In February 2016, the New York Times reported on the recall of the blood testing device used in the clinical trials of the popular anticlotting drug Xarelto. The recall raised questions about the validity of the data in the pivotal clinical trial (Rocket AF), thus attracting the FDA’s attention as well. The specific issue was that the device, INRatio©, understated patients’ risk of bleeding. This potentially resulted in higher doses of warfarin and increased bleeding episodes in patients in the control arm of the study, a likely biased clinical trial result for Xarelto, and exposure of warfarin patients to unnecessary risk.
A few months later, an investigation by The BMJ found that trial sponsor Janssen , part of Johnson and Johnson, knew about the problems with the INRatio device before the FDA approved the product. Although Janssen devised a safety monitoring program shortly after the pivotal trial began due to investigator concerns, they withheld the information from the FDA. Co-sponsor Bayer was also aware of concerns about the device used in the trial, but claims in legal testimony that Janssen withheld the safety program from Bayer until 2016.
As if this were not enough to be the subject of QA officers’ nightmares for years to come, it is yet another interesting fact that the ROCKET AF study director was one Dr. Robert M. Califf, then of Duke University . Califf would later serve as the FDA Commissioner of Food and Drugs from February 2016 to January 2017, precisely the time period during which these investigations became public knowledge.
The clinical research enterprise has increasingly become the domain of specialists and niche providers. Only a generation ago, large pharmaceutical companies wholly owned most of the expertise needed to conduct and report their clinical trials, including drug product manufacturing, packaging and labeling, data management, statistics, report writing, compliance, and NDA submission preparation. Today’s clinical studies are run by solitary clinical operations managers marshaling a wide array of specialty vendors and all the contracts that go with them, while operating under Good Clinical Practice (GCP). Any one of these vendors can introduce risk to the study, its patients, and its results. Today’s sponsor must have a philosophy, as well as clear procedures for developing and implementing a risk-based vendor GCP qualification and auditing system.
Assessing the Risks
No doubt your resources are limited as a biotech or pharmaceutical sponsor operating in a virtual or semi-virtual environment. You lack the time, money, and personnel to fan out across the globe inspecting all your vendors and generating reports. To efficiently deploy your limited resources, you need a triage plan to target the vendors most likely to put your study at risk. Start by assessing those risks in a systematic fashion. Score all your vendors based on the severity of risk and the consequence in the event of failure to perform: risk to the primary endpoint, to individual subjects, to other factors specific to your situation, and the likelihood of that vendor to fail in part or whole.
For example, the table below represents the risk assessment to the primary endpoint in the event that the primary CRO fails to adequately monitor the eligibility of subjects:
Figure 1 (Jacquie Mardell)
It is perhaps self-evident that any significant failure by the primary CRO could potentially and predictably have a significant negative effect on the outcome of your trial or the validity of the results. It goes without saying that the primary CRO must always be able to demonstrate its worthiness to be delegated the activities and responsibilities that regulations and guidelines give to sponsors. Therefore, any pre-trial audit plan will most certainly call for an inspection of the CRO. The table above becomes more useful in assessing risk of smaller or niche vendors.
For another example, what are the risks associated with an electrocardiogram (ECG) central reading facility, if the ECGs are not a primary or secondary endpoint? Certainly, ECGs are always associated with patient safety, and failure to properly read or respond to sites with adverse findings may result in exposing patients to unnecessary risk. By going through the risk assessment exercise, it may become clear that, while the risk to individual subjects may increase, there is still a safety backup – investigators can read the individual tracings and react quickly to protect the subject. In such a case, the overall risk to the acceptability of the study data is relatively low, which is crucial. Knowing this can help prioritize the ECG reading center lower on the pre-trial audit schedule.
Identifying and assessing risk does not have to be a formalized process, but thinking through the issues in a systematic way can help establish a priority ranking and rationale for deploying auditing resources. Using a tool such as the grid above helps to identify quantitative risk. Nevertheless, we should never limit ourselves to that which can be quantified: experience, gut feelings, and gross assessments can all be valid indicators of concern and should be taken into consideration.
