Data Integrity
advertisement
Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META Solutions, Inc. (USA) Purpose of this session: • To understand data integrity and its relation to computerized systems used in clinical trials • To review key issues related to the inspection of e-clinical computerized systems Drug Information Association www.diahome.org 2 Topics to be discussed: • Data Integrity • Regulatory Requirements for e-Clinical Computerized Systems • Inspection of e-Clinical Computerized Systems – Expectations – Results Drug Information Association www.diahome.org 3 Data Integrity Topics: • • • • What is Data Integrity? How is Data Integrity Lost? How Do We Ensure Data Integrity? Why is Data Integrity Important? Drug Information Association www.diahome.org 4 What is data integrity? • Data Integrity is the “validity” of the data for its intended purpose and use – Accurate – Complete – Reliable – Accessible – Enduring Drug Information Association www.diahome.org 5 How is data integrity lost? • • • • • • Human Errors and Tampering Storage and Transfer Errors Software Errors Loss of Data Control Software Viruses Hardware Malfunction Loss of Data Integrity Disasters Drug Information Association www.diahome.org 6 How do we ensure data integrity? • Personnel Training • Procedural Controls – SOPs – Quality Assurance and Management • Computerized Systems Controls – Error Detection and Correction – System Validation • Information Technology (IT) Controls – Backup and Disaster Recovery Plans – Network Security Drug Information Association www.diahome.org 7 Why is data integrity important? • Clinical Trials Data May be Used to Make Important Decisions – Industry – Regulatory Agencies – Public • Data May be Re-Used in the Future – Repeated Analysis – New Purposes Drug Information Association Data Integrity is a Regulatory Requirement www.diahome.org 8 Regulatory requirements topics: • How Do Agencies Ensure Data Integrity? • What is Expected During Inspections? • What Are the Requirements? Drug Information Association www.diahome.org 9 How do agencies ensure data integrity? • Regulations and Guidance • Review of Submitted Data • Independent Analysis of Data • On-Site Inspections 1) They Provide Requirements 2) They Confirm Adherence Drug Information Association www.diahome.org 10 What is expected during inspections? • • • • • Effective controls for trustworthy data Accurate and complete records Reliable systems and processes Secure data, systems and facilities Qualified and trained personnel Requirements to Ensure Data Integrity Drug Information Association www.diahome.org 11 What are the requirements? Provided in: • Regulations • Guidelines and Guidance for Industry • Compliance Policy Guides; Program Manuals; Advisory Documents • Published Presentations Drug Information Association www.diahome.org 12 Example of US FDA Regulation “An investigator is required to prepare and maintain adequate and accurate case histories… and other data…” (FDA 21 CFR 312.62 Investigator Recordkeeping and Record Retention) Drug Information Association www.diahome.org 13 Example of ICH Guidance “Systems with procedures that assure the quality of every aspect of the trial should be implemented.” (ICH E6 Good Clinical Practice; Consolidated Guidance) Drug Information Association www.diahome.org 14 Examples of FDA and ICH Guidance • (FDA/ICH) E6 “Good Clinical Practice: Consolidated Guidance” (April 1996) • (FDA) “Computer Systems Used in Clinical Investigations” (May 2007) • (FDA) “Part 11, Electronic Records; Electronic Signatures – Scope and Application” (August 2003) These Are Not Regulations Drug Information Association www.diahome.org 15 Examples of US FDA Compliance Program Manuals – “Clinical Investigators” (CP 7348.811) – “Sponsors, CROs and Monitors” (CP 7348.810) These are used by FDA personnel (and are useful to you!) Drug Information Association www.diahome.org 16 Computerized System Inspection Topics: • • • • What does FDA ask during inspections? What records are inspected? What has FDA observed? What is FDA’s response to deficiencies? Drug Information Association www.diahome.org 17 What does FDA ask during inspections? • Were there any problems experienced during the course of the study? • What is the source of data entered into the computer? Direct (no paper)? Case report form? Office record? Other? (CP 7348.811 Clinical Investigators) Drug Information Association www.diahome.org 18 What does FDA ask during inspections? • What is the source of the hardware and software? • Who enters data? When? • How are data changed? By whom? • Is an audit trail produced? (CP 7348.811 Clinical Investigators) Drug Information Association www.diahome.org 19 What does FDA Ask during inspections? • “If a firm is keeping eRecords or using