Q&A: Good clinical practice (GCP)

(GMP guidelines, §4.18: Before any packaging operation begins, there should be recorded checks that the equipment and work station are clear of previous products, documents or materials not required for the planned packaging operations, and that equipment is clean and suitable for use).

The packaging should be performed in such a way as to limit the risk of possible mix-up between the test and reference product. To this effect:

• the test and the reference product should be packaged during separate operations and should not be available simultaneously in the packaging area;
• during these operations not only should the test and reference products be kept separate, but also all material used for the packaging of each product (containers, labels) and the batch record documents. Material used for different products should not be available in the packaging area simultaneously;
• reconciliation should be performed for the quantities of IMP units, containers and labels introduced in the working area, used during the packaging and remaining after these operations, before the area is cleared and before the packaged IMPs are released;
• the working area should be cleared of all IMP, packaging material and documents between the packaging operations of the test and of the reference product (line clearance). If packaging is performed for several trials successively line clearance should be ensured between each product and each trial;
• once the packaging has been completed for all products to be packaged for a given trial and the products have been released, the packaged test and reference products can be taken simultaneously into the packaging area for further operations (e.g. sorting the containers per subject number);
• critical steps should be controlled in-process by appropriately qualified and trained staff.

In the case of liquid formulations the volume packaged should be measured with appropriate precision and accuracy. If a reconstitution of the product is needed the instructions provided with the product should be followed. If a specified volume of fluid is to be used for the reconstitution this volume should be measured with appropriate precision and accuracy.

At least the following elements should be checked in-process by the operator and independently by a second person:

• line clearance before and after packaging;
• information on the labels, labelling of the containers, compliance with the randomisation code;
• identity of the product introduced in the working area (name, batch number, formulation), consistency with the identity mentioned on the labels, compliance with the protocol, consistency between the physical appearance of the product and the description of the product in the batch release certificate provided by the sponsor;
• for each container, number of IMP units introduced into the container, compliance with the protocol requirements;
• in the case of a liquid formulation: adequate reconstitution of the product if needed, volume dispensed/packaged into each container;
• reconciliation of IMP units, containers, labels.

A standard operating procedure (SOP) should describe the packaging operations step by step, including the controls to be performed at each step and the responsibilities of each person involved.

These operations should only be performed by authorised personnel, qualified by training and education.

Access to IMPs should be limited to authorised personnel, both before and after packaging. Storage conditions should conform to the provisions of the protocol (temperature, humidity, protection from light if and as appropriate).

All operations performed, including the controls, should be documented in detail step by step at the time each action is taken. The persons performing each task should be clearly identified (operators and controllers). All precautions taken to avoid mix-ups should be documented in the batch records. Batch records should include at least the following information:

• line clearance before the start of the packaging operations, and between the packaging of different products;
• date and time the packaging operation is started and completed, for each product;
• identity of the product packaged, including the batch number, expiry date and a physical description of the product;
• type of container used for packaging, including the closing/stopping material;
• numbers of the subjects for whom the product is prepared, or precise reference to the randomisation list followed (reference number, seed used to generate the list). In such a case a copy of the randomisation list, which should be dated and signed when edited, should be attached to the batch record;
• number of IMP units dispensed per container;
• if the IMP was provided to the CRO packaged under blister strip, whether the IMP was removed from the blister or whether the blister was cut and the IMP dispensed while still in a piece of blister strip;
• in the case of a liquid formulation, how the product was reconstituted if applicable, material used to measure the volume dispensed/packaged into each container; and expiry date of the finished product if applicable.
• number of IMP units, containers and labels introduced in the working area, used and remaining (reconciliation);
• mention of any special problem or unusual events, and signed authorisation for any deviation from the instructions;
• release of the packaged products after all checks and controls are completed (authorisation to use the products for the trial after all necessary verifications have been performed and the necessary documentation has been completed).

Copies of the labels, showing they have been checked against the randomisation list and approved, should be appended to the batch records.

All controls performed, and the identity of the person(s) performing each control, should be documented with the signature of the individual in charge.

As the test and reference product are to be packaged separately the use of separate batch records per product is strongly encouraged. If IMP are to be packaged/dispensed during separate operations for each trial period, separate batch records should be kept for each period.

Labelling shall be such as to ensure protection of the subject and traceability, to enable identification of the product and trial, and to facilitate proper use of IMP.

Labelling of the containers should conform with the local regulatory requirements. The labelling on each container should comprise the necessary information as required by §26-33 of the GMP Annex 13, for trials conducted under Directive 2001/20/EC, or Annex VI of the Regulation (EU) No 536/2014 (Clinical Trials Regulation [CTR]), for trials conducted under the CTR.

The note for guidance on the investigation of bioavailability and bioequivalence (CPMP/EWP/QWP/1401/98) does not require bioavailability and bioequivalence trials to be conducted blinded.
 

The use the words "dispensation" or "dispensing" to refer to the provision of a prepared dose of an identified medication to the subject is not recommended in order to avoid possible misunderstandings and confusion. This operation is more properly defined as administration. Administration includes directly introducing the medication into or onto the individual's body.

The process for IMP administration to the subjects should be described in an SOP.

The documentation generated at the time of IMP administration to the subjects should indicate unequivocally the identity of the product administered to each subject, except in the case of a blinded trial. Several possibilities exist to document this administration adequately:

• use of a tear-off label, to be stuck on the case report form (CRF) at the time of IMP administration. This ensures confidence that each subject indeed received the IMP that was packaged for him. An appropriate documentation of the packaging operations is of the utmost importance;
• documentation of the identity of the IMP directly in the CRF at the time of IMP administration. If this information is read directly from the label on the IMP container an appropriate documentation of the packaging operations is of the utmost importance. If there is a physical difference between the test and the reference product (e.g. difference in pharmaceutical formulation, colour, shape, markings) it is recommended to record this physical characteristic in the CRF at the time of administration. The subject might be asked to sign a statement with a description of the IMP he is given, in a language understandable to him. If the documentation on the packaging is insufficient this physical characteristic should be used to check the identity of the product administered against the randomisation list. This check should be documented at the time of administration.

The number of IMP units administered to each subject should be documented at the time of administration.

Compliance with the requirements of the protocol regarding the conditions of administration should be documented: volume of water taken with the IMP, administration in the fed or fasted state, posture etc.

Adherence to the protocol is a fundamental part of the conduct of a clinical study. Any significant change to the protocol should be submitted as an amendment/ modification to the competent regulatory authority and ethics committee. Significant changes to the protocol include any change in inclusion and exclusion criteria, addition or deletion of tests, dosing, duration of treatment etc. (see the definition of a substantial amendment in the 'detailed guidance for the request for  of a clinical trial on a medicinal product for human use to the competent authorities, notification of substantial amendments and declaration of the end of the trial' published by the European Commission in chapter I, volume 10 of the rules governing medicinal products in the European Community; and definition of a substantial modification in the Regulation (EU) No 536/2014, Article 2, sub-section 2, point (13)). Deviations from the inclusion/exclusion criteria of the protocol might erode the scientific and ethical value of the protocol and its authorisation and might have an impact on the processes put in place for the care and safety of the study subjects.

Sponsors and investigators should not use systems of prospectively approving protocol deviations, in order to effectively widen the scope of a protocol. Protocol design should be appropriate to the populations required and if the protocol design is defective, the protocol should be amended.GCP does permit deviations from the protocol when necessary to eliminate immediate hazards to the subjects but this should not normally arise in the context of inclusion/exclusion criteria, since the subject is not yet fully included in the trial at that point in the process.

GCP inspectors have observed a number of sponsors implementing systems where the investigator can contact the sponsor, usually the Medical Monitor, and request a prospective approval to deviate from the inclusion and/or exclusion criteria. The use of such systematic waiver systems in clinical trials is not considered to be appropriate and studies using such a system might be regarded as non-compliant with GCP.

Niche subcontractors are used increasingly for carrying out specific tasks of the sponsor, such as monitoring, data management, Interactive voice response systems (IVRS), management of electronic patient diaries or CRFs etc. In addition there are contractors who undertake tasks that are partly or wholly related to the responsibilities of the investigator, even though the contractor may have their main contract with, and be paid by, the sponsor (such tasks may include specialised testing, source data retention (especially in the context of e-CRF or e-patient diary) or patient recruitment or follow-up contacts).

This fragmented distribution of tasks could put additional strain on the maintenance of quality assurance and compliance and obscure the clear responsibility and reporting lines for these tasks.

Great care is therefore needed in ensuring that the distribution of tasks is clearly documented and agreed, that each party has the control and access to data and information that their legal responsibilities require and that the ethics committees and regulatory authorities approving trials have been properly informed of these activities as part of the clinical trial application process.

The legal framework:

The responsibility for the conduct of clinical trials is assigned, by Directive 2001/20/EC¹ and Regulation (EU) No 536/2014² (Clinical Trials Regulation [CTR]), and by the note for guidance on GCP (CPMP/ICH/135/95³), to two entities – the sponsor and the investigator. The roles of the sponsor, investigator, contract research organisation (CRO) and, monitor, are further defined and described in Directive 2005/28/EC⁴ and in the glossary and chapters 4 and 5 of the note for guidance on GCP (CPMP/ICH/135/95). The definitions of sponsor and investigator are also provided in Article 2 of the CTR. A number of the tasks involve access to, review, collection and/or analysis of data, much of it personal data, and in specific cases contact with study subjects or potential study subjects. Data protection legislation needs to be followed, in addition to the clinical trial legislation and guidance. Regulation (EU) 2016/679⁵ sets out requirements for the protection of individuals with regard to the processing of personal data and on the free movement of such data. The specific requirements foreseen by local legislation, setting out the provisions for personal data protection, ethical review and informed consent, should be followed.

Contracts and agreements

All the clinical trial related tasks are ultimately the responsibility of either the sponsor or the investigator. Great care should be taken that the relative distribution of tasks to the different parties is well defined, making clear the ultimate responsibilities in the context of each clinical trial. This should be carefully documented, in the protocol, procedures, contracts or agreements and other documents.

The specifics of each particular clinical trial need to be taken into account when planning the trials, during their conduct and monitoring and by audits or inspections.

This is particularly important where entering into novel arrangements that may arise, for instance in the case of site management organisations (SMOs) or other organisations conducting tasks that relate to the responsibilities of the investigator but where the organisation has its contract and funding with the sponsor. These tasks can often involve contact with the study subjects.

The sponsor/CRO should determine the extent of monitoring of each party, within the context of GCP, under particular circumstances. This should be justifiable, and ensure GCP compliance, in the context of the clinical site organisation and the nature of the product and protocol being studied.

