25 Sep Inspection findings related to electronic systems used in clinical trials
Over the last decade, there has been a significant increase in the use of electronic systems for capture and handling of data in clinical research. In order to maintain the integrity of the data created and handled by these systems, there are several requirements to these systems such as validation, audit trail, security, access, back-up and restore.
Below are some frequent inspection findings related to the electronic systems used in clinical trials. Some of these findings had negative impact on approval of a marketing authorisation due to poor data integrity.
- Filing and archiving of system documentation; e.g. the documentation for validation and qualification activities were missing (user requirements, functional specification, test documentation etc.)
- Firewall settings, restore from backup, robustness of backup procedures, disaster recovery plan, virus protection, security patching, penetration testing, procedures for security breaches and other data incidents
- Investigators’ control of CRF data
- Problems with overview, release and change control
- No regular review of the validated state
- Delayed reporting of serious adverse events to the sponsor and authorities due to missing notifications from the system (serious breach !!!)
- The audit trail was not complete (e.g. only latest change shown).
- The procedures for querying and correction of ePRO data was insufficient to ensure the data quality (which resulted in delayed marketing application approval !!!). For example:
- Data corrections were allowed long time after data entry in spite of poor documentation of reason for correction.
- A mechanism was lacking to correct the eDiary data. Consequently, errors reported on Data Clarification Forms (DCF) were not included in the analysis.
- There was a lack of information provided in DCFs regarding the content.
- There was no list of ePRO device IDs demonstrating who had been assigned the device and so it was not possible to reconstruct which devices had been merged and how the data had been qc’ed.
- The eDiary devices used by trial subjects did not have an accessible audit trail that could be used to verify when entries were being made and by whom.
- There was no way to verify who had entered the data in the eDiary as user names and login-in details were not captured.
- The trial subjects’ passwords/pin codes are known to the sites.
- Inadequate access to conduct audits and inspections.
CRO qualification findings:
- The CRO has not implemented sufficient quality assurance in their qualification of IT vendors. Consequently, it was not adequately ensured and documented, that the electronic systems, which are essential in the trials were validated at trial start and remained in a validated state.
- The assessment/audit of vendor X did not go into sufficient detail regarding the vendor’s validation documentation to ensure the sponsor that the vendor’s validation processes were adequate.
- The assessment/audit of vendor Y was performed by a person with no documented IT experience or background.
PharmaGCP frequently publishes relevant news in clinical research, you can get these news for free by following PharmaGCP on LinkedIn; https://www.linkedin.com/company/pharmagcp/