Compliance Corner

Learn the difference between CR deviations and violations

Rate deviations on severity scale

Research organizations often have trouble distinguishing between protocol deviations and violations, and the regulations are little help in making these definitions, an expert says.

"We have different regulations referring to deviations, and yet in another sentence they're calling it 'violations,'" says Linda A. Mottle, MSM-HSA, RN, CCRP, director of the center for health innovation & clinical trials and director of the clinical research management graduate programs at Arizona State University in Phoenix, AZ. Mottle also is an associate clinical professor in the college of nursing and health innovation.

"What has happened is there has been a common benchmark interpretation that's used in industry and accepted by IRBs," Mottle says. "Essentially, a deviation is considered a minor protocol variance that does not affect patient safety or data integrity."

This creates a scale of severity with a violation, meaning a major deviation that somehow impacts the risk-benefit ratio for the subject and/or data integrity, she explains.

Often, clinical trial sites decide it's better to be overly cautious than risk missing something, so they keep a log of all protocol deviations and how these were handled.

But there's a problem with handling deviations in this way, Mottle says.

The biggest issue is that research organizations that require all deviations to be documented and handled are not taking time to weigh the importance of any particular deviation.

Mottle offers this advice on how to handle deviations and violations in the most effective way:

• Categorize protocol problems as deviations or violations: "Sites should categorize these reasonably, logically, and ethically as violations or deviations," Mottle says.

To do so, they should keep these parameters always in mind:

- Did this action affect patient safety or the risk-benefit ratio for that participant?

- Did this action affect the study data integrity?

"If it did not impact these, then you know you have a deviation," Mottle says. "If it did, then you possibly have a violation, and you should then look at factors like intent and repeatability."

• Develop a severity scale for deviations and violations: There is no magical answer to determining the importance of each deviation, but developing a severity scale will help.

The severity scale would take into account the risk-benefit ratio and data integrity. Any deviation that doesn't impact either would be placed in a low severity category.

For instance, a site's severity scale could define administrative deviations that are non-reoccurring as minor if they also do not impact the risk-benefit ratio and data integrity.

An administrative deviation might be having an incorrect or outdated site phone number listed. This is a deviation, but it does not directly impact patient safety or data integrity, so this deviation is less severe, Mottle says.

In another example, a site might have enrolled a subject who doesn't fully meet inclusion/exclusion criteria.

"The principal investigator says that's okay, and the sponsor says that's okay, but it's a violation," Mottle says. "If they're not meeting inclusion criteria that could impact safety parameters and the data."

This violation is severe enough to require a protocol amendment that states the problem and solution, she suggests.

"They could say that they have many patients who would meet the inclusion criteria, if the lab value were extended another two points," she says.

* Watch for patterns and trends in deviations: Even minor procedural deviations might be rated severe if they are repeated and a pattern develops.

"For example, if a CR site sent blood work to a lab, and the lab dropped the sample, then that's something that was not expected, and it means you would have to bring that subject back in for another blood draw," Mottle explains. "Then the second blood draw might be outside the protocol's window, which is a deviation of the protocol."

So there might be a very small amount of risk to the subject since blood draws have a tiny amount of risk, but it's not something that will hurt a subject in a significant way, she notes.

"And it happened because of an accident, something that couldn't be planned for or avoided in the process or procedural standard guidelines," she adds.

But if this same accident occurs repeatedly, the incident would be rated higher on the severity scale.

Patterns of repeated minor discrepancies could result in data integrity problems or even greater risk to subjects, Mottle says.

The issue is that someone at the clinical trial site may know there is a problem, but the deviations continue unchecked, and that's when it becomes a violation, she adds.

"If you're routinely not putting in the appropriate case report forms in the stated timely manner over and over again, and you're not meeting the protocol's [stipulations] or sponsor's standard operating procedures (SOPs) for running the study, then that will impact data integrity," Mottle explains. "It slows down the ability to do interim data analysis for safety evaluations, so that's a violation."