Download SOP 057 Database Construction and

SOP057: Database construction
Under review, for information only, contact data management team for further details
Jo Steele x4147
Document Title:
Database construction & Management
Document Number:
SOP057
Staff involved in development:
Job titles only
RM&G Manager, R&D Administration Manager,
Research Officers
Document author/owner:
R&D Administration Manager
Directorate:
Research and Development
Department:
Research and Development
For use by:
NHS Staff Trust-Wide
Review due:
May 2016
THIS IS A CONTROLLED DOCUMENT
Whilst this document may be printed, the electronic version maintained on the Trust’s
Intranet is the controlled copy. Any printed copies of this document are not controlled.
©Papworth Hospital NHS Foundation Trust. Not to be reproduced without written
permission.
Key Points of this Document

This document sets out the procedures to be followed by all Papworth Staff who are
involved in the preparation of protocols for Papworth sponsored research studies.

It aims to provide clear guidance on constructing a database for a research study.
SOP057: Database construction
Version 1.0 Review Date: May 2016
Page 1 of 6
SOP057: Database construction
1
Purpose and Content
1.1
This document defines the Trust’s research procedures for the creation of study databases
for use in Research Studies and Clinical Trials at the Papworth R&D and Trials Unit (the
‘Unit’). This SOP MUST be adhered to for Papworth sponsored CTIMPS and Grant funded
studies. This SOP should be adhered to for all other Papworth sponsored studies as it is
regarded as best practice.
1.2
The document aims to provide clear guidance on how research databases should be
created for Papworth Sponsored studies. The current Trust Data Management system is
Formic but other databases can be used. Please refer to “Creating a Database using
Formic”. Guidance Document available on the Papworth Hospital Intranet.
1.4
The validation and back-up procedure for the database are outside the scope of this SOP
and are described in SOP058: Data Validation & Back-up.
1.5
The locking of a database is outside the scope of this SOP and is described in SOP059:
Closing Down a Database including Lock & Unlock Procedures.
2
Roles & Responsibilities
2.1
This Policy applies to all personnel that are involved in research within the Trust. This
includes: staff that are full or part-time employees of the Trust, those working at the Trust
with employment contracts funded partially or wholly by third parties including those within
CUHP AHSC and those seconded to and providing consultancy to the Trust, and to
students undertaking training at the Trust.
2.2
Staff creating research databases must comply with the requirements set out in section 4.
2.3
The Chief Investigator must ensure that if they delegate the role of creating the database
to another member of the research team, that member must have the knowledge and
expertise, and are aware of GCP procedures.
3
Policy
3.1
This SOP is mandatory and, as per the Trust’s Research Governance framework, noncompliance with may result in disciplinary procedures.
4
Procedure
4.1
Trial Database
4.1.1 Once the CRF has been designed in accordance with the protocol, the database should be
designed to store the information being collected by that CRF. The type and size of the database
will depend on the size of the study and could vary between a standard Excel spreadsheet to a
more comprehensive & secure Data Management System.
4.1.2 When developing a database the following points should be addressed, although they may
need to be amended according to the size and complexity of the trial.
The database should:
SOP057: Database construction
Version 1.0 Review Date: May 2016
Page 2 of 6
SOP057: Database construction







