Write a comprehensive data safety monitoring plan

Plan complements protocol

Developing a data safety monitoring plan is good practice for all research protocols, an expert says. Data and safety monitoring plans may be developed as a general plan for a research institution or center; a global plan for a protocol or as the specific plan for a protocol conducted at a local research site.

"Not only should each protocol have a DSMP, but it should also be specific to that site" says Lori T. Gilmartin, RN, a consultant with Halloran Consulting Group, a private clinical trial management and organization consulting firm in Boston. Gilmartin is also a research subject advocate at Boston University School of Medicine, General Clinical Research Center and has spoken about developing data and safety monitoring plans at clinical trial industry conferences.

She defines a DSMP as a plan/process unique to a study for optimizing participant safety and maintaining the integrity of the study data for unbiased evaluation. The need for a DSMP should not be overlooked because of lack of intervention. Safety, and integrity of data collected from human subjects is indication for a DSMP.

There are six steps to developing a DSMP:

1. Assessment of risk: "First, have the investigator take a realistic look at the protocol itself and make an assessment of risk within the protocol," Gilmartin advises. "What are the factors within the protocol and the research environment that elevate the risk?"

For example, here are some factors to consider:

  • Does the study involve a vulnerable population?
  • Does the study involve an unapproved drug, device, or treatment?
  • Is it a blinded study?
  • Is it a multicenter trial?
  • How is the drug/device dispensed?
  • Who is controlling the drug or device?
  • Who is monitoring the drug or device and how often?
  • How is the drug’s risk being minimized?
  • The risk assessment includes a look at vulnerability, demographics, condition of health, intervention, logistics, outcomes, blinded study, and medical risk, Gilmartin says.

2. Identify data set: In developing the DSMP you should include a review of the protocol to make sure that what is being collected is documented, she says.

"You want to have control over what you have identified as data for the study, because in addition to assuring appropriate documentation, you don’t want to collect more than you need, and you don’t want to collect less than you need," Gilmartin says.

This is an excellent opportunity for principal investigators to take a final look at all the data points to be collected, she says.

"Remember, if you collect the data, it should have a purpose, answer a question, and needs to be monitored," Gilmartin says. "Why would this be a concern?"

For instance, an investigator might write out a list of tests he wants conducted for a study, and then some time later in the trial process, he might reconsider the need for all of that data, she says. "So why collect it and put the subject through the process if you didn’t use it?"

For example, suppose an investigator has developed a cardiac study, and the protocol includes the collection of an EKG, Gilmartin says. The first three subjects have an EKG, but the next five do not. The doctor makes the comment, "I really don’t need that anyway. It doesn’t matter," Gilmartin explains.

The following scenarios could result:

  • The IRB approved the original protocol as it is written, so the investigator is out of compliance and must file deviations.
  • If the investigator doesn’t really need the information, he needs to file an amendment to the protocol and see if he receives an approval.
  • If the investigator really didn’t need the data, then why did he include that test in the first place because it is a waste of time, money, and subject time.
  • And in the worst case scenario, if the IRB approved it because the board felt the test was necessary to prove the theory, but the investigator didn’t do the EKG for the remaining subjects and this omission was never monitored and reported until the study’s closure, then the hypothesis could not be proven. And all of the subjects had been placed at risk and possibly without the potential for any benefit, Gilmartin says.

It’s important to check the protocol line-by-line to make sure all data points are indeed being collected and captured appropriately and not missed due to paperwork design problems, she adds.

3. Data and clinical trial material/device integrity and accountability: Without this factor, the study’s validity is in question and subjects have been placed at risk and may be without the possibility of benefit, Gilmartin says.

"The data and clinical trial materials have to stay valid throughout the trial, and you have to maintain accountability of them," Gilmartin says.

For example, when using computer-based data, there should be routine back-up of electronic data in case of an accident or disaster that threatens the data integrity. Documentation should have provisions for minimal access, security, and destruction of records, she says.

This would include maintaining the integrity and security of randomization. Likewise, clinical trial staff should check expiration dates on drugs and maintain logs, looking at batch numbers and noting when and how drugs are received, dispensed and/or returned, Gilmartin explains.

Clinical trial sites should maintain appropriate storage parameters for temperature and containers, as well as follow all shipping criteria, she adds.

4. Minimization of risk: "Before you start the trial, you want to take into account all the things that you can do to prevent any problem you can imagine," Gilmartin says. "So for a simple example, if you know there’s a risk of breach of confidentiality in your electronic data, you would want to maintain the data under password protection, or, maintain minimal access to your files."

Many of the protocol-related issues will be spoken to directly within the protocol, often within the exclusionary, Gilmartin says.

"Many of the minimizations of risk have been included as part of the protocols global DSMP," she adds. "But if it’s a site specific item or additional item of concern you would put it in the local data safety monitoring plan."

Other questions to consider in this category are:

  • What are the endpoints or stopping rules for safety or efficacy?
  • What would make you stop the study?
  • What are specific training requirements you might add?

The plan might include having all staff receive human subjects protections or good clinical practice training or perhaps training for a specified intervention to be performed within the protocol. Or the minimization might be treatment related. For instance, a study involving a drug that was known to cause a significant number of subjects to have hives could include minimizing such reactions, such as giving subjects Tylenol and Benadryl 30 minutes prior to the onset of study drug, Gilmartin suggests.

5. Monitoring: Monitoring data safety is one of the most important aspects of the DSMP. The three main decisions to make are who will monitor, what will be monitored, and how often will monitoring take place, Gilmartin says.

Monitoring could be handled in a wide range of ways. Monitoring encompasses a large spectrum from the individual principal investigator through a formal Data and Safety Monitoring Board (DSMB).

It is the earlier steps in the DSMP development phase that will help the investigator and the review boards determine the level of monitoring required, Gilmartin says.

They will take into consideration the level of risk of the study. For instance, in a small, well-controlled phase I study it may be appropriate for the investigator and clinical trial staff to be the people who are monitoring the study, Gilmartin says. In other cases it might be more appropriate to have an independent reviewer or to rely on the monitoring that’s being done by the clinical research organization (CRO), she says.

If an outside, CRO monitor is utilized — not in-house/real time, the local DSMP should still identify who the local person is who will be reviewing/receiving the data for safety, and how often, Gilmartin notes.

At the highest level of oversight, a DSMB may be convened. This is a formal board that acts under charter. By NIH guidelines DSMBs would be required for a phase 3 clinical trial, but they may also be requested upon review by the IRB due to the level of risk of a study.

Some sponsors choose to form boards of their own volition, Gilmartin says.

"It is important to note that the board acts without conflict from the sponsor or investigator," Gilmartin says.

"A board provides independent review of the data, but is not local," she explains. "While the DSMB’s action would effect protocol change, its action would be slower than the action that could occur on the local level." Therefore, it is still important to identify within the site DSMP which person will be reviewing/ receiving safety data, Gilmartin says. A local member could perhaps prevent an AE from elevating to a serious adverse event.

The DSMP should include wording about what will be monitored, including these examples:

  • Subject conduct and compliance;
  • drop-out and enrollment rates;
  • laboratory data;
  • non-laboratory data;
  • key data points for safety;
  • adverse events

It will be the individual review committees’ decisions to determine whether the selected monitor(s) and the frequency of the monitoring are appropriate, Gilmartin says.

6. Reporting: The DSMP should identify to whom the monitor will report findings and when this reporting will take place. This part of the plan will depend on the regulatory agencies involved, and at the very minimum reporting will take place to the IRB, Gilmartin says.

Together with the protocol global DSMP, and the Institutional DSMP, the site specific DSMP offers strength to the complete DSMP structure as it applies to human subjects protection, Gilmartin says.