Guide to Remote Audits

The United States reached the one-year anniversary of the first confirmed case of COVID-19, on January 15. Even now, as the rollout of vaccinations is underway, institutions are still facing campus and facility closures. We cannot underestimate the impact of COVID-19 on clinical trials and the research community. Institutions have had to refocus resources toward pandemic-related clinical care and research, which has caused delays, disruptions and cancelations of research in other clinical areas. Research coordinators and support staff continue to work remotely or in hybrid work situations.

Despite this, research professionals have demonstrated remarkable resilience and flexibility in adjusting to the new landscape. Over the last year, institutions have leveraged technologies to continue or start up clinical trials. Telemedicine has increased opportunities for remote consent and virtual study visits.

Restrictions on travel, in-person visits and access to research offices forced federal regulators to scale back their in-person surveillance activities, while increasing their remote audits to gauge compliance with Good Clinical Practices (GCP), Good Manufacturing Practices (GMP), and human subject protection (HSP). Investigators must be prepared for announced or unannounced inspections, particularly remote reviews.

A variety of situations can trigger an FDA inspection, from a serious adverse event (SAE) to reported violations of protocols. Just as your research team should be well prepared for in-person inspections, so should you be prepared for a remote visit. These are some of the areas where your team can prepare. In some instances, your team should coordinate with the IT department to ensure a secure, yet easily accessible, repository of information.

Gather and centralize stakeholder contact information
The names and contact information (mobile phones, pagers and email) of all key staff should be in a central place, such as a spreadsheet. This record can include:

  • principal investigator (your materials should include the PI’s CV)
  • clinical research coordinators
  • pharmacists
  • laboratory technicians

You should also include any staff who should be notified in case of an audit, including contacts in:

  • medical records
  • risk management
  • compliance
  • administration

Your contact list should include your primary contact at the study sponsor and/or CRO.

Digitize study documents
Depending on the requirements of your institution or the study sponsor, you may want to consider scanning regulatory documents and keeping them in a secure cloud-based file system. Consider including these items:

  • IRB documentation, including the approval letter and amendments
  • consent form (at least the latest version)
  • study reference manual
  • study protocol(s)
  • sponsor instruction manuals
  • policies and procedures
  • roles and responsibilities for each of the key team members
  • correspondence with the sponsor
  • certifications (for example, for the laboratory)
  • other essential documents as per Good Clinical Practice (GCP)

You should be prepared to upload participant documents such as signed Informed Consent Forms, Case Report Forms, and source documents to a file sharing application, following institutional requirements of redacting protected health information, if applicable. You may want to explore with IT granting auditors remote read-only access to the Electronic Medical Record for the participants selected for the remote audit.

Prepare a plan with stakeholders
The nature of remote audits may require more time to prepare requested documentation. It is important to prepare a plan and to educate your internal stakeholders on the procedures and areas of responsibilities in the event of an audit. A mock audit can test everyone’s response and identify risks and gaps. Don’t forget to include the IT department and staff in other departments who may need to play a role.

In the case of paper documents that are not scanned and uploaded in advance, you should have a plan for doing so upon request of the auditors. Identify a secure and HIPAA compliant storage platform and the mechanism by which you can obtain and upload those documents remotely that adheres to the institutional policy.

Be prepared to deliver a virtual “live” walk-through of facilities. Identify who will provide the tour and the technology necessary to do. Ensuring strong Internet connectivity in those areas, such as basement laboratories and other potential weak Wi-Fi zones can ensure a smoother experience for everyone.

It’s likely that remote work and, therefore, remote research surveillance will be part of the workflow for some time. Preparing for a remote audit can decrease stress and ensure clear communication among all the stakeholders.