Regulating eDiaries from Planning to Retention of Archival eSource Records

Stephen A. Raymond, PhDChief Scientific Officer and FounderPHT Corporation

2

Agenda

• Many regulations applying to eDiaries were developed in the age of paper

• eDiaries are eSource

• Examples of regulatory issues that arise– “What is the source document?”

• Approaches to conformance with regulations and guidance

3

Regulations written in the age of Paper

• “subjects’ diaries” are source documents [ICH E6 definition]

• Diaries were not then a focus of regulations– Therapies were approved or rejected based on

clinical records where the direct input from subjects was generally secondary to the medical assessments of their physicians.

• Paper questionnaires trusted by regulators and scientists -- BUT – NOT diaries done off site

4

Behind applicable regulations

• Regulatory authorities want to trust results of clinical trials – Site investigators will provide unbiased data because

they have no vested interest in the efficacy or safety of the therapy being tested.

– The FDA has mandated [Ref 5, 21CFR312.62 (b)] that an investigator is required to “prepare and maintain adequate and accurate case histories that record all observations and other data pertinent to the investigation on each individual administered the investigational drug or employed as a control in the investigation…”

5

E- regulations

• “When original observations are entered directly into a computerized system, the electronic record is the source document.”– From “III. General Principles, CSUCT, Apr. 1999)

Superseded, without change, by: CSUICI, May 2007

• “Each specific study protocol should identify each step at which a computerized system will be used to create, modify, maintain, archive, retrieve, or transmit source data”. – From IV. Recommendations, CSUICI.

6

Evolution of eDiary Guidance• “When source data are transmitted from one

system to another (e.g. from a personal data assistant to a sponsor’s server), …a copy of the data should be maintained at another location, typically at the clinical site but possibly at some other designated site.” [CSUICI]

• Compare to: “Source Documents – Purpose: to document the existence of the subject and substantiate the integrity of the trial data collected –Located in Files of Investigator/ Institution” [ICH E6 Essential Documents 8.3.13, May 1997]

7

Why location?

• A holdover from the Age of Paper• Physical possession

– Enables reading– Enables marking/ deleting– Essentially confers “control”

• The “record” and the thing holding the record (paper) were tightly linked– Specifying location of the paper, specified

control of the record

8

Location is NOT necessarily control

• “Where data is stored on a remote (often central) server without retention of a contemporary local copy, the method by which an investigator or other party retains control of data they have generated should be clearly established, and this control should be demonstrable.” [REFLECTION PAPER ON EXPECTATIONS FOR ELECTRONIC SOURCE DOCUMENTS USED IN CLINICAL TRIALS, EMEA Draft, Oct 2007.]

• Progress!

9

Data quality

• Data quality has been the object of regulatory guidance [CSUICI, Part 11].

• Common problems with data quality on paper (incomplete forms, illegible fields, illogical values, improperly formatted dates, ambiguous selections, etc.)

• Preventable by controls in eDiaries. • Data quality has been shown to be

enhanced dramatically by such controls

10

Data Accuracy and Trustworthiness

• Examples of controls: completeness rules, formatted response options (dates, times), edit checks (range, logic), and screen sequence controls

• Accuracy? – Restricting availability for completion

• Ensures timeliness of data entry by patients • Makes self assessments more discriminating.

11

Regulatory recognition

• In the EU, there has been some regulatory encouragement for use of eDiaries to increase data integrity. – Guidance on endpoints in asthma: “If home recording

equipment is used, reproducibility is particularly important and an electronic diary record should be considered to validate the timing of measurements.”

– Guidance on efficacy for steroid contraceptive: “The separate calculation of the Pearl Index for method failure requires reliable methods for recording of compliance (e.g. electronic patient diaries) not to include non-compliers in the denominator.”

12

Privacy of subjects vs attribution

• Privacy on one hand and Part 11 attribution on the other– Regulations guarding privacy aim ultimately at

ensuring that records cannot be used to reveal the identity of patients

– Regulations for data integrity aim ultimately at ensuring that records shall always include information that can be attributed to a particular subject

• Approach: Role based permissions

13

ePrivacy • Subjects are more willing to reveal sensitive personal

data (e.g. ratings of sexual performance by a partner) when an eDiary is used – that will not allow an outsider (e.g. husband) to see the ratings. – The Data Protection Directive 95/46/EC dated 24 October 1995;

Ref 7, The HIPAA Security and Privacy Rule, 2000; Ref 4, The Clinical Trials Directive 2001/20/EC, dated 4 April 2001, Ref 9, Act on the Protection of Personal Information, Japan, dated May 2003).

• Experience suggests the privacy controls on eDiaries have been effective.

14

Approaches to compliance• Prepare: Sponsors using eDiaries interpret the provision

to mean that the Investigators “prepare” the eDiary records by instructing subjects about how to enter diaries and by answering any questions concerning the eDiary data. – Direct, unsupervised entry of data by the subjects is OK

• Maintain: The investigators “maintain” the eDiary records in files “of the institution” by reviewing (and clarifying as necessary) the electronic records, and by monitoring compliance with completion schedules – usually via a web application supplied by the eDiary provider to

provide access at will to authorized users at the sites– Files “of” the institution (not “at” the institution) also OK

15

Typical eDiary System

Data Capture Device w/ Software

Study Archive

ePRO Data sent to servers using secure transmission

Database

Monitoring / Maintenance

To support reconstruction of the trial for auditing the trustworthiness of the results

16

The evolution of regulations

• “The FDA considers the investigator to have met his or her responsibility when the investigator retains the ability to control and provide access to the records that serve as the electronic source documentation for the purpose of an FDA inspection. The FDA recommends that the study protocol, or a separate document, clearly specify how the electronic PRO source data will be maintained.” PRO Draft Guidance May 2006

• Progress!

