SAE Reconciliation: Aligning Clinical and Safety Case Records

Objective. Confirm that every Serious Adverse Event recorded in EDC/eSource is represented correctly in the pharmacovigilance database—and vice versa—with matching onset date/time (and offset), seriousness criteria, outcome, relationship, and MedDRA coding versions.

Matching logic.

• Primary keys: USUBJID + onset date/time (+ offset) + site; secondary: EDC record ID and safety case ID.
• Fields to compare: seriousness criteria; outcome; causality; action taken; AESI flags; hospitalization status; death details (if applicable).
• Dictionary alignment: confirm MedDRA versions match across systems at the time of case processing; document any re-coding.

Cadence and reports. Run weekly extracts from both systems. Use a “three-pane” report: EDC SAE, Safety Case, and delta with color-coded mismatches. Include audit-trail timestamps for late edits and a link to the site query or case narrative.

Discrepancy handling.

• Missing in safety: raise PV ticket; verify if event met SAE criteria; create or update case; reconcile within defined SLA (e.g., 2 business days).
• Mismatched onset or seriousness: confirm source documents; issue targeted site query (avoid PHI; minimum-necessary); update the appropriate system with reason-for-change.
• Coding divergence: if clinical database and safety used different PTs, align to safety case coding or document rationale; ensure CSR and listings are consistent.

Blinding and privacy safeguards. SAE narratives and causality can hint at treatment. Provide blinded teams with redacted narratives and arm-agnostic fields. Route any unblinding necessities to restricted queues with access logs and UTC-offset timestamps.

Evidence to file. Weekly match reports, discrepancy logs with closure notes, audit-trail excerpts (who/what/when/why), and dictionary version attestations. These artifacts demonstrate ALCOA++ and a Part 11/Annex 11-compatible control set that global agencies (e.g., PMDA, TGA) recognize.

PK/PD Reconciliation: Marrying Samples, Doses, and Windows

Objective. Ensure pharmacokinetic/pharmacodynamic sample data align to the actual dosing and protocol-specified windows, with accurate units, BLQ handling, and traceable accession identifiers. This protects the integrity of exposure–response analyses and time-to-sample endpoints.

System of record and keys. The LIMS (or central lab) provides accession IDs, collection date/time (with UTC offset), and results/flags. The EDC/IRT provides dosing date/time and dose amount. Reconcile by USUBJID + collection timestamp + accession ID; when two samples are close in time, include visit/nominal timepoint and tube ID.

What to compare.

• Collection timestamp vs dosing timestamp with protocol windows (e.g., pre-dose, 0.5 h, 1 h, 2 h) and allowed tolerances.
• Unit and conversion (e.g., ng/mL), lower limit of quantification (LLOQ), and BLQ handling rules defined in the SAP.
• Chain-of-custody: cold chain, courier scans, and receipt times where applicable.
• Re-runs: whether repeats replaced originals; capture linkages and audit trails.

Operational tactics. Provide sites with a window calculator in eCRF or job aid. Capture local time + offset on dosing and collection. If wearables influence dosing reminders, record device/app version and “time-last-synced” for context. For rich early-phase designs (SAD/MAD), increase reconciliation frequency to daily during sampling days.

Discrepancy patterns and resolutions.

• Out-of-window samples: document deviation; consider sensitivity analyses; do not delete data—traceability matters.
• Mismatched units: correct units in LIMS or EDC and re-derive results; file reason-for-change and conversion factor.
• Missing dosing time: issue query; if irretrievable, document imputation approach in SAP/ADaM metadata.
• Duplicate accessions: verify tube IDs and timestamps; retain both records with resolution notes if medically justified.

Evidence to file. Mapping tables (accession↔subject/visit), window derivations, BLQ rules, unit conversion tables, audit-trail extracts around edits, and LIMS certification documents. This supports downstream SDTM/ADaM traceability recognizable to regulators (e.g., FDA, EMA).

IVRS/IRT Reconciliation: Randomization, Dispense/Return, and Emergency Unblinding

Objective. Guarantee that randomization events, kit dispense/return, temperature excursions, and emergency unblinding records in IVRS/IRT align to the EDC visit schedule and accountability forms—while protecting the blind.

Matching logic.

• Randomization: USUBJID + randomization date/time (with offset). Confirm stratum/stratification factors match records in EDC/SAP strata variables.
• Dispense/return: USUBJID + visit + kit ID + lot + quantity; match IRT transactions to EDC accountability lines.
• Temperature excursions: logger ID + excursion timestamps + kit/lot; confirm quarantine and scientific disposition recorded in both systems.
• Emergency unblinding: event ID + reason + requester + authorization + timestamp (with offset) + personnel; mirrored in EDC as a protected, arm-agnostic flag for blinded roles.

Segregation and access control. Only unblinded pharmacists/IRT admins see allocation/kit maps. Blinded personnel use arm-agnostic views. All accesses to key/kit maps and unblinding functions must be logged and reviewable, consistent with privacy and minimum-necessary principles (HIPAA/GDPR/UK-GDPR).

Discrepancy handling.

• Missing accountability lines: trigger site query to complete EDC records or correct IRT mapping; verify chain-of-custody.
• Kit mis-attribution: reconcile kit ID and lot; investigate whether a swap occurred; file deviation and impact assessment.
• Excursion without disposition: quarantine immediately; record scientific disposition; update both IRT and EDC.
• Unblinding record mismatch: escalate to governance; verify medical necessity; ensure statistics assess impact on analyses.

