Retention Scheduling? Don’t Forget Data Protection Laws!

Research recently conducted by PwC on behalf of Iron Mountain suggests that more than a third (35%) of small European companies are risking prosecution by “hoarding” data beyond the scope and period required by data protection legislation. When these companies were asked why personal data was being retained, they replied “In case it is needed”.

Apparently, engineering and manufacturing companies are the worst culprits with 45% holding on to everything. In the financial services sector, 39% keep everything and 9% have no company-wide retention policy! Colin Rooney, from Technology and Life Sciences Group, Arthur Cox says “Today, each organisation is increasingly aware of the possibility of litigation  and this creates a reluctance to destroy original documents. That in turn creates spiralling storage costs and a potential breach in data  protection law, in retaining personal data for longer than necessary.” The poor record keeping practices are particularly acute regarding employee, customer and financial information.

Do you need to dust off your copy of the Data Protection Directive and assess your own retention policies against the requirement not to retain personal data for longer than is necessary? Don’t forget, we’re also here to help you ensure you develop and implement compliance policies and procedures.

Advertisements
Posted in Compliance, Data protection, Records management practice | Leave a comment

Is an eTMF Standard Needed?

This is a question that many of us in the clinical document management space are currently asking ourselves following the announcement by CareLex of their intention to develop and launch an industry eTMF standard under the auspices of OASIS. There already exists a sub-team within the DIA TMF Reference Model working group who are looking at developing metadata to support the Reference Model so the obvious question is “Why is another group necessary?”.

Well first off, the intention of the DIA TMF Reference Model group is not to develop a standard and DIA are not in the business of developing standards or endorsing standards. Our remit within DIA is to develop a conceptual model that can be adopted and adapted by industry to support clinical document management needs. As part of this, the metadata sub-team are developing standard nomenclature for core and recommended document attributes. This is a valuable exercise and will continue but the difference between these deliverables and a formal technical standard need to be recognized. A technical standard – which is outside the remit of the DIA team – is to facilitate data and document exchange between any two systems that are compliant with the eTMF standard. This currently requires bespoke (i.e. expensive and time-consuming) programming and consultancy to get two eTMF systems talking to each other. Furthermore, the availability of an eTMF technical standard would facilitate the development of generic eTMF Viewers that could be used in a simple browser interface to interrogate and access ANY compliant eTMF system. The OASIS eTMF Standard Technical Committee will be supportive of and complementary to the DIA TMF Reference Model activities.

So why OASIS? Well, in the conversations I’ve had, various alternative standards groups have been mentioned. Each group has advantages and disadvantages and it becomes a rather subjective exercise to pick one to go with. Here’s a quick summary of some of the points I’ve picked up along the way. OASIS has already developed an authoritative standard for content management interoperability (CMIS) that is used by many of the big software vendors such as EMC, Microsoft, Adobe. OASIS is already supported by many of the major content management vendors. Whilst groups like HL7 and CDISC have experience in data exchange, OASIS has more experience in developing standards for content and document exchange. So far, HL7 has not expressed any interest in hosting or being involved in an eTMF initiative.

OASIS also has a reasonable history at developing standards within a rapid timeframe. The goal is to publish a draft standard within 6-9 months; OASIS Technical Committees have achieved this where other standards groups typically take longer.

Several have commented on the seemingly expensive cost of engagement with OASIS. To participate directly in an OASIS Technical Committee, a person must either be an individual member of OASIS ($310 per year) or their employer must have company membership. Company membership fees vary from $3,350 to $8,400, providing contributor access for all company employees. This compares to a minimum of $1,200 plus $3,500 joining fee for CDISC for the smallest company (<20 employees) up to $25,000 plus $30,000 joining fee for companies with >25,000 employees. Similarly, membership to HL7 costs $705 per year for an individual to up to $19,635 for larger companies. So from a cost perspective, OASIS appears a reasonable choice. Furthermore, non-OASIS members will still have opportunities to engage in this process via the DIA TMF Reference Model group; the two initiatives are not competing with each other!

So we come back to my original question….. is a standard necessary? From my experience working with many different clients, I see a key issue causing a stumbling block on almost every TMF project; this is the impact caused by the inherent flexibility of the TMF Reference Model. By virtue of the fact that it is a reference model and not a standard, each organization has its own interpretation of the model. This is initially seen as great for the organization as it often means not needing to change their current file plan for TMF content. Inevitably, it leads to plenty of man-hours mapping file plans to the Reference Model and vice versa. More importantly however, the subtle difference between Reference Model implementations results in an inability to easily exchange data and/or content between systems. Does this mean the TMF Reference Model has no value? Of course not! It still has value in determining the underlying content and structure of the TMF for regulatory and business purposes. It has done perhaps more than any other single thing to improve TMF compliance. Does a standard mean loss of flexibility? Absolutely not! An eTMF Standard can still mean Company A or Vendor A displaying TMF content using a different file plan than Company B or Vendor B. However, the primary attributes that identify and describe each document within the eTMF will be the same; the only difference will be how the content is surfaced in the user interface. As an analogy, there exists a technical standard for electronic calendaring. Both Google Calendar and Microsoft Outlook Calendar comply with the standard for data exchange but calendar items appear very different in both systems; field names are sometimes different, with each having different options. However, compliance with the standard enables you to send me a Google Meeting Request and me to receive that Meeting Request into my Microsoft Outlook Calendar. An eTMF Standard should achieve the same for eTMFs. Wingspan to Veeva. FirstDoc to PhlexEview. NextDocs to Transperfect. Or…. view your eTMF archive through a generic web-browser eTMF Viewer Add-in! See you on the OASIS Technical Committee or eTMF Standards LinkedIn Group?

