Building a new research compliance program: Where do I begin?

By Tracy L. Popp, MBA, CHRC, CCRP, and Lynn E. Smith, JD, CHRC

Tracy L. Popp (tpopp@askclover.com) is an Advisor at A Clover Group in Charlestown, IN, and Lynn E. Smith (lynnsmith@tgh.org) is Director, Research Compliance Officer, at Tampa General Hospital, Tampa, FL.

One of the hallmarks of a high-performing clinical research program is a robust research compliance partner. If you have the opportunity to build a new clinical research program, be sure to include a research compliance office in the design to work hand in hand with the clinical research staff. If you manage a clinical research program that lacks a research compliance partner, or a clinical research program with an ineffective or incomplete research compliance component, it is time to make a case to senior leadership of the importance of having this valuable partner.

The culture of the research compliance office is also of great importance. Research compliance could present itself with a culture of judgment with punitive outcomes, or it could present itself with a culture of collaboration and education. Hopefully, you will agree after reading this article that the latter is the best way to go.

Setting the stage for a new program or enhancing an existing one is the paramount point for a successful research program. The announcement to research team members, physicians, medical staff, and others of an upcoming change to the research program to include updating or building a research compliance program can send a panic through the halls of clinical research. Our daily lives contain a high level of stress; therefore, the steps you take to mitigate a full-out panic are of utmost importance. Many people have limited daily exposure to compliance individuals, the lack of knowledge on the role that compliance plays in research, or may recall a dreadful experience when compliance came to visit them. It is important to recognize this is a very real stress to individuals triggered by an announcement. How does operations fit into the compliance program? Our successful programs depend on compliance being embedded in all that we do each and every day for our patients. The operation leader is responsible to ensure that they set the stage for the success of the new or enhanced research compliance program. The team will look to the operation leader for guidance and assurance.

Let’s examine the critical conversations that need to occur with the teams. The panic of the team members or others will likely induce the following types of questions or comments for the operation leader. By preparing for these comments and questions up front, the operation leader will be able to mitigate the fears proactively.

Research teams ask:

  • What does compliance actually do?

  • Should I be worried that I will lose my job?

  • What did we do wrong?

Research teams may say:

  • Well, we never have had any problems before…

  • Isn’t this what the institutional review board does?

  • Who wanted this program changed or created?

  • I am too busy for this new layer of review.

Addressing the comments and questions will help build a successful foundation for the clinical research program. The building of a research compliance program remains a critical element for any research program regardless of the size of the program. Each site should maintain a level of compliance within the program. The research compliance team can start out as one individual dedicated to compliance review and build the program from there based on the site’s volume, risk, etc. When starting a program, consider the elements needed for a healthy program.

Elements

The elements of a robust research compliance program are well documented in Health Care Compliance Association’s Research Compliance Professional’s Handbook.[1] We will look at these elements in brief detail below and then discuss which of them you might consider implementing first.

Ongoing monitoring program

Not all research compliance programs are going to consist of all the elements discussed here, although the vast majority of them will, or should, have an ongoing monitoring program. This program can be presented as a quality assurance review of ongoing human subject research, or it can be presented as an audit program. In our experience, the monitoring program is received much more positively when it is presented as a quality review process that is intended to be collaborative and educational between research compliance, the investigators, and study teams. Using terminology like “auditing” can seem punitive and create a defensive posture from all parties involved.

Quality review programs for human subject research should evaluate the institution’s research against good clinical practice principles[2] to ensure the safety and well-being of human subjects and research finance/billing compliance to determine whether the research procedures are being properly billed to the sponsor, subject’s insurance, or government payers.[3] Quality review visits can be a complete review of a research protocol, or it can focus on one specific element such as informed consent, eligibility, or billing.

Your ongoing monitoring plan will change over time, but it will serve as a solid go-to plan. When developing your monitoring plan, there are several things to consider. Since you are not going to be able to monitor all studies in your portfolio, you will want to evaluate a good mix of your ongoing studies to get a handle on your overall compliance picture. Some of the criteria to consider when choosing studies for your monitoring plan are: 1) studies with the highest risk; 2) investigators with a track record of noncompliance; and 3) protocols with a high likelihood of being audited by federal or other external agencies, such as protocols with high enrollment, a previous unsuccessful audit, or a high-profile national study.

Operations buy-in (for monitoring program)

When the research compliance team is ready for the initial review on the research program, we recommend having a discussion with the research operations/clinical leaders to determine the investigator, study, or site to complete a validation review. By engaging the clinical team prior to engaging the principal investigator, the operations and compliance team will be able to eliminate any kinks in the review. The research clinical team is a valuable resource to assist with understanding institutional culture and empowers this team to be able to address any questions that the principal investigator has during a review, therefore building a relationship of trust and partnership. The reviews are a joint effort to build a strong program, not searching for a laundry list of punitive marks.

