Web-based compliance makes audit efficient

All investigators are evaluated

The Philadelphia-based University of Pennsylvania School of Medicine's auditing program meets the very ambitious objective of auditing 100% of investigators participating in human subjects research.

"There are between 725 and 800 investigators we evaluate," says Ann N. Sieber, MS, CIP, director of research compliance at the school of medicine's office of human research.

"Our auditing team evaluates principal investigators (PIs) in 28 departments every year," Sieber says. "We evaluate each investigator for the type of research they're doing."

The auditing team of four experienced senior regulatory specialists focuses on studies with greater than minimal risk, a category that encompasses some 1,200 studies each year.

"Anyone who has an IND or is a faculty sponsor will be evaluated every year," Sieber says. "Any study related to an IND sponsor is audited every year, if not more frequently, depending on the IRB risk categorization."

The daunting task of collecting, analyzing, and communicating audit findings is managed efficiently and effectively through the use of Web-enhanced information management.

"Information management for our audit findings is a vital support for completing our mission of human subjects protection and oversight," Sieber says. "This Web-based system was developed because we felt very strongly that managing these findings as a result of our audits is vital for identification of issues, for follow-up and tracking any findings related to the regulatory compliance audit."

The office of human research chose to use Web-based data management so the system would be secure and static and because it could be designed collaboratively with the school of medicine's information systems (IS) department.

"We found that commercial systems were not exactly meeting our needs; they were maybe too costly, too complex," Sieber says. "So it was important we had a Web-based system to enhance communication between the office of research and coordinators."

The IS experts collaborated on a database design that would address these specific issues:

Who would be using the Web-enhanced database?

What kind of storage space would be needed?

How could the database be used for retrieval and access?

What data points would be collected?

Which standards would be carried over from the established standard operating procedures (SOPs)?

In praise of good 'listeners'

"Our IS collaborators were terrific listeners, and they created workable mock-ups for our workgroup to use and play with," Sieber recalls. "Our first roll-out was within 18 months of that first meeting."

The final database is an Oracle-based system that is very user friendly, Sieber says.

"It's a comprehensive, Web-based system that is designed so there's a portal for both principal investigators as users and auditors as users," she explains.

"We rolled out this system in January, 2009, and 100% of our audits since then have been managed through this Web-based system," Sieber says.

The implementation went smoothly precisely because of the thorough planning and preparation process, she says.

"We did so much work on clarifying what our needs are, what our user profile is, and which utility we needed that except for a few bugs and tweaks, it's worked well," she adds.

Auditors use it as a tool during a study audit. They can assess and register the audit, plan out the number of days the audit might take, and have all of the basic study information at their fingertips.

"The system's logic mimics what we've been doing all along," Sieber says.

Only the auditors can see the part of the system that involves the auditing process.

The system sends an email query to investigators, saying that an audit date has been established.

"We have a standardized data gathering system for a compliance audit, and that's hand entered in a series of query windows by the auditor," Sieber says. "Then we follow the usual process to discuss the audit itself at weekly meetings, discussing findings and compliance categorization."

When the audit report is created, the system automatically sends a note to the coordinator and PI that there's an audit report ready for review, she adds.

"We ask them to respond within a certain period of time, and we give the coordinator instructions to log-in with a Penn key, which is a secure, institution-wide key that a PI also can use," she explains.

The coordinator answers some questions on the report and has the PI review and certify the responses. Then an email is sent to the auditor, who reviews the responses, either accepting the answers or asking for clarification, Sieber says.

When an audit is closed with all issues resolved and all reporting completed, all notes related to the audit are uploaded and archived on the server.

"We can access the information at any time," Sieber says. "When we plan for the next year, we have source descriptions of what happened in audits, as well as the final reports."

The Web database is on a secure, shared drive that is static, based on a log-in to the network. It serves as a permanent investigator file. A college dean could log in remotely, review the audit and see all of the supporting documents associated with the audit, she explains.

The system is electronic from beginning to end, and this works much better than the previous paper-based report system, Sieber says.

"Your report is right there when you need it, and you can review your findings and answer questions in a window with a block set of responses," she says.