Research Research Documentation and Documentation and

Data SecurityData Security

Sandra L. Alfano, Pharm.D.Sandra L. Alfano, Pharm.D.

Chair, HIC-IChair, HIC-I

April 10, 2007April 10, 2007

ObjectivesObjectives

Discuss essential elements of a data Discuss essential elements of a data and document management planand document management plan

Present strategies for efficient Present strategies for efficient management of research related management of research related documentationdocumentation

Highlight effective tools for use in Highlight effective tools for use in managing study filesmanaging study files

Describe measures for ensuring Describe measures for ensuring subject confidentiality and data subject confidentiality and data securitysecurity

““Remember your Remember your responsibility to responsibility to get organized”get organized”

--Mrs. Archick--Mrs. Archick

Jessica Alfano’s 2Jessica Alfano’s 2ndnd grade teachergrade teacher

Documentation is EssentialDocumentation is Essential

““If it isn’t documented, it didn’t If it isn’t documented, it didn’t happen”happen”

Viewed as a bother, but invaluable if Viewed as a bother, but invaluable if a problem arisesa problem arises

No one method is mandatory (no No one method is mandatory (no one-size-fits-all solution)one-size-fits-all solution)

But there are certain essential But there are certain essential elementselements

Range of ComplexityRange of Complexity

Simple anonymous survey or use of Simple anonymous survey or use of de-identified existing samplesde-identified existing samples

VersusVersus

Multi-site coordination of a double-Multi-site coordination of a double-blinded drug study with 12 visits over blinded drug study with 12 visits over two yearstwo years

JargonJargon

““Regulatory Binder”Regulatory Binder” ““Trial Master Files”Trial Master Files” ““Source Documentation” (original Source Documentation” (original

documents, data and records, such documents, data and records, such as hospital records, lab reports, as hospital records, lab reports, subjects’ diaries, pharmacy records, subjects’ diaries, pharmacy records, etc.)etc.)

““Trust, but verify”Trust, but verify”

Ronald ReaganRonald Reagan

JargonJargon

Memo To File or Note to FileMemo To File or Note to File An amendment is an amendmentAn amendment is an amendment (Study personnel added via (Study personnel added via

amendment)amendment)

International Conference on International Conference on HarmonizationHarmonization

The International Conference on The International Conference on Harmonization of Technical Harmonization of Technical Requirements for Registration of Requirements for Registration of Pharmaceuticals for Human Use (ICH) is Pharmaceuticals for Human Use (ICH) is a unique project that brings together a unique project that brings together the regulatory authorities of Europe, the regulatory authorities of Europe, Japan and the United States and Japan and the United States and experts from the pharmaceutical experts from the pharmaceutical industry in the three regions to discuss industry in the three regions to discuss scientific and technical aspects of scientific and technical aspects of product registrationproduct registration

ICHICH

The purpose is to make The purpose is to make recommendations on ways to achieve recommendations on ways to achieve greater harmonization in the greater harmonization in the interpretation and application of interpretation and application of technical guidelines and requirements technical guidelines and requirements for product registration in order to for product registration in order to reduce or obviate the need to duplicate reduce or obviate the need to duplicate the testing carried out during the the testing carried out during the research and development of new research and development of new medicines medicines

E6:Good Clinical PracticeE6:Good Clinical PracticeConsolidated GuidanceConsolidated Guidance

An international ethical and scientific An international ethical and scientific quality standard for the design, quality standard for the design, conduct, performance, monitoring, conduct, performance, monitoring, auditing, recording, analyses, and auditing, recording, analyses, and reporting of clinical trialsreporting of clinical trials

GCPGCP

Compliance with this standard Compliance with this standard provides public assurances that the provides public assurances that the rights, safety and well-being of trial rights, safety and well-being of trial subjects are protected, consistent subjects are protected, consistent with the Declaration of Helsinki, and with the Declaration of Helsinki, and that the clinical trial data are crediblethat the clinical trial data are credible

Provide a unified standard to Provide a unified standard to facilitate internal acceptance of facilitate internal acceptance of clinical data by the regulatory clinical data by the regulatory authorities in these jurisdictionsauthorities in these jurisdictions