In the Robert Fiddes case, where a southern California former family practitioner bilked millions of pharmaceutical dollars by perpetrating clinical trial fraud on the industry, there are many stories about monitors who sensed problems, but were prohibited from calling attention to them through the normal course of monitoring. Had more sponsors listened to these monitors’ concerns at the time, the criminal behavior of Fiddes and members of his staff might have been caught sooner.
Audit Procedures – A Few Considerations
Once the audit priorities are established, a formal procedure can commence. Activities can range from reference checking and word of mouth, document review, conversations at bid defense meetings, and other remote activities before scheduling an on-site inspection. From this point, sponsor audits can proceed similarly to regulatory authority inspections, with the exception that the auditor communicates with the vendor in advance to agree upon a date and time, providing an agenda the vendor can prepare. The agenda should include time to discuss the various components below as well as conduct a facilities tour, and conclude with a wrap-up/next steps meeting:
- Facilities tour
- Organization (company background and history, organization chart, job descriptions)
- Document review (SOPs, staff qualifications and training)
- Quality assurance and quality control systems, policies and procedures including reporting structure and communication
- Records management – storage, backups, and recovery, physical environment
- Information technology (hardware/software environment and validations, backup systems, Part 11 compliance if applicable)
- Project management systems and procedures, and communication with sponsors
- Data or document sampling
- Interviews with functional area representatives and project personnel
- Audit close meeting
In order for the auditor to prepare, the SOPs (or at least the Sop index), organization charts, job descriptions, QA/QC procedures, and documentation of any previous regulatory inspection history, should be requested and reviewed prior to arriving for the on-site inspection. Pay particular attention to the process for developing, approving, and updating SOPs. Similarly, focus on the process for training employees, both on CRO and sponsor procedures and technical data, and also, the documentation of employee training. Throughout the inspection process, listen carefully and notice if the vendor is reluctant to engage or quick to defend practices. These can be signals to look further.
Following the inspection, the auditor must provide the vendor with a written report with observations and corrective actions if needed. Follow until all responses are received and deemed adequate. Failure by the vendor to follow up on an inspection after-action report should be a signal to thoroughly re-examine the relationship with the vendor.
A pre-trial inspection, or indeed any audit, is a snapshot in time. It’s a slice of information intended to help predict whether the vendor can and will perform according to the requirements of the agreement with the sponsor. An audit is not a full gap analysis, however, and does not relieve the sponsor’s clinical project manager of the responsibility to provide supervision. Furthermore, it doesn’t preclude them of providing guidance to maintain high performance and to identify and respond quickly if problems begin to creep into the relationship.
Clinical research has always been a high-stakes endeavor with important outcomes for patients, prescribers, sponsors, and investors. The responsibility for compliant execution lies with all parties. Complicated trials of complex treatments make it all the more necessary for sponsors to develop and invest in pre-trial risk-based vendor qualification procedures.
1) Thomas, K. (2016 Feb 22). “FDA Asks If Faulty Blood Monitor Tainted Xarelto Approval.” New York Times, pp. B1. Retrieved from https://www.nytimes.com/2016/02/23/business/fda-asks-if-faulty-blood-monitor-tainted-xarelto-approval.html?ref=todayspaper&_r=0
2) Cohen, D. (2016 Sept 28). “Manufacturer failed to disclose faulty device in rivaroxaban trial.” BMJ 2016;354:i15131. Retrieved from http://www.bmj.com/content/354/bmj.i5131
3) Eichenwald, K. and Kolata, G. (1999 May 17). “A Doctor’s Drug Trials Turn Into Fraud.” New York Times. Retrieved from http://www.nytimes.com/1999/05/17/business/a-doctor-s-drug-trials-turn-into-fraud.html