Contact with patients

Where direct contact with study subjects or their carers/guardians is involved, the privacy and confidentiality of those involved and of any information maintained or collected needs to be respected in compliance with the GCP and clinical trial requirements and with the personal data protection legislation. Such contacts need to be considered in advance by the ethics committees concerned and be given a positive opinion, either as part of the study specific opinion from the ethics committee or a more general opinion in the context of subject screening procedures, which are not study specific.

Personal details such as identity or contact information should not be communicated outside of the parties who have received the ethics committee approval and should not be used or communicated for purposes other than those agreed by the ethics committee and consented to by the study subjects, and where applicable, their carers or others who may be contacted and whose details might be retained.

¹Directive 2001/20/EC of the European Parliament and of the Council of 4 April 2001 on the approximation of the laws, regulations and administrative provisions of the Member States relating to the implementation of good clinical practice in the conduct of clinical trials on medicinal products for human use (Official Journal L 121, 1/5/2001 p. 0034 - 0044).

²Regulation (EU) No 536/2014 of the European Parliament and of the Council of 16 April 2014 on clinical trials on medicinal products for human use, and repealing Directive 2001/20/EC

³CPMP/ICH/135/95 note for guidance on GCP

⁴Commission Directive 2005/28/EC of 8 April 2005 laying down principles and detailed guidelines for good clinical practice as regards investigational medicinal products for human use, as well as the requirements for authorisation of the manufacturing or importation of such products (Official Journal L 91, 9/4/2005 p. 13 - 19).

⁵ Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Introduction

Source data is defined in International Conference on Harmonisation of Technical Requirements for Registration of Pharmaceuticals for Human Use (ICH) GCP (1.51) as all information in original records and certified copies of original records of clinical findings, observations, or other activities in a clinical trial necessary for the reconstruction and evaluation of the trial. Source data should be accurate, legible, contemporaneous, original, attributable, complete and consistent.

Source data is documented in source documents which may be both electronic and on paper. The following list gives examples of source documents where source data may be located:

• medical records
• laboratory reports
• subject diaries
• nurses' notes
• dispensing logs
• electrocardiogram (ECG) print-outs
• case report forms (CRF)
• X-ray images
• radiological reports, etc.

Purpose of identifying source data location

Verification of source data is a considerable part of the work of monitors, auditors and inspectors.

During GCP inspections, it is frequently seen that data are recorded in multiple locations at a site.

It is therefore essential to the possibility of reconstructing the clinical trial that it is clear, where the original record is documented. The identification list of where source data is documented is primarily intended as a tool for monitors, auditors and inspectors in their work of verifying that the trial is performed in keeping with the ICH GCP guidelines, current legislation and guidelines as well as the trial protocol.

Requirements for source data

According to ICH GCP (6.4.9) and to the Regulation (EU) No 536/2014 (Clinical Trials Regulation [CTR]), Annex I, section D, point 17 (r), the protocol should identify any data to be recorded directly into the CRFs that are considered to be source data.
According to the reflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical trials, a detailed diagram and description of the transmission of electronic data should be provided in the protocol. The source data and their respective capture methods should be clearly defined prior to subject recruitment (i.e. in the protocol or in a trial specific source data agreement). The sponsor should describe which data will be transferred, the origin and destination of the data, the parties with access to the transferred data, the timing of the transfer and any actions that may be triggered by real-time review of those data.

The list of source data must be sufficiently detailed

In order to facilitate location of data, the list of source data should be sufficiently detailed. It is often not enough to write 'medical record', as the medical record is often a collective name covering different document types and locations. This may make it necessary to write: 'patient record – dispensing and administration chart', 'medical record – continuation', 'medical record – nurses notes', etc.

It is frequently seen during GCP inspections that the CRF is designed to only include an overall statement regarding a subject's eligibility in the trial. The text in the CRF could for instance say: 'Did the subject satisfy all study entry criteria?'. The statement is typically intended to be answered with 'yes' or 'no'.

The expectation of the GCP Inspectors' Working Group is that adherence to all individual inclusion and exclusion criteria are documented in the source data. Adherence to the criteria of the protocol can originate from different sources like blood samples, physical examination, medical history, information from the subject etc. When designing the protocol and the related CRF, the sponsor should carefully consider where each source data originate from, with reference to a specific visit. This is important since some data originate from screening visits, others from the randomisation visit and some data could be historical.

It should be agreed with the investigator of a site how adherence to the individual criteria is documented.

It is the expectation that a qualified physician who is an investigator or a sub-investigator for the trial has assessed each individual eligibility criteria and has taken the final decision to include the subject in the trial (ICH GCP 4.3.1). This decision should be documented prior to the subject receiving the first dose of the IMP.

GCP inspections have revealed a substantial amount of cases where the overall eligibility statement in the CRF confirms subject eligibility but where source data shows that the subject did not fulfil all eligibility criteria. In addition, it has often not been documented that an investigator/sub-investigator has reviewed all criteria prior to inclusion. It therefore seems that a system with an overall statement in the CRF regarding a subject's eligibility in itself does not ensure the safety of the subjects, the quality of the data and sponsor oversight.

In addition, see related Q&A regarding how and where source data should be defined.

Response:

The requirement for investigators to keep a copy of the CRF has been in existence for 20 years. (See for example ICH GCP 8.3.14). It is the expectation of the EU GCP IWG that the copy held by the investigator is a contemporaneous and independent copy of the CRF, i.e. that it is not held or has been held by the sponsor. This requirement is valid irrespective of the media used; however, the introduction of electronic CRFs in clinical trials presents an additional challenge in achieving this requirement - especially if data are being submitted directly via a web based application. This issue has been identified by EU GCP inspectors and discussed in the reflection paper EMA/INS/GCP/454280/2010 (see section 6.2 Specific Requirements Topic 3: control).

Recent inspections have revealed a need to clarify this point.

Requirement 10 of the above reflection paper states the following: "The sponsor should not have exclusive control of a source document. (Requirement 10, ICH GCP 8.3.13)"

The 12 requirements in the reflection paper originate from the CDISC standard and are therefore quoted directly in the reflection paper. However, although the CDISC requirements specifically relate to source data, the requirements is considered by the EU inspectors to be also applicable to transcribed data - as stated in the reflection paper section 6.2. Therefore, the requirement of a contemporaneous and independent copy of the CRF is valid irrespective of whether the CRF contains source data or only transcribed data. The EU GCP inspectors do not consider the requirement above to be met if data are captured in an electronic system and the data are stored on a central server under the sole control of the sponsor. This is because the investigator does not hold a contemporaneous and independent copy of the data.

The EU GCP inspectors do not have a preference for any specific solution e.g. a third party vendor, printed data prior to transferring to the database or saving a contemporaneous copy at the investigator's local computer hard drive; the essential point is that choosing an electronic solution should not jeopardise the credibility of data and should not result in lower quality as compared to a paper CRF. It is the responsibility of the sponsor and the investigator to institute a process by which a contemporaneous and independent copy of the CRF is available at the investigator site.

Can the sponsor require that the investigator contacts sponsor staff before unblinding?

According to international guidelines, the treating physician (investigator) is responsible for the medical care of the individual trial subject (Declaration of Helsinki 3§ and ICH GCP 4.3). The coding system in blinded trials should include a mechanism that permits rapid unblinding (ICH GCP 5.13.4). If the blinding is prematurely broken, it is the responsibility of the investigator to promptly document and explain any unblinding to the sponsor (ICH GCP 4.7).

The medical care of the trial subjects includes medical decisions such as whether to start or stop treatment or institute alternative treatment if required. In emergency situations the treating physician, often an investigator, may need to break the treatment code immediately, or as quickly as possible if he/she finds it is in the best interest of the trial subject. Consequently, in order to do so, the investigator must have unrestricted and immediate access to break the treatment code.

Some sponsors have recently introduced a code breaking system that requires the investigator to contact a sponsor representative and only after discussion with the representative, the investigator receives information that unblinds the treatment. Some sponsors have even added a requirement that the investigator submits a written form after the phone call before receiving the information that unblinds the treatment.

It is the opinion of the EMA GCP Inspectors Working Group (GCP IWG) and the Clinical Trial Facilitation Group (CTFG) that the responsibility to break the treatment code in emergency situations resides solely with the investigator. Consequently the sponsor can't require or insist on being involved in the decision to unblind, stall or delay in any way the unblinding of trial subject treatment in emergency situations. The groups also strongly recommend that any sponsor who has introduced or is applying such a system should immediately revise it in order to be compliant with international guidelines.

Breaking the treatment code is usually conducted via code envelopes or electronic systems such as telephone or web based systems such as IVRS and IWRS. When using these kinds of systems the investigator must have direct access in order to break the blind without the interference of the sponsor in any way. In support of electronic systems, a backup system enabling unblinding of treatment must be provided. The CTFG and the GCP IWG acknowledge that such backup systems are operated by the sponsor in a manual way and that the investigator or other treating physician can contact the sponsor staff to unblind the treatment. Still, the sponsor is not entitled to stall or reject unblinding.

Code breaking instructions should be specified clearly in the clinical trial protocol.

In connection with centralised applications, the Committee for Medicinal Products for Human Use (CHMP) often requests a good clinical practice (GCP) inspection of one or more sites to be performed. Prior to such GCP inspections, the European Medicines Agency (EMA) sends an announcement letter to the applicant in which – among others – a list of documents to be provided to the inspection team is presented. The data are used by inspectors for review in order to select patients and data to inspect. Among the requested documents are the individual patient data listings for the patients recruited at the sites to be inspected. Based on past experience, this request for data listings poses a significant number of problems and subsequently costs a lot of time for companies and inspectors, quite often resulting in listings of suboptimal quality.

The aim of this Q&A is to standardise and clarify the format of the data listings to be provided.

It is important to emphasise that the following guidance is the expected standard for most inspections; however, for some trials different, specific requests may be warranted. Consequently, no data should be provided until contact has been established with the reporting inspector and the requirements for data listings have been discussed.

