TIES Cancer Research Network Y 3 Face to

TIES Cancer Research Network Y 3 Face to Face Meeting U 24 CA 180921 Session 5 Regulatory Update October 9 th, 2015 University of Pennsylvania

Agenda • Mission and goals of the TCRN Policies and Processes Subcommittee • Network Agreement • TCRN Standard Operating Procedures (SOPs) • Auditing in TIES • Open Discussion – How to deal with ancillary and outcomes data

TCRN Policies and Processes Subcommittee Our mission: • To establish an agreed upon set of policies, procedures and recommendations that will enable all TCRN users to collaborate in a secure and regulatory compliant system. Our goals: • Identify what policies and procedures are needed to enable inter-site use of TIES while maintaining regulatory compliance • Define policies and procedures to be followed by TCRN members and their users • Generate recommendations for consideration by the TCRN Executive Committee • Ensure that TIES is secure and compliant with regulations • Provide trans-network communication on matters such as de-identification quality, security, etc. • Ensure compliance with all policies surrounding the security and privacy of the system by review of de-identification validation results and user audits

Subcommittee Members University of Pittsburgh: Rebecca Jacobson, MD, MS Vanessa Benkovich, MBA, CT(ASCP)CM Julia Corrigan Roswell Park Cancer Institute: Monica Lopez Murphy, BSMT University of Pennsylvania: Jo. Ellen Weaver, BSMT Georgia Regents University: Roni Bollag, MD, Ph. D Jinni Carrick

Network Agreement The TCRN Network Agreement is a “trust agreement” negotiated among the founding TCRN institutions. • Puts forth Data Use terms and an agreement to use the Uniform Biological Material Transfer Agreement • Enables new institutions to join the TCRN with the instrument of adherence • Establishes two governing committees • Defines the criteria each member must follow to ensure a secure and compliant use of TIES by all users: • Members will implement all TCRN SOPs and will comply with all policies • Members will follow defined security requirements • Members will provide IRB approval for use of the system

TCRN Standard Operating Procedures (SOPs) are the policies that regulate the use of the TCRN. All TCRN member institutions agree to follow the SOPs: • Governance • Validation of De-Identification Quality • Study Registration and Authorization • Verifying Eligibility of TCRN Users • Step Up Requests • Auditing of TCRN Users and Searches • Incident Reporting • Joining of New Member Institutions There is also a recommendation: • Recommendation for Member Institutions Establishing Approval Committees for External Users.

TCRN SOPs – Network Processes & Organization SOP Purpose Elements Governance To ensure that all TCRN members participate in governing the network Defines the role and tasks of the TCRN Executive Committee and the Policies & Procedures Subcommittee Validation of De. To ensure that TCRN members Defines requirements for de. Identification Quality achieve an acceptable level of identification during the initial load text de-identification process and annual ongoing QA Study Registration and Authorization To outline the requirements and procedure for TCRN study registration and authorization Describes requirements and procedures TCRN applicants, admins, and approval committees follow to create TCRN studies Verifying Eligibility of To ensure that only eligible Defines the criteria TCRN applicants TCRN Users investigators are granted TCRN must meet in order to become TCRN access users Step Up Requests To outline the process for users to increase their level of access to the network 7 Describes the process TIES or TCRN users follow to request higher level access to TCRN

TCRN SOPs – Ongoing Network Processes SOP Purpose Elements Auditing of TCRN Users and Searches To ensure that all users accessing TCRN are using the network appropriately and to assess value of TCRN Describes three forms of auditing to determine 1) that current users are valid users, 2) that searches are within the scope of the user’s approved use of the system, and 3) the value that the network provides Incident Reporting To describe incidents that Provides instructions for dealing with may arise in TCRN and how eight potential security and privacy members must report and threats respond to them Joining of New Member Institutions To outline the requirements and process for new institutions to join the TCRN 8 Defines the criteria new institutions must meet in the following areas: 1) security, 2) preparation, and 3) resources, and the process to apply for and join the TCRN

Policy Workflow

Requirements for TCRN Studies Requirements and processes for TCRN studies vary based on requested level of access: Access Level Approval by TCRN IRB Member Institutions UBMTA Aggregate Data Only Required _ _ Reports Only (Data Only) Required _ _ Reports and Biomaterials Required 10

Auditing of TCRN Users and Searches Different levels of audits will be performed by each TCRN institution. • Valid system user audit – performed every 6 months • Check if users are still valid users • Still employed by the institution • Have not violated TCRN data use rules • IRB approvals and/or MTA approvals (if applicable) are valid • TIES query validation – performed annually • Identify searches that are incongruent with the research topic or IRB approval • Identify searches attempting to re-identify a particular patient or case • Annual TCRN User Survey • Survey sent to all users requesting information regarding publications, presentations, pilot data, grant submissions, etc.

Auditing in TIES – The Basics Auditing of TCRN Users and Searches SOP has three components: • Valid system user audit • TIES query validation • Annual TCRN user survey New tool built into TIES v 5. 4 allows us to audit queries: • Are the user’s searches related to their study description/IRB? • Are they attempting to re-identify a patient? How we can use the tool: • Compare user’s queries to their protocol description • Check for text search terms that indicate an attempt to re-identify a patient

Auditing in TIES – The Tool • Included in upcoming release of TIES v 5. 4 • Available to TIES Administrators Login as a Regulatory Administrator There is a new auditing option in your toolbar

Auditing in TIES – The Tool Main screen of Activity Log

Auditing in TIES – Key Features Sort by any category

Auditing in TIES – Key Features Show or hide categories

Auditing in TIES – Key Features View more information with tooltips • Will be able to view brief study description

Auditing in TIES – Key Features Change the date range • Choose custom dates • Can refine to last year, last 6 months, last 30 days, last 7 days, and today

Auditing in TIES – Key Features Search the query log

Auditing in TIES Query Audit Includes instructions from the Auditing of TCRN Users and Searches SOP Export audit record as. csv Select the year to audit

Auditing in TIES Excel Export • Enables simple record-keeping • Easy to analyze

Auditing in TIES Future Changes • Will include the ability to view statistical data in chart or graph form • Number of users and active users, number of searches, etc. • Can use this information to analyze TIES use at your node

Auditing Records All auditing records are recorded in REDCap (Research Electronic Data Capture). • RPCI hosts the data • All TCRN Regulatory Administrators can login to view auditing records from all sites Go to Audit Tracking screen View auditing records Create new auditing record

Auditing Records - REDCap Form to complete to track audits

Open Discussion Dealing with Ancillary and Outcomes Data Our panel Georgia Regents University: Jinni Carrick Roswell Park Cancer Institute: Monica Lopez Murphy University of Pennsylvania: Jo. Ellen Weaver University of Pittsburgh: Vanessa Benkovich