Skip to main content

GCP Serious Breaches - the 2018 Edition

Posted by: , Posted on: - Categories: Compliance matters, Good clinical practice

row of aligned ring binders, arranged chronologically by year back from 2018

Introduction to Serious Breaches

It is a statutory requirement to report serious breaches of the clinical study protocol or Good Clinical Practice (GCP) to the MHRA within 7 days of the awareness of the breach. Regulation 29A of SI 2004/1031 (as amended) defines a serious breach as a ‘breach which is likely to effect to a significant degree;

a) the safety or physical or mental integrity of the subjects of the trial; or

b) the scientific value of the trial’

Sponsors are required to report serious breaches to the MHRA GCP Inspectorate using the forms and guidance available on the MHRA website.

Whilst the sponsor is required to report serious breaches, if an investigator or third party organisation disagrees with the sponsor assessment of the breach, it is expected that due diligence is exercised by the investigator/third party organisation to report the serious breach or contact the GCP Inspectorate to discuss further (via the clinical trials helpline:

Investigators/third party organisations should retain correspondence demonstrating their due diligence which they can evidence on inspection. The GCP inspectorate is happy to receive queries on potential serious breaches from any organisation or investigator and we can advise on whether the issue is a serious breach or not.

Metrics Report for 2018 - what this showed

data analysis, represented by pie charts, graphs and a magnifying glass

The metrics report for serious breaches reported to the MHRA has recently been published on the MHRA website.

In 2018, the MHRA received a total of 115 serious breach notifications, of which:

  • 76 were determined by the inspector as a serious breach
  • 24 were determined as not being a serious breach
  • 15 referrals were still awaiting further information from the reporter in order for the inspectorate to make a final assessment of whether the issue met the definition of a serious breach

When a serious breach is reported to the GCP inspectorate, it is allocated to an inspector for review, where the inspector makes an initial assessment of whether the issue meets the definition of a serious breach. However, upon notification, there may be outstanding investigations to be carried out by the organisation in order to fully understand the issue, the root cause and - most importantly - the impact. Therefore, for all serious breaches, the inspectors will also make a final determination of whether the issue is a serious breach at the point of closing the serious breach. Investigation and closure times can vary, depending on the complexity of the issue and impact.

Most reporters of serious breaches are sponsors, with 99 serious breaches being reported by the sponsor. There were also notifications received from clinical research organisations (CROs), MHRA and NHS trusts. It is important when contracting activities with investigators and third-party vendors that the process for serious breach reporting is clear, with defined roles and responsibilities for the reporting of the serious breach to MHRA.

Patient safety was the reason for reporting most serious breaches in 2018 (49 out of 115), followed by other non-compliances (24 out of 115). Other non-compliances could be due to several factors which resulted in this category being selected by the reporter. Examples of other non-compliances reported in 2018 are:

  • identification of under-reporting of suspected unexpected serious adverse reactions (SUSARs) and issues with potential unblinding
  • data integrity
  • delegation of duties

A common misconception surrounding serious breaches is that the breach will trigger an inspection. In 2018 there were 6 serious breaches reported which required a triggered inspection to be performed and, for the majority of the serious breach notifications received, the inspectors received remote updates from the reporter on the progress of the investigation and the corrective and preventative action (CAPA) proposed.

The MHRA GCP inspectorate has only triggered inspections where there are urgent patient safety concerns or where the information received from the organisation does not sufficiently demonstrate that the impact of the issue has been realised, thoroughly investigated and effectively remediated.

Occasionally, some notifications may impact on the organisation’s risk rating and the assessing inspector may recommend an earlier routine inspection or require follow-up at the next routine inspection.

In 2018, 9 cases required follow-up at the next routine inspection.

Examples of Serious Breaches Reported in 2018

laboratory samples and a report sheet

Below are some examples of the types of confirmed serious breaches reported in 2018:

Example 1

A serious breach was identified by an MHRA Clinical Trials Unit (CTU) medical assessor following review and discussion of an urgent safety measure with a commercial sponsor of an advanced therapy investigational medicinal product (ATIMP) trial.

In the trial, the sponsor became aware of toxicities with the IMP which were reported to international regulators including MHRA.

Another regulator had mandated for the trial to be put on clinical hold, which MHRA were not informed of by the sponsor.

Following review of the safety information submitted, MHRA CTU had requested that a risk benefit assessment of the IMP and trial was to be submitted to them prior to dosing any further patients.

The sponsor and investigator at a UK site made the clinical decision to go ahead and dose a further subject in the UK, without seeking approval from the MHRA CTU assessor prior to dosing.