In general, the following is expected:

1. All data for the selected sites (and if requested for all sites in the trial) should be provided to the inspectors. That includes all case report form (CRF) data and in addition data which are not necessarily part of the CRF such as data provided to the sponsor by vendors (laboratory data, data from central evaluation of electrocardiograms (ECGs), imaging etc.), data from electronic patient-reported outcomes (ePROs) etc.
2. Data should be provided as Excel spreadsheet line listings following the proposed formats and naming detailed below.
3. All listings must have raw CRF data and any data derived or imputed from it that forms part of the data analysis.
4. Both the CRF data set and the data set used for analysis, for instance as Excel exports from statistical analysis system (SAS), should be provided. They should be provided as exported to Excel document. Any process from raw data to analysed data should be explained if not explained in the statistical analysis plan.
5. Paper copies should not be provided unless specifically requested by the inspection team.
6. There should be a statement from the sponsor to confirm that the data provided is exactly the same as that submitted in the clinical study reports (CSRs) in the application (this will be checked at the inspection).

Specification of formats and names:

1. Naming of all files and Excel spreadsheets should be meaningful and self evident. Columns/name of variable in Excel worksheets could be called adverse event (AE), concomitant medications (CM), vital signs (VS) preferably in accordance with clinical data interchange standards consortium (CDISC) terms. Alternatively a 'translation' document should be provided to explain abbreviations.
2. Data should be presented formatted, for example category values 1 and 2 as “yes” and “no” etc. If this isn't done then the format assignment to the data code must be provided.
3. The data listings in Excel should ideally be consistent with the layout in the Clinical Study Report CSR, such that cross referencing the data is straight forward.
4. Data types and field types should be appropriate for the specific data, for instance numerical data should always be numeric type and not character type, formats can be applied to the numeric data (e.g. dates). This is to allow the inspectors to do their own calculations.
5. A copy in PDF format of the CSR listings per patient, for just the particular investigator site to be inspected should generally also be provided. The inspection team may also request to have paper copies brought to the investigator site for source data verification (SDV) purposes. The electronic data should not be an image, such that it is not possible to search, for example by date. There should be a statement from the sponsor to confirm that the data provided as copies in PDF format is exactly the same as that submitted in the CSR(s) in the application (this will be checked at the inspection).
6. The data provided in PDF format and Excel worksheets should be set up for printing (e.g. print areas defined and suitable page arrangements set).

Report format of the patient data listings

Unless otherwise agreed with the inspection team, the data should be collected in the groups defined below – each to be presented in a different Excel spreadsheet. The columns ”study site ID”, ”subject ID” and ”treatment group” and where applicable “visit ID” and/or ”visit Date” should be in all spreadsheets. Some data listings may – depending on the trial - belong to different groups, for instance ”vital signs/physical exam” usually belongs in the safety data group; however, in a hypertension trial it is likely to be an efficacy parameter. If in doubt, please ask the lead inspector:

1. Study populations & conduct data – recruitment dates, analysis populations, protocol/GCP non-compliance (deviations/violations), withdrawals/completed and reasons for withdrawing/not completing/not being randomised and outcome.
2. Subjects' data – demographic/covariate data (birth date, age, gender, ethnicity, race), medical history (general and related to trial objectives, e.g. tumour details, disease history/measurements), eligibility (inclusion/exclusion), consent date(s).
3. Treatment data – stratification group, randomisation, treatment given (including kit number and batch number), dosing dates, dose, dose adjustments, data concerned with compliance with treatment, non-medicinal co-treatments as part of trial protocol (e.g. radiotherapy).
4. Specific efficacy – raw data, repeated assessments related to efficacy, imputed values presented such that their determination from raw data can be seen (changes in parameters compared to baseline, categorisation of data to form new endpoint, clarity on last observation carried forward (LOCF) when used).
5. Safety data – adverse event (AE)/ serious adverse event (SAE) – data from CRF log and also from SAE forms, repeated assessments related to safety, side effects captured in CRF (not AEs) with severity grading etc. Both data entered by site and coded data should be listed.
6. Laboratory type data – sample/scan/measurement date/time (nominal and actual from CRF)/settings and other necessary details , report data time, result (from laboratories), investigator review.
7. Concomitant medication data - both data entered by site and coded data should be listed.
8. Subject questionnaire data (if not part of efficacy) (e.g. quality of life (QoL)).

Sponsors contract out an increasing number of tasks in clinical trials. According to Art 7(1) of Directive 2005/28/EC and Art 71 of the Clinical Trials Regulation (EU 536/2014), any sponsor may delegate any of his trial-related tasks/functions to an individual, company, institution or organization.  Nevertheless, where tasks/functions are delegated to third-party, the sponsor remains ultimately responsible for ensuring that the conduct of the trials and the final data generated by those trials comply with the requirements of Regulation (EU) 536/2014 as well as with those of Directive 2001/83/EC in the case of a marketing authorization application. This applies in particular to the safety of the subjects and the reliability and robustness of the data generated in the clinical trial.

Any trial-related tasks/functions that are delegated to a third party should be specified in a written contract and made clear between the sponsor, third party and when relevant, with the investigator (e.g. responsibilities regarding safety reporting, see Q&A 5.4 in Q&A for Clinical Trials regulation).

Sponsors typically lack sufficient internal knowledge or resources to develop and/or manage the electronic systems used in clinical trials, such as systems used for randomisation and investigational medicinal product (IMP) distribution management/accountability (Interactive Response Technology (IRT)) and/or clinical trial data capture (eCRF and ePRO systems). Therefore, very often, sponsors delegate related tasks to third parties. In these cases, sponsors remain responsible to conduct the trial in compliance with the protocol and with principles of good clinical practice (Clinical Trials Regulation Art 47, ICH E6(R2) section 5.2.1).

During good clinical practice (GCP) inspections of commercial as well as academic trials, an increasing amount of deviations from GCP standards have been identified by the inspectors in view of sub-standard contractual arrangements and related procedures. The aim of this Q&A therefore is to highlight aspects with increased frequency of deviations during GCP inspections, which therefore should be prevented by improved contracts between sponsor and vendors of IT systems.

Special consideration should be given on relevant training and quality systems. Experience suggests that vendors accepting tasks regarding electronic systems are frequently knowledgeable about IT systems and sometimes data protection legislation, but not necessarily on ICH E6(R2) requirements, quality systems, etc. This Q&A should be read together with Q&A #2, which contains more general considerations on how contracting should be addressed, and with the Notice to sponsors regarding computerised systems, published on the EMA website in the GCP Q&As section. The examples of deviations are described as bullet points under the following headings: status of contracts, distribution of delegated tasks, standards to be followed, audits and inspections, serious breaches, compliance with the protocol, output and exemptions.

Status of contracts

The following contract-related issues have been identified by GCP inspectors in the context of clinical trial inspections:

Missing contracts or only draft contracts in place.

• Contracts that were not in place at the time when the delegated tasks were initiated.
• Contracts that were not maintained/updated.
• Contracts that were expired and had not been renewed as appropriate.

Distribution of tasks

Due diligence should be exercised from the sponsor to ensure that the distribution of tasks is clearly documented and agreed by the vendor, and that each party has the control and access to the data and information that their legal responsibilities require.

GCP inspectors have observed a lack of clarity with regards to:

• which tasks were defined in the contract (tasks are sometimes partially described or not described at all);
• which party is responsible for carrying out certain task(s) regarding generating, maintaining and archiving the relevant sections of the Trial Master File (TMF): emails, meeting minutes, system documentation such as trial-specific validation documents including documentation for user acceptance testing, specific codings, SOPs, etc.); Inspectors have seen incomplete documentation provided to the sponsor or documents that have been lost due to a lack of clarity concerning the duty of document retention;
• details concerning the retention and sponsor access to non-trial-specific documentation; for example, software/system validation documents, vendor SOPs, training records, issues log/resolutions in helpdesk/IT ticket system, etc.;
• investigator’s control of their data and ownership of the data;
• location of data storage and control of this, for example use of cloud solutions;
• addressing potential system “down-time” and the preparation of contingency plans.
• The possibility of sub-contracting by the vendor is not always defined, including how the sponsor maintains oversight of contracted activities.
• The clinical trial applications are frequently incomplete regarding information on contracting out electronic data capture and/or randomisation.

Standards to be followed

The following issues have been observed by GCP inspectors regarding certain standards to be adhered to by the vendor.

• It is unclear/not mentioned according to which standard the vendor will conduct its delegated sponsors’ tasks, e.g. current legislation, ICH E6(R2), etc.
• Some vendors are more focused on data protection legislation than ICH E6(R2), which is reflected in standard contracts.

When the vendor fails to formally agree to comply with the applicable national and EU legislation related to the conduct of clinical trials, as well as with ICH E6(R2) requirements, the sponsor should consider whether the use of the vendor is appropriate for the clinical trial.

Audits and inspections

It is sometimes not stated that the sponsor should have access to conduct audits at the vendor site and that the vendor site could be subject to inspections (by national and international authorities) and shall accept these. In addition, it needs to be specified that vendors shall provide necessary documentation (e.g. qualification documentation prepared by the vendor in relation to the system) when requested during a GCP audit/inspection process.

Serious breaches

Reporting of “serious breaches” of GCP/Trial Protocol is a legal requirement in certain Member States for clinical trials conducted under Directive 2001/20/EC, and is a legal requirement in all Member States for clinical trials conducted under the Regulation (EU) No 536/2014 (Clinical Trials Regulation [CTR]) as provided for by Article 52 of the CTR. The EU portal (Clinical Trials Information System [CTIS]) has been set up to handle the notification of serious breaches in accordance with the CTR.

It is frequently not specified in the contract that the vendor should report potential serious breaches to the sponsor (for assessment and onward reporting) and reporting timescales for such reports are missing.

Compliance with the protocol

The protocol is part of specification for IRT/eCRF builds and therefore should be consistent with the protocol approved by the regulatory authority and given a favourable opinion by the independent ethics committee. Some contracts reviewed had inconsistencies between the protocol and the wording of the contract.   Examples have also been seen where contracts referred to the version of the protocol applicable when the contract was signed, however there was no contractual requirement to cover the vendor obtaining any subsequent changes.  There is a risk that the vendor could implement changes to the electronic system based on protocol amendments sent by the sponsor that have not been approved by the CA and REC.  The contract or the vendor procedures should address how this would be prevented.

Output

In terms of output generated from the clinical trial, the following observations have been made by GCP inspectors:

• Information is often missing about agreed output during and after the trial. Output that in some cases has not been provided to the sponsor includes: metadata, specific types of queries, audit trails on CRF data, history and status of changes to users and their access rights, description of format for delivery of the complete database to sponsors, delivery to investigators, TMF delivery, etc. On several occasions it has been seen during inspections that pdf flat files have been delivered (e.g. the audit trails), which did not facilitate the production of a dataset that could be needed in an inspection.
• Arrangements about decommissioning of the database are not always clear, including the possibility to restore the database to its full functionality for instance for inspection purposes. This has resulted in a difference in how the system can be inspected if it occurred during the live phase of the trial compared to when the trial ended (for example, obtain access to the audit trial and exports of it as datasets).
• Arrangements to ensure an independent investigator copy of the data and to revoke investigator access to data were frequently not described.

