Audit trails are a regulatory requirement. How to take an RBQM approach.
Audit trails have long been a regulatory requirement, proving to be a very important historical record of data recorded for clinical trials. These records facilitate transparency and accountability by allowing researchers, sponsors, and regulatory authorities to trace and verify the validity of the data. In the event of an audit or regulatory inspection, having comprehensive audit trails provides essential documentation to support the accuracy, reliability, and compliance of the clinical trial data. Overall, audit trails play a vital role in maintaining the quality, credibility, and regulatory compliance of clinical trials, ensuring the trustworthiness of the collected data and the integrity of the trial process.
What objectives are we really trying to address with audit trail reviews:
Audit trails reviews have come into the spotlight over the last few years, as a way to help to ensure the integrity and accuracy of the data collected. Numerous advantages lie in audit trail reviews including the detection of any potential data errors, inconsistencies, or unauthorized activities that may have occurred during the data collection or management process. In addition, audit trails can help identify data manipulation, tampering, or breaches in security, thereby safeguarding the validity and reliability of the trial results.
Issues or discrepancies that are identified through such reviews and then addressed and rectified (when applicable)will lead to improved data quality, streamlined processes, and enhanced overall trial performance.
There are numerous guidelines that define the purpose and requirements of audit trails as well as implying that the review of audit trails should be done. These include:
In March 2023, the European Medicines Agency (EMA) guidance released Guideline on computerised systems and electronic data in clinical trials (Section 6.2.2), which will be implemented in September 2023. The guideline outlines a more defined expectation around audit trail reviews and should be referenced when determining a company’s audit trail review approach.
In addition, there are a range of industry reports that are provide helpful insights such as:
- SCDM: The Evolution of Clinical Data Management to Clinical Data Science A Reflection Paper on the impact of the Clinical Research industry trends on Clinical Data Management. (2019).
- eClinical Forum & SCDM: Audit Trail Review: A Key Tool To Ensure Data Integrity – An Industry Position Paper (2021).
- FDA: Data Integrity and Compliance With Drug CGMP Questions and Answers Guidance for Industry. (2016).
- MHRA: GxP Data Integrity Guidance and Definitions. (2018).
Diving deeper into the EMA guideline:
The “new” EMA guideline highlights a number of best practices on how to manage audit trail reviews. For instance:
- Data review should focus on critical
- Data review should be proactive and ongoing.
- Technologies can help facilitate the review of larger datasets and should be considered.
- Procedures for planned reviews should be in place.
- Performance of data review should be documented.
- In addition to audit trail review, metadata review could also include (among others) review of access logs, event logs, queries, etc.
- Audit trail review can also be used to detect situations where direct data capture has been defined in the protocol but where this is not taking place as described.
Data review specifically should be used to:
- Identify missing data
- Detect signs of data manipulation
- Identify abnormal data/outliers and data entered at unexpected or inconsistent hours and dates (individual data points, trial participants, sites)
- Identify incorrect processing of data (e.g. non-automatic calculations)
- Detect unauthorised accesses
- Detect device or system malfunction and to detect if additional training is needed for trial participants and site staff.
Some of these you may already be addressing through current processes, with help from other departments. Below are some examples of processes you may already have in place
Planning & Executing audit trail reviews:
As stated in the EMA: Guideline on computerised systems and electronic data in clinical trials, audit trail review should be addressed through a Risk Based Quality Management (RBQM) model, RBQM is not only efficient but also highly effective especially with the right technology at hand to support this process with the capabilities to:
- Slice and dice data as needed
- Detect signals such as data outliers, as well as those showing too much consistency in the data
- Track discrepancies and concerns
However, it is important to remember that every review must have defined starting points and that the reviewer must have insight into the data and the trial design process. Additionally, it is essential to keep in mind that an audit trail review is a cross-functional responsibility and therefore should not be siloed into one department.
Documenting your outcome:
The review process followed and all outcomes must be documented. The process should be defined in a study document, and the evidence of the reviews must be documented in the form of reports. The decisions and outcomes that result from both electronic and manual reviews must also be documented, and include the names and roles of the team members addressing and managing the identified risks. Finally, make sure traceability back you your risk log (and KRIs) is visible.
With audit trail reviews, the goal is to assure the overall scientific integrity of a trial and to apply your knowledge accordingly. While there is no one-size-fits-all approach, a wider risk-based approach to data integrity and trial management will enable more meaningful, expedient ,and effective audit trail reviews.
In summary, regular review of audit trails is vital to uphold data integrity, ensure compliance with regulations, and identify opportunities for process improvement in clinical trials. Such reviews play a pivotal role in maintaining the credibility, validity, and reliability of l clinical research data and the overall trial process.