Clinical investigators and sites facing an FDA inspection need to know the difference between records the FDA is allowed to see and what document requests they can deny.

The scope of the FDA’s authority to access documents in an inspection is clear in the agency’s regulations. But that doesn’t mean FDA field investigators won’t ask for records they are not legally entitled to see. And it doesn’t mean that those undergoing an inspection won’t voluntarily or inadvertently turn over such records, says consultant and FDA insider David Chesney.

The key is to fully understand which types of documents fall within the FDA’s authority to inspect and which fall outside that authority. “It’s your responsibility to know what things you must provide FDA and which things are optional,” he says. The agency isn’t going to offer that information. Chesney served as an FDA field investigator and director of investigations in his 23-year career with the agency.

To get an idea of the scope of the FDA’s inspection authority, the first place to go is the Food, Drug and Cosmetic Act, Section 704(a), which says the agency can request personnel data as it pertains to qualifications and research data relating to new products. The act excludes financial data, sales data other than shipment data, pricing data, nonqualification personnel data and research data other than that relating to investigational products.

Second would be the specific regulations that govern the activities that you conduct. There may be additional or more specific access requirements there, Chesney says. Anything that does not fall within the scope of those things is, at the end of the day, discretionary on your part. “The vast majority of things are provided willingly and voluntarily because they’re no-harm, no-foul kinds of documents.”

Chesney recommends establishing a written policy that clearly states which documents and types of data fall within the FDA’s authority and which don’t, not only to inform your own staff but also as backup if you need to push back gently on an FDA request for access to those documents.

“You can simply point out that it’s your understanding that the agency policy says they will not routinely look at those documents and ask the investigator to reconsider his or her request. Most of the time, they’ll say, ‘Oh, gee. I forgot about that,’ and that’ll be the end of it,” Chesney says.

Trial participant information falls into a kind of gray area. The GCP regulations in 21 CFR Part 312.68 provide that clinical investigators are not required to divulge subject names unless the records of particular individuals require a more detailed study of the cases, or unless there is reason to believe that the records do not represent actual case studies or do not represent actual results obtained.

But when it comes to how much of a patient’s medical record needs to be shared with the FDA, Chesney offers a rule of thumb: Any record generated that precedes a patient’s participation in the trial and does not go to whether they meet inclusion criteria or have exclusionary criteria would be out of scope.

“But anything that does go to whether or not the patient met inclusion criteria or did not have exclusionary criteria or whether or not a particular adverse event (AE) is a [suspected unexpected serious adverse event] or a regular AE, things of that sort, would be accessible,” he says.

Informed consent documents, Chesney says, should inform the patient that such records may be accessed and viewed, copied and verified by regulatory officials and others with a need-to-know that have responsibilities for oversight of the trial.

The best way to avoid the issue of FDA access altogether, he says, is to create documents specifically for field investigators’ use during inspections that exclude information the agency has no authority to see.