Presentation is loading. Please wait.

Presentation is loading. Please wait.

Best Practices from PEACH

Published byArthur Stanley Modified over 8 years ago

Similar presentations

Presentation on theme: "Best Practices from PEACH"— Presentation transcript:

1 Best Practices from PEACH
Computerized Systems in Clinical Trials: Data Quality and Data Integrity Best Practices from PEACH Earl W. Hulihan, Senior Vice President, Regulatory Affairs Medidata Solutions Worldwide Professorships with Shanghai University of TCM, SFDA Training Center and the University of Medicine and Dentistry of New Jersey

2 Disclaimer The views and opinions expressed in the following PowerPoint slides are those of the individual presenter and the ‘PEACH’ Core Committee and should not be attributed to Drug Information Association, Inc. (“DIA”), its directors, officers, employees, volunteers, members, chapters, councils, Special Interest Area Communities or affiliates, or any organization with which the presenter is employed or affiliated. These PowerPoint slides are the intellectual property of the individual presenter and are protected under the copyright laws of the United States of America and other countries. Used by permission. All rights reserved. Drug Information Association, DIA and DIA logo are registered trademarks or trademarks of Drug Information Association Inc. All other trademarks are the property of their respective owners. Drug Information Association

3 for the purpose of human welfare
Scope Research conducted by: academic institutions government organizations companies from the device, pharmaceutical, and biotech industries for the purpose of human welfare Drug Information Association 3

4 Quality Management System
A set of policies, processes and procedures … required for planning and execution … in … an organization. QMS integrates the various internal processes within the organization … and … provides a process approach for project execution. QMS enables … to identify, measure, control and improve the various … processes that will ultimately lead to improved … performance.” (ISO 9001:2008). Just read Drug Information Association 4

5 Where Should QMS Originate?
Management provides support and oversight establish a quality system that includes policies, procedures, and processes include a process by which to capture, quantify, and analyze performance If properly done, it will allow for continual improvement Just read Drug Information Association 5

6 Key Attributes & Elements
Quality Assurance and Quality Controls Monitor, Audit/sample and manage QMS adapt and evolve Metrics standards for measuring performance within a system or process should not be a stagnant include personnel qualification and training controlling and defining processes document management system validation quality review Drug Information Association 6

7 Risk Assessment & Management
Identify what can go wrong? Analyze probability of occurrence of each & its severity Mitigate risk mitigation plan Maintain & Monitor ongoing process & based upon feedback The cycle is repeated Identify phase: Is where risk is ascertained, or better said – what can go wrong? In a typical clinical research example of the decision to transition from paper CRF to electronic CRF processes (EDC), i.e. or similar technology; a number of risks can be identified which could lead to an unsuccessful transition. Analyze phase: To quantify probability and severity a scale must be developed to indicate the relationship of different levels. In risk management process these scales tend to be of two types: “Mild”, “Moderate”, and “Severe” or “Low”, “Medium”, or “High” Scales going from 1 to whatever level is needed Mitigate phase: document the actions to be taken to minimize either the likelihood of the risk occurring, minimizing impact if it does, or maximize the likelihood of detection. Maintain & Monitor phase: ongoing process during which plans are maintained and activity is monitored. Based upon feedback, the cycle is repeated. Drug Information Association 7

