Good Clinical Practice Guide
Results 1 to 7 of 7

Thread: Electronic Source Data Access for Monitors and Inspectors

Hybrid View

  1. #1
    Forum Member
    Join Date
    Jul 2017
    Posts
    3

    Electronic Source Data Access for Monitors and Inspectors

    Recently, University Hospital Southampton NHS Foundation Trust have encountered some queries surrounding our processes as the Trust moves to a new Electronic Document Management System (EDMS).
    Working with our organisation IT team, we have been through a long process of ensuring not only that our record keeping for patient notes is compliant with the regulations and other legislation but also that it can be accessed by monitors and inspectors.
    When a monitor comes on site they are given a monitor account whereby they can log into the Trust patient records, on a read only basis, via a Trust computer. This account is fully auditable by the IT department and the R&D QA Manager. There are a number of safeguards built in, for example there are only 3 people in the Trust that can request these accounts, the name of the monitor and the study they are working on is recorded; they are only accessible through Trust managed computers; and they are time limited to expire when the Monitor is off-site.
    All Monitors are asked to sign a code of conduct which sets out their responsibilities. Monitors are expected to formally record all patient records accessed, and any inadvertently access in case of error (to avoid potential inappropriate disciplinary report to the Monitor’s employer). UHS contracts with Sponsors state that Data protection and confidentiality will be maintained by employees of the Sponsor or CRO. This is considered best practice to avoid the need for personal supervision of external organisation employees accessing hospital systems.
    The process has been in active use since January with no real issues. However, more recently, the process has been questioned as the MHRA Position Statement and Guidance on Electronic Health Records (2015) states: Access to the system should be available for inspectors and sponsor representatives (e.g. monitors and auditors), which is limited to trial patients. This will enable source data verification of clinical trial subjects whilst protecting the confidentiality of non-trial patients.
    As we said, we went through a long process of development with our IT team to enable access but it is not possible to limit access to just those records of participants entered onto a study. We are confident that, with the safeguards we have put in place, the confidentiality of all of our patients is protected.
    Please could I ask for views on this and whether this system is appropriate?
    I would also be interested in what solutions other Trusts have put in place.

  2. #2
    Forum Member
    Join Date
    Mar 2018
    Location
    Wolverhampton
    Posts
    1
    Hi Mikayala,

    We are having the same questions raised, did you have any response? did you change your processes.

  3. #3
    Forum Member
    Join Date
    Jul 2017
    Posts
    3
    Hi Emma,
    I have very slightly re-worded this in a new thread. We didn't receive any other responses yet and so have not changed our process.

  4. #4
    Forum Member
    Join Date
    Nov 2011
    Posts
    121
    The MHRA advice (2015) only says that it is “strongly advised” and “ When establishing an eHR system the following aspects should be considered”. It does not say that alternatives (work-arounds) that produce compliant system are not acceptable and only the MHRA (2015) recommendations are acceptable.

    I have seen a Presentation by Jason Wakelin-Smith 2017, entitled “NHS Digital Reform: Enabling Clinical Trials?”. He describes Current Work-around to preserve subject confidentiality as being: • CRA provided with a site access to EHR; • Agreement to only view trial patients; • Site review of patient records accessed; • Company disciplinary process; • Trust based.”
    I presume from this that these work-arounds are acceptable.

    As can be seen from their list of problems found (2015) that “Inability to readily access audit trails” is a big concern. Without audit trails availability it will be impossible for the investigator site to “review patient records accessed”. If you look at the full quote of the 2015 guidance you can see that this is their major concern:-- “Access to the system should be available for inspectors and sponsor representatives (e.g. monitors and auditors), which is limited to trial patients. This will enable source data verification of clinical trial subjects whilst protecting the confidentiality of non-trial patients. This should include access to audit trails;”

  5. #5
    Forum Member
    Join Date
    Nov 2011
    Posts
    121
    FDA final guidance “Use of Electronic Health Record Data in Clinical Investigations Guidance for Industry July 2018” might be helpful. So might EMA guidance “eSource Direct Data Capture (DDC) qualification opinion” a draft of which is out for consultation.

  6. #6
    Dear All

    The MHRA GCP inspectorate queried the access to Trust electronic health record systems, which do not limit access to monitors with the Information Commissioner's Office (ICO). The ICO responded that the onus is on the Trust to demonstrate that the monitor has only accessed those records permitted (e.g. patients which have provided consent for the monitor(s) to access their source records). Therefore, there should be an agreement in place between the Trust and Monitor(s) to ensure only trial participant's records will be accessed for which consent has been obtained, the access should be read only and the system should have an audit trail. The audit trail should then be checked by the Trust to ensure that the monitor is only accessing those records which they have permission for, thereby verifying compliance with the terms of the access agreement.

    I hope this clarifies the issue. However, if you have further specific questions you can send a query to the Clinical Trials Helpline: clintrialhelpline@mhra.gov.uk

    Kind Regards,

    MHRA Moderator

  7. #7
    Forum Member
    Join Date
    Nov 2011
    Posts
    121
    The important phrase is :- “onus is on the Trust to demonstrate that the monitor has only accessed those records permitted”.
    To check all audit trails for all monitors/auditors/Inspectors access to all visits, by all subjects, would be resource intensive and not proportionate to the risk.
    In keeping with ICH E6 (R2) and the EMA risk proportionate guidance, a risk based approach could be taken. For instance, the audit trail for say 80% (or more) of the first accesses by the monitors/auditors/ inspectors to subjects records, could have the audit trail checked. Then if all is fine, subsequently a “spot check” (pseudo- randomized) of say 10% of the audit trails of future accesses, could be checked. Obviously there needs to be a procedure (SOP) for this and a process for documenting this QC and an escalation process for reporting discrepancies/problems. This procedure would also document the system capabilities and how they work in conjunction with organisational security measures to maintain data integrity and confidentiality.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •