GCP Records Management – How Are We Doing in Canada?

Health Canada has recently released a publication summarising the results of GCP inspections carried out between April 2004 and March 2011. It makes for interesting reading compared to a similar document released by the MHRA three years ago.

At 24.5% of findings, records management issues account for a much higher percentage of inspection findings than for the earlier MHRA report. Many of the findings were due to documentation simply not being present in the file but the examples quoted in the report reveal some interesting points:

  • Example 2 confirms the inclusion in the TMF Reference Model of IVRS validation artifacts; the trial master file is more than just the minimum list of documents identified in ICH GCP Chapter 8
  • Health Canada accept archiving of electronic records but Example 3 highlights the need for an archive strategy that ensures accessibility and readability of those records for a minimum of 25 years
  • In regards to electronic records again, Example 6 highlights the need for audit trails to demonstrate that data has not been changed.

As in the MHRA report however, the categorisation of findings actually disguises the true extent of records-related problems. For example, findings categorised as “Qualifications, Education and Training of Personnel” were:

  • “No CVs were available for three sub-investigators”
  • “No documented evidence that the personnel were trained…”
  • “No explicit documentation to indicate that all […] had been informed…”

In my mind, these are actually records management issues i.e. failure to generate required documentation for the Trial Master File. Similar examples can be seen against the other inspection finding categories.

So what does this tell us? That we are still struggling to manage the vast quantities of records that our regulations require us to generate and retain. Initiatives such as the emergence of an industry TMF Reference Model will help to ensure consistent and comprehensive content but we also need tools to ensure that content is properly managed.

Posted in Compliance, e-records, Regulations, TMF | Leave a comment

Do You Destroy Records Securely?

When it comes to destroying records at the end of their retention period, I’m guessing that most records managers and archivists will have a well-established program to ensure such records are destroyed securely. There are industry standards for secure destruction, including for example, BS EN 15713:2009 Secure destruction of confidential material and I know many of my colleagues destroy to this standard either in-house or via reputable vendors.

However, are you sure the same is true for electronic records? I don’t mean the deletion of expired records from network drives and backup tapes but the physical destruction of storage media. A recent report from the Information Commissioner’s Office highlighted a big problem in this area. They asked a security company to purchase used hard drives, memory sticks and mobile phones from a variety of sources and identify the contents, if any. 48% of the hard drives still contained data, including 11% containing personal data some of which could enable identity theft to occur. Given that many large companies outsource removal and destruction of hard drives and the like to third parties, can we be sure that our data is actually being securely destroyed?

Posted in Document Storage, Records management practice, Technology | 1 Comment

Use of Digital Signatures

I’ve just come across a White Paper from AIIM on the use of digital signature technology. As this makes for interesting reading, I thought I’d just share some highlights and provide a link to the full report:

  • In 63% of organizations without digital signature systems, more than half of the printed process documents are printed just to add a signature.
  • Speeding up approval processes and saving staff time are considered to be the biggest benefits by those who have implemented a digital signature solution.
  • For 40% of people not using digital signatures, half or more of their electronic document workflows are interrupted by the need for physical sign offs. For 23% of non-users, this results in a week or more of process delay on average.
  • 63% of digital signature users achieved a ROI in 12 months or less (i.e. the technology is cheap!!)
  • 43% of SharePoint users would like to apply digital signatures to SharePoint workflow processes.
  • 24% of research respondents are already using digital signatures. A further 21% plan to implement them in the next 12 months.

The report can be located HERE.

Posted in e-records, Records management practice, Technology | Leave a comment

Is Facebook a Validated System?

Well, of course the answer to the question posed in the title is a clear “No”…. at least as far as the pharmaceutical and biopharmaceutical industry understands and interprets validation. So why the question?

My eye was drawn to an article over the weekend that reported on a High Court ruling that legal documents could be served on an individual via Facebook. In the case in question, the claimant stated that there were doubts raised whether the defendant actually lived at the address that court documents were originally sent to. However, his Facebook account was active and it was judged to be an authentic site belonging to the defendant. Mr. Justice Tear therefore rules that court papers could be served via Facebook.

Relevance? Well it just got me thinking about how as an industry we make strenuous efforts (most of the time!) to ensure our IT systems are developed to the highest standards and comply with finest details of validation requirements… and for good reason. But out in “the real world” the issue of validation often doesn’t really come into the discussion. Case law is often about “the balance of probability”. On the balance of probability, Facebook is probably a reliable electronic delivery mechanism and so its use was authorised. What impact would this philosophy have on the time, resources and effort we expend on development of our IT systems? Perhaps some of our regulations need a little more “real world thinking”? To use an old business saying, do we really need a Rolls Royce all of the time when perhaps a Ford Focus would suffice? Wishfull thinking????

