies, created new policies & new website going live
later this month
Structural changes:



Application will be submitted this month.



Kathy Uscinski has been named director of the HRPP, and all of Yale’s
IRBs fall under her administrative authority.
School of Nursing IRB has merged with the HIC, and their protocols will
be reviewed by either the HIC or the HSC, depending on design.
Must be reviewed and approved by AAHRPP
Onsite visit (probably next spring). We will be notified of who the review
team wants to interview, and we will work with all potential interviewees
in preparation for the visit.
We’ll be providing informational emails to the community, updating
you on the process. If you have any questions, email Jean Larson at
jean.larson@yale.edu.
Objectives




Discuss essential elements of a data
and document management plan
Present strategies for efficient
management of research related
documentation
Highlight effective tools for use in
managing study files
Describe measures for ensuring
subject confidentiality and data storage
International Conference on
Harmonization

A unique project that brings together
the regulatory authorities of Europe,
Japan and the United States and
experts from the pharmaceutical
industry in the three regions to discuss
scientific and technical aspects of
product registration
ICH

Purpose: to make recommendations
on ways to achieve greater
harmonization in the interpretation and
application of technical guidelines and
requirements for product registration in
order to reduce or obviate the need to
duplicate the testing carried out during
the research and development of new
medicines
E6:Good Clinical Practice
Consolidated Guidance

An international ethical and scientific
quality standard for the design,
conduct, performance, monitoring,
auditing, recording, analyses, and
reporting of clinical trials.
GCP


Compliance with this standard
provides public assurances that the
rights, safety and well-being of trial
subjects are protected, consistent with
the Declaration of Helsinki, and that
the clinical trial data are credible.
Provide a unified standard to facilitate
internal acceptance of clinical data by
the regulatory authorities in these
jurisdictions.
GCP 2.10

All clinical trial information should be
recorded, handled, and stored in a way
that allows its accurate reporting,
interpretation, and verification.
Documentation is Essential




“If it isn’t documented, it didn’t happen”
Viewed as a bother, but invaluable if a
problem arises
No one method is mandatory (no onesize-fits-all solution)
But there are certain essential
elements
Range of Complexity

Simple anonymous survey or use of
de-identified existing samples
Versus

Multi-site coordination of a doubleblinded drug study with 12 visits over
two years
Jargon




“Regulatory Binder” (File that contains all
HIC communication, approvals, sponsor
materials, etc.)
“Trial Master Files”
“Case Report Forms” (CRFs capture the
data the sponsor wants)
“Source Documentation” (original
documents, data and records, such as
hospital records, lab reports, subjects’
diaries, pharmacy records, etc.)
Approaches to research
documentation

Chronological

By topic/section

Some combination of the two
Maintain copies of all final
documents





History or ‘bread-crumb trail’ or ‘show
your work’
Word-processing functions such as
‘track changes’
Header/footer use for version/dates
Version Control: only one version is
‘active’ at a point in time
Future electronic submission will
necessitate strict electronic version
control
Important sections of a regulatory
binder



Protocol (including all amendments
and all versions)
Consent forms and HIPAA research
authorization forms (approved by IRB)
Regulatory approvals (Other IRB,
RSC, PRC, etc) and any required
reapprovals
Important sections, cont’d



All correspondence, including emails,
letters, faxes, notes of phone calls
Signature log, including name, initials,
signature, dates of involvement, and
study responsibilities
Recruitment materials, including
letters, advertisements, flyers, website
postings, etc (approved by IRB)
Important sections, cont’d

Samples of all forms to be used for
data collection, including screening
logs, eligibility checklists, case report
forms, drug accountability logs

Assessment tools to be used
Important sections, cont’d

Any reporting requirements, such as






Annual report to FDA
Continuing review approved by IRB
Adverse event reports
Protocol deviation/violation reports
Evidence of periodic monitoring (per the
protocol’s DSMP)
DSMB recommendations (if any)
Important sections, cont’d

