Standard Operating Procedure Clinical Data Management

Transcription

1 P-CTU-010 Standard Operating Procedure Topic area: Data Management and Statistics Based on SCTO Matrix: Not applicable Identification number: P-CTU-010 Version: /- Valid from: Review and Approval Name Function Date Signature Authored by Irene Corradino Medical Writer Reviewed by Tatiana Terrot Project manager Reviewed Teresa Bordoni QA Manager Approved by Cristiana Sessa CTU Site Director Version History Version Reason for revision Valid from /- First release Valid from: Created by: MW 1 / 14

2 Table of content Abbreviations used in this SOP Objective Scope Definitions Data Management Plan (DMP) Data Management Report (DMR) Responsibilities Procedures Data Management Plan and Data Management Report System Setup Selection of Data Collection Tool and Database Application Database Location and System Ownership CRF Design Paper CRF Printing Clinical Database Design, Test and Release Database Programming Database Testing Database Release Annotated CRF CRF Completions Guidelines Database Access and User Training Centralized Data-Entry Remote Data Capture (RDC) Randomization Procedures Data Validation Plan and Automatic Checks Implementation Actions Required by Protocol Amendments Data Cleaning Data Queries with Paper CRF Data Queries with RDC Serious Adverse Events Re-conciliation Centralized Coding of Reported Terms Interim Database Freezing Database Certification Database Lock Case Report Form Filing Data Transfer CRF and Database Long-Term Archive Supporting Documents References Major Differences from SCTO Matrix Appendices Valid from: Created by: MW 2 / 14

3 Abbreviations used in this SOP CDMS CRF CTC CTU DMP DMR DVP ICH-GCP PM SAE SOP TMF System Case Report Form Clinical Trial Coordinator Clinical Trial Unit Data Management Plan Data Management Report Data Validation Plan International Conference for Harmonization-Good Clinical Practice Project Manager Serious Adverse Event Standard Operating Procedure Trial Master File For a comprehensive list of abbreviations, refer to the Glossary of Terms (see Section 6, Supporting Documents). Valid from: Created by: MW 3 / 14

4 1. Objective This SOP describes activities, tools, responsibilities and documentation related to the management of data generated in clinical trials in accordance with regulatory requirements and ICH-GCP guidelines. The procedure is focused on: Case Report Form (CRF) design Clinical Database setup and validation Automatic checks programming and validation Clinical data collection and review Medical coding Database lock Clinical data and related documentation archiving The flow of data management activities is summarized in Appendix 1 (P-CTU-010 / APP01). 2. Scope This SOP is applicable to all clinical data management activities delegated by the study Sponsor to the if the Sponsor s SOPs are missing or less restrictive. 3. Definitions 3.1. Clinical data management encompasses all the activities related to the collection, verification and documentation of the clinical data generated in the context of a trial Data Management Plan (DMP) An executive plan describing the systems, tools, criteria, procedures, responsibilities and timelines for data handling to be implemented to an individual study Data Management Report (DMR) A final summary of the data management activities carried-out during a study, including any specific issues emerged and relevant solutions, any unscheduled activities performed, and the final certification of data quality. 4. Responsibilities All personnel involved in clinical studies are responsible for following the applicable regulations and international guidelines. The specific responsibilities of the Sponsor, study site and personnel are summarized in Appendix 2 (P-CTU-010 APP02). 5. Procedures Data Management procedures should ensure completeness, accuracy, reliability of the clinical data and consistent intended performance of the data collection and verification tools, as required by ICH- GCP. Valid from: Created by: MW 4 / 14

