Policies, Procedures & Guidance
Standard Operating Procedures (SOPs) for Clinical Research
Standard Operating Procedures (SOPs) for Clinical Research are established to ensure we articulated our expectation for clinical research execution standards that adhere to federal and state regulations and institutional policies.
Outline purchasing and billing compliance review processes.
Detail expectations for clinical investigators adherence to federal state and institutional requirements
SOP 200 — Compliance Reviews
SOP 201 — Regulatory Inspections
SOP 203 — FDA Form 1572 Policy
SOP 206 — ClinicalTrials.gov
SOP 206 Attachment — ClinicalTrials.gov Attachment
SOP 207 — External IND Safety Reports
Operational / Research Technology SOPs detail the requirements for the use of clinical research systems
SOP 400 — CRMS Requirements
SOP 402 — PennChart Research Associations
SOP 403 — PennChart Research Study Maintenance
SOP 404 — PennChart Research Billing
SOP 405 — REDCap Training and Access
SOP 406 — External Monitoring
SOP 407 — PennVault Training Access
SOP 408 — PennVault eTMF Study Access
SOP 409 — Veeva SVE Access Change Control
SOP 410 — Research Honest Broker Access Process
Manufacturing SOPs detail the requirements to register manufacturing activity and detail the training requirements for all manufacturers
SOP 101 — Good Documentation Practices
SOP 102 — Form Deviation CAPA
SOP 104 — Training
Training SOPs detail the training requirements for all research team members
Clinical Research Guidance
The following are guidelines developed for Penn Medicine clinical research teams and links to helpful external resources. They have been developed in partnership with relevant offices across Penn Medicine.
Requests for space to support the conduct of clinical research may require allocation of UPHS space. Such requests may be triaged for consideration by the Office of Clinical Research in conjunction with the hospital Space Committee who will assist investigators in identifying space and in properly specifying suballocations of space with shared research and clinical research uses for clinical research professionals.
The intent of the PSOM Guidance for Adverse Event (AE) Assessment is to provide early, mid and senior career investigators a roadmap on how to investigate, perform, and confirm AE assessments.
Registering Studies and Submitting Results to ClinicalTrials.gov
The following guidance is designed to help the clinical research team navigate the ClinicalTrials.gov (i.e., the Protocol Registration and Results System or PRS system) registration process. If you have any further questions about the process of setting up an account and submitting information to ClinicalTrials.gov, PRS has published a detailed PRS Users Guide found at https://prsinfo.clinicaltrials.gov/prs-users-guide.html or contact OCR at firstname.lastname@example.org.
Click to review how to Registering Studies and Submitting Results to ClinicalTrials.gov
NIH Data Management & Sharing Policy (2023)
More Information on how Penn is preparing and providing resource: https://guides.library.upenn.edu/NIH
- What is new about the 2023 NIH Data Management and Sharing Policy?
- Beginning on January 25, 2023, ALL grant applications or renewals that generate Scientific Data must include a detailed plan for managing and sharing data through the entire funded period with plans for data dissemination. You must provide this information in a Data Management and Sharing Plan (DMSP). In addition, once the award is made and plan approved, compliance with the DMSP will be a determining condition of the work, meaning it can impact future funding decisions.
- Why is the NIH making these changes?
- The NIH is emphasizing good data stewardship with the goals of advancing rigorous and reproducible research and promoting public trust in scientific endeavors.
- How does the NIH define scientific data?
- Scientific Data are "the recorded factual material commonly accepted in the scientific community as of sufficient quality to validate and replicate research findings, regardless of whether the data are used to support scholarly publications. Scientific data do not include laboratory notebooks, preliminary analyses, completed case report forms, drafts of scientific papers, plans for future research, peer reviews, communications with colleagues, or physical objects, such as laboratory specimens."
- Am I required to share my data?
- The policy encourages efforts to maximize appropriate sharing, but recognizes exceptions (i.e., legal, ethical, or technical reasons). These reasons must be communicated in the NIH DMSP. In addition, sharing plans must be communicated in informed consent documents. In the end, ALL data must be managed, even if not all data can be shared.
Permissions & Guidance:
- IRB Regarding Approvals
- Clinical Trials.gov
- Privacy Policies and Guidance
- Penn Clinical and Biospecimen Data Sharing
- Federal and State-Specific Laws - HIPAA Waiver Form
(Search HIPAA on left hand side menu, and click update)
- DART website regarding secure storage and computing options
- Penn Research Analytic Storefront regarding where to find clinical data for research
- Data Analytics Center (DAC) for submitting data request
Data Classification/ Sensitivity
Penn Medicine/ University of Penn classifies data into three categories based on the level of data sensitivity, government regulations and existing PSOM or Penn Medicine policies.
More information on this and the Penn Data Classification policy can be found here. This includes information on Penn Box and what information can and cannot be stored there.
- PSOM Data Handling Policy
- Cures Act FAQ - see guidance section on Cures Act and Research
Use of PHI in Email for Research
These guidance documents are important to the use of email and PHI in communication with patients and other Penn Medicine staff and employees. Penn Medicine’s Privacy Office and Information Security Office’s has issued guidance on avoiding and minimizing PHI in email communications. The Office of Clinical Research has collaborated with the Office of Audit Compliance and Privacy (OACP) to create a specific guidance on the use of email during the conduct of research studies and clinical trials.
As the guidance specifies, spreadsheets of PHI should never be emailed. You may use secure share as an alternative.
Another option to utilize is Penn Medicine MS Teams. This tip sheet and PowerPoint provide additional guidance and information on how to use MS Teams to share PHI securely via Teams. As a reminder, the minimum of PHI should always be used and shared.
Use of PHI in Text for Research
The purpose of this document is to provide guidance to researchers considering using texting as a form of communication with study participants. Please note texting may raise privacy concerns on behalf of recipients, especially before subjects have signed consent.
The 21st Century Cures Act and the new ruling from the Health and Human Services department of the Federal Government, Penn Medicine is required to allow patients increased access to their electronic medical record. The purpose of this Act is to promote the patient’s right to electronically access their information, expand the electronic exchange of health information, standardize & expand the content of the health information dataset, reduce barriers for electronic health information exchange, and prevent health information exchange blocking.
The 21st Century Cures Act also regulates how to share information with patients including research results. The law has provisions for holding results if the release would reveal the results of the study, hence we need the insight of the research team confirming the need to hold or release research results. For more information refer to the guidance document, HERE
- Penn Medicine (UPHS And PSOM) Guidance Video Conference Platforms and HIPAA Protected Health Information (“PHI”). For more information about specifically using telemedicine in research that overlaps with standard of care, continuity of care or any research that involves billing to insurance or mixed billing please refer to the following document/ Clinical Research Connected Health Telemedicine Guidance.
- Telemedicine Document Guidance Tips
- Appendix 1
How to tell if you are using Penn Medicine or University Meeting Services
- Appendix 2
How to configure services for privacy and compliance
- Out of State Telemedicine Guidance and FAQs
- Out of State Physician Licensing Guide
Subjects are often offered monetary or non-monetary payments for their participation in research studies. While many options exist, the decision to provide payment to research subjects is generally made to facilitate timely recruitment of subjects for the study and thereby decrease time to study completion, with the consideration of ethics and effectiveness. Accepted justification of research subject payment include reimbursement for expenses that the subject may incur to participate in the research and/or payment for the subject's time and inconvenience. It is never acceptable to use payment as a benefit to offset the risks of a study. The payment procedures must be detailed in the HS-ERA Protocol Application Form and reviewed by the IRB prior to implementation.
TYPES OF SUBJECT COMPENSATION
Subject compensation are typically classified as either reimbursement or remuneration.
- Reimbursement refers to payment, monetary or other form, paid to a subject for out-of-pocket expenses, such as study-related travel, lodging, meals or lost wages.
- Remuneration refers to payment, monetary or other form, paid to subjects as repayment for their personal time and effort committed to study participation.
All subject payment procedures should be described in the study protocol, HS-ERA Protocol, and the Informed Consent Form, which must be approved by the IRB prior to study initiation.
Note: Although the IRB may approve a subject payments for a protocol, this does not imply that the payment method is allowable under University Financial Policy. The IRB reviews payments to ensure that they will not unduly influence a subject's decision to participate, but they do not review the payment procedures to ensure they follow University Financial Policy. It is the responsibility of the investigator or research coordinator to ensure that the proposed payment procedures are in compliance with University Financial Policy.