Versions of all sponsor materials, if
applicable, including:





Sponsor’s clinical protocol
Investigator’s Brochure
Amendments
Sponsor’s correspondence
Records of monitoring visits
ICH Essential Documents



Those documents which individually
and collectively permit evaluation of a
trial and the quality of the data
produced
Focus heavily on pharmaceuticalsponsored trials
Include groups of documents,
generated before the trial commences,
during the clinical trial, and after
termination of the study
GCP Essential Documents

Many sponsor-related items, such as





CVs of investigators
1572s
Laboratory certifications
Laboratory normal values
Master randomization list with plan to
decode
Individual Subject Files






Consent form and RAF, signed and
dated
Eligibility Checklist
Visit flowchart
Case report forms
Source Documents e.g., Lab data,
ECGs, MRIs, Patient diaries
Adverse Events (AE)
*Separate storage


Signed consent
forms
Key linking
identifiers to codes
Study Termination/Close-out




Final report/Form 5C
Publication
Local dissemination of results*
Retention and storage of regulatory
documents per requirements
More complex scenarios


Yale PI is the Sponsor-investigator of
an IND, or the lead investigator on a
multi-site study
Additional responsibilities, including
maintaining CVs and training
certificates of all personnel from all
sites, and IRB approvals (and
reapprovals) from all sites
Multi-site coordination



Lead PI is responsible for data integrity and
data and safety monitoring
Monitoring is an evaluation of the clinical
research process which should occur
throughout the life of the protocol
Lead PI is responsible for informing all coinvestigators of progress, and events such
as Serious Adverse Events (SAEs), etc
Common Audit Findings




36% of audit issues are related to improper
or lack of documentation
Don’t let this happen to you!
Study Start-up Consultations and
personalized In-services are offered by the
HIC
Emails: ysmhic@yale.edu
tracy.rightmer@yale.edu
jean.larson@yale.edu
The 1st Rule to Data Storage


How do I store my data? SECURELY!
Use common sense when dealing with
sensitive personal data
Data Security

Recent developments:

Theft of a laptop with identified data

Theft of a desktop computer with identified data (including
SSN)

HITECH Act







Increased penalties. Prior penalties were up to $100 per incident
capped at $25,000 per year. Now $100-50,000 per incident capped
at $1.5 million per year.
Unauthorized or inappropriate access to unsecured PHI could be
considered a breach
It is not a breach if it is de-identified or encrypted.
If it is a breach, must report to patient and to DHHS within 60 days
If breach involves more than 500 people, must notify the media and
report to DHHS.
All reports to DHHS are available to the public.
Report all potential breaches to security@yale.edu or 432-3262.
Best practices



Work in progress
Several task forces working on these
issues
Review some basics to think about
and incorporate into practice
Confidentiality



Common Rule has always required
that confidentiality be protected to the
extent possible
Good medical practice also
incorporates pledges of confidentiality
Steps must be taken to minimize the
risk of breaches of confidentiality
Common Rule definition


Private information includes information about
behavior that occurs in a context in which an
individual can reasonably expect that no
observation or recording is taking place, and
information which has been provided for
specific purposes by an individual and which
the individual can reasonably expect will not be
made public (for example, a medical record)
Private information must be individually
identifiable (i.e., the identity of the subject is or
may readily be ascertained by the investigator
or associated with the information) in order for
obtaining the information to constitute research
involving human subjects
HIPAA



Adds layers of ensuring privacy and
data security
HIPAA Security focuses on electronic
media, but Privacy covers all forms of
data
Uses somewhat different definitions
Both CR and HIPAA


Need to get permission to access,
share personal information, via
consent or authorization.
If authorized, sharing is allowed per
the specifics of the approved
documents
Jargon

Anonymous
Coded
De-identified

Terms are not synonymous!