5 5.1. Data Management Plan and Data Management Report The two fundamental documents describing all data management activities related to a clinical trial are the Data Management Plan (M-CTU-031), which consists of an executive plan describing the systems, tools, criteria, procedures, responsibilities and timelines applicable to an individual study, and the Data Management Report (M-CTU-34), which includes a final summary of the activities carried-out during the study, any specific issues emerged and relevant solutions, any unscheduled activities performed, and the final certification of data quality. The author of the Data Management Plan and Report is the IT Specialist and these documents are approved by the Project Manager (PM). The Data Management Plan should be amended and a new version should be issued whenever a significant change in data management procedures is required, e.g., a protocol amendment which has a major impact on the CRF and database structure, while minor changes are to be captured in the Data Management Report or File Notes. Database lock can be authorized only upon finalization of the Data Management Report System Setup As soon as the final draft Protocol of a study is available, the data management activities can be planned and the main elements of the draft Data Management Plan (M-CTU-031) should be defined Selection of Data Collection Tool and Database Application Before starting any data management activity, the IT Specialist and the PM agree on the type of data collection tool paper CRF or electronic CRF (e-crf) and the Clinical Data Management System (CDMS) to be used for the study. The System consists of the database application and relevant integrated functions, if any (e.g., query management). If the chosen tool is the e-crf and the application is not being used or has not been used in the recent past at a given investigational site, the feasibility of its use should be verified during a Pre-Study Visit or by means of specific feasibility surveys, to ensure that all technical requirements are fulfilled and that appropriate site personnel is available for remote data-entry Database Location and System Ownership The PM defines for each study the appropriate clinical database location, which can be at the EOC or hosted by an external application service provider, and identifies the System Owner, i.e., the IT Specialist ultimately responsible for the GCP-related performance of the CDMS CRF Design After protocol finalization and before starting database design, a paper CRF is to be prepared by the Medical Writer based on the study protocol. The sample CRF can be produced within the CDMS or as a separate document (e.g., using Microsoft Word or Excel) and includes specifications of field types (e.g., numerical, text, date, etc.) and code lists and coding dictionaries associated with CRF items. The draft sample CRF is reviewed by the Sponsor to ensure consistency with the protocol and medical coherence and if considered appropriate - by the IT Specialist to verify its compatibility with database programming contraints and/or by the Biostatistician to ensure consistency with the statistical section of the protocol and/or by the appropriate CTU Director to ensure correct interpretation of medical aspects. The sample CRF is finally approved by the PM and by the Sponsor on the CRF Approval Form (M-CTU-033). Valid from: Created by: MW 5 / 14

6 Paper CRF Printing If the data collection tool is a paper CRF, a clean version of the Sample CRF is delivered to the printer after its approval. Before preparing the required number of copies, the printer provides the Medical Writer with proof copies to verify adherence to the Sample CRF. A CRF page numbering system allowing to univocally identify each CRF page must be applied and the CRF transmission and tracking system is to be described in the Data Management Plan (M-CTU-031) Clinical Database Design, Test and Release Database Programming Database programming is performed by the IT Specialist based on the final Sample Paper CRF or can be outsourced. The data-entry screens should have as far as possible the same layout as the Sample Paper CRF (forms/panels sequence, variables order, etc.) Database Testing The aim of the database test is to verify that data from a hypothetical source document can be entered in the database exactly as it is (e.g., that numeric values of a certain length and number of decimals can be entered in a given field). A blank copy of the Sample CRF is to be printed and completed by the Clinical Trial Coordinator (CTC) or by a member of the staff of one of the study sites, to be chosen based on experience and competence, who should fill out all fields regardless of internal consistency of data. The paper dummy CRF is signed by the person who completed it and delivered to the IT Specialist for entry in the database. If any data written on the dummy CRF cannot be entered or any other problems are encountered during data entry, the necessary changes to the database are performed by the IT Specialist. The test is passed when the test database printed output is identical to the paper dummy CRF. The printed test database output must be signed and dated by the IT Specialist on the day when the test is passed and archived in the TMF together with the relevant dummy CRFs. A File Note should be added if any data-entry issues could not be resolved and should be managed through data management conventions or instructions Database Release After the database test is passed, the database release is approved by the PM on the Clinical Database Release Approval Form (M-CTU-038) Annotated CRF After database release, an Annotated CRF is printed and archived in the TMF by the IT Specialist as documentation of the database structure. An Annotated CRF is a sample CRF on which technical specifications are reported for each field indicating the relevant: - database panel name and label - variable name and label - variable type (e.g., numeric, alphanumeric) - variable length - associated code lists (if any) - source if the variable s content is derived from other variables The Annotated CRF also includes in a separate section the list of codes and corresponding terms for each code list applied in the database. Valid from: Created by: MW 6 / 14