The Business Office’s Guide for Approving Human Subject Payments provides information and guidance on remuneration and reimbursement of out-of-pocket expenditures provided to research subjects participating in research trials.
This guidance has been generated to help distinguish electronic signatures, from part 11 compliant signatures, and digital signatures. DocuSign signatures are considered part 11 compliant if access via the Office of Clinical Research and PMACS/ DART. Other types of DocuSign or access points are not compliant.
Note: This document does not cover the use of digital or electronic signatures related to contracting, business administration, grant/proposal submission systems, or the effort reporting system (ERS).
This document outlines the step by step instructions for creating a compliant adobe eSignature. The purpose of this document is to promote the adoption of digital signatures, by individuals using a PMACS/DART or UPHS managed computer in clinical research, by providing the processes of how to create a signature in Adobe Acrobat and how to verify it to meet 21 CFR Part 11 compliance
The following documents outline best practices and requirements when using social media to support research recruitment or other research related activities.
- Guidance on Recruitment & Research Using Social Media (link out to Penn IRB's website)
- Social Media Best Practices (requires Penn Login)
Vendormate is a 3rd party vendor Penn Medicine uses to back ground check pharmaceutical company representatives, and their immunization status. This to mostly protect patients especially immunocompromised patients in clinic spaces. Registration in Vendormate costs about $250 per year to register. This requires yearly renewal by the company, and updates of the representatives immunization records. The cost for this is included in the budget template by OCR Finance so teams can incorporate it before they negotiate with the pharmaceutical sponsor. The pharmaceutical representative category is also extended to CRO/ sponsor monitors that will be in clinic spaces.
- The link below is a brief step by step of how a Pharmaceutical vendor rep registers on the platform, and the screen shot below is that of the main website, and video tutorial that the vendor can accesses at: https://registersupplier.ghx.com/reg/network/vendor/
- Step-by-Step Link: https://www.med.upenn.edu/ocrobjects/attach/2020-06_Vendormate.pdf
- The policy that refers to Vendormate and pharmaceutical representatives resides on the UPHS Intranet at (Document is password protected. Copy-paste link in browser if clicking does not open it): https://pennmedaccess.uphs.upenn.edu/f5-w-687474703a2f2f75706873786e65742e757068732e7570656e6e2e656475$$/pahhome/pahpolicies/M15.pdf
- Contact for Vendormate at Penn:
Director, Materials Management
Hospital of the University of Pa
Email: Robert.Fisher@uphs.upenn.edu/ Robert.Fisher@pennmedicine.upenn.edu
Artificial Intelligence, AI, is the process of imparting data, information, and human intelligence to machines. The main goal of Artificial Intelligence is to develop self-reliant machines that can think and act like humans. These machines can mimic human behavior and perform tasks by learning and problem-solving. Most of the AI systems simulate natural intelligence to solve complex problems.
Machine learning is a subfield of artificial intelligence, or an application of AI, which is broadly defined as the capability of a machine to imitate intelligent human behavior. It allows a system to automatically learn and improve experience. Artificial intelligence systems are used to perform complex tasks in a way that is similar to how humans solve problems.
Deep Learning is a subset of machine learning that uses vast volumes of data and complex algorithms to train a model.
There are several different ways that AI might be used in research but of particular note are uses of Electronic Medical Record (EMR) data in order to conduct modeling, predict care pathways or interact with patients.
Penn Medicine’s Position on AI and Research:
New artificial intelligence (AI) and machine learning (ML) capabilities, methods, and platforms offer great promise for patient care and research. Notably, large language models such as ChatGPT have been gaining traction and driving imagination on potential applications in healthcare and clinical research – particularly to increase efficiency and productivity. While we support and encourage exploration of AI/ML capabilities, this guidance provides compliance reminders and guardrails to ensure that we continue to protect patients’ privacy and deliver patient care following validated standards.
Patient Privacy Protection: It is not permissible under HIPAA or Penn Medicine policy to share patient or research participant information in connection with public AI/ML services, such as ChatGPT. This is because, as currently configured, such public services can use and share any data without regard to HIPAA restrictions and other protections. Therefore, individual patient data and patient data sets (even if deidentified) may not be exposed to AI/ML services.
