Definitions
Protocol deviation: is any breach, divergence or departure from the requirements of Good Clinical Practice or the clinical trial protocol
Serious breach: a breach of Good Clinical Practice or the protocol that is likely to affect to a significant degree: a) The safety or rights of a trial participant, or b) The reliability and robustness of the data generated in the clinical trial.
Note: this guidance's definition of serious breach differs from the definition in the Australian Code for the Responsible Conduct of Research and is about deviations from the requirements of Good Clinical Practice or the clinical trials protocol.
Suspected breach: a report that is judged by the reporter as a possible serious breach but has yet to be formally confirmed as a serious breach by the sponsor.
Data Breach: any actual or suspected unauthorised access or use, misuse, damage or destruction of data by any person. It can be any incident in which data is compromised, disclosed, copied, communicated, accessed, removed, destroyed, stolen, lost or used by unauthorised individuals, whether by accident or intentional.
Requirements for reporting of protocol deviation and breaches
Protocol Deviations do not need to be notified to the HREC, unless they meet the definition of a serious breach. Therefore researchers need to make HRECs aware of the small sub-set of deviations that have a significant impact on:
- the continued safety or rights of participants, or
- the reliability and robustness of the data generated in the clinical trial.
These are what we call 'serious breaches'. The investigator should also report a serious breach at their site to their institution (via the Research Governance office). This is because the breach could impact on medico-legal risk, the responsible conduct of research, or adherence to contractual obligations.
For more information on deviations and breaches, see the NHMRC document Reporting of Serious Breaches of Good Clinical Practice (GCP) or the Protocol for Trials Involving Therapeutic Goods. This guidance applies to both commercial and non-commercial clinical trials involving therapeutic goods. For local requirements please refer to the CRDO Launching Pad for the management and reporting of protocol deviations and serious breaches.
Reporting - how to
Serious and suspected breaches must be notified to the HREC in a timely manner.
Serious Breach Report Form (Sponsor) and
Suspected Breach Report Form (Third Party) which must provide a detailed description of what occurred and the steps taken to resolve/address the issue or prevent future occurrences . The report should be completed via
ERM
as soon as practicable.
All Data
Incidents involving
MCRI projects must be reported to MCRI's Privacy Team to be assessed for
severity and impact on affected participants in line with the Privacy Act.
Please complete the form located on the Privacy Hub at Data
Incidents as soon as possible.
What
happens next?
- take steps to contain
the Data Incident and then refrain from further action until we contact
you.
- The MCRI Privacy Team
will review the Data Incident and may ask the research team for more
information to decide if the affected individual/s needs to be
notified.
- the MCRI Privacy Team
will prepare a recommendation and for higher risk incidents share it with
the Data Incident Response Team for their input or approval.
- the team that reported
the incident will be informed of our proposed course of action. In complex
cases, both the Privacy and REG Teams will collaborate with the reporting
team to determine the best approach. If the incident is significant and
could impact MCRI's reputation, we will escalate it.
- For all HREC approved
projects the REG team will be notified as part of the review process.