MHRA reports serious GCP breaches including Data Integrity

The MHRA recently published the 2018 metrics report for GCP serious breaches.

Serious breaches of the clinical study protocol or Good Clinical Practice (GCP) have to be reported to the MHRA within 7 days of awareness. According to the agency, a serious breach is defined as a "breach which is likely to effect to a significant degree:

• The safety or physical or mental integrity of the subjects of the trial; or
• The scientific value of the trial".

The sponsor is required to report serious breaches. However, if an investigator or third party organization disagrees with the sponsor assessment of the breach, the MHRA expects that due diligence is exercised by the investigator/ third party organization. In addition, investigators/ third party organizations should retain correspondence demonstrating their due diligence during inspection.

Number and categorization of breaches

The MHRA received a total of 115 serious breaches, of which 

• 76 were determined by the GCP inspector as a serious breach,
• 24 were determined as not being a serious breach,
• 15 referrals were still awaiting further information from the reporter in order to make a final assessment.

Serious breaches due to data integrity and contracting activities

In most cases patient safety was the reason for reporting serious breaches (49 out of 115), followed by other non-compliances (24 out of 115), like:

• Identification of under-reporting of suspected unexpected serious adverse reactions (SUSARs) and issues with potential unblinding,
• Data integrity,
• Delegation of duties.

In 2018 there were six serious breaches reported which required a subsequent inspection to be performed. For the majority of the serious breach notifications received, the MHRA inspectors received updates from the reporter on the progress of the investigation and the corrective and preventive actions (CAPAs) proposed. Hence, there was no need for a triggered GCP-Inspection.

MHRA´s expectations for reporting serious breaches

• When it is not clear whether the issue is a serious breach, it should be reported anyway (the GCP inspector will make their own assessment of whether the issue is a serious breach or not),
• The clock starts from when the sponsor (or the third party organization) becomes aware of the breach,
• The Quality Management System (QMS), contracts and study plans facilitate prompt escalation of potential serious breaches,
• The serious breach decision should be documented (together with a rationale) and retained in the Trial Master File (TMF), enabling that the process as a whole can be reviewed on inspection to demonstrate adequate oversight and decision-making,
• When implementing CAPAs for a serious breach, consideration should also be given to whether the issue could impact other patients or trials.

More information - and examples - can be found in the MHRA Inspectorate blog entitled "GCP Serious Breaches - the 2018 Edition"  as well as in the MHRA's "Annual review of good clinical practice referrals".