In our last two posts in this series, we looked at the regulatory guidance on capturing protocol deviations (PDs) and the three competing objectives.  Next up:  how deviations are identified and captured. Deviations can be identified by almost any role during any study activity:

• By sites during routine quality control activities
• By CRAs during remote or on-site monitoring
• By automated edit checks during routine data cleaning
• By data management during query resolution
• By data management, centralized monitors, medical monitors, or biostatistics during data review

After PDs are identified, methods for capturing them fall broadly into two categories:  site-centered and CRA-centered. A site-centered process starts with the premise that sites are ultimately accountable for recognizing and responding to protocol deviations.  Accordingly, sites capture PDs in a log form in the EDC system, or through a flag in EDC that allows data points to be identified as PDs. Where sponsor and CRO team members identify PDs, they alert the sites, usually through the CRA, so the sites can enter the PDs into this system.  The source for these entries may be a manual log maintained by the site, or CRAs may be required to enter queries in the database to document all potential PDs identified by the sponsor or CRO team, which prompts the site to log PDs in the eCRF, and provides a useful source for cross-checks. Pros:  Site capture makes the sites accountable for their protocol deviations, which aligns with the regulatory view.  Having PDs in the EDC system puts them under the same controls as the rest of the data. Cons:  PDs identified by the sponsor may get lost as they are funneled from the study team to the CRA to the site.  It is more difficult to achieve data entry consistency with a large pool of site staff, as opposed to a smaller pool of CRAs. A CRA-centered process puts the burden of collection on the CRAs. Here, PDs identified by sites, CRAs, and other study team members are routed through the CRAs, who capture them either in the EDC system, or in the Clinical Trial Management System (CTMS). Pros:  If a CTMS is used, it can populate the PD listing, site monitoring report, and follow-up letter, saving time and ensuring accuracy.  Cons:  Using a CTMS results in yet another data capture system that must be strictly controlled, and the data must be exported and transferred for inclusion in the clinical study report.  If the EDC system is used, it must be strictly controlled so the team can prove that CRAs did not have write access to other data points. Philosophically, who should capture protocol deviations - the site or the CRA?  If we consider protocol deviations as data, then sites traditionally capture data; we would not count on CRAs to capture blood pressure readings in EDC. If we consider protocol deviations as outputs of monitoring activities, then the responsibility clearly belongs with the CRA; we would not ask sites to enter queries into the EDC system. If we consider protocol deviations to be both outputs of monitoring activities AND data, then it makes sense to have CRAs and data management generate queries to document identification, and sites to complete a PD log in the controlled EDC system to capture them as data.