Monday, October 15, 2018

The One-Hour Study Site Audit

In an effort to tease out the priorities of a clinical study site audit, I asked six of our most experienced GCP auditors the following question:

If you only had one hour to conduct a study site audit,
what would you look at?

[Obligatory warnings:  Do not try this at home. This is just a simulation. Caveat lectorem. Dinosaurs in the mirror are bigger than they appear. Et cetera.]

Of course it’s not possible to conduct any kind of meaningful audit in so short a time, but it’s an interesting thought exercise because it gets to the heart of study site risk. In order to respond to this question, the auditors needed to ask themselves:
(1) What are the greatest site risks to a study?
(2) Where can evidence be found that those risks are being managed?
Answering the first question is pretty easy. The very first paragraph of ICH E6(R2) tells us “Compliance with this standard provides public assurance that the rights, safety and well-being of trial subjects are protected…and that the clinical trial data are credible.” So there it is: the reason GCP exists. When we conduct clinical research, our highest priorities are human subject protection and data integrity. It follows, then, that jeopardizing these obligations is our greatest risk.

So with only an hour to evaluate whether a study site is managing these risks, we can move on to the second question. What would our audit (now referred to as “hour audit”) look like?

IRB Approvals

Hour Auditor has decided to spend the first twenty minutes at the site reviewing IRB approvals. Are all of the IRB approval letters in the Investigator Site Files (ISF)? Is the protocol that’s being executed the same version that the IRB approved? Have the protocol amendments and all of the associated Informed Consent Forms (ICFs) also been approved?

Missing approval letters aren’t necessarily the end of the world. It’s quite possible that the required approvals are sitting on the sponsor portal, having been received from a central IRB. Their absence from the ISF could just be a clerical error. However, it’s a first-order finding if the site was responsible for getting approval from its local IRB and failed to do so. The IRB would have to be notified. The FDA would have to be notified. Without review and approval from an ethics body, the safety of study participants is jeopardized and their rights violated. Everything stops.

Informed Consent

With forty minutes left to go, Hour Auditor spends the next twenty minutes reviewing participants’ ICFs. The selection of these participants may be random or targeted, depending on the results of the IRB approval review. Has each participant signed every applicable version of the ICF? Were they signed before any associated study procedures were conducted? If not, was the delay noted in the subject notes? How was the situation remedied? Was there a CAPA to ensure that any other incidents were corrected and future occurrences prevented? Was the IRB informed?

Inclusion/Exclusion Criteria

Now down to the final twenty minutes, Hour Auditor asks to see the Inclusion/Exclusion (I/E) criteria for two screened and enrolled participants. Most likely, the particulars of the study -- the vulnerability of the patient population, the therapeutic area, and the protocol complexity, among other things -- would drive the selection.

We’re running out of time, and this could be our final stop. With so much else to look at, including source data, IP accountability, staff qualification and training, and Adverse Events reporting, why focus on I/E criteria? Because they give us a glimpse of many aspects of study conduct all at once. When a site can assess complex I/E criteria correctly, it demonstrates protocol compliance and a commitment to producing reliable study data. Examining I/E criteria also gives Hour Auditor a chance to assess source data quality and provides further assurance of subject safety.

Best Laid Plans
As with any audit, particular findings at any step could (and should) alter the plans for this one-hour visit. If the ICF review left Hour Auditor concerned about fundamental flaws in the IC process, the rest of the audit might be spent trying to determine the extent of the problem. An incidental discussion could raise red flags about staff proficiency that may have Hour Auditor poring through protocol training records or scrutinizing the Delegation of Authority log. (Plus, Hour Auditor really, really wants to take a peek at the IP accountability records, and so may find a reason to do so*.)

The point of this thought exercise was to consider (1) the obligations of the clinical research industry to protect subjects and produce reliable data, (2) where the biggest risks to that obligation lie, and (3) how site audits should be prioritized to ensure those obligations are being met and those risks are being managed.