8 Computerized System Includes all
Hardware, software, people, procedures, processes, facilities, et. al. (both directly or indirectly related to trial, e.g., Investigator and when outsourced) Each has stakeholders lifecycle All must be controlled to achieve data integrity and ensure subject safety Earl, the following information is GREAT… use it!!! For controlling all of this and in most situations, the following topics should be documented using policies, directives, plans, SOPs, WIs, etc.: Control of the Procedures – Procedures for the creation, review, approval, distribution and retirement. This should include periodic review, change control, impact assessment of changing procedures, etc. Training – This program includes required training to understand the standards documented in the company procedures, as well as, ongoing training to maintain a level of expertise for required job functions and an understanding of applicable laws and regulations. Documentation – Standards for the creation, revision and filing of documentation associated with all aspects of quality operations. Templates are useful tools, especially for tasks that are supposed be controlled, frequently repeated and up for quality review, audit or inspection. Qualification, Verification, or Validation - Including the appropriate level of procedures for each distinct type being managed such as servers (could be multiple classes), databases, network components, disk storage and personal computing devices, etc… Risk Assessment – Procedures that describe how to assess the impact and likelihood of change. Change Control - The process for initiating, assessing risk and impact to applications and data, scheduling, reviewing, approving and implementing controlled changes to the computerized system, including management, and quality review and approval. Problem Reporting – A program which provides the opportunity for staff to report problems they experience during the trial including operating applications or infrastructure. Reported problems should be tracked through to closure. Each problem report should be assessed and managed, if needed; the result of the report could lead to a controlled change. Problem reports should be periodically reviewed by management, so that they monitor the types of issues being reported, and the organizations response. Management review is part of the continuous program that leads to improved quality operations. Backup and Recovery - Including the planning, designing, implementation and on going testing (verification). Archiving for Retention - Including the planning, designing, implementation and on going testing (verification). Disaster Recovery - Including the planning, designing, implementation and on going testing (verification). Business Continuity - Including the planning, designing, implementation, and on going testing (verification). Security Control Points - Access to the physical areas in which infrastructure is managed (site, building, room, or office) or account access to the infrastructure components. Procedures should exist for the management, revocation and periodic review of access accounts, rights and privileges. Personnel Management - A program to account for the hiring and termination of staff, protection of intellectual property and periodic review of performance, which could include an opportunity to review experience and address training needs. Quality Event Management (CAPA) – A program of continuous improvement needs to be in place to show commitment to quality and the appropriate investment in time, money and human resources to accomplish the protection of the electronic records (i.e. data integrity). Typically, a program including quality event investigation followed by the documentation of corrective and preventive actions can provide a program of continuous improvement. This could be managed by the quality organization. Auditing of Suppliers of Services – Defined program for the routine assessment of any supplier of services that are involved. Facilities and Utilities – Procedures that describe the management of the physical location. Drug Information Association 8

9 A Technology Infrastructure
Example of technology infrastructure Drug Information Association 9

10 Phase: Project Initiation Phase: Requirements
SDLC and SLC Phase: Project Initiation Phase: Requirements Phase: Design Specifications Phase: Implementation Phase: Testing Phase: Installation & Acceptance Phase: Operation & Maintenance Phase: Decommissioning Phase 1: Project Initiation: Develop plans for the computerized system may include: Identify stakeholders Assign resources Estimate time requirements, costs, quality Assess risk Obtain approvals Phase 2: Requirements: Explain what the computerized system is to do – It’s Intended Function Phase 3: Design Specifications: Describe how the computerized system is to work Phase 4: Implementation: Write the code using standards, software controls, unit testing. i.e. good programming practices or install the application and supporting software. Phase 5: Testing: Test against the Requirements in Phase 2 and the Design Specification Phase 3. This should include linking of the test scripts to the requirements and the design components. This is commonly called a “Traceability Matrix”. Phase 6: Installation & Acceptance: Install the computerized system into the “Production” environment. Check to ensure the computerized system is operating correctly Prepare any Standard Operating Procedures not already available. Conduct user training Migrate any necessary data needed to support the computerized system Phase 7: Operation and Maintenance: Update training and SOPs as needed. Execute change control procedures to maintain the validated state of the application. Phase 8: Decommissioning: Retire the application when it is no longer needed. ****When the system is purchased, Phases 3 through 5 are performed by the vendor. Drug Information Association 10

11 Life Cycle of Electronic Records
Record Definition – content, intended use, applicable standards, naming conventions, format, metadata Record Storage – location, structure and design Record Access – privacy, security, legal classification, access methods Record Protection – stewardship, backup & restore, disaster recovery Record Retention – retention period, short and long term preservation methods to meet requirements for applicable regulatory authorities Just read slide Drug Information Association 11

12 Data Integrity Throughout Life Cycle
System not properly validated Unauthorized access to electronic records Unauthorized modification of electronic records Unauthorized or inappropriate deletion of records Data corruption to render the record inaccessible Loss of data, including metadata, during a process (e.g., transmission, archival, migration) The person or system modifying the data is not recorded or is not identifiable The time and date the data was modified is not recorded or is not accurate (including capture of local time zones, when necessary, to distinguish between multiple sites) The original data are not retained A reason for change is not recorded Earl, just read slide Drug Information Association 12

13 Information Security Management (ISO)
Establish a comprehensive information security policy Establish an internal security organization and control external party use of the stakeholder’s organization information Establish responsibility for the organization’s assets and use an information classification system Emphasize security prior to employment, during employment, and at employment termination Use security areas to protect facilities and equipment Establish procedures and responsibilities, control third-parties access and ability to change, plan for the future, protect against malicious code, backup information, protect networks, protect the exchange of data Iso’s model: Establish a comprehensive information security policy: Develop an information security policy document and review the information security policy. Establish an internal security organization and control external party use of the stakeholder’s organization information: Make an active commitment to information security and coordinate information security implementation. Allocate information security responsibilities Establish an authorization process for new facilities. Use confidentiality agreements to protect information and maintain relationships with other organizations as well as special interest groups. Perform independent information system reviews to identify risks related to the use of external parties. Address security before customers are given access. Establish responsibility for the organization’s assets and use an information classification system: Compile an inventory of organizational assets and determine the owners for information and assets. Establish acceptable use rules for information and develop information classification guidelines as well as information handling and labeling procedures. Emphasize security prior to employment, during employment, and at employment termination: Define security roles and responsibilities and verify the backgrounds of all new personnel. Use contracts to protect the organization’s information. Deliver information security training programs and set up a disciplinary process for security breaches. Make sure that assets are returned at termination and remove information access rights at termination. Use security areas to protect facilities and equipment: Use physical security perimeters to protect areas, and physical entry controls to protect secure areas. Secure the organization’s offices, rooms, and facilities and protect the facilities from natural and human threats. Use work guidelines to protect secure areas, as well as to isolate and control public access points. Use equipment protection strategies to ensure supporting utilities are reliable. Maintain the organization’s equipment including the off-site equipment. Establish procedures and responsibilities, control third-parties access and ability to change, plan for the future, protect against malicious code, backup information, protect networks, protect the exchange of data: Document the operating procedures and control changes to facilities and systems. Segregate duties and responsibilities and manage third-party agreements and services. Monitor system usage and carry out capacity planning. Develop acceptance criteria to test systems and establish network security controls. Control how media are handled including removable media as well as the disposal of the organization’s media. Control information handling and storage and protect system documentation. Establish information exchange policies and procedures and software exchange agreements. Safeguard the transportation of physical media as well as electronic messaging and messages. Protect interconnected information systems and commerce services. Establish and maintain audit logs for processing facilities, logging facilities and log information. Finally, synchronize system clocks. Drug Information Association 13

14 Information Security Management (ISO)
Control access to information, user access rights and encourage good access practices. Control access to networked services and operating systems. Control access to applications and information. Protect mobile and telecommuting facilities Identify information system security requirements and application’s process information correctly. Use cryptographic controls to protect information and control development and support processes. Protect and control the organization’s system files and Establish technical vulnerability management Report information security events and weaknesses and manage information security incidents and improvements Use continuity management to protect information Comply with legal requirements by performing security compliance reviews and carrying out controlled information system audits Control access to information, user access rights and encourage good access practices. Control access to networked services and operating systems. Control access to applications and information. Protect mobile and telecommuting facilities: Develop a policy to control access to information, and users. Control system privileges, passwords, and user access rights. Expect users to protect their passwords, and their equipment. Establish a clear-desk and clear-screen policy. Formulate a policy on the use of networks and remote connections including diagnostic and configuration ports. Use segregation methods to protect the networks and restrict connection to shared networks. Establish secure log-on procedures that identify and authenticate all users in accordance with the password management system. Restrict access by users and support personnel and isolate sensitive application systems. Protect mobile computing and communications and telecommuting activities. Identify information system security requirements and application’s process information correctly. Use cryptographic controls to protect information and control development and support processes. Protect and control the organization’s system files and Establish technical vulnerability management: Identify security controls and requirements, then validate data input into applications. Use validation checks to control processing, protect message integrity and authenticity and the output data. Implement a policy on the use of cryptographic controls and establish a secure key management system. Control the installation of operational software, the use of system data for testing and access to program source code. Review applications after operating system changes. Report information security events and weaknesses and manage information security incidents and improvements: Report information security events and weaknesses as quickly as possible. Establish incident response responsibilities and procedures and then learn from information security incidents by collecting evidence to support actions. Use continuity management to protect information: Establish a business continuity process for information that identifies the events that could interrupt the business. Develop and implement business continuity plans by establishing a business continuity planning framework, and finally test and update the business continuity plan. Comply with legal requirements by performing security compliance reviews and carrying out controlled information system audits: Identify all relevant legal requirements with respect to intellectual property rights (IPR) as well as protecting the organization’s records and the privacy of personal information. Prevent misuse of data processing facilities and control the use of cryptographic controls. Review compliance with security policies and standards and review technical security compliance. Drug Information Association 14

15 Data Privacy Information in a clinical trial must be fairly and lawfully processed Information can only be processed for limited purposes and not in any way incompatible with those purposes The information must be adequate, relevant and not excessive The information must be accurate The information can be kept for only as long as is necessary for its business purpose All the information must be processed in line with the individual’s rights The information must be kept secure If the information is going to be transferred to countries without adequate data protection laws, the transferring agent must demonstrate adequate mitigation Earl, this is important information…. Just read these speaker notes!! Information in a clinical trial must be fairly and lawfully processed. In general this principal is concerned with how the information is gathered. Were subjects recruited, and informed about the purpose of the trial and how the information would be used? Or, was the information covertly collected or stolen from some other database? Information can only be processed for limited purposes and not in any way incompatible with those purposes. During a clinical trial, information can only used for the purposes of the trial unless explicit written consent has been given or the data subject has been told at the time of collection. The information must be adequate, relevant and not excessive. This principle ensures that sponsors do not ask for or hold information that is not necessary or might be useful in the future, for example mobile numbers or addresses. The information must be accurate. At every intersection in GCP accuracy is paramount. So it’s no surprise that it would be part of the principles of good information handling as well. This particular principle requires that subject information be accurate in three states. The first state is during entry into the system. If using an electronic capture system or pencil and paper, it is critical that the data entered be accurate. The next state is the transfer of data to a processing location. If this is electronic, special considerations must be taken and those will be covered under Data Transfer Integrity. The final state is during long-term archival. In this last stage care must be taken to ensure the confidentiality and integrity of the data across decades of time. The information can be kept for only as long as is necessary for its business purpose. This principle is concerned with deleting the data as soon as it is no longer needed. The difficult decision is the business purpose length. Often other regulatory requirements will dictate long retention periods, up to 25 years, while data privacy officials would prefer to destroy the information immediately after a trial is complete. All the information must be processed in line with the individual’s rights. Those doing research must inform subjects who they are, what information will be collected, what it will be used for and who it will be shared with If the subject’s information is exported to another country, that must be disclosed as well. The information must be kept secure. This principle is designed to ensure that private information, paper or electronic, is secure at all times. In the paper realm this is accomplished by exercising “positive control” of documents. This means conducting business with a clear desk policy. In the electronic environment users should not give access to other colleagues unless they can demonstrate a genuine business ‘‘need to know’ the information. Information on computers must also be protected from physical access to the data as well as logical access to the data. If the information is going to be transferred to countries without adequate data protection laws, the transferring agent must demonstrate adequate mitigation. Each country defines its own standards for Data Privacy and will determine if the country the data are transferred to has adequate controls or not. If the target country does not have adequate regulations, then the responsibility is incumbent upon corporations conducting the trial. In those situations, demonstrating that the information is kept confidential and with high integrity during collection, transmission, processing, storage and dissemination is required. Tools such as layered security, logical security, firewalls, intrusion detection, and cryptography can be used in various combinations to provide adequate protection. Drug Information Association 15

16 Outsourcing Decide what should be outsourced: create a list of requirements & involve personnel and departments Evaluation & Selection: use qualification questionnaire, reference checks, phone interview, onsite visit, discuss n-tier outsourcing Management: how the staff will be trained and managed, definition of the procedural controls needed to conduct the work, communication and escalation process, description of the types of information technologies expected to be used, quality metrics to be collected and reported, schedule for implementation, change management program Completion: records and data custody and retention, access to software and related documentation, project documentation and deliverables Some things to consider when planning for outsourcing: Decision to Outsource Prior to making a decision to outsource an activity, sponsors need to evaluate their own capabilities and resources. Following this evaluation, determine what functions or activities may be outsourced. Planning Careful planning is a key to a successful outsourcing or vendor management program. There are many reasons why a stakeholder might choose to outsource. Outsourcing can provide access to capabilities and expertise that might not otherwise be available to the stakeholder There may be a desire to focus on certain competencies and to outsource more mundane or repetitive functions, or to supply additional resources. Any stakeholder looking to outsource should have an understanding of its core competencies, business process, regulatory and legal responsibilities, requirements and budget before exploring outsourcing opportunities. Additionally, the stakeholder should define roles and responsibilities within its organization with regard to the outsourced process to ensure accountability through its life cycle. Decide what should be outsourced. Create a list of requirements for the vendor to provide, supply, fulfill including regulatory compliance. These should be unambiguous, comprehensible and documented. Involve personnel and departments whose work is to provide, receive or are otherwise impacted by the outsource engagement. Consider resources needed to work with and manage the outsource engagement. Evaluation & Selection: Qualification questionnaire - A document that is sent to the vendor which includes questions requesting the vendor to further expand upon. The vendor may be asked to provide representative procedures and reports. This can be the most cost effective way of gathering information on a vendor (supplier) . However, this process usually does not allow for objective verification of people, processes and equipment used to support the function being outsourced. Reference checks - By consulting with others who have used the services of the proposed vendor, helpful information may be gathered. If these are provided by the vendor, remember they will generally be customers who have had a relatively positive interaction with the vendor. Phone interview – The phone interview can be used to expand upon the qualification questionnaire and allows for follow-up or supplemental questions to be asked. An effective approach is to have an interactive Internet meeting that allows for document sharing, product demonstration and staff interviews. However, as with the questionnaire, objective verification is limited to what the vendor provides during the session. Onsite visit - The onsite visit or traditional due diligence visit involves a physical visit to the facility where the service will be provided. The intent is to evaluate the provider’s ability to effectively provide the required service. On this visit, the stakeholder would typically review the provider’s policies and procedures, training and personnel qualifications, infrastructure and security, and management oversight as applicable to the service to be provided. The onsite visit provides for the most comprehensive examination of the vendor; however, it is also the most costly and time consuming for all parties involved. In addition, it may not be practical if the provider’s staff is globally dispersed. It is recommended that the visit team minimally include stakeholder staff with accountability for the business process to be supported by the provider as well as quality and compliance professionals. It may also be necessary to include an information technology subject matter expert. Discuss n-tier outsourcing Management The content of the quality agreement or quality plan will depend on the contracted responsibilities, the extent of each and how complicated the contracted responsibilities are. Quality agreements (quality plans) could include, but are not limited to: How the staff will be trained and managed Definition of the procedural controls needed to conduct the work Communication and escalation process Description of the types of information technologies expected to be used Quality metrics to be collected and reported Schedule for implementation Change management program And managing change includes: Changes or additions to the requirements Unforeseen problems result in additional work External influences (e.g., regulatory changes) necessitate a change Completion topics: Records and data custody and retention Access to software and related documentation Project documentation and deliverables Drug Information Association 16

