Despite the 8:00 AM session start time on Day 2 of the DIA Annual Conference in beautiful San Diego, California, study professionals packed the hall to hear FDA representatives speak on Electronic Source Data in Clinical Investigations: Regulatory Considerations. This provided a timely opportunity to learn more about the subject of FDA’s final Guidance for Industry: Electronic Source Data in Clinical Investigations, issued in September 2013, in response to the growing use of electronic records in clinical research.
The eSource guidance addresses data capture, data review, data access and the use of computerized systems in clinical investigations. Rather than a “how to” with detailed instructions, the guidance leaves the door open on specific approaches that may be employed to streamline clinical trial data collection using electronic means. While the industry is given latitude in applying the guidance, the door is open for interpretation, leaving many asking questions. Some 1,400 people seeking clarification tuned in to an FDA webinar on eSource guidance held this past January. Organizations were encouraged to eliminate as much paper as possible through direct entry of data in the eCRF. Following the webinar, the agency received more than 100 questions about eSource data, and that was the genesis of this DIA presentation.
Here too at BioClinica, we’re continually fielding inquires on eSource. Many sponsors want to know more about tracing back to source data and which sources to make available for agency review, especially when using information from the EMR. So I was as eager as everyone else in the room to get clarification in a few areas direct from the guidance authors. The FDA’s Ron Fitzmartin, PhD, MBA Senior Advisor, Data Standards Program, Office of Strategic Programs, CDER chaired the session. Ron was backed by a distinguished panel of CDER, FDA representatives including Mitra Rocca, MS, Senior Medical Informatician, Office of Translational Sciences; Leonard Sacks, MD, Associate Director of Clinical Methodology, Office of Medical Policy; and Sean Kassim, PhD, Acting Office Director, Office of Scientific Investigations, Office of Communications.
eSource Data Demystified
Here’s a recap of some of the major points covered in that informative session from my vantage point. I will follow up with a part two blog about clarifications made on additional topics covered there. One clarification that seemed to have surprised some centered on interoperability between systems. The panel made it clear that regulation of EMRs is not under FDA auspices; therefore the EMR is not subject to 21 CFR Part 11 requirements as required in clinical research studies.
I personally was happy for all of the non-believers in the room to hear a definitive answer to the biggest data capture question of them all:
Can I enter the data directly in the eCRF? It wasconfirmed that it is acceptable to enter data directly in the eCRF. The agency cautioned those in attendance to be prepared to provide corroboration surrounding where the data came from, if requested. Another data capture question posed for clarification was: If data are entered into eCRF, there is no need for additional documentation as long as the eCRF meets regulatory requirements, correct? Agency representatives responded affirmatively, however it was pointed out that when supporting information is available, the agency may ask for it. If none exists, then nothing more is needed.
When asked: If some data are being entered directly into EDC and some transcribed, where should this be identified? The “Data Management Plan” is the place. A two-part question posed was: What is the expectation in regard to reconstructing the data if data are collected directly into the eCRF? If data are collected in the EMR and then entered into the eCRF, would the eCRF be considered source, or would we need to verify it with the medical record? “The EMR is the source,” was the takeaway.
Next up was the question: When data are taken verbally and entered into the eCRF, how can it be verified? The answer to this one can be illustrated with an example. Let’s say for instance the Principal Investigator (PI) asks a patient if she is diabetic and the response is yes. Obtaining medical information to confirm this is important. However, when it comes to other data elements being collected that are not primary/secondary endpoints or safety related, these may not be able to be verified or may just be taken verbally without any other source record. Essentially what you want to get away from is the old shadow document system where source document information would be transcribed to another document. This process historically has introduced many errors.
Cloud, Fraud, and Audit Trails
One topic that continues to confuse a lot of people is the nebulous “cloud.” With data being collected in a virtual environment, some uneasiness remains about where the data are stored and who has access to it. While cloud was not on the session agenda, agency representatives said they recognize a need for guidance and they are working on it. Another important clarification was made when someone asked: How far do you think we are from the goal of getting EMR into EDC? Agency representatives indicated that having elements of the EMR part of the EDC record in the future could eliminate duplicity.
Asked: What is suggested to protect against fraudulent entries into eCRF as source, we considered different types of fraud, which comes in many forms. Data alteration and data entry by unauthorized persons are two examples. Password controls, date and time stamps, and attribution can all help protect against this. Another type of fraud occurs when a PI or someone else invents patients. While this is difficult to track down in a paper environment, it is far easier to keep controls around this type of fraud in the electronic realm. In fact, eSource helps to minimize fraud because it is more difficult to fabricate fake digital records than paper ones.
Asked: How much would you expect the PI to know about their EMR system? FDA reiterated that it does not govern EMRs, but that there would be an expectation that the PI know how to use the system while someone else with deeper knowledge must be accessible to address system related matters. Next the audience posed several questions about data review including: Is it expected that the PI have access to and review audit trail data for the sponsors’ EDC?The agency responded that the PI has to sign off and that showing the data identifiers is a good idea.
When it was asked: Can sponsors make corrections to data in an eCRF (assuming fully documented)? The agency responded, NO and explained that anyone who makes changes to the data must be authorized to do so. Sponsors should not be changing data entered by sites. The only exception to this is if the sponsor is an investigator and the study is an investigator initiated study (IIS).
An audience member asked: Will the agency have the ability to review source data onsite? With eCRF functionality, agency representatives said they do not expect to see all of the data element identifiers, etc. It’s important to understand the expectations. Those surrounding source data verification are context dependent. If data are entered contemporaneously, they will not need to be verified.
Another question was: What are the confidentiality safeguards that a clinical site must ensure? The agency responded that 21 CFR Part 50 provides these protections.
Looking for more information on this topic? Check out part two of this series which covers data access and computer systems/technology. You can also ask me a question in the comments section and I'll answer right away. I’d love to hear from other data managers and clinical trial professionals on eSource data in clinical investigations.