GCP 2.10GCP 2.10

All clinical trial information should be All clinical trial information should be recorded, handled, and stored in a recorded, handled, and stored in a way that allows its accurate way that allows its accurate reporting, interpretation, and reporting, interpretation, and verificationverification

Approaches to research Approaches to research documentationdocumentation

ChronologicalChronological

By topic/sectionBy topic/section

Some combination of the twoSome combination of the two

Maintain copies of all final Maintain copies of all final documentsdocuments

History or ‘bread-crumb trail’History or ‘bread-crumb trail’ Word-processing functions such as Word-processing functions such as

‘track changes’‘track changes’ Header/footer use for version/datesHeader/footer use for version/dates Version Control: only one version is Version Control: only one version is

‘active’ at a point in time‘active’ at a point in time Future electronic submission will Future electronic submission will

necessitate strict electronic version necessitate strict electronic version controlcontrol

Important sections of a Important sections of a regulatory binderregulatory binder

Protocol (including all amendments Protocol (including all amendments and all versions)and all versions)

Consent forms and HIPAA research Consent forms and HIPAA research authorization forms (approved by authorization forms (approved by IRB)IRB)

Regulatory approvals (IRB, RSC, PRC, Regulatory approvals (IRB, RSC, PRC, etc) and any required reapprovalsetc) and any required reapprovals

Important sections, cont’dImportant sections, cont’d

All correspondence, including emails, All correspondence, including emails, letters, faxes, notes of phone callsletters, faxes, notes of phone calls

Signature log, including name, initials, Signature log, including name, initials, signature, dates of involvement, and signature, dates of involvement, and study responsibilitiesstudy responsibilities

Recruitment materials, including Recruitment materials, including letters, advertisements, flyers, etc letters, advertisements, flyers, etc (approved by IRB)(approved by IRB)

Important sections, cont’dImportant sections, cont’d

Samples of all forms to be used for Samples of all forms to be used for data collection, including screening data collection, including screening logs, eligibility checklists, case report logs, eligibility checklists, case report forms, drug accountability logsforms, drug accountability logs

Assessment tools to be usedAssessment tools to be used

Important sections, cont’dImportant sections, cont’d

Any reporting requirements, such asAny reporting requirements, such as– Annual report to FDAAnnual report to FDA– Continuing review approved by IRBContinuing review approved by IRB– Adverse event reportsAdverse event reports– Protocol deviation/violation reportsProtocol deviation/violation reports– Evidence of periodic monitoring (per the Evidence of periodic monitoring (per the

protocol’s DSMP)protocol’s DSMP)– DSMB recommendations (if any)DSMB recommendations (if any)

Important sections, cont’dImportant sections, cont’d

Versions of all sponsor materials, if Versions of all sponsor materials, if applicable, including:applicable, including:– Sponsor’s clinical protocol, Sponsor’s clinical protocol, – Investigator’s Brochure, Investigator’s Brochure, – Amendments, Amendments, – Sponsor’s correspondenceSponsor’s correspondence– Records of monitoring visitsRecords of monitoring visits

ICH Essential DocumentsICH Essential Documents

Those documents which individually Those documents which individually and collectively permit evaluation of a and collectively permit evaluation of a trial and the quality of the data trial and the quality of the data producedproduced

Focus heavily on pharmaceutical-Focus heavily on pharmaceutical- sponsored trialssponsored trials Include groups of documents, Include groups of documents,

generated before the trial generated before the trial commences, during the clinical trial, commences, during the clinical trial, and after termination of the studyand after termination of the study

GCP Essential DocumentsGCP Essential Documents

Many sponsor-related items, such as Many sponsor-related items, such as – CVs of investigatorsCVs of investigators– 1572s1572s– Laboratory certificationsLaboratory certifications– Laboratory normal valuesLaboratory normal values– Master randomization list with plan to Master randomization list with plan to

decodedecode

Individual Subject FilesIndividual Subject Files

Consent form and RAF, signed and Consent form and RAF, signed and dated*dated*

Eligibility ChecklistEligibility Checklist Visit flowchartVisit flowchart Case report formsCase report forms Lab dataLab data AE summaryAE summary Patient diariesPatient diaries

