Source Documents and Data Retention in Drug Safety

Dec 05, 2012

Pharmacovigilance, Drug Safety and Regulatory Affairs Author & Expert

In late November 2012, FDA released a new draft guidance entitled “Electronic Source Data in Clinical Investigations”.  It is available at https://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM328691.pdf

Although this document does not address drug safety or pharmacovigilance directly, and although it does talk about source data in trials, it really is a review of some Good Documentation Practices.  We will look at in the context of drug safety.

The draft guidance discusses four aspects of source data: Data Capture, Data Review, Record Retention by Investigators and Data Access.  There are not too many surprises here for those who are aware of Good Document Practices.

Data Entry into an electronic case record form (eCRF)

FDA clarifies what the source document actually is.  There are three broad and differing categories:

  1. If data is directly entered into an eCRF by a human, the eCRF is the source document.  Similarly if a medical device (e.g. a glucose meter) directly transmits the data to the eCRF the eCRF is the source document.
  2. However, if there are electronic or paper documents which are transcribed by a human into the eCRF, the electronic or paper documents from which the data were transcribed are the source documents.
  3. If data from electronic health records (EHR) such as hospital records are transmitted directly into the eCRF without human intervention, the EHR are the source documents.  FDA notes that often these records are often not easily obtained by the company/sponsor.  On the other hand they also correctly note that paper hospital records may also be difficult to obtain.  Anyone who does drug safety for a living knows fully and does not have to be told that obtaining source documents can be a challenging at best and a nightmare at worst!

Data Review by the Investigator

No real surprises here.  The investigator obviously is responsible for data review and signing (electronically or manually) the eCRF.  Some data (e.g. blinded information) cannot be reviewed and is thus exempt from investigator review.  This should be noted in the data management plan or protocol.  This obviously includes safety data.

Record Retention & Access

The investigator must have control and access to a signed electronic or paper copy of the eCRF or paper CRF during a site inspection.  Interestingly FDA does not say how long these records should be kept.

So no surprises here; but let’s look at this with Adverse Events (AEs) in mind.

Paper CRFs

AEs (particularly SAEs) are usually captured on the paper CRFs in this situation.  This is rather straightforward and these pages become source documents. But other paperwork that may be germane to the AE such as ECGs, lab reports, hospital records etc. are now critical documents and should be retained. These may also be considered source documents.

Usually the CRF pages relating to the AE are transmitted to the sponsor along with other, separate and duplicative “SAE Forms” which capture more data on the SAE.  These too are “source documents” in a sense and are transmitted to the sponsor.  Although this is frequently done, it violates one of the basic “laws” of data capture which says, “do not capture the same data in two places because then you will have to reconcile them”.  Follow up information may also be captured in one or both of these places and transmitted to the sponsor.

eCRFs

This is a dynamic and changing aspect of data collection.  Many of the commercial electronic data capture (EDC) systems are now evolving into safety databases.  Originally, the eCRF captured some amount of safety information and transmitted a notice to the sponsor (and others) that an SAE has occurred.  It then required the sponsor or study coordinator on site to transmit this data to the sponsor by various means (phone, fax, pdf, email etc.).  This is now evolving into a direct electronic transfer of safety data from the EDC system used on the site to the sponsor’s safety database.  Usually a human will review the data before it is uploaded into the sponsor’s safety database.  The review can be a minimal quality check or it can be a review with the addition of MedDRA coding, demography etc.  Sometimes this additional work is done after the upload into the database rather than before in the “holding area” before actual upload.  This is evolving and varies depending upon the EDC system and the company’s business policy and work flow.

Some of the EDC systems are now adding more robust modules into their databases and some are even proposing direct E2B transmission from the clinical trial database to health authorities without the use of a dedicated safety database.  Although this is conceptually quite reasonable, it is not clear that this is yet a good idea.  Not all safety modules in EDC systems can handle the complex follow ups, version control and other requirements of submissions to FDA, EudraVigilance, Health Canada etc.  However, it will not be surprising if commercial safety databases or safety modules are either built into the EDC software directly or have a very tight link between the EDC system and the drug safety database to allow seamless transmission to health authorities.  We will likely see one day, hospital or health care EHR databases transmit data directly to FDA and others eliminating the need for the sponsor as the middleman!  This may even remove the pharma company from the SAE reporting chain!  But we are a long way from this for large scale use.

So having said all this, let’s look at the issue from a safety data perspective.

Source Documents vs Relevant Safety Documents

In the drug safety department during an audit or official inspection, any and every  record is fair game.  This includes source documents from the site, CRFs, call center phone logs, email, internal medical reviews etc.  Thus, in practice, in drug safety and in particular for serious AEs every piece of information is germane and should be retained and produced for the inspector upon request.  These “other, non-source” documents may be used for determination of causality, clock start date etc.

Thus, thee term “source document” has a slightly different connotation in the world of drug safety and pharmacovigilance.  For drug safety, every document that has some safety information becomes, if not a true “source” document, a critical safety document that is needed for case validation of the 4 needed elements, for the medical analysis of the case, for the regulatory documentation of clock start dates, etc.

This means that everything related to safety (individual cases, documents, case series, literature reviews, signal analyses etc.) should be retained.

Duration of Data Retention of Safety Information

In many countries and regions, this is not explicit.  Sometimes it is as long as the “MA/NDA” is active or open, or for this period plus a few years.  Sometimes there is no statement at all.

In practice, the country or region with the longest retention period “wins”.  The UK states in various places that records should be kept forever, or more recently they stated:  “the retention of pharmacovigilance data and documents relating to individual authorised medicinal products as long as the marketing authorisation exists and for at least further 10 years after the marketing authorisation has ceased to exist [IR Art 12(2)].” See Question 23 at https://www.mhra.gov.uk/Howweregulate/Medicines/Inspectionandstandards/%20GoodPharmacovigilancePractice/Frequentlyaskedquestions/index.htm#2

This is in regard to marketed products.  It is less clear for clinical trial records.  The sponsor, in practice, should presume that investigators are unlikely to keep such records for long periods of time as the investigators retire, expire, etc.  Most companies have data retention policies which, in my experience for safety records, are quite variable: 10 years, 25 years, forever.  Probably the safest and most conservative policy is forever.  However, just because records are retained does not mean that they are easily found!  Databases are migrated; paper CRFs are boxed and filed in a warehouse miles away; the clinical or PV team changes; the company is merged and institutional memory is lost.

Bottom Line: Every piece of paper and every electronic transmission that has safety information is, in a sense, a “source document” and should be retained forever.  This will save a ton of explanations and a lot of headaches for your successor someday or for you when you move onto a new job in drug safety!