Staying 21 CFR Part 11 Compliant Using a Validated ... · Staying 21 CFR Part 11 Compliant Using a...
Transcript of Staying 21 CFR Part 11 Compliant Using a Validated ... · Staying 21 CFR Part 11 Compliant Using a...
Staying 21 CFR Part 11 Compliant Using a
Validated OpenClinica Environment
Patrick Murphy, Sr. Director of Data Management,
RTI-Health Solutions
1
©
#OC15Europe
Regulations and Guidance
21 CFR Part 11
Good Clinical Practices
Guidance
2
©
#OC15Europe
21 CFR Part 11
21 CFR Part 11: Electronic Records, Electronic Signatures
http://www.21cfrpart11.com/files/library/government/21cfrpart11_fi
nal_rule.pdf
“The regulations in this part set forth the criteria under which
the agency considers electronic records, electronic
signatures, and handwritten signatures executed to electronic
records to be trustworthy, reliable, and generally equivalent to
paper records and handwritten signatures executed on
paper.”
Outlines the need/methods to validate electronic signature
systems
3
©
#OC15Europe
Good Clinical Practice
Good Clinical Practice is an international ethical and
scientific quality standard for designing, conducting,
recording and reporting trials that involve participation of
human subjects
http://www.fda.gov/downloads/Drugs/Guidances/ucm07312
2.pdf
International Conference on Harmonisation of Technical
Requirements for Registration of Pharmaceuticals for
Human Use, Published May 1996
Based on practices in the European Union, Japan,
United States, Australia, Canada, Nordic countries, and
World Health Organization
4
©
#OC15Europe
Guidance Documents
21 CFR Part 11 Guidance
http://www.fda.gov/downloads/RegulatoryInformation/Guidances/
UCM126953.pdf
GCP E6 Guidance
http://www.fda.gov/downloads/Drugs/Guidances/ucm073122.pdf
Guidance for Industry: Computerized Systems Used In
Clinical Investigations (FDA, May 2007)
http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegul
atoryInformation/Guidances/UCM070266.pdf
5
©
#OC15Europe
What Comprises Compliance?
There is no “Part 11 compliance” out of the box
Compliance is achieved with an ecosystem
Software/hardware
Installation/Validation
Training
Controlled processes/Standard Operating Procedures
(SOPs)
Change Control
Documentation
“If it isn’t documented, it didn’t happen.”
6
©
#OC15Europe
Topics
Hardware/software
Validation of data system
Hardware and software installation
Functionality/performance
Training
Standard Operating Procedures
Change Control
7
©
#OC15Europe
Tools
Data Management plan (including outline)
Design specification document (including outline)
Study build and quality control
User acceptance testing and documentation (including an outline of the
tests performed)
Authorizing user access (including form)
Data entry accuracy (single and double data entry)
Data cleaning (rules and managing discrepancies)
Data set creation and the use of the DataMart
Database lock (including form)
8
©
#OC15Europe
Hardware and Software
Software systems are typically designed and validated
for use in specified environments
You must match your hardware/software environment to
the OpenClinica recommended environments
Operating system
Database system
Web server
9
©
#OC15Europe
Validation of an OpenClinica System Validation Plan
Installation Plan
Hardware, operating system, database system, web server
Installation Report
Documentation that installation was successful
Performance Testing Plan
Requirements (functionality)
Test Cases/Scripts
Traceability Matrix
Maps requirements to test cases/scripts
Performance Testing Report
Validation Report
10
©
#OC15Europe
GCP Connection
5.5.3 When using electronic trial data handling
and/or remote electronic trial systems, the sponsor
should
(a) Ensure and document that the electronic data
processing system(s) conforms to the sponsor’s
established requirements for completeness,
accuracy, reliability, and consistent intended
performance (i.e., validation).
11
©
#OC15Europe
Training
Staff should be trained on the use of OpenClinica
Administration
Design
User access
Site setup
Data entry
Notes/flags resolution
Data extraction
Keep the documentation of all training
12
©
#OC15Europe
GCP Connection
5.5.1 The sponsor should utilize appropriately
qualified individuals to supervise the overall
conduct of the trial, to handle the data, to verify the
data, to conduct the statistical analyses, and to
prepare the trial reports.
13
©
#OC15Europe
Standard Operating Procedures
GCP defines SOP:
Detailed written instructions to achieve uniformity of the
performance of a specific function
Purpose and benefits:
Internal training material
Meet FDA regulations
Opportunity to examine and improve processes
Promote consistency and efficiency on how work is
performed and checked across sites and studies
Accountability
14
©
#OC15Europe
GCP Connection
5.5.3 When using electronic trial data handling
and/or remote electronic trial systems, the sponsor
should
(b) Maintain SOPs for using these systems.
15
©
#OC15Europe
Recommended SOPs
System setup/installation
System operating manual
Validation and functionality testing
Data collection and handling (including archiving, audit
trails, risk assessment)
System maintenance and security
Change control
Data backup, recovery, and contingency plans
Alternative recording methods
Computer user training
Roles and responsibilities of sponsors, clinical sites, and
other parties
16
©
#OC15Europe
Change Control
Once a system is validated and tested, any changes
may adversely affect the system
Updates to software, operating system, database server,
web server
Changes required to data entry screens/data cleaning
routines
Evaluate the risk of the changes before they are
implemented (form)
Make a backup of data system and data!!!!
17
©
#OC15Europe
Data Management Plan
A document that describes how data (clinical, behavioral,
lab) will be handled during the course of the study
Similar in nature and scope to a statistical analysis plan
or a clinical monitoring plan
Important to plan in advance for details of data
management
Barriers can be identified and rectified early
Document important changes in data management so
that others can understand the process later
18
©
#OC15Europe
Data Management Plan (2)
Needed to write DM plan:
Study Protocol
The study protocol defines how and why the study is being
conducted. This document is key to understanding the
study.
Study Manual/Monitoring Plan
CRFs
Data coming from external sources, e.g., laboratory data
19
©
#OC15Europe
DM Plan Outline
Data Capture
Data Transfer of forms and external data files (e.g., labs)
Data Transcription from Source Documents
Data Entry/Filing
Data Cleaning
Data Set Creation
Data Storage
Data Processing
Data System Validation
20
©
#OC15Europe
Design Specification Document
Describes the requirements of a particular study data
system
Approve before programming begins
Data collection forms should be approved prior
Discuss environment, features with study team
Details can be used as basis for user acceptance testing
routines
21
©
#OC15Europe
Design Specification Outline
Development and production environment
Data forms to be programmed/naming conventions
Audit trail commencement
Security requirements
Data export formats
Data cleaning requirements
Discrepancy resolution
22
©
#OC15Europe
Study Build and Quality Control
Version control of Excel forms used for data entry
Use correct Excel form
Track each version of CRF Excel file
Approve CRF Excel file
Independent quality control
Compare each field’s question text, data type, answer set,
data validations to the approved data collection form
Maintain documentation
Use separate environments with separate controls
Development/testing environment (no change control)
Production environment (change control implemented)
23
©
#OC15Europe
User Acceptance Testing and Documentation
Systematic testing of functionality of specific data system
Should be performed one each study
Documentation
Make available for audits
If an error is found in your data system, you can investigate
how it was not identified in UAT and then modify your UAT
process
UAT Plan describes process
UAT Report documents results
24
©
#OC15Europe
UAT Plan Outline (1)
Introduction
Define scope of testing
List features to be tested
Secure user access
Performance (especially between continents)
Comparison of data forms to data system
Entry of test data
Data cleaning checks, skip patterns, auto-fills
Extraction of test data to data sets/comparison
Reports
Audit trail
UAT Report summarizing results of UAT
25
©
#OC15Europe
UAT Plan Outline (2)
Test scripts
Pre-defined steps to determine that a feature is working correctly
A test script can test more than one feature
Test data entry screen
Test data cleaning program
Traceability Matrix
Table showing which test scripts test which features
Ensures that all features are tested
Define how to deal with exceptions
Script is inaccurate
System doesn’t function correctly
26
©
#OC15Europe
UAT Report Outline
Introduction
Refers to UAT plan
Describes results of testing
How many rounds of testing occurred
Describes any limitations found for system
Concludes that system is ready for use in production
environment
Recommend to perform test data entry (e.g., a test site)
in the production area to confirm that the system is
working after migration from testing environment
27
©
#OC15Europe
Authorizing User Access
Use a form to document and control access to your data
system
Role setting
Data entry person
Data manager
Study director
Data specialist
Investigator
Monitor
Clinical research coordinator
28
©
#OC15Europe
User Access Form
29
©
#OC15Europe
Data Entry Accuracy
Data entry modes
EDC (single entry)
Paper data entry (double entry)
Tips:
Use pull-down lists
Use OpenClinica validations and rules
Use ranges
Display units
Hide fields until they are needed
Include ‘data not available’, ‘not applicable’ options to
ensure that all questions can be answered
Encourage the use of notes
30
©
#OC15Europe
GCP Connection
4.9.1 The investigator should ensure the accuracy,
completeness, legibility, and timeliness of the data
reported to the sponsor in the CRFs and in all
required reports.
But it doesn’t say how to do it
31
©
#OC15Europe
Data Cleaning
Discrepancies are generated when OpenClinica data
cleaning rules are violated
Data manager should review notes and discrepancies
Resolve or propose resolution to site
Describe in Data Management Plan
If a data cleaning rule/validation is creating an inordinate
number of discrepancies, consider revising the
rule/validation or retraining the sites
Run additional quality checks in external systems (e.g.,
SAS, Excel)
32
©
#OC15Europe
Data Set Creation and the Use of
the DataMart
OpenClinica supports many output formats for data
Import data into the DataMart
Set up with help of OpenClinica staff
PostgreSQL database
Use SQL statements to query the data
Can establish a daily extract from OpenClinica to DataMart
Data is in “record-oriented” format
SAS programs link to DataMart to create SAS data sets
33
©
#OC15Europe
Database Lock
Ensure that all expected data is entered
Ensure that all notes and discrepancies are resolved
Ensure that all coding of data (e.g., medical coding with
MedDRA) is complete
Create data sets
Remove users ‘write’ access to data system
34
©
#OC15Europe
Database Lock Form (1 of 2)
35
©
#OC15Europe
Database Lock Form (2 of 2)
36
©
#OC15Europe
Conclusion
Regulatory compliance is a combination of the proper
hardware, software, validation, training, standard
operating procedures, change control, documentation
Retain documentation for audits, process improvements,
and to show control over your systems
Write a plan to implement and maintain a regulatory
compliant system – it won’t happen overnight
37