17 Medical Devices, Equipment & Laboratories
Follow the same life cycle principles Special considerations for laboratories Reference ranges (single location) Reference ranges (multiple locations) Designated laboratory contact There are many variables that are involved with data quality and integrity on the equipment and method levels. The following are points to consider when evaluating a laboratory: Reference Ranges – Single Location Reference ranges are reported with subject data may be method and instrument dependant. The laboratory may use the recommended package insert ranges, may establish their own using a normal population, or use published disease-specific ranges. The laboratory should have an approved procedure for how the reportable reference ranges are obtained and frequency for re-evaluation. The sponsor must be aware, understand, and agree with the handling of reference ranges to avoid downstream data quality issues. Reference Ranges – Multiple Locations Multiple laboratory locations (sites) offer additional process complexities. The laboratory should have an approved procedure for inter-laboratory standardization, reference range normalization and reporting, and include a periodic internal comparative analyses process. Just as with single location reference ranges, the sponsor must be aware, understand, and agree with the handling of reference ranges to avoid dstream data quality issues. Inventory Equipment can be owned or leased and also may have repair contracts as well as an on-site stock of spare parts. For reagents, laboratories may have sequestered lots based on projected volumes. The laboratory should be able to supply the sponsor with information to insure proper control for business continuity. Change Control Change control may be apparent only at the laboratory level or may be reportable to the trial contact based on agreed upon conditions. Whenever a change is made, the laboratory is responsible for assessing the impact and any risks must be evaluated per the existing laboratory policies. Handling Laboratory Errors There is an array of error types that may occur in the laboratory. The laboratory should have procedures in place when the error affects the final reporting data and the impact should be reflected on the subject’s report. Laboratory provisions also may be available for communication by phone. Whenever results already reported are revised, at a minimum, the revised items should be identified and noted on the report. Within the laboratory, the person who made the revision, date, time, un-obscured initially reported value, the new value, and reason for change should be available, and if possible, should be reflected on the report. If there is an error which does not allow a specific test to be performed, the sponsor may want the laboratory to make provision for immediate notification so that a re-draw may be possible in order to meet the trial visit timeline requirements. Disaster Planning Disaster planning and recovery affects every level of the laboratory. Each section, e.g., facility, Laboratory Information System (LIMS), Trial Management System (SMS), instrument interface, method, and personnel available, should have an available Disaster Recovery (DR) Plan. Computer System Validation The laboratory should have procedures in place for validation of the computer system along with the supporting SOPs to maintain the computerized system in a validated state. The available SOPs should include, and not limited to: Physical security Logical security Backup and Restoration Change control Configuration management System training and qualification System administration Production monitoring and maintenance Periodic review of validated state Problem reporting Business continuity Disaster Recovery Decommissioning Records retention Archiving In those cases when the software is developed in-house: code development and testing should be available. Records should be available for those systems still in production use. When decommissioned, they should follow the Archiving and Retrieval SOP. More detailed information can be found in Chapters 5, 6, 7, and 8. Records Retention, Archive and Retrieval The laboratory should have a records retention, archive and retrieval policy available. Staff Competency Each employee of the laboratory should have education, licenses, Certificates of Qualification, training records, and experience information documented and available for review. Documentation should include and be able to support current responsibilities. Regulatory requirements for staff competency and responsibilities may differ based on geographical location and intended regulatory authority submission agency for the laboratory professionals analyzing specimens and reporting subject data. It is advisable the sponsor obtains this information from the regulatory agency and verifies staff qualifications utilizing this information. Laboratory Result Monitoring and Competency The laboratory should be able to demonstrate quality assurance practices. Typically this is done by submission of samples for analysis that are of previously known values, e.g., control sample, yet blind to the laboratory professional. Evaluation of the results by Quality Assurance along with any required corrective actions should be available. Proficiency program results from a regional or private organization should also be available for review. Designated Laboratory Contact Operationally, to have a designated laboratory contact person allows normal processes to proceed more efficiently, especially if the laboratory is a combined clinical and clinical trial research laboratory. This contact, coupled with root-cause corrective actions, may lead to more efficient processes from specimen receipt to reporting. Drug Information Association 17

18 Computerized Data Collection
eCRF – Electronic Case Report Form ePRO - Electronic Patient-(Subject) Reported Outcome EMR/EHR – Electronic Medical Record/Electronic Health Record Video Records Data Warehousing Other Systems & Processes at the Later Stages of Clinical Research Submission of data to regulatory authorities and reviewers Post-marketing Registration Management Submission Management Drug Information Association 18

19 Computerized Data Collection
Selection of the system: Will the system meet the needs of all trials and yet-to-be-developed protocols? Cost in terms of resources – Is new infrastructure required? Are additional resources to maintain and implement the system required? Vendor risk: What is the experience of the vendor in this arena? What is the experience of the sponsor with the vendor (does the sponsor already use other products, such as IVRS)? Is the vendor able to support the product long term? Is the vendor financially viable? Consider product pricing, scalability, integration opportunities (with, for example, SAS, IVRS, Safety, CTMS, CDMS), and flexibility to configure to business processes. Drug Information Association 19