eSignatures determine if they are in compliance with 21 CFR 11.” • “At a minimum, ensure that:” – Corrective Action Plan is in Progress – Accurate/Complete Copies Available – Employees Are Held Accountable and Responsible (CP 7348.810 Sponsors, Monitors and CROs) Drug Information Association www.diahome.org 20 What records are inspected? • Software Development Documentation • Validation Plans and Documentation • System Description/Configuration Diagram • System Operations Records • Configuration and Change Control Records Drug Information Association www.diahome.org 21 What records are inspected? • Personnel Training Procedures and Records • Data Collection and Transmission Controls • IT Security Procedures and Records • Emergency and Back-up Procedures and Records Drug Information Association www.diahome.org 22 What has FDA observed? • Lack of programming standards and conventions • No documents describing the intended function(s), operation and performance of software • Failure to test software at its operational limits • Incomplete test documentation Drug Information Association www.diahome.org 23 What has FDA observed? • The firm did not monitor and keep track of changes to hardware, application or operating system software. • There was no validation data to show that the system gave accurate and reliable results • There was no written validation plan reviewed or approved by management Drug Information Association www.diahome.org 24 What has FDA observed? • No documentation of training of persons engaged in writing, validating or supporting computer programs • No written SOPs for user operations, security guidelines, software revision control, virus detection, disaster recovery, and database backup and audit trail archival. Drug Information Association www.diahome.org 25 What has FDA observed? • The audit trail switch was intentionally disabled and prevented the recording of data that was modified or edited • There is no written procedure to describe the process that is used to assign, maintain passwords and access levels to the system • There were no restrictions on who could create, rename, or delete data. Drug Information Association www.diahome.org 26 What has FDA observed? • Lack of validation • Validation protocols for upgraded software do not contain diagrams or lists of hardware configurations and peripheral devices within the system. • The validation team and individual responsibilities are not specified Drug Information Association www.diahome.org 27 What is FDA’s response to deficiencies? • Form FDA 483 Inspectional Observations (“483”) • Establishment Inspection Report (EIR) • Notification to assigning Center • Regulatory sanctions for violations Drug Information Association www.diahome.org 28 What is FDA’s response to deficiencies? “If initial findings indicate the firm’s electronic records and/or …signatures may not be trustworthy and reliable, or when …systems inhibit meaningful FDA inspection, a more detailed evaluation may be warranted.” (CP 7348.810 Sponsors, CROs and Monitors) FDA may perform another inspection Drug Information Association www.diahome.org 29 What is FDA’s response to deficiencies? “In addition to a response to the deficiencies noted earlier in this letter, please outline your firm's global corrective action plan, including timeframes for correction, to address this Part 11 issue…” FDA Warning Letter Drug Information Association www.diahome.org 30 What is FDA’s response to deficiencies? “When substantial and significant part 11 deviations exist, FDA will not accept use of electronic records and …signatures to meet the requirements of the applicable predicate rule.” (CP 7348.810 Sponsors, CROs and Monitors) FDA may not accept the clinical trials data Drug Information Association www.diahome.org 31 Summary of discussed topics: • Data Integrity • Regulatory Requirements for e-Clinical Computerized Systems • Inspection of e-Clinical Computerized Systems – Expectations – Results Drug Information Association www.diahome.org 32 Conclusions: • Regulatory agencies establish regulations and guidance to ensure clinical trials data quality and integrity • Regulatory agencies confirm compliance with regulations to ensure that clinical trials data and reports are accurate and reliable for their purposes Drug Information Association www.diahome.org 33 Conclusions (continued): • Regulatory agencies generally follow their standard procedures when they conduct their inspections of e-clinical systems • If deficiencies are found during inspections, regulatory agencies have the authority to take actions, including rejection of clinical trials data. Drug Information Association www.diahome.org 34 Questions and discussion kim.nitahara@metasol.com Drug Information Association www.diahome.org 35