*Separate storage*Separate storage

Signed consent Signed consent formsforms

Key linking Key linking identifiers to codesidentifiers to codes

Study Termination/Close-outStudy Termination/Close-out

Final reportFinal report PublicationPublication Local dissemination of results*Local dissemination of results* Retention and storage of regulatory Retention and storage of regulatory

documents per requirementsdocuments per requirements

More complex scenariosMore complex scenarios

Yale PI is the Sponsor-investigator of Yale PI is the Sponsor-investigator of an IND, or the lead investigator on a an IND, or the lead investigator on a multi-site studymulti-site study

Additional responsibilities, including Additional responsibilities, including maintaining CVs and training maintaining CVs and training certificates of all personnel from all certificates of all personnel from all sites, and IRB approvals (and sites, and IRB approvals (and reapprovals) from all sitesreapprovals) from all sites

Multi-site coordinationMulti-site coordination

Lead PI is responsible for data integrity Lead PI is responsible for data integrity and data and safety monitoringand data and safety monitoring

Monitoring is an evaluation of the Monitoring is an evaluation of the clinical research process which should clinical research process which should occur throughout the life of the protocoloccur throughout the life of the protocol

Lead PI is responsible for informing all Lead PI is responsible for informing all co-investigators of progress, and events co-investigators of progress, and events such as SAEs, etcsuch as SAEs, etc

Data SecurityData Security

Recent developments:Recent developments:– Loss of a CD with identified dataLoss of a CD with identified data– Theft of a laptop with identified dataTheft of a laptop with identified data– VA data security directivesVA data security directives– NIH web posting on data security NIH web posting on data security

commitmentscommitments

Best practicesBest practices

Work in progressWork in progress Several task forces working on these Several task forces working on these

issuesissues Review some basics to think about Review some basics to think about

and incorporate into practiceand incorporate into practice

ConfidentialityConfidentiality

Common Rule has always required Common Rule has always required that confidentiality be protected to that confidentiality be protected to the extent possiblethe extent possible

Good medical practice also Good medical practice also incorporates pledges of incorporates pledges of confidentialityconfidentiality

Steps must be taken to minimize the Steps must be taken to minimize the risk of breaches of confidentialityrisk of breaches of confidentiality

Common Rule definitionCommon Rule definition Private informationPrivate information includes information includes information

about behavior that occurs in a context in about behavior that occurs in a context in which an individual can reasonably expect which an individual can reasonably expect that no observation or recording is taking that no observation or recording is taking place, and information which has been place, and information which has been provided for specific purposes by an provided for specific purposes by an individual and which the individual can individual and which the individual can reasonably expect will not be made public reasonably expect will not be made public (for example, a medical record) (for example, a medical record)

Private information must be individually Private information must be individually identifiable (i.e., the identity of the subject is identifiable (i.e., the identity of the subject is or may readily be ascertained by the or may readily be ascertained by the investigator or associated with the investigator or associated with the information) in order for obtaining the information) in order for obtaining the information to constitute research involving information to constitute research involving human subjectshuman subjects

HIPAAHIPAA

Adds layers of ensuring privacy and Adds layers of ensuring privacy and data securitydata security

HIPAA Security focuses on electronic HIPAA Security focuses on electronic media, but Privacy covers all forms media, but Privacy covers all forms of dataof data

Uses somewhat different definitionsUses somewhat different definitions

Both CR and HIPAABoth CR and HIPAA

Need to get permission to access, Need to get permission to access, share personal information, via share personal information, via consent or authorization.consent or authorization.

If authorized, sharing is allowed per If authorized, sharing is allowed per the specifics of the approved the specifics of the approved documentsdocuments

JargonJargon

AnonymousAnonymous CodedCoded De-identifiedDe-identified

Terms are not synonymous!Terms are not synonymous!