7 The database version number should be specified on the relevant Annotated CRF and if the database requires to be amended during the course of the study, the documentation of each database version must be produced and retained CRF Completions Guidelines If the data collection tool is a paper CRF, the main instructions for its completion should be reported in the CRF itself, while for e-crfs separate guidelines including both technical instructions on the use of the system and study-specific instructions on the e-crf completion are prepared by the IT Specialist in collaboration with the Medical Writer and delivered to the study site personnel, to the CTC and the Monitor. In addition, whenever during a study further criteria for CRF completion need to be established, these should be documented in writing (e.g., by amending the CRF completion instructions or by tracking the data management conventions applied in the Data Management Report) and shared all concerned and study site personnel (if appropriate), to ensure consistency within the clinical database and correct interpretation of data Database Access and User Training Database Users Identification Database users are to be identified at the Sponsor s (or designee s) site and at the involved study sites if an e-crf is used. Potential users at are the IT Specialist, the CTC and the Monitor allocated to the study [the study team members are documented on the Project Organizational Chart (M-CTU-030)]. Additional users might be the Biostatistician and the Medical Writer and further functions identified by the Sponsor and listed on the same form. Users at the study sites are the Principal Investigator (PI) and the personnel delegated by the PI to make entries and/or corrections in the e-crf. These people are identified by the PI and reported on the study site staff list ( Staff Education, Roles, Responsibilities & Signatures ) to be archived in the ISF, while a copy is to be filed in the TMF. The IT Specialist as the System Owner is responsible for assigning the Database Access Privileges. The PM is responsible for providing the IT specialist with the complete list of the authorized users. Database Access Privileges The following database access privileges are usually foreseen in commercially available CDMS s: - data can be seen but not edited (e.g., browse or read only ); this privilege can potentially be granted to all personnel involved in the study but for each study site it is restricted to the data generated by that site - data can be seen and edited (e.g. update, read and write ); this privilege is granted to the personnel responsible for central data-entry (paper CRF) or to the PI and the personnel delegated by the PI to make entries/corrections in the e-crf - electronic signature of the e-crf (e.g., approve); this privilege is granted to the Investigator who takes responsibility for all data entered in the e-crf at his/her site while further options such as queries management and source data verification tracking are not always available. The System Owner is responsible for completing for each user a Clinical Database Access Assignment, Change, Revocation Form (M-CTU-035) specifying the appropriate specific privilege(s) assigned. Database User Training The Database User Training consists of a general technical training on the use of the CDMS and of a study-specific training on the criteria to be applied whie completing specific e-crf items. Valid from: Created by: MW 7 / 14

8 Training is to be administered as follows: / Sponsor Study Site Trainer Trainee Trainer Trainee TECHNICAL TRAINING ON E-CRF USE IT Specialist Monitor Monitor All personnel identified on the Staff List as being delegated to make entries in the e-crf CTC Biostatistician (if appropriate) Medical Writer (if appropriate) Other / Sponsor personnel needing access to the e-crf PI TRAINING ON CRF COMPLETION CRITERIA Medical Writer Monitor CTC Biostatistician (if appropriate) Monitor All personnel identified on the Staff List as being delegated to make entries in the e-crf PI The Monitor should determine whether training to the site personnel should be provided as written instructions only or also by a training session via teleconference/web demonstration or face-to-face, based on the site s experience with the CDMS and similar e-crfs. The choice should be documented in writing by the Monitor in the Site Initiation Visit Report. Training is documented on the Study-Specific Training Log (M-CTU-004) to be archived in the ISF and TMF. Database Access Activation Users can be enabled by the System Owner to access the database only after appropriate training and the study site personnel can be enabled only after the Site Initiation Visit; the Monitor informs the System Owner of when the Site Initiation Visit is performed Centralized Data-Entry If data are collected through the use of paper CRFs, the data-entry process must be described in the Data Management Plan. In general the process should include the following steps: - CRFs are completed by the site personnel; the original pages are transmitted to the IT Specialist along with a CRF transmittal form listing the pages being delivered and a copy is kept at the study site; - the IT Specialist checks that the pages listed in the CRF transmittal form match those actually received and enters data in the clinical database; - at intervals defined in the Data Management Plan, a percentage (also defined in the DMP) of randomly selected CRFs are checked against the database to detect data- Valid from: Created by: MW 8 / 14