Exemptions

It is important to be aware of any exemptions in the contract regarding specific functionalities of the data collection system.

For example, contracts stating, that a data collection system cannot be used in the handling of e.g. serious adverse events, although the same system was actually used for exactly that purpose (i.e. automatically generating emails to safety departments, etc.) have also been noted by the GCP inspectors.

Amendment - April 2020

Qualification and validation particulars

On the basis of recent GCP inspection findings, inspectors would like to reiterate that sponsors should contractually ensure:

• That all tasks relating to a clinical trial and/or tasks relating to the qualification and validation of a system are clearly described, including which party holds documentation for which activities.
• That sponsor pre-qualification audits or other on-site pre-qualification activities and later audits of the IT vendor can take place. It should also be ensured that these audits and/or other on-site pre-qualification activities are performed with a sufficient amount of time and that sufficiently in-depth review of the vendor qualification documentation is performed in order to establish the qualification and validation status of a system.
• That GCP inspections can take place at the vendor in case the vendor is performing services for the sponsor, when the sponsor has relied fully or partly on the vendor to perform the qualification activities and when it was established during the inspection of the sponsor that part of the documentation can only be verified by inspection of the vendor.
• That any qualification documentation prepared by the vendor in relation to the system should be available for inspection.
• That the sponsor has access to the vendor’s system requirement specifications, if the sponsor chose to perform all qualification activities themselves and/or if the vendor does not agree to undertake qualification activities for the sponsor. In case the sponsor retains the full duty/function for the qualification and validation of the software, the sponsor should possess all the necessary information and documentation upfront to be able to carry out this task.
• That the vendor should escalate any potential serious breaches to the sponsor in a timely manner, including security breaches that they become aware of (e.g. by notification from other sponsors using the same system), if they could have any impact on the data integrity, reliability and robustness and on the safety and rights of the trial subjects.

Reference document

• Notice to sponsors on validation and qualification of computerised systems used in clinical trials

This Q&A should be read in conjunction with the ' Reflection paper on expectations for electronic source data and data transcribed to electronic data collection tools in clinical trials ' - EMA/INS/GCP/454280/2010 and any further updates of this guidance. The Q&A aims to address the situation in which a sponsor is using a system (as intended) from a vendor, including the built-in possibilities for configuration. Further useful guidance can be found also in the notice to sponsors regarding computerised systems, published on the EMA website in the GCP Q&As section.

The system in question may be a system validated by the supplier, but installed at the sponsor, or a system provided as software-as-a-service (SaaS or cloud solution).

Different requirements will apply in cases when the sponsor is changing/adding functionalities to the system.

Today, in clinical trial settings, the use of electronic systems, e.g. for data collection, data management, safety data collection and evaluation, treatment allocation and trial management has proved to be more the standard than the exception. A considerable number of electronic Case Report Forms and applications for e.g. collecting Patient Related Outcomes or Clinical Outcome Assessments are provided by, or purchased from, vendors and are customized to varying degrees. GCP inspectors receive an increasing amount of questions from sponsors and deviations are given during GCP inspections regarding the level of validation/qualification needed to be performed by a sponsor when using a system that has already been (or is supposed to have been) validated by the supplier.

According to ICH E6(R2), sections 5.2.1 and 5.5.3.a, respectively, “the ultimate responsibility for the quality and integrity of the trial data always resides with the sponsor” and “the sponsor should ensure and document that the electronic data processing system(s) conforms to the sponsors established requirements for completeness, accuracy, reliability, and consistent intended performance (i.e. validation).”

According to ICH E6(R2), section 1.65., validation of computerised systems is “a process of establishing and documenting that the specified requirements of a computerised system can be consistently fulfilled from design until decommissioning of the system or transition to a new system.”

Furthermore, it is specified that the approach to validation should be based on a risk assessment that takes into consideration the intended use of the system and the potential of the system to affect human subject protection and reliability of trial results. This risk-based approach should be informed by the following guidance given. The risk assessment should be justified by the sponsor and documented.

The sponsor is ultimately responsible for the validation of the clinical trial processes, which is supported by electronic systems and for providing sufficiently documented evidence to GCP inspectors on the validation process and the qualification of the electronic systems. The sponsor may rely on qualification documentation provided by the vendor if the qualification activities performed by the vendor have been assessed as adequate. However, the sponsor may also have to perform additional qualification/validation activities based on a documented risk assessment.

The conditions for a sponsor to use the vendor’s qualification documentation include, but are not limited to, the following:

• the sponsor has a thorough knowledge about the vendor’s quality system and qualification activities, which will usually be obtained through an in-depth assessment/audit;
• an assessment/audit has been performed by qualified staff, with sufficient time spent on the activities and with cooperation from the vendor;
• an assessment/audit has gone sufficiently deep into the activities and that a suitable number of examples for relevant activities have been looked at (and documented);
• the assessment/audit report determined the vendor’s qualification documentation to be satisfactory or that shortcomings can be mitigated by the sponsor- e.g. that the sponsor is performing part of the qualification;
• the sponsor, or when applicable the clinical research organization (CRO) performing these activities for the sponsor, has detailed knowledge about the qualification documentation and can navigate in it and explain the activities as if they had performed the activities themselves;
• when required during a GCP inspection, the qualification documentation is made available to the inspectors in a timely manner irrespective of whether it is provided by the sponsor, CRO or the vendor.
• both the sponsor and the vendor establish full configuration management for qualification and production environments as well as establish that the sponsor can fully account for any differences between the vendor’s validation environment and the sponsor’s production environment; subsequently, the sponsor should justify any differences that are considered insignificant. If not, the qualification effort potentially does not justify the use of the system.
• the sponsor performed an Installation Qualification (IQ)/Performance Qualification (PQ) of a system that depends on trained users.

Sponsors and vendors should be aware that if the electronic systems are used for generating/handling relevant clinical trial data or to maintain control and oversight of clinical trial processes,  documentation regarding the qualification process and any other relevant  documentation on the electronic system maintained at the sponsor level, as well as on the vendor level, and it is the sponsor’s responsibility to ensure that these documents are available for inspections by Member States GCP inspectors.

Documentation regarding the validation of processes and qualification of systems is considered essential by GCP inspectors and it is likely to be requested during inspections. This is irrespective of whether the sponsor has contracted out activities related to electronic systems and whether the sponsor choses to consider as an audit the above-mentioned assessment of vendor systems/processes/documentation. GCP inspectors do not consider the documentation/report of these activities as an audit report that falls under ICH E6(R2), section 5.19.3d.

Amendment - April 2020

What should a sponsor do if the sponsor intends to submit an MAA without being able to provide documentation of qualification activities for clinical trial computerised data collection tools/software and access for inspectors is not ensured contractually?

In case a sponsor has relied fully or partly on vendor qualification efforts and documentation for any system function, the sponsor should make sure that such documentation is readily available for inspection if requested. Failure to provide access to the documentation is likely to result in critical findings that will impact the acceptability of the clinical trial data.

A sponsor should amend any contract with vendors to ensure availability of qualification documentation. If a vendor is not willing to amend the contract, the sponsor is responsible to demonstrate that the system concerned is in a validated and qualified state. In case a sponsor cannot rely on a vendor to provide documentation, the sponsor has to requalify the system on the basis of their own and of the vendor’s system requirement specifications. In case the trial is ongoing, this should be done without delay; if the trial is completed, this should be undertaken prior to the submission of the MAA. A documented risk assessment is required to assess integrity risks to data captured and held by a computer system that was not in a confirmed qualified/validated state following the retrospective qualification/validation activity. Depending on the outcome of the requalification, the sponsor may need to change to a new vendor/system. The required migration of previously captured clinical trial data should be validated. Findings that are the responsibility of the sponsor are still likely to be issued for the lack of documentation and inadequate vendor assessment prior to trial initiation.

Rererence document

• Notice to sponsors on validation and qualification of computerised systems used in clinical trials

The question is often raised on whether it is acceptable to carry out some clinical trial procedures, for example, to dispense and/or administer the IMP (e.g. i.v. infusions) or perform blood samplings to the subjects, at their home reducing the burden of travelling to the clinical trial site.

The GCP-IWG is of the opinion that the ICH-GCP guideline and applicable EU laws do not prohibit such practice, but it should be clear who has the responsibility for all aspects of subject protection and data reliability and robustness and the procedures in place should ensure that the rights, safety, dignity and well-being of subjects are being protected and the data generated are credible and accurate. In addition, national legislation regulations (see also below) should be taken into account for aspect such as dispensing and/or administering of IMP or blood sampling. For example, the direct shipment of IMPs to the patient’s home is not allowed by national legislation in some of the EU Member States and where it is allowed, still considerations should be made in relation to the patient confidentiality and the process followed should be checked against national requirements before any shipments are made.

The GCP-IWG considers that performing any practice at the subjects’ facilities and not at the clinical trial site should be avoided as much as possible and applied only if in compliance with national legislation and when duly justified. Hence, the GCP-IWG agreed on the following points:

• The clinical condition of the patient and/or the disease treated should clearly justify that certain activities are conducted at subjects’ home with the scope of minimizing the discomfort for the patient (i.e. in case the subject/patient is obliged to stay in the bed, motor difficulties, procedures that could be hard for the subject to be performed by themselves or by their caregiver).

• The subjects should not be exposed to higher risks than those foreseen for the same procedure applied in a health care establishment. Therefore, a documented risk assessment is expected before the implementation of the procedure and the lack of availability of equipment and facilities (i.e. Emergency Department or Intensive Care Unit) should be carefully considered.

• The procedure should be clearly described in the clinical trial protocol and related informed consent form and approved by the Competent Authority and Ethics Committee.

• A contract/written agreement should be in place between the Institution/Hospital/Investigator and the single individual(s) or the organization which will provide the service/personnel (see Q&A about third parties contract).

• The personnel appointed for the procedure should be educated and qualified for the activities according to applicable national law and specifically trained.

• The personnel appointed for the procedure should be identified and their tasks should be documented on the contract/delegation log; the Principal Investigator remains ultimately responsible for the conduct of the trial.

• Tasks related to medical decisions (i.e. protocol specified medical procedures, AE/SAE assessment, changes in medication, etc.) should remain the responsibility of a qualified physician.