JargonJargon

Anonymous:Anonymous:11: not named or identified <an : not named or identified <an anonymousanonymous author> <they wish to author> <they wish to remain remain anonymousanonymous>>22 :: of unknown authorship or origin of unknown authorship or origin <an <an anonymousanonymous tip> tip>33 :: lacking individuality, distinction, lacking individuality, distinction, or recognizabilityor recognizability

Merriam-Webster, on-lineMerriam-Webster, on-line

JargonJargon

Coded:Coded: a system used for brevity or secrecy a system used for brevity or secrecy

of communication, in which of communication, in which arbitrarily chosen words, letters, or arbitrarily chosen words, letters, or symbols are assigned definite symbols are assigned definite meaningsmeanings

Dictionary.comDictionary.com

Implies there is a link somewhereImplies there is a link somewhere

JargonJargon

De-identified:De-identified: Not a wordNot a word Usually thought to refer to stripping Usually thought to refer to stripping

the 18 HIPAA identifiers (including the 18 HIPAA identifiers (including dates)dates)

So may be more stringent than So may be more stringent than anonymous, but also could be coded anonymous, but also could be coded or notor not

JargonJargon

Anonymous is not de-identified nor codedAnonymous is not de-identified nor coded

Some use the term ‘no identifiers’Some use the term ‘no identifiers’

Anonymous should be reserved for Anonymous should be reserved for situations when there are no identifiers situations when there are no identifiers and no code to link backand no code to link back

Anonymous would allow recording of Anonymous would allow recording of datesdates

CodedCoded

Some code is used to track subjects Some code is used to track subjects and their dataand their data

Must be master file listing identifiers Must be master file listing identifiers (name) with code to allow decoding, (name) with code to allow decoding, addition of new dataaddition of new data

NEVER store the link with the dataNEVER store the link with the data

Separate Separate means means separate!separate!

JargonJargon

Moveable media: Moveable media: CDs, diskettes, jump CDs, diskettes, jump drives, laptops, palm drives, laptops, palm tops, Blackberry, tops, Blackberry, flash drives, thumb flash drives, thumb drivesdrives

EncryptionEncryption Secure networksSecure networks Password protectionPassword protection

AdviceAdvice

Do not keep data with identifiers on Do not keep data with identifiers on moveable mediamoveable media

May become more than just adviceMay become more than just advice

AdviceAdvice

““Tell them never to Tell them never to leave their laptops leave their laptops in the back seat of in the back seat of the car.”the car.”

Kristina Borror,Kristina Borror,

OHRPOHRP

Other methods to secure Other methods to secure datadata

Password protectionPassword protection FingerprintingFingerprinting Auto log-offAuto log-off Lock-down cables on laptopsLock-down cables on laptops Restrictions on downloadingRestrictions on downloading

Confidentiality section of the Confidentiality section of the HIC applicationHIC application

Describe all sites where data will be Describe all sites where data will be used or storedused or stored

Describe how the data will be Describe how the data will be transmitted or transportedtransmitted or transported

Describe specifically who will have Describe specifically who will have accessaccess

Describe how the data will be securedDescribe how the data will be secured If copies of data are on moveable media, If copies of data are on moveable media,

describe security measures for these describe security measures for these mediamedia

Sharing with co-Sharing with co-investigatorsinvestigators

Avoid unprotected emailAvoid unprotected email Coded data bestCoded data best

DestructionDestruction

Old data/old computersOld data/old computers Via ITS, Procedure 1609, Media Via ITS, Procedure 1609, Media

Control:Control:

http://mire.med.yale.edu/hipaapolicies/http://mire.med.yale.edu/hipaapolicies/

ConclusionsConclusions

RYRTGORYRTGO Take steps to develop a specific Take steps to develop a specific

document management plan tailored document management plan tailored to the protocolto the protocol

Take steps to implement data Take steps to implement data security measuressecurity measures

Stay tuned!Stay tuned!

ReferencesReferences

Common Rule: Common Rule: http://www.hhs.gov/ohrp/humansubjects/guidance/45cfr46.htm

ICH GCP: ICH GCP: http://www.fda.gov/cder/guidance/959fnl.pdf

HIPAA Privacy and Security: HIPAA Privacy and Security: http://info.med.yale.edu/hic/hipaa/index.hthttp://info.med.yale.edu/hic/hipaa/index.htmlml

Quotable QuotesQuotable Quotes

Remember your responsibility to get Remember your responsibility to get organizedorganized

If it isn’t documented, it didn’t If it isn’t documented, it didn’t happenhappen

No one-size-fits-all solutionNo one-size-fits-all solution Trust, but verifyTrust, but verify Bread-crumb trailBread-crumb trail Separate means separateSeparate means separate An amendment is an amendmentAn amendment is an amendment