Developing a Corrective and Preventative Action Plan

May 2022 Issue

(Note: this article is an update of CRRO Corner article published in January 2018)

Author(s):

  • Mary-Tara Roth, RN, MSN, MPH, Director, Clinical Research Resources Office

    •  

PRINT

Introduction

Human subjects research is a complicated undertaking. During or even after the conduct of a research protocol, it is not uncommon to find that, for one reason or another, the approved protocol has not been followed. These occurrences or deviations can have a range of possible impacts depending on factors such as the overall risk of the study, and the nature and extent of the deviation(s). Certain deviations could cast doubt on the integrity of the data collected to support the study question; or even worse, result in harm to subjects or increase the risk of harm to subjects. Once uncovered, action must be taken to correct the problems and prevent future occurrences. This is commonly referred to as developing and implementing a “Corrective and Preventive Action (CAPA) Plan”.

As in any complex process, a research study can be considered a “quality system.”  It is essential to ensure quality at every step, and have a process in place to identify, correct, and prevent future occurrences that may affect the quality of the final “product.”  A Corrective and Preventive Action Plan (CAPA) is used for this purpose.  A successful CAPA can help protect the rights, safety and welfare of study participants, and reliability of the data to answer the study question.  An effective CAPA can mean the difference between a study staying open or being suspended or terminated; and can be the difference between an FDA audit or other inspection observations that do and do not result in further regulatory action. It’s not easy to get it right, but it’s absolutely imperative that you do. This article will provide background about CAPA plans, examples of inadequate corrective actions, and the steps to developing a strong corrective and preventive action plan. While reviewing this article, please also refer to the Corrective and Preventive Action (CAPA) Plan template, which was recently updated in May 2022 and is available on the IRB website.

 

Background

The term CAPA has been around a long time, and actually comes from the manufacturing field. In this context, it’s not a one-time activity, but a systematic, iterative approach where processes are in place to review data at multiple steps in the manufacturing process for the purpose of identifying, correcting, and preventing quality issues. A CAPA process is required by the FDA device regulations 21 CFR 820.100. So …. you might ask: “I’m not making devices … I’m conducting a research study. Why does this apply to me?” Well, you should think of the conduct of your study as a “quality system.” When you ensure there is quality at every step, and have a process in place where you identify, correct and prevent future occurrences that may negatively impact the quality of your final “product” (i.e., your data), then the end result is that your study and data is more likely to be of high quality. The CAPA steps listed in the device regulation referenced above are pertinent to any quality system. Thus, these steps and process can be implemented in a “quality system” such as the conduct of a research study. Here at BMC/BU Medical Campus, we most often hear about CAPA plans when investigators are asked to submit a CAPA plan along with major deviation reports and/or reports of Unanticipated Problems (UPs). If your study undergoes an IRB-requested audit or a routine Quality Assurance review and there are findings, you may be asked to develop a CAPA. It’s important to know that the CAPA plan you develop will be evaluated based on the steps you put in place to correct and prevent the problem in the future-- not just with your current study, but your future studies, too.

 

CAPAs and FDA Warning Letters Review Process

FDA inspectors are often responsible for auditing processes outside of clinical research that relate to the overall development of a drug or device, and where quality systems and CAPA are well-defined within the regulations. For example, they may audit the manufacturing facility of a drug maker or the labs where animal studies are done.  It follows that over time  as the FDA harmonized its auditing processes, the expectations for what it takes to correct a problem that has been identified during an FDA audit of a clinical study, is similar to the process that is expected for these other types of audits. (For a detailed understanding of the FDA audit process for clinical research, you can take a look at the FDA’s Investigations Operations Manual and Regulatory Procedures Manual.) To understand what it takes to develop corrective actions that will satisfy the FDA (and other auditors), it is helpful to look at trends in FDA warning letters that are posted on the FDA’s website. Here are three examples of the FDA’s assessment of inadequate corrective actions and why (with bold text added):