• Effective lines of communication between the Principal Investigator and the personnel who manage the patients at home should be established in advance and described in the clinical trial protocol (or related specific document) to guarantee that the PI is constantly kept informed; in this context there should be specific consideration in relation to the protection of patient safety.

• The activities conducted at subjects’ homes should be adequately documented; source documentation should be part of the investigators source documents and could be retained at the subjects’ home just for the time required by the procedure, providing that any source documentation will be transferred to the site according to trial management procedures.

Based on the trial design and setting, the sponsor may support the investigator by identifying or contracting service providers or personnel to be involved directly in the conduct of the clinical trial (e.g. providing additional resources to the clinical trial site or qualified personnel).

In the opinion of the GCP IWG it is possible to follow such an approach, provided it is compliant with the applicable EU laws and with the requirements of the ICH E6 guideline. Nevertheless, there are aspects that need to be carefully considered to ensure that the division of roles of the responsible parties is maintained. In this regard the Recommendation paper on Decentralized Elements in Clinical Trials is to be taken into consideration.

The investigator should retain the final decision on whether the service provider, intended to support the investigator, is appropriate. The investigator also retains the ultimate responsibility for any tasks involving trial-related medical decisions (e.g. participant eligibility and enrolment, protocol specified medical procedures, assessment of efficacy/safety, evaluation of test results, decision to dispense or make changes to the trial medication) and, the appropriate supervision of the persons or parties undertaking the activities delegated.

Any trial related procedure that is delegated to a service provider should be specified in a written agreement. Where the agreement is between the sponsor and the service provider and involves tasks under investigator responsibility, it should be clear in the agreement between the sponsor and the service provider as well as in the agreement between the sponsor and the investigator that the investigator maintains adequate control and oversight over the contracted tasks.

When contracting or delegating tasks to a service provider, a delineation should be maintained between tasks that are mutually exclusive or that lead to potential conflicts of interest (e.g. by delegating the quality control function to the same person who is performing the task in question or by having the same vendor performing tasks for both the investigator and the sponsor in cases where independence in the tasks are required).

Reference:

• Recommendation paper on decentralised elements in clinical trials

Sponsors and investigators/institutions should keep the TMF up to date and ensure that it is complete at the end of the trial. The TMF should be readily available and directly accessible, upon request, to the competent authorities of the Member States.

Prior to the inspection, the inspector will usually discuss with the sponsor and investigator/ institution the logistics of making the TMF available to the inspectors. A paper TMF (or eTMF stored on media archived elsewhere) or certified copies thereof (paper or electronic) created for and relevant to the inspection should be available for the inspection upon reasonable notice. Access to existing eTMFs (live and archived on servers) would be expected by inspectors to be given promptly (minimal / limited time only required to set up inspector access to the trials requested by the inspectors for the duration of the inspection procedure). The overall TMF index should be provided (in print-out) to inspectors to assist them in locating documents in the TMF.

Direct access to the TMF is required. In case of eTMFs, the inspectors should have read-only access to all documents in the eTMF, without any restriction. The inspectors should have access to the entire TMF, which means to the same TMF as used by the staff conducting the trial and be able to see all documents that are in the TMF. Direct access includes all the systems that comprise the TMF as defined by the sponsor; however, the nature of some of these systems, for example those containing data rather than documents and systems that contain centrally held documents (such as SOPs, training records and computer software validation), may require the direct access to be assisted by a representative of the sponsor familiar with the system. The inspectors may decide to request documentation (e.g. reprints, (electronic) copies, screenshots or photos) from the system. Organisations should be aware that GCP inspectors may have the right based on national regulations to seize original trial documentation (e.g. where there is a suspected criminal offence). GCP inspectors can always request copies or print outs and can retain some or all of these. The GCP inspectors’ expectation is that an eTMF system should at least adequately replicate the functionalities of a paper-based TMF system and provide for suitable document identification, search, prompt retrieval and marking for future reference/copying. The eTMF should enable review in an efficient manner and should not take longer to be undertaken than for a paper-based TMF and should enable straightforward navigation and opening of documents permitting searching and browsing (analogous to leafing through a paper-based file). Particular attention should be paid to the following aspects:

• a folder-display structure in addition to searchable metadata to enable easy identification of TMF sections;

• a self-evident naming convention that readily identifies what each folder/file/document is, so inspectors do not have to open numerous documents to locate those they need;
• the ability to open more than one document at a time to enable comparison;
• the ability to provide access to the same type of document across all studies/product and in case of a CRO being inspected, also across sponsors;
• the system should have a reliable and fast response time;
• access to the audit trail of the eTMF systems and the ability to obtain exports of the audit trail.

Any training required by the inspectors in order to use of the system, should be available, if the inspectors request training, and should be brief (taking no more than an hour).

The eTMF will need the use of suitable equipment, to be provided by the organisation, for the inspector to access/view the documents.

The investigators are responsible for data entered into eCRFs and other data collection tools under their supervision (electronic records). Those data should be reviewed and signed-off.

The signature of the PI or authorised member of the investigator’s staff is considered as the documented confirmation that the data entered in the eCRF and submitted to the sponsor are attributable, legible, original, accurate, and complete and contemporaneous (ICH-GCP 4.9.1). Any member of the staff authorised for sign-off (as per ICH GCP 8.3.14) should be qualified to do so in order to fulfil the purpose of the review as described below.

The acceptable timing and frequency for the sign-off needs to be defined and justified for each trial by the sponsor and should be determined by the sponsor on a risk-based manner. The sponsor should consider trial-specific risks and provide a rational for the risk-based approach. Points of consideration are types of data entered, non-routine data, importance of data, data for analysis, length of the trial and the decision made by the sponsor based on the entered data, including the timing of such decisions.

It is essential that data are confirmed prior to interim analysis and the final analysis and that important data related to e.g. reporting of SAEs, adjudication of important events and endpoint data, DSMB review, are signed off in a timely manner. In addition, a timely review and sign-off of data that are entered directly into the CRF as source is particularly important.

Therefore, it will rarely be sufficient to just implement one signature immediately prior to database lock. Signing of batches of workbooks is also not suited to ensure high data quality and undermines the purpose of timely and thorough data review.

For planned interim analysis, e.g. when filing a marketing authorisation application, all submitted data (e.g. eCRF pages) need to be signed off by the investigator or her/his designated and qualified representative before extracting data for analysis. The systems should be designed to support this functionality.

To facilitate timely data review and signing by the PI or her/his designated representative, the design of the EDC system should be laid out to support the signing of the data at the defined timepoints.

Furthermore, it is important that the PI reviews the data on an ongoing basis in order to detect shortcomings and deficiencies in the trial conduct at an early stage, which is the precondition to undertake appropriate corrective and preventive actions.

Appropriate PI oversight is required to ensure that incorrect data is being corrected in a timely manner and to implement necessary corrective and preventive actions at the investigator site.

Adequate oversight by the PI is a general requirement to ensure clinical trial participant safety and data quality and integrity. Oversight can be demonstrated via various means, one of them being review of reported data.

This question touches the scope of Good Clinical Practice (GCP) as well as the scope of Good Manufacturing Practice (GMP). The main aspects of the above question are, whether sponsor oversight, as defined in ICH GCP E6 (R2) also extends to the manufacturing area, i.e. a GMP area and whether the contract between the CRO and subcontractors should include (or implicitly permit) that a sponsor audit is possible not only at the CRO, but also at the subcontractor.

For clinical trials, sponsor oversight is required according to ICH GCP (R2), section 5.2.1:

(‘A sponsor may transfer any or all of the sponsor's trial-related duties and functions to a CRO, but the ultimate responsibility for the quality and integrity of the trial data always resides with the sponsor’). This oversight applies not only to duties and functions executed by sponsor staff, but also to duties and functions, which have been transferred to a CRO, or which were even further subcontracted by the CRO to another party; also see section 5.2.2 (addendum) (‘The sponsor should ensure oversight of any trial-related duties and functions carried out on its behalf, including trial-related duties and functions that are subcontracted to another party by the sponsor’s contracted CRO(s)’).

Furthermore, ICH GCP (R2) 5.13.1 and 2.12 stipulate that the sponsor ensures that the IMP is manufactured according to GMP and local regulations. The sponsor can only meet this requirement if he has the possibility to perform an audit at the manufacturing site.

Approaching this question from a GMP perspective, one comes to the same conclusion. According to Annex 13, the sponsor is responsible for the quality of the IMP and for implementation of an effective Quality Management System:

(‘Co-operation is required with trial sponsors who undertake the ultimate responsibility for all aspects of the clinical trial including the quality of investigational medicinal products. The increased complexity in manufacturing operations requires a highly effective quality system.’)

Similar requirements are outlined in the Detailed Commission guideline of 8 December 2017 on the good manufacturing practice for investigational medicinal products pursuant to the second paragraph of the Article 63(1) of Regulation (EU) No 536/2014 for trials conducted under the CTR:
(‘For manufacturers to be able to apply and comply with good manufacturing practice for investigational medicinal products, co-operation between manufacturers and sponsors of clinical trials is required. This co-operation should be described in a technical agreement between the sponsor and manufacturer, as referred to in recital 4 of Delegated Regulation (EU) No 2017/1569.’)

Moreover, GMP Volume 4, Chapter 7, section 7.17 explicitly states that audits at contractors and subcontractors should be made possible:

(‘The contract should permit the contract giver to audit outsourced activities performed by the contract acceptor or his mutually agreed subcontractors’).

In particular ‘For cause’ audits by the sponsor in relation to a complaint or a quality defect (e.g. quality, packaging, labelling, etc.) can be of great importance, if patient safety or well-being could be affected or even endangered by the issue/defect. Regarding the contracts, no matter which contractual constellation is planned or exists (contract: sponsor – CRO; CRO – subcontractor; sponsor – subcontractor), it is concluded from a GCP- and GMP- perspective that the contracts between the involved parties should permit that the sponsor of the clinical trial audits both, the CRO(s) and the subcontractor(s) (ICH GCP (R2), 5.2.1 and 5.2.2 Addendum and GMP Vol 4, Chapter 7). 

15. Do GCP inspectors from regulatory authorities of an EU/EEA Member State have the authority to inspect trial participants’ medical records and other data, even if there is no statement in the ICF establishing that trial participants consent to the review of their medical records and other personal data by EU inspectors?

Scope and purpose

The scope of the question above addresses only GCP inspections requested by the CHMP.

The purpose of this document is to state the importance of sponsors to include an explicit passage in their informed consent form (ICF) regarding the authorisation for EU inspectors to direct access and review of trial participants’ medical records (including applicable electronic systems) and other personal data in EU/EEA and non-EU/EEA countries.

Background

A clinical trial as a scientific undertaking requires careful record-keeping to ensure that data are collected and reported in an ethical, accurate and complete manner. In addition, regulations and guidelines have established processes including investigator review, sponsor monitoring and auditing and regulatory inspection, in order to check and control the accuracy and completeness of the data.

According to the combined reading of sections 5.1.2 and 1.21 of ICH-GCP, the sponsor is responsible, to secure agreement from all involved parties to ensure that regulatory authorities have direct access to all trial related sites, source data/documents, and reports for the purpose of inspection. In order to secure the above-mentioned agreement, the sponsor should take into account ethical considerations and all applicable laws and regulations, including data protection legislation.

The dossier supporting a marketing authorisation application (MAA) submitted to the Agency should be inspection ready and therefore direct access should be ensured to source data/documents (including medical records) for the purpose of inspection by Union regulatory authorities.

Case a): inspection by EU inspectors of clinical trials conducted within the EU/EEA

For clinical trials conducted within the EU/EEA, EU inspectors have the authority to review trial participants’ medical records and other personal data, even if there is no statement in the ICF allowing access to these records and data.

The lawfulness of the processing of personal data, and in particular health data, by EU inspectors in the course of an inspection mandated by EMA and carried out within the EU/EEA is based on the fact that it is necessary for the performance of a task carried out in the public interest mandated by Union law, in particular, in the area of public health to ensure high standards of quality and safety of medicinal products. Therefore, the lawfulness of such data review is not dependent on the content of the ICFs. However, from an ethical point of view it is good practice to inform the patients that EU inspectors may access their medical records (ICH GCP § 4.8.10.n).

Case b): inspection by EU inspectors of clinical trials conducted outside the EU/EEA

Explicit consent should be obtained from the trial participants or their legal representative in the ICF to access their medical records and other personal data by inspectors/experts from regulatory authorities of an EU/EEA Member State.

The possibility that inspectors from EU/EEA authorities will have direct access to the participants’ medical records and other personal data should be clear to the trial participants. If a more general wording is used, such as "regulatory authorities from foreign countries", it is the responsibility of the sponsor to ensure before the trial is initiated, and confirm with the principal investigators, that such wording would not prevent EU/EEA inspectors from having direct access to the medical records and other personal data of the trial participants, based on the applicable local legislation and policy on data protection and access to medical records. The opinion of the relevant Independent Ethics Committee (IEC) or Institutional Review Board (IRB) might be sought in case of doubt with regard to the wording. If compliance with the above is not fulfilled, the dossier supporting the MAA, is considered to not be inspection ready as the trial participants’ medical records and other personal data concerned cannot be inspected.

Given the above, from an ethical point of view, explicit (written) consent should be obtained, pre-inspection, before the data would be accessed and reviewed by EU inspectors.

Data that cannot be inspected, cannot be confirmed nor can the integrity and the quality of the reported data be assessed. Compliance with GCP is in principle prerequisite for data to be used for the assessment for a marketing authorisation application. As a result, the data of the affected sites might not be considered in the assessment of the medicinal product concerned, which could have serious consequences for a marketing authorisation application.

References

• ICH-GCP E6 [R2]: 1.21, 4.9.7, 4.8.10n, 5.1.2, 5.15.1, 5.15.2, 6.10.
• Directive 2001/20/EC, Article 15  
• Regulation (EU) No 536/2014 (Clinical Trials Regulation), Article 78
• Regulation (EC) No 726/2004, Article 57(i) and related inspection rules adopted by GCP-IWG and CHMP
• Regulation (EU) 2016/679 (“GDPR”), Article 6(1)(e) and Article 9(2)(i)
• National data protection legislation, where applicable.

Is monitoring a requirement for all clinical trials?

Monitoring is an ICH-GCP requirement for all clinical trials and should be conducted under the responsibility of the sponsor (ICH-GCP §5.18). Monitors should be appointed by the sponsor and their qualification and training should be documented (ICH-GCP §5.18.2).

The sponsor is expected to determine the extent and nature of monitoring in order to guarantee GCP compliance, based on a risk assessment taking into account the study population and study design.

Monitoring reports should be reviewed by the sponsor’s designated representative and adequate corrective/preventive actions should be implemented (ICH-GCP §5.18.6) for deficiencies or deviations. Monitoring is considered to be the main tool for the sponsor’s oversight of the trial.

For bioequivalence clinical trials, monitoring is required for the clinical part of the trial. The bioanalytical part is not subject to monitoring but to appropriate quality control as required by ICH-GCP §5.1.3.

Could audits substitute monitoring?

No, audits conducted by the sponsor according to ICH-GCP §5.19 cannot be considered monitoring. As stated in ICH-GCP “a sponsor’s audit (…) is independent of and separate from routine monitoring or quality control functions” (ICH-GCP §5.19.1).

Could the quality assurance/quality control activities of the contracted clinical site (BE CRO Facility) substitute monitoring?

Quality assurance/quality controls activities that are part of the quality system of the clinical site (BE CRO facility) cannot be considered monitoring. As explained above, monitors should be appointed by the sponsor and the activity should be performed by the sponsor or appropriately delegated. If monitoring is contracted to the same BE CRO that is conducting the clinical trial, it should be ensured that the personnel appointed for monitoring is not involved in the conduct of the same clinical trial.

How should monitoring be described in the study documents?

The monitoring activities carried out by or on behalf of the sponsor should be described in the Clinical Study Protocol (ICH-GCP §6.11) and in the Clinical Study Report (ICH E3 §9.6) and this should cover the extent and nature of monitoring based on a risk assessment as referred to above.

Should a monitoring plan be developed?

A monitoring plan should be developed according to ICH-GCP (R2) §5.18.7.

How will monitoring conduct be evaluated during the assessment of a MAA?

Information on the monitoring activities, as indicated in the Clinical Study Report, will be evaluated during the assessment of a MAA, and additional documents may be requested from the Applicant where necessary.

This Q&A focuses on how sponsor oversight of such activities can be demonstrated and should be considered in combination with Q&As B.2, B.8 and B.11¹, which contain general considerations on how contracting should be addressed. Furthermore, the reader is referred to the Guideline on the content, management and archiving of the clinical trial master file (paper and/or electronic) ² and, upon publication, the Guideline on computerised systems and electronic data in clinical trials.

The current EU legislation and guidelines state the following on sponsor oversight of trial activities delegated by written contract:

• For clinical trials under Clinical Trial Regulation (Regulation [EU] No 536/2014) ³:
  “Any sponsor may delegate, in a written contract, any or all of its tasks to an individual, a company, an institution or an organisation. Such delegation shall be without prejudice to the responsibility of the sponsor, in particular regarding the safety of subjects and the reliability and robustness of the data generated in the clinical trial”. (Regulation [EU] No 536/2014 Article 71).
• For clinical trials under Clinical Trial Directive (Directive 2001/20/EC)⁴:
  “A sponsor may delegate any or all of his trial-related functions to an individual, a company, an institution or an organisation. However, in such cases, the sponsor shall remain responsible for ensuring that the conduct of the trials and the final data generated by those trials comply with Directive 2001/20/EC as well as this Directive.” (Directive 2005/28/EC⁵ Article 7).
• For clinical trials in general EMA/CHMP/ICH/135/95 Guideline for Good Clinical Practice⁶:
  “The sponsor should ensure oversight of any trial-related duties and functions carried out on its behalf, including trial-related duties and functions that are subcontracted to another party by the sponsor’s contracted CRO(s).” (ICH E6 [R2] 5.2.2);
  “A risk-based approach to assessing suitability of third parties as well as of sponsor-oversight activities should be implemented.” (ICH E6 [R2] 5.0).To comply with regulatory requirements, the sponsor should establish documented processes (e.g. SOPs) for evaluating service providers and measures to adequately oversee outsourced duties and functions (tasks) related to clinical trials.

The following points are a non-exhaustive list of measures to consider:

• questionnaires to assess suitability;
• Curriculum Vitae review;
• pre-qualification including review of prior (relevant) experience;
• detailed contracts/master-service agreements and work orders;
• regular document review, of particular importance is the review of any relevant approvals and licenses required to perform the contracted duties and functions (tasks);
• re-qualification activities (e.g. regular re-assessments of suitability, follow-up audits);
• interoperability of different parts of the TMF, especially if migration steps are planned.

The sponsor should be able to demonstrate oversight through adequate documentation, including:

• ensuring that (direct) access to essential documents that are retained at the contracted service provider can be made available, for example validation/qualification documentation, training documentation, standard operating procedures (SOPs), etc.;
• documentation of access (e.g. access log);
• recording of significant decisions and actions (e.g. in meeting minutes);
• archiving of relevant communication (e.g. emails);
• logging of document (and data) review steps (e.g. audit trail);
• logging of relevant phone calls (help desk) (e.g. ticket system, minutes of the call);
• documented acknowledgement of quality assurance reports (e.g. audit report);
• a life cycle process (change management / project management) to adapt and re-evaluate documentation and training requirements (e.g. change management SOP) as deemed necessary;
• recording and evaluation of deviations from contractual agreements, GCP or regulatory requirements.

The sponsor should implement processes to continuously assess and manage the quality of the clinical trial. The quality management process to be put in place for the relevant issues identified should include:

• description of the issue, including assessment of the root cause;
• development of a solution;
• implementation of the solution/mitigation (e.g. CAPA);
• follow-up, if applicable.

The sponsor should ensure that contractual arrangements do not interfere with the sponsor's ability to perform quality management.

With good documentation and adequate processes, the sponsor should be capable to demonstrate their ability to identify signals of quality deviations/issues e.g.: missing data, high error rates in data entry, deviant processes, faulty or incomplete computerised systems, deviant employee behaviour, and deliberate deception such as fraud. In case of deviations from defined quality/ compliance levels or deliberate deception are detected, the sponsor should have adequate escalation processes in place to communicate the issues internally and follow up and solve the deviation/issue according to established procedures. For deviations or events of regulatory interest (e.g. serious breach, urgent safety measure), a timely notification is required, either in CTIS or according to national requirements.

The service provider may not perform all duties and functions (tasks) delegated in a written contract by the sponsor. The service provider may choose to further delegate duties and functions (tasks) to a different service provider (sub-contracting). This should not impact the level of oversight by the sponsor. 

In order to still be able to demonstrate oversight as outlined earlier, the following should be considered in addition:

• explicit contractual details about the service provider’s ability to subcontract duties and functions (tasks) to other service providers;
• documented evaluation of the processes of the service provider to assess and have oversight over subcontracted duties and functions (tasks) by the sponsor; especially where the sponsor did not previously use the services of the subcontracted service provider.

