Further to my posting in September to alert you to the availability of a new guide to Good Clinical Practice (GCP) from the MHRA, this guide is now also available electronically in Kindle format. Please note: it appears that currently the existence of this Kindle version is not highlighted on the MHRA website neither is it evident if you click on the link to purchase the guide. The purchase link only takes you to The Stationery Office (TSO) website to purchase a hard-copy version at £45.
To find the Kindle version, you need to go to the Amazon website and search for “good clinical practice guide” in the Books section. The search should reveal the hard-copy version (available at £42.75 / $85.00 plus p+p) but should also show the Kindle version at £32.06 / $59.99 (no postage fees!).
Don’t have a Kindle? Software is available to read Kindle books on PC’s, Apple devices (iPod, iPad and iPhone) and Android devices. If you prefer an iPad version, I believe that this is also being planned and should be published shortly. One of the advantages of the electronic version – other than not have to carry around a book that weighs 1.25kg – is that you can search easily for specific words and you can highlight and annotate sections.
The UK MHRA have published a set of Frequently Asked Questions on the topic of Trial Master Files and Archiving. These can be found on the their online forum.
Readers who have purchased a copy of the recently published MHRA GCP Guide (the “grey guide”) will recognise some of the content on this new online resource. Not suprisingly, much of the content is drawn from the GCP Guide and so to that extent there are no great suprises here. However, it is reassuring to see the consistency of responses and to see the questions that the MHRA have chosen to include in this free resource. The questions posed are:
- What is a Trial Master File (TMF)?
- Is a TMF always required?
- Can the sponsor and investigator TMFs be combined?
- Can management of the TMF be subcontracted by the sponsor and what should be considered when using CROs?
- How should the TMF be organised?
- Is it necssary to have SOPs and standard indices for the TMF?
- How should the TMF be stored and who should have access?
- Should the TMF be kept up to date?
- What is regarded as an essential document?
- How should we deal with correspondence, in particular emails?
- Is it acceptable for the TMF to be electronic?
- We scan our documents for inclusion in the TMF. Is this acceptable and can the paper originals be destroyed?
- Will access to the TMF be required during an inspection?
- How long shuld the TMF be retained (archived) after the trial is completed?
- Can the sponsor retain (archive) the investigators TMF?
- Are there any requirements for the archive storage conditions?
- How should electronic documents/data be archived?
- Is there a need for an Archivist?
Are there any suprises in the content? Well, because the content is largely based on the GCP Guide, there were no huge suprises here. However, 2 points did jump out at me. The first was in relation to guidance on management of correspondence and in particular emails. Given the emphasis that the MHRA and other authorities have placed on producing certified copies of documents that are an “exact copy of the original with no loss of metadata”, it is still suprising to see the printing of emails to paper given as an acceptable option. A printout of an email cannot be a lossless copy. Where emails are to be retained electronically, the Outlook pst file format is given as the preferred format despite this not being suitable for long-term retention and being an extremely difficult file format to manage (e.g. searchability, navigation, file size). Portable document format (pdf) is also suggested as a suitable format but not the preferred one; I would question the rationale behind this recommendation and would suggest that PDF/A is the default file format for emails.
Secondly, I liked the structure given in the answer to question 4 (can TMF management be subcontracted). The MHRA have laid out what is effectively a great checklist to be used when studies are contracted out. This should help to avoid an misunderstanding regarding responsibilities for TMF maintenance, which systems are being used, and how documents are to be transferred between parties.
Thanks to the MHRA for another great TMF resource!
One of the questions that I get asked repeatedly is what exactly is the trial master file (TMF). I represented this graphically a number of years ago, as follows:
For quite a while, industry thought that the TMF was just those documents listed in Section 8 of ICH GCP. However, many regulatory agencies – most recently the MHRA in their GCP Guide – have made it clear that the TMF is much wider in scope than this. The documents listed in Section 8 of ICH GCP are just a minimum list of essential documents. The TMF should also contain other trial-related records that “permit evaluation of the conduct of the trial and the quality of the data produced”. Industry can get assistance in determining what this constitutes by referring to the TMF Reference Model. There are also some supporting files that are generally considered to be outside the scope of the TMF but it should be noted that these files are still potentially subject to inspection. Examples include SOPs, training records and computer system validation files.
So what then is an eTMF and is this the same as an eTMF system? The answer depends on the scope of content that you intend adding to your electronic document management system. Whilst some regulatory agencies have indicated that their preference is to have a single system that holds the whole content of the TMF, this view is not held by all agencies. Therefore, it is permissible for your TMF to be managed in more than one electronic system and in more than one paper system, or even a hybrid of both (i.e. some in paper and some in electronic). There does seems to be a trend towards having a single system but the critical issue is that your SOPs must define which system(s) (paper and electronic) the TMF content is held in. It is also advisable to avoid having content duplicated in paper and electronic format. In other words, if you have invested in an eTMF system to manage some or all of the TMF content, ensure your SOPs define this as the official repository for that content and any hard-copies as temporary convenience copies only (though best to avoid hard-copy as much as possible!). This will take away any obligation to do reconcilliation and QC between hard-copy and electronic. Where team members need hard-copy to do their job, I’d advise generating these convenience copies from the official electronic source, bearing an appropriate watermark that identifies the source.
The recent news O2/IBM has misplaced a data tape containing unencrypted personal data just emphasises to me the need to have a secure chain of custody for our data and records. This means ensuring that when records are passed from one custodian to another across an end-to-end process, we have secure hand-offs and an audit trail that captures critical characteristics of each hand-off. Whilst this provides no guarantees that records will not be lost, I think it puts more focus on the hand-offs and as a result improves the robustness of the overall process.