Posted in e-records, Records management practice, Standards, Technology, TMF | 1 Comment

Proposed EU Clinical Trial Regulation – Update

Well, my optimism from our meeting with one of the UK MEPs a short while ago was misplaced! It appeared a possibility that the intention was to only retain the clinical study report indefinitely and not the whole of the TMF. This is NOT the case.

I have had it confirmed categorically by the rapporteur for the new Regulation that the intent of the proposes wording is to retain the whole of the trial master file – in electronic form only – for an indefinite period. The Committee on the Environment, Public Health and Food Safety (ENVI) are aware that there are concerns from industry on the practicality of these proposals and this will be something that will be on the table as negotiations continue with the European Council. The position of the Committee is that transparency and accountability are paramount and it is thought the trial master file would be invaluable should problems come to light a long time after the end of a clinical trial.

However, I have yet to hear a convincing argument to support this supposition. Suppose we have a drug that has recently completed its clinical programme, been given marketing approval and is then on the market for 30 years before serious side effects are identified. Given the vast quantities of post-marketing surveillance data that would have been collected over the coming 30 years and the existence of a huge amount of data available in the clinical study reports and their associated tables and listings (including individual case report forms for adverse events and deaths), I really have to question what additional value records in the trial master file would provide, other than to potentially protect the sponsor against accusations of improper conduct.

I’ve heard various “drug disaster scenarios” used as justification for the indefinite retention period (e.g. Stilbestrol) but these examples are all from the era when toxicology testing was fairly rudimentary compared to today’s regulatory environment. Since the 1950s, 1960s and 1970s, regulations governing pre-clinical safety testing have been significantly enhanced, including the requirement that “observations should be continued through one complete life cycle, i.e. from conception in one generation through conception in the following generation” [CPMP/ICH/386/95]. This does not completely eliminate any risk of teratological issues arising but it certainly makes it inappropriate to use examples such as Stilbestrol, Etretinate and Thalidomide as justification to retain records ad infinitum.

So where do we go from here? Industry really needs to start taking this issue seriously as it will undoubtedly have a significant impact on the conduct of clinical trials. Perhaps the biggest impact will be on academic and investigator-sponsored studies where a high proportion of trial records are still maintained and archived in paper format; these will all need to be maintained in a fully validated, electronic trial master file system (eTMF) and measures put in place to archive the electronic files indefinitely. Relevant industry bodies and companies need to lobby their MEPs and regulatory agencies with urgency to ensure common sense prevails on this issue. Parliament is due to begin debating this issue later this year.

Posted in Uncategorized | Leave a comment

When Is a Photocopy Not a Photocopy?

It appears that the answer may be when you use a Xerox scanner to produce the copy! According to a story reported today, the “normal” scan settings on at least two models of Xerox scanner actually change the characters that appear on the copy that is generated. The compression software used by the machine – JBIG2 – is tuned to produce smaller files at the expense of image quality. Although OCR functionality is apparently not enabled, the machine can misinterpret certain characters under these conditions and replace them with others. A test completed by German researcher Dr. Kriesel showed a 6 replaced by an 8, and vice versa. Currently, it is not known if this issue is present in other scanners using the same compression software.

I think most of us are aware of the potential issues when using file compression software but I’m guessing that we all assume that a scanner or photocopier will accurately copy the content from an original document to the copy that is being generated, albeit perhaps at a lower resolution. This has significant repercussions for the life sciences industry who rely on data from preclinical and clinical studies being accurately reported – even when those reports are scanned or photocopied. At the moment this problem is not considered to be widespread but perhaps we should not always take so much for granted the accuracy of the technology that we are increasingly reliant upon.

Posted in e-records, Technology | Leave a comment

Where Are We With ‘Digital By Default’?

The UK eGovernment Interoperability Framework (eGIF) was established over 10 years ago to include a range of different initiatives to make Government more efficient by introducing standardisation. Part of this strategy included the goal of moving towards the digitisation of all government services. This has now largely been subsumed by the Government Digital Strategy which aims to make transactions “digital by default”. In other words, digital services that are so straightforward and convenient that all those who can use them will choose to whilst those who can’t are not excluded. What is the relevance? Well I’d like to recount two incidents that I experienced in the last couple of weeks that demonstrate the impact of having or not having a coherent digital strategy.

