Decentralized Clinical Trials: Being Audit Ready and Avoiding Pitfalls

Sandra Orset, PhD, Executive Director, DCT Strategy and Innovation, PPD Clinical Research Business, Thermo Fisher Scientific

As the modernization of clinical research through digital and decentralized solutions continues to take research into local communities, reduce patient and site burden, and increase diversity, it will lead to new ways of working for project delivery teams. The integration of decentralized clinical trials (DCTs) to add more flexibility within traditional trial design also means thinking about audit readiness differently to maintain strong quality systems to support operations. This article will review trends in audit findings specific to DCTs and provide guidance on how to develop a new project delivery framework that will support audit readiness by focusing on decentralized solutions such as home health care (HHC), mobile health clinics (MHC), virtual sites (VS), and direct to patient (DTP).

Common audit findings and audit readiness shortfalls

The audit output presented here has been compiled across a number of studies in the US and Europe to which a variety of DCT services were applied, including HHC, MHC, VS, and DTP. It also includes recurrent shortfalls identified during the review of project and vendor documentation. Common findings identified in decentralized clinical trials documentation and processes include the following:

Incomplete risk management

Per International Council for Harmonisation/good clinical practice (ICH/GCP), risks that may have a meaningful impact on critical-to-quality factors should be assessed and evaluated by considering the likelihood, the extent to which such harm/hazard would be detectable, the impact on trial participant protection, and the reliability of trial results. Furthermore, risk mitigation activities should be incorporated into protocol design and implementation, monitoring plans, agreements between parties and training.

Audits have identified that risks related to decentralized services usually are overlooked or incomplete in terms of the assessment of risks associated with both implementation and compliance. Gaps in risk assessment generally are of two types:

• New risks inherently related to the DCT model are not identified, in particular around logistics
• DCT services failing to deliver and/or not yielding the expected benefits

Regulatory non-compliance

The FDA defines DCTs as trials where related activities occur at locations other than traditional sites, such as a participant’s home or local health care facility.¹ The decentralized services usually are associated with a certain level of logistical complexity. However, the logistical requirements related to the implementation of a decentralized service are often omitted from the protocol and/or the notification to competent authorities, or ​not fully described in the informed consent form. For example, when home health care services are implemented, the related DTP/direct-from-patient (DFP) shipment of investigational product (IP) or lab kits and lab samples tends to be overlooked.

In addition, non-compliance with ICH/GCP for IP accountability ​is regularly identified with DCTs. Per ICH/GCP, information about the shipment, storage, packaging, dispensing, randomization, and blinding of the IP constitute essential records. In DCTs where the IP is sent to the patient, either from a depot or from the site, the records that document the identity, shipment, receipt, return, and destruction should be maintained, and a process should be in place to do so. Audits have identified that a clear IP chain of custody process ​is often missing in a DCT and that IP accountability is not appropriately maintained.

Lack of instructions in study plans

Audits have identified that study plans are not being tailored to account for the introduction of decentralized services and thus the impact of these services isn’t being considered within general study procedures and monitoring activities.

Per ICH/GCP (monitoring plan), particular attention should be given to those aspects that are not routine clinical practice and that require additional training. However, DCT audits showed that the monitoring plan often had no and/or incomplete instructions for verification of implementation and compliance of decentralized services. The definition of source notes, identification of documents to be reviewed at the monitoring visit, instructions for the verification of the principal investigator’s (PI’s) oversight, and the process to document what has been verified (in terms of data or critical processes, ad hoc reports supporting data review) were usually not covered or not sufficiently covered in the study plans. Consequently, the monitoring tasks performed and the documentation collected during visits (monitoring visit reports and follow-up letters) often were incomplete or inadequate due to lack of description of the review conducted, missing access to relevant systems, and home source notes, or missing verification of source documentation.

Besides the monitoring plan, other project plans such as a vendor management plan, clinical supply plan, communication plan, training plan, etc., were not updated or maintained to fully reflect the decentralized services and their direct and indirect impacts on implementation requirements and study procedures.

Gaps also were identified in the filing of essential documents in the electronic trial master file (eTMF) as essential documents related to DCT services had not been identified upfront and documented in the study plans.

Vendor non-compliance in project-specific instructions ​

As third-party vendors usually are contracted to deliver the decentralized services on the project, an operation manual that describes the vendor processes should be available. During audits, it was determined that a vendor manual often was incomplete and lacking key information.​ Additionally, evidence of a review of the vendor-developed instructions and tools by the project team and sponsor–to ensure compliance with the study protocol and local regulations–was lacking​ ​.

Deficiency also was highlighted in the source data as the HHC source document template was incomplete and did not align with the protocol and study requirements​.

