![Page 1: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/1.jpg)
![Page 2: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/2.jpg)
z
Weaving the three critical attributes –Data Integrity, Data Quality and Data Security
Namrata BelekarSIRO Clinpharm Pvt. Ltd
![Page 3: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/3.jpg)
z
Index
1. Regulatory bodies2. Basics of 3 attributes3. Clinical data- Guidance for industry4. Fraud and Misconduct5. Violations
1. Fraud cases2. FDA Warnings3. HIPAA Violations
6. HIPAA Action plan7. Application level safeguards8. Data level safeguards9. How to detect frauds? Detecting signals10.Key takeways
![Page 4: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/4.jpg)
z
Regulatory bodies
FDA
PMDA
EMA
DCGI
Industry Guidelines
Data Integrity
Data Quality
Regulatory bodies
Data Security
…………
![Page 5: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/5.jpg)
z
Data Integrity
Data integrity refers to the correctness and completeness of data (ALCOA)Data integrity types – Entity integrity and Referential integrity
Data Quality
Data Protection
Firewall
Password protected
Authorizedaccess
Physical cabinet
Enter
Clean
Improve
Monitor
Analyze
Data Security
![Page 6: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/6.jpg)
z
FDA’s Acceptance of Electronic Source Data
• Electronic data must meet the same fundamental elements of data quality and integrity (complete and consistent) expected of paper records.
• Acceptance depends on FDA’s ability to verify it.
Data
IntegrityData
Quality
Verification by FDA
![Page 7: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/7.jpg)
z
So, what if these guidelines are not followed?
o What are Fraud cases? GCP findings by MHRA?o What are FDA warning letters?o What are the HIPAA violations?
![Page 8: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/8.jpg)
z
Case 1
• Promotion of a best-selling antidepressants for unapproved uses
• Fails to report safety data
• Paid $3 billion in fines
Case 2
• 18-year-old subject participated in a gene therapy study
• No adverse events reported
• Study team eager to achieve success
• Subject died as a result of serious toxicity
Fraud cases in Pharma
![Page 9: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/9.jpg)
z
GCP inspections- Critical finding by MHRA - 2017
1. Computer System Validation(CSV) documentation of eCRF software release- Final version of User and Design specification, Traceability matrix were not available
2. TMF records keeping/ Essential documents – Documetns were named incorrectly, misfiling, duplication ,etc
3. Subjects Enrollment by Principal investigator(PI)- 20% enrolled were ineligible due to previous medical history and medication records
4. ePRO diary data updated based on DCF were not acceptable as it was lacking the audit trail in database.
![Page 10: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/10.jpg)
z
FDA Warning letters– 2019
4
Case Violation/ Non-compliance (post receipt of Form 483s inappropriate responses)
Company 1 • Violations in cGMP in HP plant (under FD&C Act)• Marketed batches exposed to temperatures outside the
labelled storage conditions.
Company 2 • Misbranded and unapproved new drug sale of mifepristone with misoprostol, labelled for the termination of pregnancy.
FDA Warning letter- Official message from US FDA to manufacturer or other organization if form 483s CAPA are inappropriate, and demands prompt voluntary compliance with the Act.
![Page 11: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/11.jpg)
z
HIPAA Violations – Case studies
CompanyName
Reason Penalty Corrective action
Company 1
A laptop bag was stolen from an employee’s car which contained: • employee’s computer • unencrypted backup media, which
contained the names, addresses, dates of birth, SSN, and clinicalinformation of approximately 55,000 individuals
$7,50,000 ▪ Develop an organization-wide risk analysis and risk management plan; and
▪ Train appropriate employees on all policies and procedures newly developed or revised pursuant to its corrective action plan.
Company 2
An unencrypted, password-protected laptop was stolen from a business associate’s workforce member’s locked vehicle, impacting the ePHI of 9,497 individuals
$15,50,000
![Page 12: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/12.jpg)
z
Preparing for how to respond to an incident after it happens can be just as important as how an entity prepares itself to prevent incidents.
- from HIPAA lessons learnt
![Page 13: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/13.jpg)
z
HIPAA Action plan
➢ Protection from Malicious Software- Hackers: Conduct risk analysis to identify such threats and vulnerabilities within environment, and implement appropriate security measures (e.g., patching, firewalls, data encryption methods) through their risk management plans (RMP).