17

Definitions Help Clarify Regs

Source: 1. The specific permanent record(s) upon which a user will rely for the reconstruction and evaluation of a clinical investigation. 2. Sometimes used as shorthand for source documents and/or source data. NOTE: accuracy, suitability, and trustworthiness are not defining attributes of “source”. The term identifies records planned (designated by the protocol) or referenced as the ones that provide the information underlying the analyses and findings of a clinical investigation See also original data, certified copy [CDISC Glossary V. 7]

18

What is the Source Document?• eSource Document. The electronic record used

to aggregate a particular instance of eSource data items for capture, transmission, storage, and/or display, and serving as a source document for a clinical investigation. – Note:…documents are recorded in electronic systems

according to conventions (such as those for PDF documents) that ensure that all the fields of eSource data and associated contextual information (e.g. time of capture, time zone, authorship, signatures, revisions) are linked to each other in a particular structure… same role as the physical properties of paper (binding items together)…

19

Example of Designating Source

EHR record at institution. First

record of “original data” items

EHR record at institution. First

record of “original data” items

eRecord containing the original data items extractedAnd “certified” to have the same values and metadata

by validated process or a manual check

eRecord containing the original data items extractedAnd “certified” to have the same values and metadata

by validated process or a manual check

This is the sourcedocument, and it is under the (Part 11) controls of a clinical trial system

This is the sourcedocument, and it is under the (Part 11) controls of a clinical trial system

This is an originaldocument that is NOT the source for the Report and is under the controls of the EHR system

This is an originaldocument that is NOT the source for the Report and is under the controls of the EHR system

SourceDataSourceData

Final report containing analysis,

findings based on original data

Final report containing analysis,

findings based on original data

CRF or eCRF with original data itemsCRF or eCRF with original data items

Clinical DatabaseClinical Database

20

Why anxiety? Think like a lawyer

• “When original observations are entered directly into a computerized system, the electronic record IS the source document.” CSUICI– “this requirement applies to the retention of

the original source document or a copy of the source document.”

– “original data” = “values that represent the first recording of study data…”

– Source Documents: “Original documents…”

21

Anxiety: expiring passwords

• Part 11.300 Such controls [for ID/passwords used as signatures] shall include: – (b) Ensuring that identification code and password

issuances are periodically checked, recalled, or revised (e.g., to cover such events as password aging).

• “Expiration” is a burden for sites who review or monitor subject data (without signing), and for subjects who might sign records digitally.– Compare the work of sustaining multiple passwords vs

one written signature (yours) – Providing support for users who forget is a big burden

22

Regulatory progress

• Narrow interpretation by “consultants” differs from FDA preamble to Part 11– “organizations have full flexibility in

determining the frequency and methods of checking recalling, or revising.”

– Risk assessment for change interval in CSUICI

• My viewpoint: Password “aging” less of a problem than exposure of written passwords, shared passwords.

23

Regulatory Anxiety

How do you see the attitude of regulators, security consultants, IT towards ‘access’?

24

A benefit blocked by Regs

• Recruitment, medical records– Some level of automated screening and

blinded enquiry of potential subjects would be a welcome component of eHealth Records.

– Slowed recruitment blocks development of therapies needed by the very people whose privacy is “protected”

25

Work to be done: Need for a definition

• eCertified Copy vs Certified Copy• “There is a need to define what an accurate

copy is in an electronic sense. Accurate copies should include the meaning of the data (for example date formats), as well as the full audit trail.” [EMEA Reflection Paper…]

• “A copy of original information that has been verified as indicated by a dated signature, as an exact copy having all the attributes and information as the original.” [CSUICI, FDA]

26

Conclusions• eArchive reconstructs trial

– Kept at site (DVD - certified original source and audit trail)

– Retention sustains the maintenance of data by Investigator

– Context of data needed to interpret the data• eSource can be protected [by a 3rd party] and

“prepared” and “maintained” during trial through a secure Web account.

• ePRO can meet existing regulations, IF – Agreed how they apply to eSource– System fulfills Part 11 controls from start to finish

27

Conclusions

• ePRO a result of a promise: Make the system so it achieves these criteria, and the FDA MUST accept your records and signatures

• ePRO has delivered on the promise of better data quality– Enhanced privacy enabled even when patient ID is

available for audit

• Regulators have generally kept their promise

28

Comment

• Cooperation among providers, sponsors and regulatory authorities worldwide – is enhancing the participation of subjects in

documenting the effects of therapies via eDiaries. – If this trend continues, we can reasonably expect

information from subjects about what happens to them as they try a medication or device to be available in product labels and clinical advisories.

– Subjects’ who are prescribed therapies will then have increased insight into what they are likely to experience.

29

Disclaimer

The views and opinions expressed in the following PowerPoint slides are those of the individual presenter and should not be attributed to Drug Information Association, Inc. (“DIA”), its directors, officers, employees, volunteers, members, chapters, councils, Special Interest Area Communities or affiliates, or any organization with which the presenter is employed or affiliated.

 

These PowerPoint slides are the intellectual property of the individual presenter and are protected under the copyright laws of the United States of America and other countries. Used by permission. All rights reserved. Drug Information Association, DIA and DIA logo are registered trademarks or trademarks of Drug Information Association Inc. All other trademarks are the property of their respective owners.