This caused a triggered inspection to be performed where 2 critical findings were identified for clinical trial authorisation (failure to notify the MHRA CTU of the clinical hold on the trial and failing to follow the MHRA CTU assessor’s instructions regarding dosing) and protocol compliance.

Example 2

A serious breach report was submitted by a commercial sponsor regarding dosing issues identified on a trial as a result of the interactive response technology (IRT) system used on the trial.

The IRT system failed to allocate IMP as per protocol, resulting in 32 subjects receiving the incorrect dose and, in most cases, receiving an overdose due to the system not down titrating appropriately.

Some of the impacted subjects had experienced serious adverse effects (SAEs) and the sponsor could not rule out mis-dosing as a possible cause for the SAEs.

The vendor had informed the sponsor the issue was resolved. However, the vendor had not resolved the issue, thus the sponsor identified further mis-dosing resulting in the implementation of an urgent safety measure (USM) to unblind the trial and allow the IRT titration allocations to be manually verified.

This required follow-up at the next routine inspection of the IRT system provider for the GCP inspectorate to investigate the issue further.

Example 3

A non-commercial sponsor submitted a serious breach notifying the MHRA GCP inspectorate of an incident where IMP posted to the subject’s home address had gone missing.

The sponsor informed the inspectorate that there were previous serious breaches also reported for the same trial where IMP had been posted to the subject and issues were identified (for example, IMP left on the doorstep of a patient and presumed missing, IMP being delivered to the incorrect address). There was a risk to public safety should the IMP be ingested by a person not prescribed the medication, as well as subject confidentiality issues.

The sponsor identified the root cause for the error and provided a CAPA.

The MHRA GCP inspector was satisfied with the information provided to them and the serious breach was closed requiring in-house follow-up by the inspector.

However, another serious breach was submitted by the sponsor in 2018 which notified the inspectorate of the 4th shipment of IMP that had gone missing for the trial.

At this point, the MHRA GCP inspector recommended following up the issue at the next routine inspection to ensure the true root cause had been identified and the proposed CAPA was effective.

Further Guidance on Reporting

person typing an email

The examples above demonstrate that inspections are triggered only when necessary for MHRA to investigate further themselves, or the serious breach can be reviewed at the next routine inspection if needed.

Here are some hints and tips for reporting serious breaches:

  • if you are unsure whether the issue is a serious breach, report anyway or discuss with a GCP inspector
  • don’t wait until you have completed all investigations to determine whether the issue is a serious breach, the clock starts from when the sponsor (or it’s delegate, which could be a third party organisation) becomes aware of the breach - the inspector will make their own assessment of whether the issue is a serious breach or not
  • ensure that your quality management system, contracts and study plans facilitate prompt escalation of potential serious breaches so that a decision can be made within 7 calendar days of awareness of the issue
  • document the serious breach decision and rationale and ensure this is retained in the Trial Master File; an organisation’s serious breach reporting process and assessment of serious breaches is reviewed during inspections - it is recommended that organisations track all potential serious breaches and the decision of whether the issue constituted a serious breach or not (including a rationale if not) so that the process as a whole can be reviewed on inspection to demonstrate adequate oversight and decision-making
  • when implementing CAPA for a serious breach, consideration should also be given to whether the issue could impact other patients or trials - it is important to see the bigger picture and identify the true root cause in order to have an effective CAPA.

Sometimes things do not go to plan and errors occur on trials. The mere unpredictability of real-life means that clinical trials are not perfect and do not always run according to the planned trial protocol. Reporting of serious breaches correctly and managing them appropriately demonstrates an effective quality management system and effective quality oversight within the organisation. An organisation conducting a large number of trials and reporting no serious breaches would appear odd and require follow-up at the next inspection to evaluate whether the quality management system is effectively identifying serious breaches.

Each individual in an organisation performing clinical trial activities should know how to identify a serious breach and escalate them to an appropriate internal department/sponsor for assessment.


Don’t miss the next post,  sign up to be notified by email when a new post comes out

Sharing and comments

Share this page


  1. Comment by Jamie posted on

    I'd be very interested to know if there was any guidance for the reviewers of potential serious breaches. For example a standard scheme or system for determining whether an event was potentially significantly harmful (serious and reportable) or the potential harm is minor/insignificant (not serious and not reportable). Without a standard process there is the danger of one reviewer thinking an event should be escalated when another does not with some investigators having a risk averse attitude and others more laissez faire. What can be done to help prevent the same kind of issue being reported differently i.e. reported or not reported?