Sponsors of clinical trials must ensure that their clinical trials are conducted in accordance with the principles of good clinical practice (GCP). These principles include data integrity requirements, i.e., rules that must ensure that the data generated in clinical trials are robust and reliable. A violation of these principles may give rise to questions about the scientific value of the affected clinical trial. This may occur, for example, when a sponsor is collecting or processing trial data inconsistent with the observations made on the trial subjects. This article describes in short a proposed course of action that may help a clinical trial sponsor address data integrity issues in a systematic and structured way.
When a clinical trial sponsor becomes aware of a potential violation of a data integrity requirement, the sponsor should take the following actions:
- assess the seriousness of the potential data integrity violation
- decide whether it must notify any regulatory authority or other persons concerned about the data integrity violation and, if so, carry out these notifications in accordance with the regulations
- conduct a root cause analysis
- develop and execute a corrective and preventive action plan
A company facing a data integrity breach should carry out action points 1 and 2 first. However, depending on the circumstances, it may also consider taking the actions mentioned under points 3 and 4 in parallel with actions of 1 and 2. To ensure that these actions are taken in an adequate and timely manner, it is advisable that the company designates a properly qualified team that can conduct, lead or oversee these actions independently from the group that was responsible for the clinical trial affected by the data integrity breach.
In certain jurisdictions, sponsors may be required to notify regulatory authorities within a certain timeline about violations of data integrity rules and other GCP requirements that will likely significantly affect the safety and rights of a subject or the reliability and robustness of the data generated in the clinical trial. For example, in Switzerland sponsors must report such issues to Swissmedic within seven days of detection. Furthermore, if the data affected by such issues were submitted in support of an application for marketing authorization, the applicant must raise the issue without undue delay with the authority assessing the application.
Fortunately, not all clinical trials are conducted with the objective of collecting data in support of a marketing authorization. Furthermore, not all data collected in a clinical trial for the purposes of an application for marketing authorization will be submitted with the application. Not all data integrity breaches will thus necessarily violate patient rights or safety or jeopardize an application for marketing authorization or the scientific value of a clinical trial. Sponsors should accordingly assess the scope and seriousness of any data integrity issue and determine, depending on the seriousness of the data integrity beach, whether they must notify any regulatory authorities about the issue and, if so, inform the regulatory authorities concerned in a timely fashion.
A sponsor who confronts a data integrity issue will also have to develop and execute a corrective and preventive action plan (CAPA Plan). The purpose of the corrective actions listed in the CAPA Plan is to mitigate the effect of the data integrity breach on the clinical trial in which the breach occurred. The preventive actions aim to avoid a similar issue occurring in future clinical trials. To be effective, the CAPA must address the factors that gave rise to the data integrity breach. The sponsor will thus have to conduct a thorough root cause analysis to identify the full chain of causal factors that led to the data integrity breach, from the direct cause to the ultimate deficiency that was at the root of the chain of causing factors.
The ultimate purpose of the course of action proposed above is to allow a company confronted with a data integrity violation to effectively minimize the risk of the issue jeopardizing the clinical trial affected by the data integrity breach, and the company’s efforts to bring a new product to the market.