Regardless of delegation of duties and functions (tasks), the complete trial conduct should remain traceable and verifiable. Therefore, the sponsor should ensure that (direct) access to all trial relevant documents can be provided.

References:

• ¹ Questions and answers (Q&As) on GCP, section B (GCP matters):
  2: GCP sets out responsibilities for the sponsor and the investigator, but tasks are increasingly undertaken by a range of contractors – how should this situation be addressed?
  8: What are the pitfalls to be aware of regarding contractual arrangements with vendors for electronic systems in connection with clinical trials?
  11: According to the ICH-GCP and applicable EU laws, is it allowed that the Sponsor contracts third parties to conduct trial-related duties and functions that are clearly responsibility of the investigator?
• ² Guideline on the content, management and archiving of the clinical trial master file (paper and/or electronic)
• ³ Regulation (EU) No 536/2014
• ⁴ Directive 2001/20/EC
• ⁵ Directive 2005/28/EC
• ⁶ ICH E6 (R2) Good clinical practice - Scientific guideline

What are productivity applications?

Productivity applications are software used for producing information (e.g. documents, presentations, worksheets, databases, charts). Usually they are operated locally and allow the processing of texts and tables, the extraction and combination of information from different sources and the graphical presentation of results. The most widespread applications are universal solutions, not adapted to the specific requirements of clinical trials. Generally, suppliers of these universal solutions are not considered service providers in the context of a clinical trial.

Can productivity applications be used in clinical trials?

Clinical trials have specific requirements for collecting, recording, sorting, storing, adapting, modifying, reading, using, sharing, comparing, linking, analysing, and deleting or destroying data and essential documents. Whether productivity applications are suitable for use in clinical trials depends on the use case.

Productivity applications are known to be used to support operational processes and to record, track and evaluate events from the clinical trial. The results of the applications can be essential documents with corresponding archiving obligations.

Commonly used applications for this are spreadsheet programs for oversight or tracking of relevant trial-related decisions (e.g. deviation management, data monitoring committee notes). Such use requires robust documentation and ongoing storage processes, e.g. storing of new versions of the spreadsheet after each decision process in a TMF fulfilling data integrity requirements.

A common shortcoming in productivity applications is the lack of an audit-trail or similar feature that ensures traceability and attributability of entries and changes. The use of productivity applications in areas where data integrity principles (such as the ALCOA++ principles) apply therefore requires a risk evaluation and, where applicable, effective mitigation measures. If such an application is used, a justification is required and measures should be taken to ensure attributability and traceability, and to make non-traceable changes more difficult or prevent them.

For instance, the specific measures could include:

• additional programs or customisations that compensate for application deficiencies;
• restrictions in the use of the software itself;
• additional controls in the application environment;
• transfer to protected formats.

Whenever non-traceable changes are or can be made to data and documents that impact data integrity and credibility, or the safety, well-being, rights, and dignity of trial participants, the risk-benefit balance of the clinical trial may be affected.

When pre-qualifying sites, the sponsor should assess the sites’ use of productivity applications. The assessment should consider their importance for the credibility and integrity of the data and safety, well-being, rights and dignity of the trial participants.

Facilities whose computerised systems do not meet the sponsor's requirements and the requirements of a clinical trial should only be selected, if justified and the risk of the deficiency is mitigated.

Some productivity applications allow the user to configure and to customise the functionality of the software itself. This includes the possibility to combine certain commands, create automatic scripts or add new functions. Configurations and customisations should be validated before use. The thoroughness of the validation depends on the use case and the risk for the corresponding process.

A common use is the calculation of derived values using spreadsheet applications. Depending on the risk of the derived value (e.g. dose calculation), an appropriate level of validation is required. In addition to the validation of the formulas used for calculation, the formulas should be protected against unwarranted modification.

Further modification of productivity applications usually requires expertise in the relevant programming languages and should only be performed by qualified and trained personnel. The qualification and training is a risk factor, which should be taken into account before the corresponding modification is considered or carried out.

Configurations and customisations should be considered in the archiving strategy, especially if essential decisions or events in the clinical trial cannot be reconstructed otherwise. Archiving the application file or the template of the application file as a dynamic file is recommended.

What is expected to be disclosed in the clinical study report?

In order for the authorities to be able to assess whether the measures taken are appropriate, the use of productivity applications requiring specific measures and the measures taken, if any, are expected to be detailed and justified in the clinical study report (section on quality assurance).

Reference:

• Guideline on computerised systems and electronic data in clinical trials

An IB including substantial changes should be distributed to clinical sites/ investigators as soon as it has been approved by the competent authority and has received a favourable opinion from the ethics committee(s), where applicable, in the country where these sites are located and for the trial in which the investigators participate. It is not acceptable to wait until the updated IB has been approved in all EU Member States or worldwide, or approved for all clinical trials concerned, before distributing it to the clinical sites/ investigators already covered by an approval/favourable opinion.

As provided for in separate guidance, sponsors should wait for approval of the IB in all Member States before starting to use the new Reference Safety Information (RSI). However, this would not justify delaying the distribution of the IB to clinical sites/ investigators, as they are not involved in the determination of the expectedness of suspected serious adverse reactions. Please also note that it is strongly recommended in other guidance to submit a substantial amendment application that includes an updated RSI to all Member States concerned at the same time. It is not acceptable to unnecessarily prolong time to submission and thereby distribution to investigators of important safety information.

Similarly, a revised ICF should be distributed to clinical sites/ investigators as soon as it has received a favourable opinion from the ethics committee(s) and is approved by the competent authority, where applicable. An unjustified substantial delay, which affects patients’ rights, between the favourable opinion/ approval and the distribution (e.g. several weeks) is considered unacceptable. Cases where an outdated ICF missing important new information was signed by participant at enrollment, or a delay to obtain re-consent to participate in a trial on a new ICF, are considered GCP non-compliance, i.e. the trial participant was not (adequately) informed.

References

• ICH: E 6 (R2): Guideline for good clinical practice - Step 5 (europa.eu), sections 4.8.2, 7.1 and 8.3.1
• Clinical Trial Facilitation Group (CTFG): Q&A document – Reference Safety Information (hma.eu)

e-TMFs can be acceptable to regulatory authorities if they meet the requirements for TMFs that are described in Directive 2005/28/EC and the related guidance in volume 10 of the rules governing medicinal products in the European Union. For the purposes of GCP inspection (and audit), the following attributes apply:

• The e-TMF should allow review in an efficient manner, analagous to that possible with paper TMFs. Such a review should not take longer to access than for a paper TMF. (Efficient, straightforward navigation and opening of documents permitting searching and browsing (analogous to leafing through a paper file).
• Inspectors/auditors should have direct access to the e-TMF and the documents held in the e-TMF (the live system, not a copy) to allow direct searching.
• Documents held on an e-TMF should be evidently authentic, complete and legible copies of the original documents.
• The e-TMF system should have validated methods for preventing any changes being made to the TMF documents, this includes the process of transferring from original media to the electronic medium.
• The process for transferring original TMF documents to e-TMF (or other media) should be robust and have been validated to prevent failure of transfer the entire content of the original TMF without loss ( i.e. there should be a demonstrable 1:1 mapping between the content of the original TMF and the e-TMF ).

Additional considerations

Documents on e-TMF should remain complete and legible in all aspects giving information about the way the document was prepared. This holds especially for contracts and forms completed by hand. Transfer to e-TMF should not (be used to) conceal any physical change to the document such as physical cut & paste to remove or add items, use of correction fluid etc.

It is helpful if the e-TMF has:

• A folder structure to allow easy identification of TMF sections.
• A folder/file naming convention that readily identifies what each file/document is, so inspectors/auditors do not have to open numerous documents to locate those they need.
• The ability to open more than one document at a time to allow comparison (so size of screens or double screens important).
• The ability to provide access to the same type of document across all studies/sponsors/product etc (i.e. if inspector needs to review documents for all/some selected studies/sites).

Future considerations

For the future, it would help if e-TMFs were available through secure internet links. This would help to avoid some unnecessary travel when accessing the TMF. This approach has advantages over supplying e-TMFs by e-mail, DVD etc., in that only one version of the e-TMF needs to exist, which can be continually updated for ongoing trials.

Advantages

• Assisting the development of virtual inspections.
• Improving the efficiency of the inspection process (and lowering the carbon footprint of trial management, inspection and audit).

Background

A variety of records is generated and maintained relating to the healthcare of clinical trial subjects (whether study subjects or healthy subjects). Some of these are general and relate to the general healthcare of the study subject before, during and after the trial. Others are specific to the trial. A clinical trial as a scientific undertaking requires careful record-keeping to ensure that data are collected and reported in an accurate and complete manner. In addition regulations and guidelines have established processes including investigator review, monitoring, auditing and inspection, in order to check and control the accuracy and completeness of the data. GCP, ethical requirements and medical standards require that each study subject is cared for and this duty to the individual is put above the more general scientific needs.

There are national, professional, local, or institutional requirements either in law, various forms of guidance, rules, or established practice which define many requirements for the maintenance of records in the course of normal study subject care. Any requirements that may arise as a consequence of the conduct of clinical trials can only be an addition and not a substitute for these, since the conduct of a clinical trial should never diminish the standard of care.

Many of those involved in clinical research ask questions about what should be documented, when, where, by whom and for what reason.

The purpose of this document is to set out some of the main elements of this study subject record-keeping in the clinical trial context, in order to assist those involved in clinical research to understand why such records are kept and looked for, and in order to help in planning record-keeping in specific contexts.

Taking into account the various issues outlined it is very unlikely that a CRF would ever suffice as the complete and only record of a study subject relevant to their participation in a clinical trial.

Reference documents: Note for guidance on GCP (CPMP/ICH/135/95)

Specific references

Issues

What should appear in the original medical record?

• The medical record is a key element of study subject care. It ensures that an ongoing record of information relating to the study subject, visit records, test records, medical history, diagnoses, treatments etc. are available to the treating physician and his or her colleagues or peers who may intervene in the care of the study subject or take over that care. As such it has a role before, during and after the clinical trial per se.
• Any information that would routinely be expected to appear in a medical record should continue to appear there during the study to ensure the care of the study subject is maintained.
• The fact that the study subject is in a clinical trial, its identity and any specific information over and above the routine that impact on the study subject care should also appear, or be clearly referenced and readily available to the care giver.
• The medical record may also be the first place in which trial related data is recorded and as such becomes by definition the source document for that data.
• It may also be the main point of information on medical history for the purposes of the study, even if that information was originally recorded elsewhere.
• The medical record should provide sufficient baseline information to permit the investigator to enrol the study subject in the trial with due recognition of the needs of medical care and in compliance with the protocol.
• The medical record is also the common point of confirmation of study subject identity and demographics.