Site non-compliance issues ​

While some decentralized solutions have been around for some time, the pandemic propelled new decentralization strategies and combinations of tools and services in clinical research. However, sites can still be resistant to using some decentralized solutions, notably home health care providers (HCP) as they do not personally know or have any working experience with the vendor HCPs they will have to oversee. A service level agreement (SLA) between the PI and the third-party vendor is recommended by regulators and sometimes mandated at the local level. Investigators also can be reluctant to signing such a document. This led to audit non-compliance within site documentation whereby written agreement between the HCP and PI was missing or a template of the Delegation of Authority (DoA) was not updated for home health care staff and their associated role and responsibilities.

Even when an SLA was in place and the DoA was up to date, audits have highlighted recurrent deficiency in the site files regarding documentation of qualification or training of home health care staff (e.g., CV, GCP certificate, nurse license, project-specific training record) or in the documentation of PI training on home health care​.

These issues indicated a lack of PI oversight ​of the activities performed by home care nurses and more globally, a lack of process to demonstrate how PI oversight should be maintained and assessed.

Non-compliant handling of confidential information by DCT vendors​

Recurrent instances of non-compliant handling of confidential information by DCT vendors throughout the course of DCT studies have been highlighted by audits. In particular, disclosure of personal health information has been noted with inappropriate dispatch of reports containing patient details, or inclusion of protocol number on the DTP/DFP shipment forms.

Positioned for audit readiness by focusing on decentralized solutions

Although the scope of an audit and inspection varies, the objective is usually to provide an independent assessment of processes for adherence to company policies, standard operating procedures, applicable regulatory requirements, contractual agreements, client company, and site specifications. If the focus is on decentralization, the ​management and oversight of the decentralized services–as well as the efficiency and effectiveness of processes and practices–on both the vendor and clinical research organization (CRO) sides may be assessed by the auditor. Project procedures, guidelines​​, contractual agreements, study plans, and site documentation relevant to DCTs likely will be reviewed to identify opportunities for process procedural improvement and additional training to ensure the highest quality.​

The following provide some considerations to adapt the audit readiness approach to DCTs, considering jointly site, project and vendor documentation, and processes.

DCT vendor service implementation and documentation

Beside the site and patient document package to train the site on their process and introduce their service to patients, the DCT solution provider should develop an operating manual aligned to the project DCT strategy to describe their structure and processes. The information to be covered should be agreed upon by the vendor and the project team, but at minimum should describe the vendor team structure; the communication and escalation pathways; adverse events (AEs), serious adverse events (SAEs), and protocol deviations reporting process; as well as the details of the visit schedule and procedures, including visit preparation and associated logistics (e.g., handling of lab kits and biological specimens; IMP shipping and returns, etc.).

A training matrix including certification/qualification requirements, baseline ICH/GCP training, as well as project specific training should be established for both the vendor home care personnel and the vendor project team. The sponsor should be involved in defining the home nurse’s qualification requirements and minimum project-specific training requirements. Training records should be maintained by the vendor and made available to the site PI.

It is also recommended that flow charts be developed jointly between the vendor and project team for the site and/or patient journey as well as logistics (IP, lab kits, device/wearables, etc.) and data (for data collected through the virtual site, HHC, and digital tech). These flows will be useful to cross-check the compliance of the DCT strategy with protocol requirements and to identify any risks and challenges related to the decentralized approach, as well as to drive consistency.

For each study, DCT solution providers should confirm country regulatory requirements and experience for the countries in scope as the regulatory acceptance of DCT solutions is still a changing landscape. Some countries may have specific regulations at the procedures level. For instance, DTP may not be allowed. And in some countries, a physical exam can be performed by a registered nurse working as an HCP whereas in other countries only physicians can perform physical exams. Ironically, in some cases a physician may be added through a televisit to guide the registered nurse.

The vendor will develop the source document (eSource or pSource) to be completed by the HCP during HHC visits to capture all data points required in electronic data capture (EDC) as well as other relevant source information. It is recommended that a careful two-way cross check (source vs. EDC) is completed by the project team and/or sponsor between the eCRF and eSource to ensure no data point is omitted or unnecessary data is collected.

When the DCT vendor is also providing site service (MHC or VS site), they should implement a PI oversight plan. Beside the traditional PI responsibilities, the oversight plan will document how the PI will oversee HHC nurses and delocalized sub-investigators, list the documents to be reviewed or approved by the PI (e.g., HCP CV, qualifications, training records), describe how the PI will review the HHC source documents and home visit reports, and how they will manage patient safety.

DCT site documentation

Site documents from the package developed by the DCT vendor for the site, which include training materials(e.g.,site introduction email, service activation slides, etc.), visit request form template (to be completed by the site to order HHC visits) and instructions should be filed in the investigator study file (ISF) as well as all HCP CV, qualifications, and training records.

SLA: Beside the clinical trial agreement, some sites (either due to site directives or country regulatory requirements) may require a separate SLA with the DCT vendor. Although such agreements should be executed between the vendor and the site, due to reluctance from sites, the CRO project team and/or sponsor may need to step in to help clarify liability responsibility and ensure the SLA is implemented when locally required.

DoA: In the case of HHC, the agency staff are considered an extension of the site staff and will work under the investigator’s oversight. As such, the nurses must be listed on the DoA. The list of tasks should align with the actual scope of HHC services.

1572: Per FDA's regulation at 21 CFR 312.3(b), hospital staff, including nurses, residents, or fellows and office staff who provide ancillary or intermittent care but who do not make a direct and significant contribution to the clinical data, do not need to be listed individually. Therefore, a general assessment should be made on whether the HCP has a direct and significant contribution to the clinical data and/or data impacting primary endpoints, to determine with the sponsor who should be listed on the 1572.

Project DCT documentation

The project team should assess the process and procedures affected by the implementation of DCT solutions and adapt any relevant project plans accordingly. Critical processes and specific risks associated should be considered including:

• Informed consent
• Eligibility confirmation (for randomization and for dosing if these two steps are performed independently)
• IP dispensation and management
• Collection and reporting of AEs and SAEs
• Principal Investigator oversight
• Quality of source documentation, i.e., source documentation generated through decentralized services

The monitoring plan should be updated to refer to the DCT services and consider all the monitoring aspects that will be impacted by the implementation of DCT services. The monitoring plan should specify:

• How clinical research associates (CRAs) will gain access to source document worksheets and whether access to the DCT vendor platform is required for monitoring purposes.
• Any requirements for AE/SAE reporting, including follow-up and any specific documents/reports to be monitored should be considered when AE/SAEs are reported during an HHC visit.
• How to effectively assess that PI oversight and support of the PI to HHC are appropriate. The monitoring plan should provide details on how PI oversight is to be documented and assessed, including but not limited to timeliness of PI approval of the nurse qualifications, CV and training records; appropriate site scheduling of HHC visits; HHC source data review requirements (e.g., dated and signed); home visit follow-up (e.g., for PI/HHC contact reports); and review and filing of HHC training records. PI/site feedback on HHC services also should also be captured in the MVR.
• How implementation of DCT services should be documented in the site visit initiation report including check of access to vendor system, completion of DCT training and receipt of site-facing vendor material (See the preceding section on “DCT vendor service implementation and documentation.”) Furthermore, the site recruitment activation plan should consider the impact of the DCT solutions on recruitment projections and retention.
• That the monitor should be able to determine if the subject opted for home visits while monitoring the DCT Informed Consent Form (ICF). The monitoring plan will specify if a separate ICF is to be reviewed.
• The monitoring plan should also consider any impact of DCT services on any monitoring components including eligibility check/re-check during the home visit, management of protocol deviations related to DCT, additional data points or assessments, impact to source data verification/source data review), additional event triggered real-time review or specific flags for findings related to HHC key performance indicators (KPIs) or risks and specific reports related to HHC activities (e.g., lab sample reports, inventory reports, etc.).
• Processes related to IP chain of custody and IP accountability if DTP is implemented; as well as a process to protect the blind.
• The ISF filing requirements for DCT documents (e.g., HCP CV and training records, DoA, Physician Order Forms (POFs), HHC/site communication reports, etc.)

Any supply distribution (drug or ancillaries) including depot location as well as logistics should be monitored and documented in the clinical supplied project plan. For this reason, if the patient is to receive a drug directly at home, the distribution process should be carefully planned and mapped out so monitoring requirements can be identified: depot storage conditions and inventory maintenance, temperature excursion, courier documentation, specific drug labelling as well as returns, accountability, and destruction management. Regarding non-supply management and equipment maintenance, calibration and recalibration records should be maintained by the DCT vendor. It should be determined upfront if the monitors will be required to assist with follow up on those records and have this noted in the monitoring plan as necessary.

The vendor management plan should cover all vendors and should be in place before a vendor starts any activities, including DCT vendors. Consider vendor training requirements on project specifics. For vendor oversight/management, vendors should have KPIs defined at the start of services and provide metrics at a regular frequency to the project team for ongoing quality and performance evaluation.

The project team and the client should ensure that risks related to DCT vendor services are actively identified, evaluated, controlled, reviewed, communicated, and reported throughout the life of the project, in particular those related to critical study data points and processes.

For the eTMF filing plan, both vendor documents and site-level documents (in particular for delocalized sites or central pharmacy or depot) should be considered, but vendor sponsor should agree on the filing strategy and requirements upfront and CRA access to the site file should be organized.

Conclusion

The success of DCTs lies in the alignment of the implementation of the DCT strategy with the study protocol and project deliverables. The development of a robust DCT delivery framework for audit readiness purposes, including DCT process documents for the vendor, the site and the project team will be key to managing risks, ensuring effective oversight, and monitoring of performance through defined KPIs.

Sandra Orset, PhD, executive director, DCT strategy and innovation, PPD clinical research business, Thermo Fisher Scientific

Reference

1. Decentralized Clinical Trials for Drugs, Biological Products, and Devices Draft Guidance for Industry, Investigators, and Other Stakeholders (fda.gov)