*The auditors involved in this discussion did their best to honor the absurdly artificial time constraint I gave them. That meant foregoing activities no self-respecting auditor could bear to forego. This paragraph recognizes some of those activities. (Thank you all. I know this hurt.)

A version of this article originally appeared in InSite, the Journal of the Society for Clinical Research Sites.

Alarm Clock Image via Good Free Photos

Monday, August 13, 2018

What Suprises GCP Auditors?

Last month, I scheduled one-on-one discussions with our most experienced GCP auditors to ask each of them the same question: What surprises you most about the audits you conduct?

I guess you could say that I was the one who was surprised. I’m not sure exactly what I was expecting to hear, but I thought my teammates were going to talk about things that were new. Instead, I heard a lot more about things that have been around for a long time. To a person, my colleagues said they were surprised to be observing some of the same audit findings they were observing 30 years ago...which *is* surprising when you consider most of them were mere children at the time. ;-)  It seems we have some stubbornly persistent quality and compliance issues in the biopharma industry that decades of neither experience nor technology have seemed to remedy. And the problems are not just persistent; they’re interrelated.

Tuesday, July 10, 2018

Hackin' the GDPR

Trying to comply with the GDPR got you down?
Maybe our parody will cheer you up.

(Sung to the tune of Lennon-McCartney's "Back in the U.S.S.R.")

Monday, May 14, 2018

eSource Terminology Untangled

True or False:

(1) eSource in clinical trials means eliminating the possibility for transcription errors.

(2) Data collected in Electronic Data Capture (EDC) systems is eSource.

Strictly speaking, both statements are false. If that surprises you, it’s probably because many casual uses of the term “eSource” actually differ from the formal definition laid out by FDA. If the participants in any discussion share the same interpretation of “eSource”, or if it’s clear from context how “eSource” is being used, then no harm, no foul. (Contemporary translation: “Meh.”) BUT…and you know where we’re going with this…when a term can be interpreted in multiple ways, there’s always a possibility for miscommunication and cross talk.

Monday, March 19, 2018

Delegation of Authority Log: Tips for Monitors

We may call them “site inspections”, but it’s not the site that’s being inspected when a regulator visits; it’s the Principal Investigator. Though a PI typically delegates study tasks to other staff members, he or she remains solely responsible for the conduct of the study. In fact, the ICH E6(R2) addendum adds two new sections to the international guidance that emphasize PI supervision.

That’s what makes the Delegation of Authority (DoA) log so important and why regulatory inspectors care about it so much. A DoA log serves as evidence that a PI has assigned study tasks only to those staff members with the education, training, and experience to carry them out. If delegates are unqualified to perform their tasks, subject safety could be at risk and it’s highly likely that the study data would be unusable.

Monday, January 15, 2018

Study Sites: Show 'Em Your QC!

Sites frequently want to know how they can stand out to Sponsors and CROs to win more studies.
Our advice: Implement internal QC procedures.

Sponsors and CROs we work with consider a tight quality control program to be evidence that a site can be counted on to produce reliable data. It shows that managing quality at your site is a continual process, and doesn’t wait for monitors to arrive. In a risk-based monitoring environment, this is an increasingly compelling attribute.

Where to Start: The Usual Suspects
It makes sense for you to focus your QC efforts on those areas where you’ve historically had the most problems. If the phrase “trend analysis” makes you want to jump through a window -- it's okay -- you can climb back inside. You don't have to do a trend analysis. We've identified 3 areas in which audit findings are common and how you can avoid them.

Sunday, November 12, 2017

Love at First "Site": Early Signs of Strong PI Oversight

My Grandpa
When I was a teenager, my grandfather would invite my new boyfriends to run short, pointless errands with him, just so he could watch them drive. He said he could tell a lot about a boy’s character simply by observing his actions behind the wheel. Did he stay under the speed limit? Did he use his signal when he was switching lanes? Did he slow down when children were playing near the road? If so, it was a good sign that the boy was generally a careful and attentive fellow. If not, it was an early indication of reckless tendencies, and I would do well to be on my guard.

What does this have to do with PI oversight?