Conflict of interest

The research compliance program should be identifying and managing conflicts of interest (COIs) of investigators and study staff as well as the institution. COIs can manifest as equity in or compensation from industry sponsors. Policies and procedures should clearly indicate the thresholds set by the institution for such interests and ensure they are in line with regulatory agencies’ requirements.[4] Some institutions allow separate thresholds for various regulatory agencies, others set the bar at the most conservative requirement for all research, and yet others have a zero tolerance for conflicts and require disclosure for conflicting interests of any amount. In addition to equity and compensation, there are also conflicts of commitment. In addition to the research compliance office, conflicts of commitment may also need to be managed by the medical staff office, dean’s office, or human resources.

Research compliance should have a process to develop and monitor management plans for investigators who have conflicting interests. This process is typically separate from the annual disclosure required by most universities and healthcare systems. Some institutions use software systems to manage research COIs, while some track these conflicts using a spreadsheet that gets updated frequently. Many institutions also assign a COI officer and/or a COI management committee that will make decisions about the management of COIs.

In addition to investigator and study team COIs, there is also institutional COI. Institutional COI can come in the form of start-up companies supported by the institution or financial interests related to patents, tech transfer, license agreements, investments in companies conducting research at the institution, or gifts to the organization when the donor has an interest in the research. The COI officer/committee will need to be kept up to date with institutional interests to identify and manage these types of interests.

Scientific misconduct

If your institution is receiving federal grant(s) for research, the Public Health Service regulations require that you have policies and procedures for management of scientific misconduct that meets their requirements.[5] The Office of Research Integrity offers templates for these policies and procedures on its website.[6] These policies and procedures must include a process to deal with allegations of misconduct, a process to conduct an inquiry, and a process for a formal investigation. Annual reporting of scientific misconduct to the Office of Research Integrity is required from any institution that is a direct awardee or a subawardee of federal grant funds.

Privacy and security

As with any medical encounter or procedure, research procedures are subject to HIPAA Privacy and Security rules, and there are special considerations when research is involved.[7] A privacy board must review requests for waivers of HIPAA authorization when a protocol calls for the capture of private health information without the subject’s consent. While some institutions have a separate privacy board, most institutions have the institutional review board, whether internal or external, serve as the privacy board. Other considerations include the use of limited data sets and data use agreements.

Research compliance will need to ensure that the standards of the Security Rule are met, which includes administrative safeguards (policies and procedures, education and training, disciplinary procedures, audits and monitoring); physical safeguards (barriers, computer and physical protections, encrypted files, locked files and doors); and technical safeguards (account provisioning, passwords, logging out, information services audits). Much of this can be reviewed for compliance during a quality review visit.

Biosafety

The biosafety program manages the risks associated with: 1) infectious agents and toxins from natural sources or clinical isolates, 2) biological toxins manufactured for clinical or research purposes, 3) recombinant and synthetic nucleic acid molecules, 4) genetically modified microbes or animals, and 5) human gene transfer products.[8] Some institutions have their own biosafety program and committee, while others outsource this responsibility to an external committee.

Research compliance should ensure that the institution either has policies and procedures and an adequate program for this area or a documented plan to outsource this responsibility.

Export controls

Institutions that conduct or collaborate in research with foreign individuals/entities must comply with export control regulations. This includes export of oral, written, electronic, or visual disclosure or shipment, transfer, or transmission of goods, technology, services, or information to anyone outside of the US, a non-US entity, or a non-US individual (regardless of location).[9] Export controls apply not only to the shipping or personal delivery of technology, information, or funds outside of the US, but also to the deemed export or disclosure of technology or information to a foreign entity or foreign national on US soil. Examples of “deemed exports” include: 1) tours of laboratory spaces, 2) research involvement, 3) hosting observers or other types of visitors in laboratory or research space, or 4) through discussions or lectures of sensitive research.

Export controls are governed by the U.S. Department of Commerce’s Export Administration Regulations,[10] U.S. Department of State’s International Traffic in Arms Regulations,[11] and U.S. Department of the Treasury Office of Foreign Assets Control.[12]

Research compliance should ensure that the institution has adequate policies, procedures, and processes to manage compliance with export control regulations.

Animal research

Institutions that have an animal research program are governed by four main laws/requirements: 1) U.S. Government Principles for the Utilization and Care of Vertebrate Animals Used in Testing, Research, and Training,[13] 2) Animal Welfare Act,[14] 3) Public Health Service Policy on Humane Care and Use of Laboratory Animals,[15] and 4) Guide for the Care and Use of Laboratory Animals.[16] Institutions that conduct animal research must have an institutional animal care and use committee. This is the committee that reviews and approves, or denies, animal research protocols submitted for review.

Research compliance should ensure that the institution has an adequate program for the review and conduct of animal research protocols and that all facilities and procedures meet the regulatory requirements for animal research.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook X LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings