Data Integrity

advertisement
Session 6: Data Integrity and
Inspection of e-Clinical
Computerized Systems
May 15, 2011 | Beijing, China
Kim Nitahara
Principal Consultant and CEO
META Solutions, Inc. (USA)
Purpose of this session:
• To understand data integrity and its
relation to computerized systems used in
clinical trials
• To review key issues related to the
inspection of e-clinical computerized
systems
Drug Information Association
www.diahome.org
2
Topics to be discussed:
• Data Integrity
• Regulatory Requirements for e-Clinical
Computerized Systems
• Inspection of e-Clinical Computerized
Systems
– Expectations
– Results
Drug Information Association
www.diahome.org
3
Data Integrity Topics:
•
•
•
•
What is Data Integrity?
How is Data Integrity Lost?
How Do We Ensure Data Integrity?
Why is Data Integrity Important?
Drug Information Association
www.diahome.org
4
What is data integrity?
• Data Integrity is the “validity” of the data
for its intended purpose and use
– Accurate
– Complete
– Reliable
– Accessible
– Enduring
Drug Information Association
www.diahome.org
5
How is data integrity lost?
•
•
•
•
•
•
Human Errors and Tampering
Storage and Transfer Errors
Software Errors
Loss of Data Control
Software Viruses
Hardware Malfunction Loss of Data Integrity
Disasters
Drug Information Association
www.diahome.org
6
How do we ensure data integrity?
• Personnel Training
• Procedural Controls
– SOPs
– Quality Assurance and Management
• Computerized Systems Controls
– Error Detection and Correction
– System Validation
• Information Technology (IT) Controls
– Backup and Disaster Recovery Plans
– Network Security
Drug Information Association
www.diahome.org
7
Why is data integrity important?
• Clinical Trials Data May be Used to Make
Important Decisions
– Industry
– Regulatory Agencies
– Public
• Data May be Re-Used in the Future
– Repeated Analysis
– New Purposes
Drug Information Association
Data Integrity is a
Regulatory Requirement
www.diahome.org
8
Regulatory requirements topics:
• How Do Agencies Ensure Data Integrity?
• What is Expected During Inspections?
• What Are the Requirements?
Drug Information Association
www.diahome.org
9
How do agencies ensure data integrity?
• Regulations and Guidance
• Review of Submitted Data
• Independent Analysis of Data
• On-Site Inspections
1) They Provide Requirements
2) They Confirm Adherence
Drug Information Association
www.diahome.org
10
What is expected during inspections?
•
•
•
•
•
Effective controls for trustworthy data
Accurate and complete records
Reliable systems and processes
Secure data, systems and facilities
Qualified and trained personnel
Requirements to
Ensure Data Integrity
Drug Information Association
www.diahome.org
11
What are the requirements?
Provided in:
• Regulations
• Guidelines and Guidance for Industry
• Compliance Policy Guides; Program
Manuals; Advisory Documents
• Published Presentations
Drug Information Association
www.diahome.org
12
Example of US FDA Regulation
“An investigator is required to prepare
and maintain adequate and accurate
case histories… and other data…”
(FDA 21 CFR 312.62 Investigator
Recordkeeping and Record Retention)
Drug Information Association
www.diahome.org
13
Example of ICH Guidance
“Systems with procedures that assure
the quality of every aspect of the trial
should be implemented.”
(ICH E6 Good Clinical Practice;
Consolidated Guidance)
Drug Information Association
www.diahome.org
14
Examples of FDA and ICH Guidance
• (FDA/ICH) E6 “Good Clinical Practice:
Consolidated Guidance” (April 1996)
• (FDA) “Computer Systems Used in Clinical
Investigations” (May 2007)
• (FDA) “Part 11, Electronic Records; Electronic
Signatures – Scope and Application” (August
2003)
These Are Not Regulations
Drug Information Association
www.diahome.org
15
Examples of US FDA Compliance
Program Manuals
– “Clinical Investigators” (CP 7348.811)
– “Sponsors, CROs and Monitors” (CP
7348.810)
These are used by FDA personnel
(and are useful to you!)
Drug Information Association
www.diahome.org
16
Computerized System Inspection
Topics:
•
•
•
•
What does FDA ask during inspections?
What records are inspected?
What has FDA observed?
What is FDA’s response to deficiencies?
Drug Information Association
www.diahome.org
17
What does FDA ask during inspections?
• Were there any problems experienced
during the course of the study?
• What is the source of data entered into the
computer? Direct (no paper)? Case report
form? Office record? Other?
(CP 7348.811 Clinical Investigators)
Drug Information Association
www.diahome.org
18
What does FDA ask during inspections?
• What is the source of the hardware and
software?
• Who enters data? When?
• How are data changed? By whom?
• Is an audit trail produced?
(CP 7348.811 Clinical Investigators)
Drug Information Association
www.diahome.org
19
What does FDA Ask during inspections?
• “If a firm is keeping eRecords or using
eSignatures determine if they are in compliance
with 21 CFR 11.”
• “At a minimum, ensure that:”
– Corrective Action Plan is in Progress
– Accurate/Complete Copies Available
– Employees Are Held Accountable and
Responsible
(CP 7348.810 Sponsors, Monitors and CROs)
Drug Information Association
www.diahome.org
20
What records are inspected?
• Software Development Documentation
• Validation Plans and Documentation
• System Description/Configuration Diagram
• System Operations Records
• Configuration and Change Control Records
Drug Information Association
www.diahome.org
21
What records are inspected?
• Personnel Training Procedures and
Records
• Data Collection and Transmission Controls
• IT Security Procedures and Records
• Emergency and Back-up Procedures and
Records
Drug Information Association
www.diahome.org
22
What has FDA observed?
• Lack of programming standards and
conventions
• No documents describing the intended
function(s), operation and performance of
software
• Failure to test software at its operational
limits
• Incomplete test documentation
Drug Information Association
www.diahome.org
23
What has FDA observed?
• The firm did not monitor and keep track of
changes to hardware, application or
operating system software.
• There was no validation data to show that
the system gave accurate and reliable
results
• There was no written validation plan
reviewed or approved by management
Drug Information Association
www.diahome.org
24
What has FDA observed?
• No documentation of training of persons
engaged in writing, validating or supporting
computer programs
• No written SOPs for user operations,
security guidelines, software revision
control, virus detection, disaster recovery,
and database backup and audit trail
archival.
Drug Information Association
www.diahome.org
25
What has FDA observed?
• The audit trail switch was intentionally
disabled and prevented the recording of
data that was modified or edited
• There is no written procedure to describe
the process that is used to assign, maintain
passwords and access levels to the system
• There were no restrictions on who could
create, rename, or delete data.
Drug Information Association
www.diahome.org
26
What has FDA observed?
• Lack of validation
• Validation protocols for upgraded software
do not contain diagrams or lists of hardware
configurations and peripheral devices within
the system.
• The validation team and individual
responsibilities are not specified
Drug Information Association
www.diahome.org
27
What is FDA’s response to deficiencies?
• Form FDA 483 Inspectional Observations
(“483”)
• Establishment Inspection Report (EIR)
• Notification to assigning Center
• Regulatory sanctions for violations
Drug Information Association
www.diahome.org
28
What is FDA’s response to deficiencies?
“If initial findings indicate the firm’s
electronic records and/or …signatures may
not be trustworthy and reliable, or when
…systems inhibit meaningful FDA
inspection, a more detailed evaluation may
be warranted.”
(CP 7348.810 Sponsors, CROs and Monitors)
FDA may perform another inspection
Drug Information Association
www.diahome.org
29
What is FDA’s response to deficiencies?
“In addition to a response to the deficiencies
noted earlier in this letter, please outline
your firm's global corrective action plan,
including timeframes for correction, to
address this Part 11 issue…”
FDA Warning Letter
Drug Information Association
www.diahome.org
30
What is FDA’s response to deficiencies?
“When substantial and significant part 11
deviations exist, FDA will not accept use of
electronic records and …signatures to meet
the requirements of the applicable predicate
rule.”
(CP 7348.810 Sponsors, CROs and Monitors)
FDA may not accept
the clinical trials data
Drug Information Association
www.diahome.org
31
Summary of discussed topics:
• Data Integrity
• Regulatory Requirements for e-Clinical
Computerized Systems
• Inspection of e-Clinical Computerized
Systems
– Expectations
– Results
Drug Information Association
www.diahome.org
32
Conclusions:
• Regulatory agencies establish regulations
and guidance to ensure clinical trials data
quality and integrity
• Regulatory agencies confirm compliance
with regulations to ensure that clinical
trials data and reports are accurate and
reliable for their purposes
Drug Information Association
www.diahome.org
33
Conclusions (continued):
• Regulatory agencies generally follow their
standard procedures when they conduct
their inspections of e-clinical systems
• If deficiencies are found during
inspections, regulatory agencies have the
authority to take actions, including
rejection of clinical trials data.
Drug Information Association
www.diahome.org
34
Questions and
discussion
kim.nitahara@metasol.com
Drug Information Association
www.diahome.org
35
Download