Of course, the other aspect of this story is why unencrypted data tapes are being used for personal data. So, why don’t we take a look at our own records management chain of custody? Are there appropriate security mechanisms in place? When you hand over data tapes to your off-site provider, what security processes are in place at hand-over, during transit, and at the storage location? Is there compliance with pertinent data security standards, for example ISo 27001 ‘Information Security Management’. And have you considered the need for data encryption before hand-off to a third party?
Let’s start off the week with a controversional question! A Code of Practice released by the UK Information Commissions Office on 20 November adds an interesting slant to the question. The Code of Practice (Anonymisation: Managing Data Protection Risk) reconfirms that the Data Protection Directive – dating back to 1995 – says that the principles of data protection do not apply to data rendered anonymous.
The Good Clinical Practice (GCP) community have typically interpreted clinical trial patient data as not falling within this definition because, although the data is anonymised, there still exists a code list held by the clinical trial investigator which links the patient number with the actual patient identity (the subject identification code list). However, the new Code of Practice clarifies the point that the Data Protection Act does not require anonymisation to be completely risk free or to be 100%. The data protection authority in Hamburg have gone further to state that ‘rendering anonymous’ is defined as “the alteration of personal data so that information concerning personal or material circumstances cannot be attributed to an identified or identifiable natural person or that such attribution would require a disproportionate amount of time, expense and effort‘. It is therefore acknowledged that the absolute impossibility for re-identification in practice cannot always be achieved.
Industry has usually maintained that because there exists a theoretical possibility that somebody may use the subject ID list to link the anonymised data with the original patient records, then the data is to be considered as personal data within the definition of the Data Protection Directive. However, the Code of Practice gives an example where an anonymisation code is actually held by the same organisation who holds the private data and this is to be considered sufficiently anonymised so long as there are security systems in place (policies and procedures) to prevent a link being made. In the GCP scenario, the anonymised data and the code list are held by separate entities (sponsor and investigator) under strict GCP principles and contractual obligations to keep the code secure. The case is therefore stronger!
In fact, to avoid any further ambiguity, the Code of Practice actually uses clinical trial data as one of its case studies in Annex 2. It concludes that the risk of discosure of the key code is sufficiently low to consider the data held by the trial sponsor to be completely anonmysied and therefore not within the restrictions of the Data Protection Directive and Data Protection Act.
Applied Clinical Trials reported this week news that Janssen Research & Development are establishing a global, cross-pharmaceutical Investigator Databank to improve the efficiency of industry-sponsored clinical trials. The Investigator Databank, to be hosted by DrugDev.org, will hold key information about clinical investigator sites including their infrastructure and “good clinical practice (GCP) training records”.
As these types of initiatives are developed and become more commonplace, it remains to be seen whether the expectation of regulatory inspectors will be that the industry sponsors maintains a copy of training records and CVs for trial staff, or whether it would be acceptable to cite the Investigator Databank as the official repository for such information. The latter would certainly remove one of the administrative burdens of managing trials, namely ensuring that an up-to-date CV is on file for key trial site personnel. It would of course be necessary to have certain guarantees that the records held at DrugDev.org were kept up-to-date and retained for the required period of time.
As collaborative efforts across industry increase, I’m sure we’ll see more of these issues arising. The challenge will be whether or not regulatory authorities and industry can accommodate a paradigm shift in terms of record maintenance and ownership.
We have been maintaining Trial Master Files for many years with increasing levels of consistency and quality since the introduction of Good Clinical Practice guidelines in the 1990’s and more latterly, the publication of European Directives and Regulations that make compliance a legal obligation. However, a quick review of published agency inspection findings shows that industry and clinical sites are still making many mistakes when it comes to document management. So do we really understand what the regulatory requirements and, importantly, how to comply with them in an efficient and cost effective way? Add to this the advent of technological solutions that now make it possible to manage our TMF content electronically, and we have a whole realm of other challenges to face.
For example, do you understand:
- what type of file structure the regulatory agencies may expect to find when they inspect your trial master file?
- what the indexing requirements are for the trial master file?
- what records related to third parties you are expected to maintain when you outsource trial activities?
- how you file emails, email conversation threads and email attachments?
- where you file documents such as the DSUR which may appear in several places (Ethics, Regulatory, Safety)?
- what the validation expectations are for an electronic trial master file (eTMF)?
- whether electronic signatures are permitted and if so, how they should be implemented?
- whether it is allowed to destroy paper original documents after they have been scanned into an eTMF?
- how you can provide the site with an electronic investigator site file (eISF) and what regulations you need to follow?
These questions – and many more – will be answered at a one-day workshop dedicated entirely to the subject of trial master files and electronic trial master files. The workshop is being run on Wednesday 28th November in Munich immediately prior to the 13th DIA Electronic Document Management Conference. Your workshop presenters are Eldin Rammell, Managing Director, Rammell Consulting Ltd and Karen Redding, Business Development Director, Phlexglobal Ltd. The workshop content has recently been re-written to include latest industry and agency experiences, more focus on electronic signatures and eTMF implementation challenges. This content-packed workshop is great value as a stand-alone training event at €550 (approx. £440) but can also be taken as an optional extra to the DIA EDM Conference. The workshop fee is fixed but if you also plan to attend the conference please note that the closing date for the conference early-bird discount is approaching fast. This workshop held in previous years has been fully booked!