Posted in e-records, Regulations | Tagged , | Leave a comment

Ensure Your Informed Consent Forms Comply With New Requirements

For those sponsors conducting clinical trials that need to comply with FDA regulations, remember that from 7th March 2012 your informed consent documentation must comply with the new 21 CFR § 50.25(c) requirement. This requires the informed consent form to inform the clinical trial subject about the clinicaltrials.gov website. Specifically, it has to include the following statement word-for-word:

“A description of this clinical trial will be available on http://www.ClinicalTrials.gov, as required by U.S. Law. This Web site will not include information that can identify you. At most, the Web site will include a summary of the results. You can search this Web site at any time.”

A guidance document on the new requirements is available from the FDA website by following this link.

Posted in Compliance, Regulations | Leave a comment

GMP Directive (2003/94/EC) to cover active substances?

The European Commission are proposing to extend the scope of Directive 2003/94/EC to cover active substances, including the manufacture of active substances. The intent is to bring cohesion of requirements for active substances and medicinal products. However, since all of the provisions for medicinal products would then also apply to active substances, there are significant implications, including requirements for document and records management.

A consultation process on the impact of this proposed change has now opened, with responses requested by 20 April 2012. Click HERE to download the concept paper.

Posted in Compliance, GMP, Regulations | Leave a comment

Is it OK to “manipulate” PDFs to improve records management?

This is a question that I hear posed fairly frequently, I guess as a result of organisations managing electronic records rather than – or in addition to – traditional paper records. A typical scenario is an electronic document received into the Records Centre as two individual components; is it legitimate for the Records Manager to combine the individual files into a single PDF. Another scenario I’m often asked about is a large report that is circulated as a hard-copy for signature. Is it OK for the Records Manager to scan just the signature page and integrate it into an existing PDF of the same report; scanning of the whole paper document would create a file that was too large to manage and would not necessarily be text searchable.

For the regulated pharmaceutical and biotechnology sectors, I have been unable to locate a regulation or law that deals specifically with these scenarios (if anyone can point me to one, please comment below!). So to answer the question we really need to look at the regulations and guidance to identify any predicate rules or principles for us to base an answer upon. The best guidance that I think is relevant here is a reflection paper from the European Medicines Agency on “Expectations for Electronic Source Documents Used in Clinical Trials“. This paper also refers to the CDISC Standard for Electronic Source Data Within Clinical Trials which discusses a group of 12 high-level principles which, if adhered to, provide a good basis for the acceptability of electronic source data. Compliance with these principles helps us to answer the question posed.

Regulated documents need to be trustworthy. Furthermore, their trustworthiness must be able to withstand scrutiny, either by an auditor, a regulatory inspector or legal counsel. The EMEA reflection paper requires that documents are: accurate; legible; contemporaneous; original; attributable; complete; consistent; enduring; and available. The CDISC standard also adds ‘not modified’.

Whilst the manipulation of PDF files is well meant and helps to reduce duplication and encourage good records management working practices, it has the potential to introduce a question as to the reliability and authenticity of the record. Take the example of the signed study report. The signatory did not read, review and sign the content of the PDF file. Although the Records Manager knows that the content of the PDF and the hard-copy are the same – or assumes that they are – , the signature was not applied to the PDF and should therefore not be attached or associated with it. This would be akin to taking the signature page from a hard-copy study report and stapling it to an alternative version. Or taking the signature from one contract and attaching it to a paper version of a different copy. An alternative approach for signatures is to create a standalone signature sheet where the signatory affirms his/her approval of the content of a separate document that he/she has reviewed.

The example of combining different PDF files has similar problems. Although the Records Manager knows that the files should be combined, this process has the potential to call into question the validity of the concatenated document. If we use the analogy of the study report again, this process is like having the individual components reviewed but the Records Manager assembling the final study report and archiving it with no final approval. Following report assembly, the sponsor and investigator review and approve the compiled document.

To conclude, I said at the outset that I could not locate specific regulations on this. There will always be exceptions and the final decision has to be taken following a risk-based approach. However, my recommendation would be to identify document management processes that avoid the need to manipulate signature pages and/or manipulate individual components of a document. Our goal is always to create and manage reliable, authentic, trustworthy records.

Posted in Compliance, e-records, Litigation, Records management practice, Regulations | 1 Comment