Electronic Records in Clinical Trials-Implications for Drug Safety
In September 2013 the FDA issued a Guidance for Industry entitled Electronic Source Data in Clinical Investigations (https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM328691.pdf).
This document discusses the rapidly expanding use of electronic health records (EHR) and electronic data capture (EDC) in clinical trials. The use of paper case report forms is now decreasing and use of automated (or more precisely, semi-automated), computerized systems is now the rule more than the exception. Areas where paper case report forms persist are usually in short, small studies where the setting up of the electronic system is not worthwhile.
The collection of safety data in the various EDC systems, which was initially minimal and largely manual, has now advanced rapidly such that collecting safety data electronically is similar to collecting efficacy and other data. Several of the commercially available systems now allow for the capture of both serious and non-serious adverse events (SAEs and NSAEs, respectively) with E2B uploading to the sponsor’s or CRO’s safety database. In addition, there is real-time automated notification of designated individuals, usually by email, of a new SAE or update to an known SAE case. Complex business rules, workflow and manual overrides (e.g. to examine data before being uploaded into the safety database) can be programmed in to allow for customized handling of certain key safety cases. Using well-written business rules (tested, validated etc.) SAEs can be moved from the clinical sites to the CRO to the company to the health authority in a more or less continuous flow. It is very wise though to be sure someone looks at each case before the “official” upload into the safety database and further processing. Obviously human intervention is still required to handle the specific case in the safety database for coding, narrative writing, evaluation for expediting etc.
Data Collection & Capture
Many issues arise from this and FDA addresses the issue of what now constitutes source documents in a (more or less) paperless world. FDA addresses capture, review and retention of electronic records. FDA has issued other guidances on computerized systems (with frequent updates) and they should be reviewed in the Guidances section of FDA’s website.
The term “electronic record” is very broadly defined to include text, graphics, data, audio, pictorial and other digitalized data. The electronic case report form (eCRF) is included in this definition. “Source data” is all information in original records and certified copies of original records of clinical findings, observations, or other activities in a clinical investigation used for reconstructing and evaluating the investigation and includes original records and certified copies of the originals as well as all other activities captured during the trial. This data is critical and must be reviewed by the sponsor and FDA. Such data should be “attributable, legible, contemporaneous, original, and accurate (ALCOA)” whether on paper or electronic.
The integrity of the data must be maintained and the source (“authorized data originators” i.e., people, systems, devices and instruments) of each data element must be listed and tracked for all data.
Source data may be paper (e.g. a vital signs chart kept at the bedside or in the investigator’s office) which is then used for direct entry into the EDC system either at the site or elsewhere (CRO, company). This hand-written source data must be retained and available for company and FDA inspection. Any supportive data must also be retained.
In general, images (e.g. CT scans) are not source documents but the clinical interpretation reports of the images are. All such reports should be retained.
If data is transmitted directly from a device such as a blood pressure monitoring device or glucose-meter or Patient-Reported-Outcome (PRO) instruments to the eCRF, the eCRF is considered now to be the source document. If the transmission of the device data is to a hospital EHR system, then the EHR system is the source. This data may then be transferred to the eCRF either electronically or entered/transcribed manually.
Obviously, all the usual rules of electronic data (audit trails, retention of the original data when it is changed or updated, electronic signature, 21CFR11 etc.) must be followed. Every data element must be trackable to its source.
As with paper-based data collection, the clinical investigator is responsible for the review and (electronic) signing of the (e)CRF data. Some data, particularly in blinded studies, cannot or should not be revealed to the investigator and thus this data is exempt from review. As always, good documentation practices must be followed.
This can be a trickier area. In the past when everything was paper, the investigator would usually maintain a paper folder with source documents and the paper CRF for each patient (Remember when triplicate or quadruplicate NCR paper was used?).
What is now stated is that the investigator “should retain control of the records”. This implies that he or she should be able to access them (e.g. from a laboratory or hospital) but may not actually physically have them in the office. Such records must be made available when requested by FDA during an inspection sometimes years later at the time of NDA approval.
FDA specifically states: “Sponsors, CROs, data safety monitoring boards, and other authorized personnel can view the data elements in the eCRF … We encourage viewing the data to allow early detection of study-related problems (e.g., safety concerns, protocol deviations) and problems with conducting the study (e.g., missing data, data discrepancies).”
Implications and Comments for Drug Safety
There are many implications and changes that are occurring in the world of drug safety as we move to EDC in clinical trials and, later, EHR allowing direct transmission of adverse events to FDA, companies etc.
First, many of the operational and mechanical aspects of drug safety will be eliminated or markedly decreased. Manual data transcription from paper (or, worse, printouts from one computer system typed into another computer system) are rapidly disappearing. This will eliminate many transcription errors (but will also eliminate many jobs). Roles and responsibilities of safety (and clinical research personal handling safety) are changing.
Second, the manila folder maintained for each case (SAE and often NSAE cases) is also disappearing. Some companies use only computerized systems and others use some sort of hybrid with a small manila folder containing some paperwork (e.g. MedWatch forms) with the remaining data stored electronically. This means that all data and source documents (usually as stored pdf images) are no longer available immediately in the drug safety department but may be scattered in other corporate or CRO databases. Wherever this data may be found, it must be rapidly, if not immediately, available to the drug safety department (and FDA) for review – especially for SAEs that may be SUSARs and thus expedited cases.
Third, if data is stored in multiple locations, there must be some way to track and account for all the relevant data. One can easily imagine three, four or more databases storing information: the EDC system, the Clinical Research Department database, the CRO database, the Drug Safety Department database, and the email system where many companies archive pdf sourced documents sent from the sites. Each of these databases may hold data required by the Drug Safety Department for review and use in preparation of MedWatch, CIOMS I forms or E2B transmissions of expedited reports to health agencies or in aggregate reporting. FDA or another health agency may want to immediately see this data during an inspection.
Fourth, when computerized systems exist there will be a temptation to minimize human intervention and have direct, rapid and real-time uploads of clinical site safety data to the drug safety database. This is a dangerous methodology. Data should be reviewed before “officially” being uploaded into the safety database. As data should never totally removed from the safety database, any errors or incorrect or duplicate data will need to be carefully corrected and the old data archived (with clear audit trails). Better to get the correct data entered up front rather than doing laborious corrective actions after it is uploaded or entered.
Fifth, inspections, audits and quality control may be harder to do from electronic systems. It is my experience that auditing drug safety departments is generally easier if each patient has a complete paper file, has a tracking sheet and is easy to follow. Doing electronic audits where there is no tracking sheet to follow the steps in a complex case with multiple follow-ups can be very difficult especially if the data is electronic and scattered. It may be necessary to look at source data in the clinical research database, the email archive and the drug safety database. In general, it is a good idea to make an FDA inspector’s audit easy rather than hard. The inspector does not want to go and hunt up data stored in multiple spots.
Sixth, the quality and compliance departments need to pay careful attention to how safety data is handled as the complexity of the systems increase. With other changes in the way clinical trials are done (e.g. remote data monitoring) the possibility that SAEs will fall through the cracks and be missed is increasing. The consequences of this can be disastrous.
So to conclude, the way drug safety in clinical trials is done is changing rapidly and will continue to do so. The net effect will most likely be very positive but the journey to arrive there will be tricky. eCRFs and EDC are now here and will likely become obligatory at some point. Be ready.