  1. Your written response is inadequate because your corrective action plan is not sufficient to prevent similar violations in the future. Specifically, we note that only the current research coordinator has been trained on the new and revised SOPs. Several of the SOPs specify that they are applicable to all clinical research personnel at your site, including you as the clinical investigator; however, there are no details that you and other study staff have been or will be trained on them. In addition, you did not provide details regarding when and how the current research coordinator was trained on these SOPs. Without these details, we are unable to determine whether your corrective actions appear adequate to help prevent similar violations in the future.  (from Tarquino, 4/5/2022)

  2. We are also unable to determine if your written response provides a corrective action plan that, if properly carried out, would prevent this type of violation in the future. Specifically, you did not provide sufficient details about your plan for implementing additional measures and procedures to address the inspection findings concerning your failure to follow protocol procedures. For example, you did not indicate whether you and your staff underwent retraining activities to prevent future protocol violations. In addition, your written response does not provide sufficient details about how you personally will ensure adequate oversight of study procedures (for example, discontinuation of randomized treatment due to safety measures) and protocol training for you and your study staff. Without these details, we are unable to determine whether your corrective action plan is adequate to prevent similar violations in the future.  (from Findling, 12/31/2019)

  3. We acknowledge the corrective actions your site has taken specific to the implementation of site staff training and the documentation of sponsor communication by site staff. However, we request that you also specify the corrective actions that you, as a clinical investigator, have taken to prevent similar violations in the future. (from Lopez-Brignoni, March 2, 2021)

  4. An analysis of warning letters to clinical investigators shows the following trends in deficient plans:

  • Insufficient detail regarding the specific corrective actions to be taken to address a particular problem.

  • Insufficient detail as to the proposed corrective actions.

  • Not addressing why a specific problem occurred (note: there may be multiple causes to some problems).

  • Not addressing the preventive measures that will be taken.

  • Not describing the extent/pervasiveness of the problem (i.e., how many subjects were affected in the current study; and did the problem extend to other studies that used the same processes).

  • Inadequate documentation of the corrective actions taken.

  • Not specifying the timeframe in which corrective actions have been or will be undertaken/completed.

  • Insufficient detail on improvements to oversight by the principal investigator.

 

Corrective Actions and OHRP

In addition to knowing how the FDA handles deviations and assesses corrective actions, there is OHRP guidance that also underscores the importance of ensuring that a plan should be developed so that such problems are prevented in the future. OHRP’s “Guidance on Reporting Incidents to OHRP”, June 20, 2011, (see Section IV) states: “When reviewing a report of an unanticipated problem, OHRP assesses most closely the adequacy of the actions taken by the institution to address the problem. …. In particular, OHRP assesses whether or not the corrective actions will help ensure that the incident will not happen again, with the investigator or protocol in question, or with any other investigator or protocol….”

 

7 Steps to a Successful CAPA

In the event that problems are identified in a protocol that you are conducting, either through your own internal quality reviews or via an external audit, you should act on the steps below as soon as you become aware of the problem. These steps comprise your CAPA, and following them can help you avoid the problems noted above regarding inadequate CAPAs:

  1. Report the problem to the IRB, sponsor and to other entities as applicable.
    • Depending on the extent of the problem(s) and their potential to impact the overall risk of the study, your protocol reporting requirements, and your reporting requirements to the BMC/BU Medical Campus IRB (and/or a reviewing IRB if applicable), you may also need to report to various entities such as the industry sponsor, the lead site or coordinating center, your NIH institute/center, and/or the FDA (if you are the investigator-sponsor and the study is operating under an IND or IDE that you hold).
    • Reporting to the IRB (via submission of a Reportable Event and New Information (RENI) form) should happen right away.  While you may need to amend the RENI and update the IRB after you uncover more information, you shouldn’t wait until you have developed a full CAPA plan to inform the IRB. Per the BMC/BU Medical Campus IRB policy, Major Deviations and Unanticipated Problems (UPs) should be reported through a RENI form within 7 days of the PI/study team becoming aware of the deviation and/or UP. Make sure to know the reporting policies of the IRB of record, if different from BMC/BU Medical Campus IRB.  You should report it once you know of the problem, and inform the IRB in your report that your CAPA plan is in development. You can also describe any immediate measures you have taken to address the problem.
  1. Evaluate the extent of the problem.
    • In the CAPA, provide a narrative of events (including a timeline with dates, as applicable) and explain the extent of the problem, such as:
      • the number of subjects impacted, and;
      • the number of subjects harmed, and;
      • the number of subjects potentially harmed.
    • If there are multiple problems, describe each one under a separate sub-heading.
    • You should also provide details about whether the problem could extend beyond this study, if other protocols follow similar processes and share staff from the current protocol. If so, identify those studies and your plan for assessing similar problems, and applying this CAPA to those studies as needed.
  1. If possible, correct the problem(s) as it relates to current/active subjects.
    • You should take immediate actions, if needed, to correct the problem, and describe these immediate actions in your CAPA. If no immediate actions are taken, your CAPA should explain why actions were not needed to correct the problem(s).
  1. Determine the cause(s) of the problem.
    • There may be multiple levels of causes to a single problem, and it is important to determine all possible points of process failures. You should perform a root cause analysis by using “5-Whys”, Ishikawa diagram, or a similar method(s), so that appropriate corrective actions can be implemented to address the various contributing causes. Some causes may require involvement of your department, or institution if they lie outside your direct oversight. If you determine that there are multiple root causes, explicitly state each under separate sub-headings in your CAPA plan.
  1. Develop processes to ensure that the problem is prevented in the future.         
    • To be effective, most CAPAs will include some new procedures, processes, and/or workflows. These should be documented in the written CAPA, and any relevant documents (e.g., new workflows or standard operative procedures (SOPs), checklist, training logs) should be attached to your RENI submission.
  1.  Train staff and others (as applicable) on the new processes.
    • It’s imperative to document the training you have done to correct any deficiencies. As applicable, provide details on who will be trained, date(s) of training(s), who will lead the training(s), and how the trainings will be conducted (self-training, group-training, etc.).  Be sure to document all of the above in a training log.
  1. Follow up to ensure that all steps of the CAPA plan are successful.
    • This may be done in the form of a self-audit to make sure the CAPA was followed and that it had the intended effects on preventing further problems.  Your CAPA should provide details as to how and when you will follow up to check on CAPA effectiveness.  Make sure to document what you did to assess, and the results of this assessment, and keep this information in your regulatory documentation. If the evaluation shows that the CAPA did not resolve the problem, then include your plan for notifying the IRB [such as submitting a new Reportable Event and New Information form (RENI) if noncompliance reoccurs] and updating your CAPA. Your CAPA evaluation(s) should be well-documented and maintained in your regulatory files. You may also request a follow-up audit by the OHRA QA team on request.

 

And don’t forget…

There are a few aspects of CAPAs that are commonly missed, but that are absolutely ESSENTIAL. One is to adequately document each of the steps you take in your plan. For example, you may have had a great training program to update staff on important processes, but if you don’t note who attended the training, what was presented, who led the training, and when it occurred, any future audit of your protocol would likely find that this training component of your CAPA is deficient. Your documentation should provide evidence to any future auditor (and to your future staff) as to what processes have been developed or amended, who has been trained and when, and whether you have performed quality checks (internal audits) to ensure the plan has been successful.

Another important commonly missed aspect of a successful plan is specifying a timeframe on completion of your corrective actions. For example, it’s not enough to state that you will provide training for your staff. You should specify the date the training of your staff will be completed.

Finally, adhere to your promises and make sure you do what you say you are going to do! The last thing you want is for a re-audit of your study to take place, only to find that there are steps that haven’t been done which you had promised to put in place to ensure compliance and protections.

 

Moving forward

Diligent oversight and ongoing review and assessment of your adherence to the protocol will go a long way to preventing problems that can impact your data integrity and subject safety. If such problems are uncovered, it is important to know how to address them and prevent such problems in the future.

The IRB provides a template for preparing your CAPA plans. This template was significantly updated in May 2022.  We hope this new and improved version will provide you with helpful guidance for developing an effective CAPA. If you need assistance in creating a CAPA plan, the CRRO can help. Also, the CRRO has specific customizable templates to assist you, such as documenting staff training, documenting participant eligibility, performing self-assessments in common problem areas (consent, eligibility, protocol compliance), and more.