➢ Business Contingency Plan(BCP): Natural disasters as well continuing cyberattacks, to ensure effective recovery in the healthcare sector following disasters.
➢ Access Control: to ensure user access levels are appropriate and support core functions➢ Information System Activity Review: To help identify malicious activity and alert the
organization of an intruder➢ Audit Controls with effective review process (Quality): help identify and mitigate threats
from malicious insiders➢ Security Incident Procedures: Ineffective procedure can prolong a breach and actions
perpetrated by malicious actors. Well-tested security incident procedures can prepare an organization to effectively respond to all manner of security incidents
![Page 14: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/14.jpg)
z
Computerized Systems Used in Clinical Investigations
Internal Safeguards External Safeguards
Individual login Account System
Audit trail Documentation
Application SOPs Training
![Page 15: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/15.jpg)
z
Other Safeguards.. 21 CFR Part 11 (2003)
Electronic signatures should consists of the following aspects:
a) Printed name of the signerb) Date and time when the signature was executedc) Meaning (such as review, approval, or
authorship) associated with the signature or In/out details
d) Each eSign should be unique to one individual
• Establishes the requirement under which the FDA accepts electronic records & electronic signatures as equivalent to paper-based records & handwritten signatures
• Permits verification that electronic information submitted to the Agency accurately represents the original source data
![Page 16: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/16.jpg)
z“Rather fail with honor than succeed by FRAUD.”
-Sophocles
![Page 17: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/17.jpg)
z
Company reputation
Data validity compromisedSubmission jeopardized
Failed to maintain study compliance
Failed to monitor study progress
CROSponsor
Submission of false information
Additional costs Business reputation
FinesLegal expensesDisqualification License revocation
Subject’s safety at risk
5
![Page 18: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/18.jpg)
z
Visit
Originals
AssessmentInformed
Consent Form
Patient ABC
Visits on weekends and holidays; Site location?
Meeting schedules too perfectly
-100 % Dose compliance -Perfect efficacy scores for all
subjects
-No SAEs reported-Less records of MH or conmed
-No variability in findings of lab tests, vitals---Too many PDs
Same date/ time of ICF of many subjects in a site/ country
- Identical DOB-Multiple sites
registration
How to identify Frauds? – Detecting signals Aspects to be focused on Ongoing basis… Data level
![Page 19: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/19.jpg)
z
1. Comparison of data– using VLOOKUP, SORT, IF
condition excel functions
Example:• Central lab load v/s AEs• Eligibility v/s randomization
2. Same Same Different – using SORT, IF ()Used to find duplicate valuesExample: Lab values, ECG values across visits
How to detect these signals?- Mining the data
![Page 20: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/20.jpg)
z
3. 80-20 principle - Can be applied to find out query trends, for recruitment rates
4. Audit trail report analysis -• Entry by any other personnel than investigator/ site staff•Can act as objective evidence when it comes to uncovering fraud
5. Visualizing data trends
0
50
100
150
01 02 03 04 05 06 07 08 09 10
No. of queries
How to detect these signals?- Mining the data
![Page 21: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/21.jpg)
z
Aspects to be focused on Ongoing basis… Data level
•Program edit checks ensuring all scenarios and validate it
•Incorporate prompts, edit checks, derived fields for data repopulation.
•CDASH compliant for standardized analysis Database
• Provide status reports to reduce the TAT like data entry, answered queries, SAEs noted, login frequency
•Metrics to capture missing data, queries, and email notifications that triggered to site staff for inaccurate, missing data should be configured.
Study data
![Page 22: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/22.jpg)
z
Conclusion - Weaving these 3 attributes…Key takeways
CDM should ensure each database, eCOA app, medical device, other applications used, to be compliant with the following:1. Industry guidelines2. Study protocol requirements3. Operationally feasible to use4. End points can be derived from the collected data
❖Be responsible for data, collaborate with all the stakeholders from the
beginning and ensure protection at all levels
![Page 23: Weaving the three critical attributes · GCP inspections- Critical finding by MHRA - 2017 1. ... FDA Warning letter- Official message from US FDA to manufacturer or other organization](https://reader034.vdocuments.site/reader034/viewer/2022042300/5ecb7b8b2d7e051e7b3a9705/html5/thumbnails/23.jpg)
z
Thank you