Deviations and Breaches

  • Definitions

    Protocol deviation: is any breach, divergence or departure from the requirements of Good Clinical Practice or the clinical trial protocol

    Serious breach: a breach of Good Clinical Practice or the protocol that is likely to affect to a significant degree: a) The safety or rights of a trial participant, or b) The reliability and robustness of the data generated in the clinical trial. Note: this guidance's definition of serious breach differs from the definition in the Australian Code for the Responsible Conduct of Research and is about deviations from the requirements of Good Clinical Practice or the clinical trials protocol.

    Suspected breach: a report that is judged by the reporter as a possible serious breach but has yet to be formally confirmed as a serious breach by the sponsor.

    Data Breach: any actual or suspected unauthorised access or use, misuse, damage or destruction of data by any person. It can be any incident in which data is compromised, disclosed, copied, communicated, accessed, removed, destroyed, stolen, lost or used by unauthorised individuals, whether by accident or intentional. 

    Requirements for reporting of protocol deviation and breaches

    Protocol Deviations do not need to be notified to the HREC, unless they meet the definition of a serious breach. Therefore researchers need to make HRECs aware of the small sub-set of deviations that have a significant impact on:

    • the continued safety or rights of participants, or
    • the reliability and robustness of the data generated in the clinical trial.

    These are what we call 'serious breaches'. The investigator should also report a serious breach at their site to their institution (via the Research Governance office). This is because the breach could impact on medico-legal risk, the responsible conduct of research, or adherence to contractual obligations.

    For more information on deviations and breaches, see the NHMRC document Reporting of Serious Breaches of Good Clinical Practice (GCP) or the Protocol for Trials Involving Therapeutic Goods. This guidance applies to both commercial and non-commercial clinical trials involving therapeutic goods. For local requirements please refer to the CRDO Launching Pad for the management and reporting of protocol deviations and serious breaches. 

     

    Reporting - how to

    Serious and suspected breaches must be notified to the HREC in a timely manner. Serious Breach Report Form (Sponsor) and Suspected Breach Report Form (Third Party) which must provide a detailed description of what occurred and the steps taken to resolve/address the issue or prevent future occurrences . The report should be completed via ERM as soon as practicable. 

    All Data Incidents involving MCRI projects must be reported to MCRI's Privacy Team to be assessed for severity and impact on affected participants in line with the Privacy Act. Please complete the form located on the Privacy Hub at Data Incidents as soon as possible. 

    What happens next? 

    • take steps to contain the Data Incident and then refrain from further action until we contact you. 

    • The MCRI Privacy Team will review the Data Incident and may ask the research team for more information to decide if the affected individual/s needs to be notified. 

    • the MCRI Privacy Team will prepare a recommendation and for higher risk incidents share it with the Data Incident Response Team for their input or approval. 

    • the team that reported the incident will be informed of our proposed course of action. In complex cases, both the Privacy and REG Teams will collaborate with the reporting team to determine the best approach. If the incident is significant and could impact MCRI's reputation, we will escalate it. 
    • For all HREC approved projects the REG team will be notified as part of the review process.