During a Halloran-hosted Speaker Series on “Operational Disruption: Assuring Clinical Data Integrity,” our team shared about the challenges and key considerations of assuring data integrity both from a preventative and reactive perspective.
Regulatory bodies create guidelines and regulations to ensure that biopharma products and medical devices are safe, meet their intended use, and adhere to quality processes during manufacturing, control, storage, and distribution. Health Authorities (ICH, EMA, FDA, ISO, and MHRA) from each country define, oversee, and enforce Good Practice Quality Guidelines and Regulations (GxP) compliance through country-specific regulations. Data integrity controls are woven into these regulations/ guidelines and should be considered and implemented where warranted by risk management processes.
Compliance with GxP regulations is required to bring a product to market, and three elements of GxP are traceability, accountability, and data integrity. This last element, data integrity, is where this discussion was focused.
First, a note on industry trends. Regardless of company size, roughly 50% of all global product inspectional observation forms, Form FDA 483s, cited data integrity concerns from 2014-2018. Data integrity violations are even more prevalent in warning letters with 79% of global drug warning letters during this same time cited data integrity issues. In addition, the total number of FDA warning letters referencing data integrity deficiencies has increased significantly in recent years. This, coupled with an ever-increasing reliance on partner systems, SaaS (Software as a Service) and connected devices has created new challenges for companies to maintain data integrity considering the disparate ecosystem of data sources.
It’s likely that increased outsourcing in business models and unclear sponsor oversight responsibilities have led to the need for increased due diligence (e.g., audits) of the qualification of selected vendors. If you’re a sponsor conducting or preparing to conduct a clinical trial, here are three key takeaways to consider as you’re preparing your protocol and considerations if you encounter disruptions midstream.
#1: Know the Ins and Outs of Your Data Ecosystem
As a sponsor, you are responsible for all your regulated data. With that responsibility, you are also responsible for understanding where your data resides. And you’ll also need to be able to show that you and vendors who store, process, or transfer have controls in place to protect that data.
Knowing where your data resides and how it is managed also requires that your organization has a deep understanding of the data flow and chain of data custody in your clinical trial’s lifecycle. Proper documentation, along with a clear understanding of custody and ‘source of truth’, is essential to mitigating key risks that may derail your program.
As we mentioned earlier, there’s an increase in outsourcing due to the pandemic, and the rapid increase of decentralized clinical trial components has invited its own set of data management challenges. How technologies will work together (i.e., interoperability), what the oversight process looks like, and how to ensure data integrity and protection are key questions to work through with all your teams in the planning phase. These questions become even more important when you’re identifying your CRO or another vendor, especially if you’re launching a decentralized trial.
#2: Dig Deep in Your Vendor Qualification Audit Process and Achieve a Clear Understanding of Regulated Data Flow and Data Integrity Controls
As your organization is assessing and qualifying vendors, you’ll need to understand who will own the data in the event of a major disruption and what processes will be followed in the event of a disruption, including disaster recovery, change control, incident handling, and backup/restore. This disruption doesn’t have to be as program-altering as COVID-19 but could even be as minor as a shift in key staff members or a system upgrade.
The team at Halloran has observed that some organizations’ vendor audit processes tend to gloss over data integrity components because they’re complex and require specific technical expertise, and yet, they trust the vendors since vendors have robust SOPs. Be sure to not get stuck in this empty rationale.
There may be multiple third-party vendors for your vendors (e.g., your CRO may also be outsourcing to two or three other third-party vendors). Since some organizations don’t always extend their audit due diligence to those deeper layers of vendor qualification, you may be unaware of the entire story with the single vendor you’re qualifying. And if that story unravels in the middle of a disruption, you’ll quickly realize you missed some key questions in the qualifying process. Do not just trust that a CRO alone is able to accommodate a decentralized trial, as that assumption may only be made possible through a third-party vendor.
It’s so important to ensure auditors have unraveled the entire IT ecosystem and data flow including third-party vendor partnerships. as some third-party vendors may be less prepared to manage the quality expectations. It’s also important to consider the time and effort necessary to manage any changes or interruptions. Ultimately, this complex dynamic may require more time and oversight from your organization. Regardless of the path chosen, it’s best to know the entire End-To-End data process before you begin rather than having the story unravel in front of you during a significant clinical event or data recovery/collection issue.
#3: Set Up Your Storyboard with Proper Documentation
The audit report/data flow mapping exercise is the initial point of documenting the data lifecycle story for investigators. This is a crucial step to maintaining an ongoing record of the integrity of your program to stay aligned with the expectations of the regulatory authorities.
Documentation may include the following:
Storyboards provide a chronological history of documented events that explain the rationale, processes, and impact of protocol changes. These documents ultimately help sponsors provide assurance to regulatory agencies that the level of sponsor oversight was sufficient to maintain the integrity of regulated clinical data throughout the trial.
In summary, the trial sponsor is responsible for all the regulated data, including where it resides and the processes and controls in place to protect that data. All these considerations are essentials in mitigating key risks that may derail your clinical trial and delay treatment to patients.