9 entry errors; data verification can be performed by the CTC by double data-entry or proof-reading; - if double data-entry is implemented, the randomly selected CRFs are re-entered in a separate portion of the database by the CTC (or by the Medical Writer if the CTC is not involved); the data entered by first and second data-entry are compared (either by automated programs or manually by the IT Specialist) and discrepancies are identified; the CTC (or Medical Writer) reviews the discrepancies and and makes a decision about the correct data to be entered or any actions required, e.g., queries to the investigational site to clarify illegible data; - if proof-reading is implemented, the CTC (or Medical Writer) manually checks the randomly selected CRFs against the database and takes the appropriate corrective actions; - if the number of discrepancies is not considered acceptable, the number of CRFs undergoing second entry or proof-reading must be doubled; if the discrepancy rate is not acceptable again, double data-entry/proof-reading must be performed on all trial CRFs Remote Data Capture (RDC) When RDC is used as data collection tool, data are entered directly into the database (e- CRF) at each study site Randomization Procedures In case of randomized study design, the randomization procedure should be described in the study protocol and further detailed in the DMP Data Validation Plan and Automatic Checks Implementation It should be stated in the Data Management Plan whether data review is to performed with or without the aid of automatic checks. If it is determined that automatic checks must be implemented, upon finalization of the sample CRF, the CTC prepares the Data Validation Plan, i.e., the list of control algorithms to be applied to the clinical database and relevant discrepancy messages. Each control algorithm will be assigned a category as follows: Error the result of this type of control is an error notification (e.g., missing or inconsistent data) or a warning for data that represent extreme (though theoretically possible) observations (e.g., age = 99 years); the expected actions by the site personnel are a correction in the database in the first case and either a correction or a confirmation in the second case. Protocol Deviation the result of this type of control is a protocol deviation notification (e.g., a mandatory examination was not performed as required by protocol or an entry criterion is not fulfilled); these notifications are to be reviewed by the Monitor and submitted to the investigator and the expected action is the documentation of the reasons for deviation and relevant corrective measures taken/to be taken. Errors provide a measure of the intrinsic quality of the data generated within a study, while protocol deviations provide a measure of the quality of the protocol and of the study conduct. Each control algorithm is identified by a unique code within the DVP. Automatic checks can be of the following two types: - Fully automatic checks: the electronically generated error/warning messages are addressed directly to the site personnel without prior review by the CTC; - Semi-automatic checks: the electronically generated error/warning messages are reviewed by the CTC who decides whether it is appropriate to address them to the site personnel or not; in this case the CTC can write manual queries to improve clarity of the messages or include multiple items in a single message to improve queries resolution efficiency. Valid from: Created by: MW 9 / 14

10 While drafting the DVP, the CTC should involve the Medical Writer and/or the other functions as needed and the final document is to be approved by the PM. Based on the DVP, the IT Specialist starts the automatic checks programming and in parallel the CTC (or Medical Writer) fills in the dummy CRFs (on paper copies of the Sample CRF) needed for the test of the control programs and signs and dates them. The extent of the test is to be specified in the Data Management Plan and should in general be greater for full automatic checks as compared to the semi-automatic ones. The dummy CRFs are entered in the test database portion by the IT Specialist who runs the automatic checks programs and verifies whether: - all errors/deviations present on the dummy CRFs are captured, - no undue notifications are generated, - the error messages are appropriate. Upon completion of the test and implementation of all required corrections to the automatic check programs, the print-out of the error/deviation messages generated during the test is to be signed and dated by the IT Specialist and archived in the TMF. The logical checks release is documented on the Logical Checks Release Approval Form (M- CTU-039) to be signed by the PM. If the upfront testing has been minimal due to e.g., time constraints, it is recommended to improve the level of testing by reviewing all discrepancies generated for an appropriate number of CRFs entered in the database Actions Required by Protocol Amendments Following each protocol amendment, the Medical Writer should assess whether the protocol change has an impact on data management, in particular on the CRF, database structure and logical checks and, if so, involve the IT Specialist and the CTC as appropriate, to ensure that the necessary actions are taken and properly documented Data Cleaning The data cleaning process is different according to whether RDC or paper CRF is used as data collection tool. Data verification is a continuous process which can include three levels of control: 1) source data verification (SDV) performed by the Monitor to ensure consistency between the CRF and the corresponding source documents (this activity is out of the scope of the present SOP); this level of control is applicable to all clinical trials; 2) automatic (full or semi-automatic) checks performed by means of computerized programs aimed at ensuring completeness and logical consistency; this level of control is optional; 3) manual data review performed by the CTC, including a review of the medical consistency; this level of control is to be applied on the basis of an appropriate risk evaluation (e.g., in case of very limited source data verification by the Monitor, the extent of manual data review should be greater). At least the first level must be completed but the order, frequency and extent of data review activities is to be determined study by study and described in the Data Management and Monitoring Plans. Data cleaning continues until the CTC determines that all discrepancies are resolved ( database clean ). If a discrepancy is accepted without changes to the database, a comment has to be reported by the CTC to justify the reason for accepting the discrepancy Data Queries with Paper CRF Each query is to be reported on a Data Clarification Form (DCF). Each DCF is identified by a unique progressive number. Valid from: Created by: MW 10 / 14

