Research Documentation and Data Security - PowerPoint PPT Presentation

1 / 50

About This Presentation

Title:

Research Documentation and Data Security

Description:

Discuss essential elements of a data and document management plan ... jump drives, laptops, palm tops, Blackberry, flash drives, thumb drives ... – PowerPoint PPT presentation

Number of Views:173

Avg rating:3.0/5.0

Slides: 51

Provided by: drsandra

Category:

more less

Transcript and Presenter's Notes

Title: Research Documentation and Data Security

1
Research Documentation and Data Security

Sandra L. Alfano, Pharm.D.
Chair, HIC-I
April 10, 2007

2
Objectives

Discuss essential elements of a data and document
management plan
Present strategies for efficient management of
research related documentation
Highlight effective tools for use in managing
study files
Describe measures for ensuring subject
confidentiality and data security

Remember your responsibility to get organized
--Mrs. Archick
Jessica Alfanos 2nd grade teacher

4
Documentation is Essential

If it isnt documented, it didnt happen
Viewed as a bother, but invaluable if a problem
arises
No one method is mandatory (no one-size-fits-all
solution)
But there are certain essential elements

5
Range of Complexity

Simple anonymous survey or use of de-identified
existing samples
Versus
Multi-site coordination of a double-blinded drug
study with 12 visits over two years

6
Jargon

Regulatory Binder
Trial Master Files
Source Documentation (original documents, data
and records, such as hospital records, lab
reports, subjects diaries, pharmacy records,
etc.)

Trust, but verify
Ronald Reagan

8
Jargon

Memo To File or Note to File
An amendment is an amendment
(Study personnel added via amendment)

9
International Conference on Harmonization

The International Conference on Harmonization of
Technical Requirements for Registration of
Pharmaceuticals for Human Use (ICH) is a unique
project that brings together the regulatory
authorities of Europe, Japan and the United
States and experts from the pharmaceutical
industry in the three regions to discuss
scientific and technical aspects of product
registration

10
ICH

The purpose is to make recommendations on ways to
achieve greater harmonization in the
interpretation and application of technical
guidelines and requirements for product
registration in order to reduce or obviate the
need to duplicate the testing carried out during
the research and development of new medicines

11
E6Good Clinical PracticeConsolidated Guidance

An international ethical and scientific quality
standard for the design, conduct, performance,
monitoring, auditing, recording, analyses, and
reporting of clinical trials

12
GCP

Compliance with this standard provides public
assurances that the rights, safety and well-being
of trial subjects are protected, consistent with
the Declaration of Helsinki, and that the
clinical trial data are credible
Provide a unified standard to facilitate internal
acceptance of clinical data by the regulatory
authorities in these jurisdictions

13
GCP 2.10

All clinical trial information should be
recorded, handled, and stored in a way that
allows its accurate reporting, interpretation,
and verification

14
Approaches to research documentation

Chronological
By topic/section
Some combination of the two

15
Maintain copies of all final documents

History or bread-crumb trail
Word-processing functions such as track changes
Header/footer use for version/dates
Version Control only one version is active at
a point in time
Future electronic submission will necessitate
strict electronic version control

16
Important sections of a regulatory binder

Protocol (including all amendments and all
versions)
Consent forms and HIPAA research authorization
forms (approved by IRB)
Regulatory approvals (IRB, RSC, PRC, etc) and any
required reapprovals

17
Important sections, contd

All correspondence, including emails, letters,
faxes, notes of phone calls
Signature log, including name, initials,
signature, dates of involvement, and study
responsibilities
Recruitment materials, including letters,
advertisements, flyers, etc (approved by IRB)

18
Important sections, contd

Samples of all forms to be used for data
collection, including screening logs, eligibility
checklists, case report forms, drug
accountability logs
Assessment tools to be used

19
Important sections, contd

Any reporting requirements, such as
Annual report to FDA
Continuing review approved by IRB
Adverse event reports
Protocol deviation/violation reports
Evidence of periodic monitoring (per the
protocols DSMP)
DSMB recommendations (if any)

20
Important sections, contd

Versions of all sponsor materials, if applicable,
including
Sponsors clinical protocol,
Investigators Brochure,
Amendments,
Sponsors correspondence
Records of monitoring visits

