Authority to Audit 45 CFR 46.109(e) An IRB shall conduct continuing review of research covered by this policy at intervals appropriate to the degree of risk, but not less than once per year, and shall have authority to observe or have a third party observe the consent process and the research.
UTHSC Local IRB Policy The process of compliance auditing is meant to accomplish several important purposes: Assure human subjects are properly protected, and that procedures to accomplish this goal are carefully documented Assist investigators in complying with current regulatory standards for protecting human subjects and in avoiding any external sanctions that may result from non-compliance with standard of practice
Local Policy (cont) Process is intended to assure that the University and affiliated institutions remain in good standing with federal agencies having oversight of human subject research activities.
Most frequently asked question: “How did my study get selected for a compliance audit?”
TYPES OF AUDITS Observation of the informed consent interview For cause Random
What is reviewed during an audit? Informed consent documents Subject eligibility documentation Verification of the informed consent interview Research records Medical records (if required) Database Study medication Confidentiality Regulatory documents
“Informed consent is the cornerstone of human subject research and the critical element in assuring the protection of subjects who voluntarily choose to enroll in a study.” Research Practitioner July-August 2011
Informed Consent Correct version (most current) IRB-stamped version Pages initialed by subject Only designated personnel conducted the informed consent interview Signatures dated and timed by signatories: Subject Person Obtaining Consent Investigator (must sign with 72 hours)
Informed Consent Verification 21 CFR 312.62(b), “the case history for each individual shall document that informed consent was obtained prior to participation in the study”. Generally, industry fulfills this requirement in one of two ways: By documenting consents in source documents; or By documenting consents on case report forms.
Best practices call for a contextual statement in a source document regarding exactly how and when the consenting processing occurred.
Subject Eligibility There must be some type of documentation that the subject strictly meets the inclusion/exclusion criteria
Research Records Research records will be reviewed for completeness, timeliness, and accuracy Were visits and study procedures completed within the defined window? Can data be verified from a source?
Protocol Deviations Deviations: Failure to follow procedures specified in the approved research protocol in the absence of a protocol waiver Minor – no substantive effect on the risks or benefits for the subject, and no effect on value of data, and does not result from willing or knowing misconduct on the investigator or study staff Major – deviation that has harmed or posed significant risk of harm to subject, or compromised scientific integrity of data, or appears to result from misconduct
Medical Records If the study involves the subject’s clinical record, the records will be compared to data points in the research record for compatibility.
Database If the data has been entered into a database, the database will be reviewed for accuracy, security, and accessibility.
Study Medication Is it being stored according to the protocol? Are the dispensing records up to date? Is returned study medication stored correctly? Is it being stored securely, who has access to it?
Confidentiality Where are the study records stored? Who has access to the records? How are the records labeled? Has a database been created? How are specimens labeled? Is any portion of the specimen retained at the local site?
Regulatory Documents Regulatory documents are reviewed for continuity, changes in study procedures, amendments/changes that should be submitted to the IRB, study staff responsibilities/assignments, study staff training, investigator CVs, and evidence of PI oversight.
What happens after the audit? Audit report is written and forwarded to the IRB chairman Follow-up letter is written documenting audit findings PI and key study staff receive copies of audit report and letter via iMedRIS Audit report and letter is placed in “Other Documents” in iMedRIS (as well as “Correspondence”)
How to respond to an audit If there are no significant audit findings, no response is necessary If audit findings require a revision to the study application, a Form 2 will be requested If audit findings require corrective action, items to be addressed will be outlined in the letter A correspondence can be created in iMedRIS to address each request for corrective action or additional information