11 Corrections and/or comments are reported by the Investigator on the DCFs. DCFs are to be considered as part of the CRF, thus a copy must be kept at the study site, while the originals must be delivered to the IT Specialist for entry in the database and archiving in the TMF together with the relevant CRFs Data Queries with RDC If RDC is used, data changes resulting from queries are to be made by the investigator directly in the clinical database. If otherwise the investigator s feed-back to a query is not a change to the database but a comment (e.g., a clarification or a confirmation of existing data), if the CDMS supports the management of queries, this feed-back is documented within the CDMS itself, while if the CDMS does not support the management of queries, the investigator s feed-back is to be reported on paper next to the relevant query and archived in the TMF Serious Adverse Events Re-conciliation As a subset of clinical data concerning serious adverse events (SAEs) is recorded both on the CRFs and on SAE report forms, the CTC must ensure that this information is reported in a consistent way in the two documents. Though aimed at collecting the same data, SAE report forms and CRFs often have a different structure and different completion criteria; therefore the study-specific re-conciliation rules and timelines are to be specified in the Data Management Plan. In addition, as queries on SAEs might be issued also by the Sponsor s Safety Unit, the respective responsibilities and the flow of queries and relevant corrections should also be detailed in the Data Management Plan and/or in a separate agreement focused on safety data management Centralized Coding of Reported Terms The list of variables to be coded centrally (i.e., the codes are not entered in the CRF by the site personnel) should be specified in the Data Management Plan. Coding of adverse events according to the MedDRA dictionary is to be foreseen in all clinical trials with primary or secondary safety endpoints. The decision about coding other variables should mainly be driven by statistical analysis requirements. Codes and/or coding dictionary terms can be entered in the clinical database or in external datasets (e.g., SAS ) and the process can be automatic and/or interactive: the procedure to be applied in the study should be described in the relevant DMP. Coding is performed by the CTC and all assigned codes are to be reviewed and approved by the Sponsor s medical responsible. Coding review and approval should be documented at least before each interim analysis (e.g., Annual Safety Report, presentation at scientific congress) and before database lock Interim Database Freezing It should be specified in the DMP whether any interim analyses/reports are foreseen, and, if yes, details about the scheduled time points and procedures for database freezing and electronic archiving of datasets used for the analysis (if required) must be provided. Any unplanned interim analysis should be mentioned in the Data Management Report Database Certification Whenever data are collected at the study sites using a paper CRF, data-entry quality is ensured during the trial as described in section Before database lock, the IT Specialist must ensure that at least 10% of the total number of completed CRFs was checked against the corresponding data entered in the clinical database. If the percentage results to be lower, further CRFs should be checked and the same rules described in section are to be applied. Once an adequate amount of data have been verified and the required corrections performed, the IT Specialist should document the database certification in the Data Management Report. Valid from: Created by: MW 11 / 14