What purposes does the medical record serve in the context of the clinical study?

• Study subject care
• Source document
• Corroborating/supporting document – the medical record is generally a document with some legal status, open to degrees of peer review, and completed in many cases by several people. As such it serves as an important supporting document to corroborate data reported to the sponsor in the CRF.
• For example identity and patient existence, demographics, medical history, diagnosis, participation in the clinical trial, IMP and concomitant medication, intercurrent illness and adverse events. In addition, various protocol related measurements may appear here or in related documents (laboratory reports, ECGs, X-rays and reports etc).
• Where the protocol has described that certain data may be recorded solely in the CRF – this in general is taken to mean multiple repeat measurements, rating scales, study subject diaries.

What purpose do source documents serve?

• Prompt and accurate recording of study data.
• A source from which the CRF can be completed.
• Quality control and other verification and corroboration (monitoring, audit, inspection) of study data and study conduct/protocol/GCP compliance.

What characteristics should source data documents have?

Source documents should be:

• Accurate
• Legible
• Contemporaneous
• Original
• Attributable
• Enduring
• Available and accessible

Background

An increased trend of clinical trial sponsors routinely requesting copies of medical records from investigator sites has been noted during GCP inspections. There may be different reasons for this, such as endpoint committee evaluation, safety committee evaluation or even remote monitoring of e.g. eligibility criteria. The medical records could be hospital notes, scans, laboratory reports etc.

There are many aspects to take into consideration when clinical trials documents containing sensitive data of patients are sent to a sponsor, or a third party working on behalf of the sponsor, and failures have been noted during inspections.

Some examples are:

• Medical records have not been redacted properly, and thus reveal to the sponsor the identity of the subject.
• Medical records sent to sponsor contained a considerable amount of data that was not to be collected as part of the clinical trial including sensitive information about the patient's family members or patient's life situation.
• Medical records have been sent via communication channels which do not guarantee an adequate level of security.

Without prejudice to the possible violation of the rules concerning the processing of personal data, it should be considered that failure to implement adequate technical and organizational measures for the protection of data could result in undermining the dignity of clinical trial subjects. It is therefore important to remind investigators and sponsors of their obligations concerning the protection of personal data in connection with the activities of clinical trials.

Legal framework

"The rights, safety and well-being of the trial subjects are the most important considerations and should prevail over interests of science and society", as stated in ICH GCP article 2.3. The guideline further states in article 2.11 that "The confidentiality of records that could identify subjects should be protected, respecting the privacy and confidentiality rules in accordance with applicable regulatory requirement(s)."

The WMA Declaration of Helsinki (64th WMA General Assembly, Fortaleza, Brazil, October 2013) is also very clear on this subject in article 24: "Every precaution must be taken to protect the privacy of research subjects and the confidentiality of their personal information."

There are also provisions in the EU data protection legislation that need to be adhered to when performing clinical trials. The  Regulation (EU) 2016/679 (the General Data Protection Regulation - GDPR) represents the reference text, at European level, on the protection of personal data. It became applicable on 25 May 2018 and sets up a regulatory framework which seeks to strike a balance between a high level of protection for the privacy of individuals and the free movement of personal data within the European Union (EU) while increasing consistency in the application of data protection rules in the EU. 
To protect the privacy of research subjects, data collected in clinical trials and reported to sponsors should always be pseudonymised (coded, as referred in ICH E6 (R2) point 1.58).

In this context "coding", is the process of assigning to a name or other direct identifier a unique code. The process of assigning a subject identification code meets the definition of pseudonymisation described in Article 4(5) of the GDPR: "Article 4(5) GDPR - pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person."

Recital 26 of the GDPR also clarifies that the personal data which have undergone pseudonymisation are information on an identifiable natural person and as such, they are considered personal data and hence fall under the scope of the GDPR as opposed to anonymous information, as described in the same recital: "Namely information which does not relate to an identified or identifiable natural person or to personal data rendered anonymous in such a manner that the data subject is not or no longer identifiable" which falls outside the scope of the GDPR."

Thus, as long as there is a link between the subject identification code and the subjects' identity at the clinic level, such data should be regarded as "pseudonymised" and thus should be handled as personal data.

Considerations

The legal status of clinical trial subject data as personal data, whether coded or not, needs to be taken into account by investigators and sponsors, or a third party working on behalf of the sponsor, at all times and in particular when the data are transferred to other parties. This refers to e.g. CRF data as well as redacted copies of medical records. Below are some important factors to take into consideration:

• The handling of and access to medical records are subject to national regulations in the respective Member States. These regulations may include rules on how medical records can be viewed by monitors for source data verification on site (e.g. within the clinical environment).

In addition they may also refer to the extent and under which circumstances records can be provided to sponsors, or third parties working on their behalf, outside the clinical environment. These national regulations need to be followed by the clinics when sharing medical records with a sponsor, or a third party working on behalf of the sponsor, within the scope of clinical trials.

• There should be procedures in place at the investigator site to redact copies of medical records in an appropriate way, in order to protect patients' identity, before transferring them outside the clinical environment to a sponsor, or a third party working on behalf of the sponsor.
• Adequate security measures by the data controller, which are relevant to the process, including pseudonymisation and redaction, should be applied when transferring personal data (redacted copies of medical records, SAE forms, CRFs, etc.) from investigator sites to a sponsor, or a third party working on behalf of the sponsor. The sponsors need to take appropriate security measures and provide organizational and technical measures that fulfil the requirements of the data protection regulation.
• Due to the sensitive type of information recorded in medical records, the extent to which sponsors request these data should be ethically and scientifically justified, and limited to specific critical information. Any planned collection of redacted copies of medical records by the sponsor should be described in the protocol, or related documents, and should be explicit in the patient information. Extensive centralised collection of copies of medical records should not be used as substitute for source data verification involving medical records at the investigator site.

Overall, it is expected that during and after the conduct of clinical trials patients' integrity, involving handling of personal data, is respected, and that regulations governing both clinical trials and data protection are fulfilled.

For the purposes of this Q&A, direct remote access is any access from an access point (location and/or hardware) that is not under the control and supervision of the investigator/institution. Direct remote access involves additional data processing⁽¹⁾. 

National provisions on direct remote access by authorised personnel of the trial sponsor (i.e. monitor or auditor) to identifiable personal and health data may differ between Member States and should be considered. 

Informed consent of the trial participant 

For the trial participants to give informed consent to participate in a clinical trial, they should be fully informed about all aspects of the trial that may influence their decision to participate. This also applies to direct remote access to confidential health records. Therefore, it should be explained in the informed consent documentation that in addition to the trial team (healthcare personnel) certain authorised personnel of the trial sponsor, (i.e. monitor, auditor) as well as regulatory authorities (i.e. inspector) may require direct remote access to their confidential health documents. 

Any information addressed to the trial participants should be concise, easily accessible and easy to understand. Clear and plain language and, additionally where appropriate, visualisation should be used. 

The participants' consent to participate in the clinical trial does not relieve the investigator or the sponsor of their responsibility to ensure compliance with the legal provisions on data protection.

The level of detail of information required when identifiable personal health data is accessed remotely may be determined by national regulations, if any.

Clinical trial protocol according to Regulation (EU) No. 536/2014

Remote access to confidential health documents should be considered together with the requirements of Regulation (EU) No. 536/2014, Annex 1 on the content of the protocol, in particular on what the protocol shall contain at least: 

• a description of the arrangements to comply with the applicable rules on the protection of personal data; in particular organisational and technical arrangements that will be implemented to avoid unauthorised access, disclosure, dissemination, alteration or loss of information and personal data processed; 
• a description of measures that will be implemented to ensure confidentiality of records and personal data of trial participants; 
• a description of measures that will be implemented in case of data security breach in order to mitigate the possible adverse effects.

Similar considerations are required for clinical trials under Directive 2001/20/EC.

Technical considerations 

A data protection impact assessment is strongly recommended, prior to remotely accessing confidential health documents, in particular to identify and mitigate risks associated with remote access.

The sponsor should consult with their data protection officer (DPO) and with the Institution/investigator and, if applicable, their DPO, to establish whether (direct) remote access is feasible and manageable. The sponsor and the institution/investigator should confirm their agreement in writing.

Due to the design of different systems, a distinction is made in the following between direct remote access to and remote viewing of records. Remote viewing means providing access by other means, such as sharing a screen or filming a document in real time.

The following aspects (not an exhaustive list) should be taken into account when accessing or viewing health documents remotely.

At the place, where access is granted, it should be ensured that

• appropriate measures are in place to unambiguously authenticate the identity of the accessing party (i.e. 2-factor authentication or at least equal strength). Each access should remain attributable to a natural person; 
• appropriate measures limit viewing or restrict access only to the documents necessary for the task;
• the access provided to original documents (e.g. health records, doctors’ letters) is read-only; 
• facilities and resources are appropriate to support remote viewing or remote access to the extent necessary. Any additional burden to the trial site should be justifiable and remain proportionate; 
• access to the documents remains traceable (e.g. log file);
• records are kept of which person was given remote access or allowed to view documents remotely and when. Remote access or opportunities to remotely view should only be granted for the duration needed to complete the task.

During transmission the following should be ensured:

• the integrity of the data is maintained; 
• the communication tool offers sufficient resolution for the task considered;
• the confidentiality during transfer is maintained by adequate security functions, typically end-to-end encryption; the provider of the service for transfer or communication tool for viewing should not be capable to access the content of the communication;
• any intermediate storage is avoided and, if needed, is limited to the shortest possible duration; confidential information should not be accessible during intermediate storage;
• the responsible party for the security of transmission is identified by written agreement.

At the place where the access is made, it should be ensured that 

• no recording or documentation of confidential information is made; only data required by the protocol or legislation should be documented off-site;
• any automatically created temporary data files are securely deleted after each session;
• no unwarranted access or viewing may take place by another person or technical device;
• personnel is appropriately trained in the use of the system containing confidential data;
• a confidentiality obligation is imposed on personnel handling confidential data. If necessary, personnel should also make this commitment in a written agreement with the institution/investigator;
• records showing time, duration, and content of the remote viewing or access are kept (e.g. monitor report).
   

 ⁽¹⁾  Processing covers a wide range of manual or automatic operations on data. It includes the collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data.