Penn Medicine will contribute to the evaluation and development of innovative technologies, in a manner that is compliant with HIPAA and other privacy laws, Penn policies and guidance.
FDA Regulations and AI as a Device
The use of AI in research
FDA Main Page: Artificial Intelligence and Machine Learning in Software as a Medical Device
FDA regulation of AI/ML is evolving, as the field continues to rapidly evolve. Additional information can be found at the following link: https://www.fda.gov/medical-devices/software-medical-device-samd/artificial-intelligence-and-machine-learning-software-medical-device#regulation
Need additional information or have questions?
Contact OCR Regulatory – email@example.com or 215-662-4484
Penn IRB Research with Devices information: https://irb.upenn.edu/homepage/biomedical-homepage/guidance/types-of-biomedical-research/research-with-device-products/
Penn Medicine has developed guidance on the sharing of clinical data and biological samples, whether deidentified or not, with third parties. The guidance is maintained between OACP and OCR and maybe found HERE
Broadly, ‘digital health’ refers to wearable devices, telehealth, and health information technology. Digital health technologies (DHTs) use computing platforms, software, connectivity, and sensors for medical and healthcare uses.
- Penn’s Center for Digital Health: https://healthcareinnovation.upenn.edu/center-for-digital-health
- FDA Digital Health Center of Excellence: https://www.fda.gov/medical-devices/digital-health-center-excellence
- “The Digital Health Center of Excellence (DHCoE) is part of the planned evolution of the Digital Health Program in the Center for Devices and Radiological Health (CDRH) and will align and coordinate digital health work across the FDA. It marks the beginning of a comprehensive approach to digital health technology, setting the stage for advancing and realizing the potential of digital health.”
- FDA Guidance: Digital Health Technologies for Remote Data Acquisition in Clinical Investigations: https://www.fda.gov/media/155022/download
- Outlines recommendations to facilitate the use of digital health technologies (DHTs) in clinical investigations evaluating medical products.
Mobile medical apps are software programs that can run on smartphones and other mobile devices. Some apps are aimed at patients/consumers, and other are aimed at healthcare providers. The FDA regulated mobile medical apps via a risk-based approach. The following links can provide additional information:
- FDA Main Page: Device Software Functions Including Mobile Medical Applications https://www.fda.gov/medical-devices/digital-health-center-excellence/device-software-functions-including-mobile-medical-applications
- Describes mobile medical apps, discusses how FDA regulates device software functions, and lists device software functions that are the focus of FDA oversight.
- FDA Guidance: Policy for Device Software Functions and Mobile Medical Applications: https://www.fda.gov/media/80958/download
- FDA Guidance: Clinical Decision Support Software (CDSS): https://www.fda.gov/media/109618/download
- CDSS is a type of software intended to provide decision support in the diagnosis, treatment, prevention, cure, or mitigation of diseases. This guidance applies to CDSS intended to be used by healthcare professionals.
- FDA Guidance: Content of Premarket Submissions for Device Software Functions: https://www.fda.gov/media/153781/download
- Provides guidance about recommended documentation for premarket submissions of device software functions (i.e. Investigational Device Exemptions (IDE), among others).
- FDA Guidance: Off-The-Shelf Software Use in Medical Devices: https://www.fda.gov/media/71794/download
- Recommended for review if you are considering incorporating off-the-shelf software in developing a medical device.
For studies where data management is being performed by individual research teams, there are a series of documents to assist with overall data management. Find these in the Forms, Tools, & Templates library.
Some of these are high level like:
- Electronic Database Build and Activation Log
- Database Activation Authorization
- CRF Testing Script
- CRF Testing Tracker
- CRF Build and Schedule of Events Tracker
- Data Base Lock Down and CRMS Examples
Others are more system specific to using the Penn CRMS as an EDC/ Database:
- Testing CRFs Overview in Penn CRMS
- Penn CRMS EDC Guidelines and Tips
- Understanding Using an EDC-CRMS Workflows
This document contains information about Source Documentation for clinical trials.
• What Are Source Documents?
• Why Are Source Documents Required?
• Source Document vs. Case Report Form (CRF)
• Location of Source Documents