21
ICH Essential Documents

Those documents which individually and
collectively permit evaluation of a trial and the
quality of the data produced
Focus heavily on pharmaceutical-
sponsored trials
Include groups of documents, generated before the
trial commences, during the clinical trial, and
after termination of the study

22
GCP Essential Documents

Many sponsor-related items, such as
CVs of investigators
1572s
Laboratory certifications
Laboratory normal values
Master randomization list with plan to decode

23
Individual Subject Files

Consent form and RAF, signed and dated
Eligibility Checklist
Visit flowchart
Case report forms
Lab data
AE summary
Patient diaries

24
Separate storage

Signed consent forms
Key linking identifiers to codes

25
Study Termination/Close-out

Final report
Publication
Local dissemination of results
Retention and storage of regulatory documents per
requirements

26
More complex scenarios

Yale PI is the Sponsor-investigator of an IND, or
the lead investigator on a multi-site study
Additional responsibilities, including
maintaining CVs and training certificates of all
personnel from all sites, and IRB approvals (and
reapprovals) from all sites

27
Multi-site coordination

Lead PI is responsible for data integrity and
data and safety monitoring
Monitoring is an evaluation of the clinical
research process which should occur throughout
the life of the protocol
Lead PI is responsible for informing all
co-investigators of progress, and events such as
SAEs, etc

28
Data Security

Recent developments
Loss of a CD with identified data
Theft of a laptop with identified data
VA data security directives
NIH web posting on data security commitments

29
Best practices

Work in progress
Several task forces working on these issues
Review some basics to think about and incorporate
into practice

30
Confidentiality

Common Rule has always required that
confidentiality be protected to the extent
possible
Good medical practice also incorporates pledges
of confidentiality
Steps must be taken to minimize the risk of
breaches of confidentiality

31
Common Rule definition

Private information includes information about
behavior that occurs in a context in which an
individual can reasonably expect that no
observation or recording is taking place, and
information which has been provided for specific
purposes by an individual and which the
individual can reasonably expect will not be made
public (for example, a medical record)
Private information must be individually
identifiable (i.e., the identity of the subject
is or may readily be ascertained by the
investigator or associated with the information)
in order for obtaining the information to
constitute research involving human subjects

32
HIPAA

Adds layers of ensuring privacy and data security
HIPAA Security focuses on electronic media, but
Privacy covers all forms of data
Uses somewhat different definitions

33
Both CR and HIPAA

Need to get permission to access, share personal
information, via consent or authorization.
If authorized, sharing is allowed per the
specifics of the approved documents

34
Jargon

Anonymous
Coded
De-identified
Terms are not synonymous!

35
Jargon

Anonymous
1 not named or identified
2 of unknown
authorship or origin 3
lacking individuality, distinction, or
recognizability
Merriam-Webster, on-line

36
Jargon

Coded
a system used for brevity or secrecy of
communication, in which arbitrarily chosen words,
letters, or symbols are assigned definite
meanings
Dictionary.com
Implies there is a link somewhere

37
Jargon

De-identified
Not a word
Usually thought to refer to stripping the 18
HIPAA identifiers (including dates)
So may be more stringent than anonymous, but also
could be coded or not

38
Jargon

Anonymous is not de-identified nor coded
Some use the term no identifiers
Anonymous should be reserved for situations when
there are no identifiers and no code to link back
Anonymous would allow recording of dates

39
Coded

Some code is used to track subjects and their
data
Must be master file listing identifiers (name)
with code to allow decoding, addition of new data
NEVER store the link with the data

Separate means separate!

41
Jargon

Moveable media CDs, diskettes, jump drives,
laptops, palm tops, Blackberry, flash drives,
thumb drives
Encryption
Secure networks
Password protection

42
Advice

Do not keep data with identifiers on moveable
media
May become more than just advice

43
Advice

Tell them never to leave their laptops in the
back seat of the car.
Kristina Borror,
OHRP

44
Other methods to secure data

Password protection
Fingerprinting
Auto log-off
Lock-down cables on laptops
Restrictions on downloading

45
Confidentiality section of the HIC application

Describe all sites where data will be used or
stored
Describe how the data will be transmitted or
transported
Describe specifically who will have access
Describe how the data will be secured
If copies of data are on moveable media, describe
security measures for these media

46
Sharing with co-investigators