Jargon
Anonymous:
1: not named or identified <an
anonymous author> <they wish to
remain anonymous>
2 : of unknown authorship or origin
<an anonymous tip>
3 : lacking individuality, distinction, or
recognizability
Merriam-Webster, on-line
Jargon
Coded:
 a system used for brevity or secrecy of
communication, in which arbitrarily
chosen words, letters, or symbols are
assigned definite meanings
Dictionary.com

Implies there is a link somewhere
Jargon
De-identified:
 Not a word
 Usually thought to refer to stripping the
18 HIPAA identifiers (including dates)
 So may be more stringent than
anonymous, but also could be coded
or not
Jargon
Anonymous is not de-identified nor coded
Some use the term ‘no identifiers’
Anonymous should be reserved for
situations when there are no identifiers
and no code to link back
Anonymous would allow recording of
dates
Coded



Some code is used to track subjects
and their data
Must be master file listing identifiers
(name) with code to allow decoding,
addition of new data
NEVER store the link with the data
Separate
means
separate!
Jargon




Moveable media: CDs,
diskettes, jump drives,
laptops, palm tops,
Blackberry, flash
drives, thumb drives
Encryption
Secure networks
Password protection
Advice

Do not keep data with identifiers on
moveable media

May become more than just advice
Advice
“Tell them never to
leave their laptops
in the back seat of
the car.”
Kristina Borror,
OHRP
Other methods to secure data





Password protection
Fingerprinting
Auto log-off
Lock-down cables on laptops
Restrictions on downloading
Confidentiality section of the HIC
application





Describe all sites where data will be
used or stored
Describe how the data will be
transmitted or transported
Describe specifically who will have
access
Describe how the data will be secured
If copies of data are on moveable
media, describe security measures for
these media
Sharing with co-investigators


Avoid unprotected email
Coded data best
Destruction


Old data/old computers
Via ITS, Procedure 1609, Media Control:
http://mire.med.yale.edu/hipaapolicies/



When use or retention of any media containing confidential
information (including protected health information) is completed, the
confidential information must be destroyed, rendered unrecoverable,
or returned to the system owner.
The primary means for electronic media reuse is zeroing, or
degaussing and the primary means for electronic media disposal is
zeroing, degaussing, or physical destruction, as applicable to the
medium.
Deleting data or reformatting the disk is NOT sufficient if electronic
media contains electronic Protected Health Information or other
confidential information.
Destruction cont.




Zeroing uses a disk utility (e.g., Data Removal Service
software) to write “zero” to all areas of a disk, thereby
overwriting any data that may be on the disk. Zeroing is
required rather than simply formatting or initializing the disk
which simply marks the disk as blank, so that it only appears
empty - other disk utilities are available that can "unformat" the
disk and recover the data, so formatting/reformatting is not an
acceptable practice.
Degaussing or demagnetizing is a procedure that reduces the
magnetic flux on the disk to virtual zero by applying a reverse
magnetizing field. Degaussing a magnetic storage medium
removes all the data stored on it.
In general, other electronic media (DVD, CD, diskette, zip
drive etc.,) must be physically destroyed to be rendered
unreadable.
Medical campus: use the online instructions or contact the
ITS-Med Help Desk http://its.med.yale.edu/help/
Conclusions



Take steps to develop a specific
document management plan tailored
to the protocol
Take steps to implement data security
measures
Stay tuned!
References



Common Rule:
http://www.hhs.gov/ohrp/humansubjects/guidance/4
5cfr46.htm
ICH GCP:
http://www.fda.gov/ScienceResearch/SpecialTopics/
RunningClinicalTrials/GuidancesInformationsheetsa
ndNotices/default.htm
HIPAA Privacy and Security:
http://info.med.yale.edu/hic/hipaa/index.html

HIC: http://info.med.yale.edu/hic/
Take-Away






If it isn’t documented, it didn’t happen
No one-size-fits-all solution
How do I store my data? Securely!
Bread-crumb trail
Separate means separate
An amendment is an amendment