4.1.3
















Be held on a secure server with security/access requirements (see point below regarding
databases held by external organisation).
Have levels of security and access via a unique username and password
Have the ability for more than one user to use the system at the same time
Ideally have daily back ups of the data
Have disaster recovery plans (including preventative, detective and corrective measures)
Enable data to be exported to a data analysis package (e.g. SPSS, STATA) with minimal
effort
Ensure data queries can be generated
The database manager should:
Provide training for relevant staff on the use of the database (record on training log).
Maintain a security system that prevents unauthorised access to data (ICH GCP 5.5.3,
Data Protection Act 1998)
Allow access to the data by monitors, auditors and inspectors on a read only basis and
under the supervision of any member of the Research Team.
Ensure that data changes are documented and that there is no deletion of entered data
(i.e. maintain an audit trail, data trail; edit trail, ICH GCP 4.9.3 and 5.5.3).
Keep a list of individuals (use the study delegation and signature log) who are authorised to
make data changes (ICH GCP 5.5.3)
Safeguard the blinding, if any (e.g. maintain the blinding during data entry and processing,
ICH GCP 5.5.3)
Make sure that if data are transformed during processing, it is always possible to compare
the original data and information with the processed data (ICH GCP 5.5.4).
Ensure the database systems are checked and maintained at least once every 3 months
Be aware of software upgrades relating to the database
Define database lock-down procedures to ensure access to the final dataset is
permanently restricted for final analysis and report, prior to archiving
Ensure archiving of data is maintained correctly by storing all data on a server which is
backed up on daily, weekly, monthly and yearly on tapes.
Ensure that the database will be complete and accessible throughout the period of
archiving by looking at digital preservation issues.
Ensure stored trial data is archived on a secure server with security/access requirements
(see 4.1.4 below regarding databases held by external organisation).
Produce a study-specific SOP for managing the study database (ICH GCP 5.5.3)
Ensure that all Coded/Pseudo-Anonymised Data sent by e-mail must have digital security.
This is to be in the form of an encrypted file using a secure 8 or more digit password
containing upper and lower case and numerical characters. The encrypted file should be
sent as an attachment to an e-mail. The password should be sent in a separate email.
Only professional email addresses shall be used for the transfer and no data shall be sent
to private accounts.
Patient identifiable data must not be sent off site unless there is Ethical or Information
Governance approval.
4.1.4 It should be noted that where the database is to be held/archived by an external
organisation on behalf of the Sponsor (Papworth) that security access/access restrictions are
required. This should be clearly demonstrated in a written Agreement between the organisation
and Sponsor.
4.1.5 Researchers are advised to use commercially produced and validated software wherever
possible. Specialist software that has been produced ‘in-house’ or as a one off application must be
subjected to validation processes (approved specification, testing documentation for developers
and users, signed validation report to confirm that all test failures have been resolved and
SOP057: Database construction
Version 1.0 Review Date: May 2016
Page 3 of 6
SOP057: Database construction
specifications have been met, production of user instructions and training of users and
documentation release). Results of validation testing should be filed in the Trial Master File (TMF).
4.2
Data Coding
Coding can be performed using dictionaries such as: WHO Adverse Reaction Terminology (WHOART) and MedDRA.






5
The coding in Formic takes place at the Design Stage and has to be manually coded for
the CRFs, using either a numerical or alphabetical code that can then be used for analysis.
These codes must be decided before data entry begins e.g. codes 1 for Yes, 0 for No.
Codes should also be in place for answers such as ‘not known’ or ‘not applicable’ e.g. 999
to show missing data. It is important to make sure that whatever value is chosen to
represent missing data, that value would not be feasible as an actual response.
All data coding is to be recorded in the database and available as a named key when the
data is exported.
Clinical data also needs to be coded for recording of all adverse events. The World Health
Organisation Adverse Reaction Terminology (WHO-ART) and Medical Dictionary for
Regulation Activities (MedDRA) both have a system of coding to assist with this
categorised by System Organ Class. A code is assigned for each disease and adverse
reaction.
You can access WHO-ART through http://www.umc-products.com/graphics/3149.pdf and
MedDRA through http://www.meddramsso.com/.
The coding can be done at various stages of the trial such as: during the initial data
collection from the participant by the investigator or research nurse; after the data
collection, but prior to entering the data on the database; or when the data are entered onto
the database.
Where autocoding is not possible, manual coding may be performed.
Database Management
All data generated in the course of clinical trials and research studies are governed by the
Data Protection Act (1998), GCP and the Trust’s Information Governance Policy. It must
therefore be handled in the appropriate way and the following points must be considered:



Study data should be anonymised (if this is not possible the advice should be
sought from Information Governance or Caldicott Guardian. Must also be fully
documented within protocol), using patient trial or study numbers where possible.
Access to the data must be controlled: the database and computer must be
password protected.
Data must not be downloaded to a laptop, USB stick or any other downloadable
device, unless the device is encrypted according to Papworth Hospital IT
Department security specifications.
Procedures must be followed and records maintained with regards to data access. There
should be clearly defined responsibilities for database security e.g. levels of access for
users, management and delegation of privileges, security strategy.
When storing study/trial data the following procedures must be in place to ensure it is
valid, adequately backed-up and recoverable if necessary.
SOP057: Database construction
Version 1.0 Review Date: May 2016
Page 4 of 6
SOP057: Database construction
5.1
Data Processing
The following factors should be followed when processing clinical trial data:
 All transactions to the database (insert, update, delete) must have a clear and complete
audit trail. For some software (e.g. Excel) this may necessitate the printing of data and the
certification and dating of the data as an accurate record of the previous and current
versions of the database. The system of ‘tracked changes’ should be used whenever
possible.
 Data must only be accessible to authorised personnel
 All Data Staff are responsible for keeping data secure and confidential at all times and
must comply with the UK Clinical Trial Regulations, Information Governance, ICH GCP, the
Data Protection Act 1998 and the associated Trust policies.
5.2
Security for Passwords / Usernames for FORMIC database system
All passwords and usernames are held on the server drive in a folder called “security”,
Formic allows the Database Manager to create, edit and delete usernames and passwords
for individuals or groups. Formic stores the username but only stores the passwords as
**********. Access to this folder is limited to the Senior Manager and the Project Design &
Data Quality Officer.
5.3
Audit Trail
5.3.1 The Data Amendment Form (FRM002) must be used when any amendment is required.
Also Formic incorporates and Audit trail which can be printed or exported out; this includes
the same fields as FRM002 but only allows the Database Manager to make these changes.
5.3.2
Any changes to a system following its release must be documented, with its effective date
recorded and each change being given a new version number. All new versions should be
tested and validated prior to implementation.
6
Risk Management / Liability / Monitoring & Audit
6.1
The R&D department will ensure that this SOP and any future changes to this document
are adequately disseminated.
6.2
The Unit will monitor adherence to this SOP via the routine audit and monitoring of
individual clinical trials and the Trust’s auditors will monitor this SOP as part of their audit of
Research Governance. From time to time, the SOP may also be inspected by external
regulator agencies (e.g. Care Quality Commission, Medicines and Healthcare Regulatory
Agency).
6.3
In exceptional circumstances it might have to deviate from this SOP for which the written
approval of the Senior R&D Manager should be gained before any action is taken. SOP
deviations should be recorded including details of alternative procedures followed and filed
in the Investigator and Sponsor Master File.
6.4
The Research and Development Directorate is responsible for the ratification of this
procedure.
SOP057: Database construction
Version 1.0 Review Date: May 2016
Page 5 of 6
SOP057: Database construction
Further Document Information
Approved by:
Management/Clinical Directorate
Group
Research and Development Directorate
Approval date: (this version)
11th October 2013
Ratified by Board of Directors/
Committee of the Board of
Directors
STET
Date:
N/A
This document supports:
Standards and legislation
Medicines for Human Use (Clinical Trials) Regulations
2004 and all associated amendments.
Research Governance Framework for Health and Social
Care (2005)
Key related documents:
Trust Research Policy
Research and Development Standard Operating
Procedures entitled:
SOP058: Research Database Validation and Back-up
Procedures
SOP059: Closing Down a Database including Lock and
Unlock Procedures
FRM002 The Data Amendment Form
Equality Impact Assessment: Does this document impact on any of the following groups? If
YES, state positive or negative, complete Equality Impact Assessment Form available in
Disability Equality Scheme document DN192 and attach.
Groups:
Disability
Race
Gender
Age
Sexual
orientation
Religious
& belief
Other
Yes/No:
NO
NO
NO
NO
NO
NO
NO
Positive/
Negative:
Review date:
May 2016
Version Control
Version
1.0
Date Effective
8th November
2013
SOP057: Database construction
Version 1.0 Review Date: May 2016
Valid To
May 2016
Approved by
RDD
Date of Approval
11th October
2013
Page 6 of 6