Evidence to file. IRT↔EDC match reports, excursion logs with disposition, emergency unblinding dossiers, and access logs for unblinded repositories. These show inspectors that you can reproduce supply and blinding chains demanded by agencies across ICH regions.

Automating the Boring, Escalating the Risky: Tools, Metrics, and CAPA

Interfaces and controls. Treat ETL like data entry: counts and checksums/hashes for each transfer; reject queues with alerts; schema versioning; and clear ownership. Transformations must preserve original timestamps (local time + offset) and units; mapping code should be version-controlled and cited in reconciliation specifications.

Dashboards that drive decisions. Display per-domain mismatch rate, aging, first-pass resolution rate, and time-to-decision. For pre-lock periods, include a lock readiness tile showing open CtQ discrepancies. Arm-agnostic displays for blinded users; restricted queues for unblinded content.

Key performance indicators (examples).

• SAE match completeness: ≥99% within 7 days; 100% by lock.
• PK/PD window adherence: ≥95% on-time; document deviations with scientific rationale.
• IRT accountability alignment: ≥99% of dispense/return matched to EDC within 5 business days; 100% by lock.
• Excursion disposition completeness: 100% within 3 business days of detection.
• Emergency unblinding documentation: 100% complete with UTC-offset timestamps and medical/statistical impact notes.
• Audit-trail drill pass rate: 100% for sampled discrepancies.

Risk signals and targeted review. Use centralized monitoring methods—control charts, funnel plots, robust z-scores, and simple heaping tests—to prioritize where reconciliation is most likely to uncover issues (e.g., repeated last-minute visits, bursts of dosing time edits, spikes in BLQ rates). Trigger targeted SDR/SDV when signals suggest systemic issues.

CAPA that sticks. When root causes recur (e.g., wrong time-zone configuration, unit confusion, courier lane delays), pair training with system gates—window calculators, unit locks, parameter locks, or IRT eligibility gates—and verify effectiveness with the KPIs above. File CAPA and verification results in the TMF.

Decentralized/hybrid specifics. Reconcile eConsent version and eCOA “time-last-synced” fields; include courier scans for DTP shipments; verify home-health visit notes against dosing and sample collection times. For cross-border transfers, document lawful bases and data-minimization practices consistent with privacy frameworks in the U.S., EU/UK, and WHO’s public-health aims.

Inspection-Ready Evidence and a Field-Tested Checklist

Rapid-pull evidence pack for the TMF.

• Reconciliation plan with domain-specific matching logic, cadence, exception taxonomy, and escalation clocks.
• Three-pane match reports (EDC ↔ Safety; EDC ↔ IRT; EDC ↔ LIMS) with closures and audit-trail excerpts showing who/what/when/why with local time + UTC offset.
• Configuration snapshots for EDC (forms, edit checks), IRT (rules, unblinding scripts), LIMS (reference ranges), and PV systems (coding versions) at first patient in, each amendment, and at lock.
• Deviation/impact assessments for material mismatches and corresponding SAP notes or sensitivity analyses.
• CAPA dossiers with effectiveness checks tied to KPIs (e.g., drop in out-of-window samples after window calculator release).
• Access and blinding logs for IRT/pharmacy and emergency unblinding events.

Common pitfalls—and durable fixes.

• Time ambiguity across systems → enforce local time and UTC offset; document DST; verify NTP sync; display time zones on exports.
• Dictionary/version drift (MedDRA, LIMS reference ranges) → freeze versions with effective dates; document upgrades; retain side-by-side outputs during transition.
• Unblinding leakage through reports → arm-agnostic dashboards for blinded users; segregated unblinded queues; access logs for kit maps.
• Unit confusion in PK/PD → lock units in LIMS and eCRF; provide conversions with traceability; add derived fields where appropriate.
• Missing accountability lines → automate IRT→EDC reconciliation tasks; add pre-submit completeness checks; escalate aging items.
• Vendor “black boxes” → contract for exportable audit trails and configuration snapshots; rehearse retrieval; store certified samples.
• “Retrain only” CAPA → pair with system gates (window calculators, edit-check updates, IRT eligibility gates) and verify with KPI movement.

Study-ready checklist (one page).

• CtQ-focused reconciliation plan approved; RACI and segregation of blinded/unblinded roles documented.
• Stable keys defined (USUBJID + timestamp + domain IDs); lineage diagrams and ETL checksums in place.
• Weekly SAE↔safety, weekly IRT↔EDC, and PK/PD daily/weekly reconciliation schedules active; dashboards live.
• Audit trails enabled and exportable; quarterly drills passed; certified example packs in TMF.
• Configuration snapshots captured at UAT sign-off and each release for EDC/IRT/LIMS/PV; effective-from dates recorded.
• Lock-readiness index trending to 100%: open CtQ mismatches = 0; coding & dictionary alignment complete; emergency unblinding dossiers filed (if any).
• Privacy and minimum-necessary controls enforced (HIPAA/GDPR/UK-GDPR); redactions applied to certified copies.

Bottom line. Reconciliation is not clerical work; it is how you prove your story matches reality across systems. When SAE, PK/PD, and IRT streams align through stable keys, disciplined time handling, segregated blinding, and reproducible evidence—supported by audit trails and configuration snapshots—your data will withstand scrutiny at the FDA, EMA, PMDA, TGA, within the ICH community, and in the public-health mission of the WHO.