12 5.13. Database Lock It is the responsibility of the CTC to inform the PM and the Sponsor when the database is ready to be locked. At that point all accesses for data-entry will be disabled and this is to be documented collectively for all users on a Clinical Database Access Assignment, Change, Revocation Form (M- CTU-035) indicating All Users with Editing Privilege instead of the individual user names. Before approving the database lock, the following items are submitted by the CTC to the Sponsor: - any unresolved discrepancies, including those relevant to SAEs re-conciliation - significant protocol deviations - final list of coded items (investigator term and assigned code/coded term) - any other issues potentially affecting data quality or interpretation The Sponsor s feed-back is to be documented in the Data Management Report. If an unresolved discrepancy is confirmed to be acceptable, it should be documented in writing that no action is required, while for major discrepancies which are not considered acceptable, queries are to be generated and database lock cannot be approved until their resolution. In this latter case the site personnel responsible for queries resolution will be enabled to make entries in the database and this must be documented on an individual Clinical Database Access Assignment, Change, Revocation Form (M-CTU-035). After the required changes are made, all accesses - except that of the PI of each study site - are definitively disabled. The last step before database lock is the PI signature (electronic or on paper, depending on the CDMS, to be specified in the Data Management Plan) to confirm and take responsibility for the data generated at his/her site. After all PIs have signed the respective CRFs, the IT Specialist submits the Database Lock Approval Form (M-CTU-040) to the Sponsor and performs the database locking procedure upon receipt of the signed document. Database unlock is to be performed whenever significant errors or omissions are discovered after database lock. The database unlock request can be issued by the Monitor, CTC, PM, Sponsor, Investigator, or Statistician and is to be carefully evaluated by all concerned parties. If the Sponsor confirms the need to unlock the database, the Database Unlock Approval Form (M-CTU-041) must be completed specifying the database items that require changes, signed by the Sponsor and the necessary Clinical Database Access Assignment, Change, Revocation (M-CTU-035) form is also to be filled in to allow data changes. Once the database changes have been performed, the same procedures to be applied to the first database lock, also apply to the database re-lock Case Report Form Filing If the PI s signature is handwritten on a paper copy of the e-crfs, this must be archived in the TMF (original) by the IT Specialist and in the ISF (copy), while if e-crfs are signed by the PI electronically, at the end of the study a copy should be stored on compact disks or equivalent device and archived in the TMF and in the ISF Data Transfer It should be specified in the Data Management Plan whether any transfer of data to the Sponsor is foreseen and if yes at what time points, the format and the specific procedure to be applied. Data transfer tests can also be scheduled if deemed appropriate. Any unscheduled data transfers should be documented in the Data Management Report. Upon the final data transfer performed by the IT Specialist after database lock, the responsibility for the study data passes from the to the Sponsor, regardless if the transfer concerns the original data or datasets extracted from the database. The final data transfer is to be documented on the Final Data Transfer Confirmation Form (M-CTU-042). Valid from: Created by: MW 12 / 14

13 5.16. CRF and Database Long-Term Archive The long-term archive of the original CRFs and of the clinical database is the Sponsor s responsibility. The archived CRFs must be retained according to GCP and applicable regulations as required for all other documents included in the TMF. It should be specified in the Data Management Plan how and for how long the locked clinical database and/or corresponding datasets used for the final analysis will be maintained in electronic format at. The long-term archive of the CRF copies is the investigator s responsibility and must comply with GCP and applicable regulations. Valid from: Created by: MW 13 / 14

14 6. Supporting Documents I-CTU-003 M-CTU-004 M-CTU-030 M-CTU-031 M-CTU-034 M-CTU-033 M-CTU-038 Glossary of Terms Study Specific Training Project Organizational Chart Data Management Plan Data Management Report CRF Approval Form Clinical Database Release Approval Form M-CTU-035 Clinical Database Access Assignment, Change, Revocation Form M-CTU-039 M-CTU-040 M-CTU-041 M-CTU-042 SCTO website: Logical Checks Release Approval Form Database Lock Approval Form Database Unlock Approval Form Final Data Transfer Confirmation Form Supplement to the Guidelines for Good Operational Practice Data Management 7. References Current, updated versions of: ICH Harmonised Tripartite Guideline, Guideline for Good Clinical Practice E6 (R1), 1996 ICH Harmonised Tripartite Guideline, Guideline for General Considerations for Clinical Trials E8, Major Differences from SCTO Matrix Not applicable 9. Appendices P-CTU-010-APP01 P-CTU-010-APP02 Appendix I: Data Management Activities Flow Appendix II: Clinical data management activities and responsibilities Valid from: Created by: MW 14 / 14