The first incident relates to my UK VAT Return. As a UK business registered for VAT, I have to submit details on a quarterly basis to H.M. Revenue and Customs (HMRC). For quite some time now, HMRC has provided facilities for returns to be made completely online with no need for paper records. Excellent! This quarter however, I made a small error on my return. To notify HMRC of this error, rather than make an online correction I have to submit the correction on a separate form. This is available as a PDF document. No, not a PDF form that I’m able to complete on my PC but a plain PDF document that I have to print out, complete by hand, and then post by “snail-mail” to HMRC. It would be great to have the facility to make my correction online. Failing this, why not give me an intelligent PDF form that I can enter data into on my PC and then submit electronically?

The second incident concerns my son’s application for university finance. The department that deals with applications requires parents to provide supporting evidence of their income to calculate whether the student is eligible for grants, loans etc. I duly completed the information online and was notified that “no further information is required”. Imagine my surprise when a few weeks later I received a letter through the post (NOT by email) to let me know I needed to submit copies of payslips, end-of-year tax information etc to prove my income. There was no facility to provide this electronically so I had to print off those records that I had electronically and take photocopies of others and send them off. Postage 90p. Same for my wife. Approximately 3 weeks later, I received another letter through the post (NOT by email) informing me that the requested evidence had not yet been received. Could I send it urgently otherwise my son may not receive any finance for his university placement. I duly telephoned the organisation to explain that I’d already sent the information requested. After a rather lengthy conversation, it turned out that my details HAD been received but had not yet been checked, there being a 3 week delay in the processing of incoming mail. So, we have a department that has received my envelope, logged the receipt of the documents into their system but failed to link that transaction with the system that sends out reminders! They knew my documents had been received and had them logged in the system but still sent out the reminder anyway! To make matters worse, I asked what had happened to my documents. “They have been scanned into the computer system”, I was told. So those electronic documents that I’d printed out and sent hard-copy had now been scanned and digitised. Why not provide an option online to “Upload documents”??

So why have I bored you with these two tales? The reason is that an inefficient records process could be simplified and made more efficient NOT by the implementation of an expensive, complicated technological tool but simply by some joined-up thinking and by using a few simple, cheap desktop software tools (e.g. Adobe Acrobat Create PDF Form). Isn’t it about time we all took a few minutes out of our day to do some “blue sky thinking” and identify opportunities for “quick wins”…. areas where a simple change could make our process so much more efficient.

Posted in e-records, Records management practice, Technology | Leave a comment

When is a CSR a TMF?

It appears that the anxiety within the industry regarding the proposed Trial Master File retention requirements in the draft EU Clinical Trial Regulation may be unfounded. MarinaYannakoudakisEarlier today I had the pleasure of meeting Mrs. Marina Yannakoudakis MEP at her constituency office in London, together with 2 colleagues from the GCP Records Managers Association (GCP-RMA). We discussed industry concerns regarding the wording of Amendment 222 and Amendment 223 and it appears that the intention may have been for these 2 clauses to refer to retention of the clinical study report and not to the entire TMF. In any event, it was somewhat of a surprise to the MEP that the TMF was as complex and extensive as it is and therefore the requirement to retain this entire document set in electronic format and for an indefinite period does not appear to be justified. Replacing “trial master files” with “clinical study report” in these 2 amendments also makes the text consistent with other clauses and articles within the draft Regulation.

This would however leave the retention period for the TMF itself undefined and so our recommendation was for this to be retained for “a minimum of 5 years” to be consistent with the original wording of the draft Regulation and consistency with existing national legislation.

Our thanks were expressed to Mrs. Yannakoudakis who agreed to provide an update to the Rapporteur for the Regulation, Mrs. Glenis Willmott. We hope that these comments are taken on board as the draft Regulation proceeds to the next stage in Parliament.

Posted in Regulations, TMF | Leave a comment

Where Next for the Digital Age?

I found the BBC News story today regarding digitisation of the UK Courts system very interesting. The Government has plans to make courtrooms in England and Wales “fully digital” by the year 2016, ending what it described as “an outdated reliance on paper”. In addition to initiatives such as secure Wi-Fi in courts and the routine taking of evidence by video-link, the plans include getting “rid of our outdated paper-based system”.

This story just hit home once again to me the slow pace within the pharmaceutical and biotechnology industry of the adoption of digital technologies that facilitate a paperless environment. We’ve recently had the European Medicines Agency (EMA) issue a reflection paper on the management of clinical trial documents (the TMF) and they’re still urging caution on any reliance on digital records! At the same time we see the legal profession itself absolutely comfortable with a digital environment….. electronic signatures and all! And as we look at other sectors of industry – from banking and finance through to retail – they have mostly been using technologies that support a paperless office for many years.

This is the 21st century; a time when we have International Standards for digital certificates and European Directives for Electronic Communications and for Electronic Signatures. So isn’t it about time we broke down the final barriers to working digitally? Next time you create a document that has a wet-ink signature line, just ask yourself “Is there a technology out there that can enable me to capture that signature digitally and still remain compliant with the pertinent regulations?”. I’m willing to bet that 99% of the time, the answer will be a resounding “Yes”.

Posted in e-records, Litigation, Records management practice, Technology | 2 Comments