20 Computerized Data Collection
Stakeholder contribution and input For the investigator, systems should provide ease of use and workflow for the investigator and site-related personnel. Any system cannot be viewed by the site as an annoyance or hindrance to the process; the system must be viewed as an asset to the process of evaluating and treating clinical trial subjects during the trial. Real-time access to the data collected must maintain the necessary confidentially required by the clinical trial (i.e. blinded clinical trials have different requirements than unblinded clinical trials). Only specified stakeholders should have system permissions to alter data and the management of user access rights to the system should be documented in procedures. For all stakeholders training, which is required by industry and regulatory authorities alike, is key to the success of any system. Drug Information Association 20

21 Computerized Data Collection
Audit trail capability of the system The ability to re-create the trial is dictated by regulatory requirements and general scientific principles. One tool used to support this requirement and a key aspect of maintaining data integrity is an audit trail. The audit trail capabilities of the system(s) should be understood by the sponsor, clinical investigator and regulators. Privacy laws and regulations Transmission of data across country borders may be in direct conflict to privacy laws and regulations, which change from country to country. Certain country requirements guide data entry values particularly on Protected Health Information (PHI) data points, which have implications on how data are collected and analyzed. This impacts how systems should be designed to capture this information. Drug Information Association 21

22 Computerized Data Collection
Subject rights Informed consent needs to contain references to all data collection computerized systems that the subject will interact with (e.g., ePRO, eDC, video). While obtaining informed consent from a subject is currently a manual documentation process, there exists the potential to manage this electronically as the clinical trial process evolves. Drug Information Association 22

23 PEACH Thank You Earl W. Hulihan, Senior Vice President, Regulatory Affairs Medidata Solutions Worldwide direct: 1,610,393,1109 Drug Information Association 23

Download ppt "Best Practices from PEACH"

Similar presentations

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.

The Role of the IRB An Institutional Review Board (IRB) is a review committee established to help protect the rights and welfare of human research subjects.
Tips to a Successful Monitoring Visit

Tips to a Successful Monitoring Visit
EMS Checklist (ISO model)

EMS Checklist (ISO model)
What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.

What is GARP®? GARP® is an Acronym for Generally Accepted Recordkeeping Principles ARMA understands that records must be.
Data Monitoring Models and Adaptive Designs: Some Regulatory Experiences Sue-Jane Wang, Ph.D. Associate Director for Adaptive Design and Pharmacogenomics,

Data Monitoring Models and Adaptive Designs: Some Regulatory Experiences Sue-Jane Wang, Ph.D. Associate Director for Adaptive Design and Pharmacogenomics,
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group 209-754-9130

Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Control and Accounting Information Systems

Control and Accounting Information Systems
Clinical QA Data Audits A GCP Point of View Linda Del Paggio GCP Compliance BioBridges, LLC.

Clinical QA Data Audits A GCP Point of View Linda Del Paggio GCP Compliance BioBridges, LLC.
Environmental Management System (EMS)

Environmental Management System (EMS)
Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.

Audit of IT Systems SARQA / DKG Scandinavian Conference, October 2002, Copenhagen Sue Gregory.
ISO 9001 : 2000.

ISO 9001 : 2000.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.
GCP compliance for GenISIS  This presentation is intended for clinical staff involved in recruiting patients to the GenISIS (Genetics of Influenza Susceptibility.

GCP compliance for GenISIS  This presentation is intended for clinical staff involved in recruiting patients to the GenISIS (Genetics of Influenza Susceptibility.
Chapter 5 5-1 © 2009 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2009 Pearson Education, Inc. Publishing as Prentice Hall.
Security Controls – What Works

Security Controls – What Works
Developing a Records & Information Retention & Disposition Program:

Developing a Records & Information Retention & Disposition Program:
Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan 20 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Pertemuan 11-12 Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.

Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.

Session 6: Data Integrity and Inspection of e-Clinical Computerized Systems May 15, 2011 | Beijing, China Kim Nitahara Principal Consultant and CEO META.

Similar presentations

Ads by Google