Clinical study suppliers (service providers) -- extent of control

I

indubioush

Ah ha!
Hello. I'm struggling with assigning a risk classification to clinical study providers. For example, if a supplier helps us to manage clinical data or helps us maintain HIPAA compliance, what is the extent of control we should have over these suppliers? It is a compliance risk rather than a device quality risk/patient risk. How does everyone else manage these suppliers? Thanks.
 
Y

yodon

Leader
Super Moderator
There could certainly be a risk to patients - maybe not directly, but if they screw up the data, you could have invalid clinical data for safety or efficacy.

I treat them as pretty high risk. I want a Quality Agreement with them. (I had one client who didn't execute a quality agreement with them and didn't stipulate data ownership and, as a result, could not get the data collected, only summary reports!) I want to see any software used validated and I want to be sure they have the proper competencies in the type of clinical study to be conducted (as well as basic competencies in data integrity). And, as you note, data security is a huge concern. A breach there could cost you dearly so I want to see what those controls are (logical and physical - and for both the "live" data as well as backups).

I think there's a tendency to strictly adhere to risk-based buckets without flexibility to manage as the needs arise. Hopefully you have the flexibility to escalate the level of control irrespective of what bucket the supplier may fall in based on your criteria.
 
Ronen E

Ronen E

Problem Solver
Moderator
yodon said:
There could certainly be a risk to patients - maybe not directly, but if they screw up the data, you could have invalid clinical data for safety or efficacy.
Click to expand...
There's also the risk (to the patient) of breach of privacy.
 
Ronen E

Ronen E

Problem Solver
Moderator
indubioush said:
I'm struggling with assigning a risk classification to clinical study providers. [...] How does everyone else manage these suppliers?
Click to expand...
At least under the MDR, clinical studies are a critical component in the compliance scheme, can vacuum huge resources, usually have long time-scales, can go awfully wrong and you'd know that only at/near the end... So, overall, it seems like a high-risk activity. But then, "clinical study providers" can be all sorts of entities, responsible for all sorts of elements, or the whole thing.

Generally speaking, by default I'd assign to "clinical study providers" the highest control level you have, yet I agree it's good to have a safety valve in your SOP to allow you to downgrade with a proper justification.
 
You must log in or register to reply here.
Top Bottom