access to identifiable volunteer data at the clinical research facility.

3. Responsibilities

• Principal Investigator (PI): Ensures all staff are trained on confidentiality requirements and protocols.
• Clinical Research Coordinator (CRC): Ensures all volunteer forms and records are coded and handled securely.
• QA Officer: Audits and verifies compliance with confidentiality standards.
• IT/Data Manager: Manages electronic data access controls and password-protected systems.

4. Accountability

The PI and Head of Quality are accountable for ensuring that all study-related volunteer information is protected from unauthorized access, use, disclosure, or loss.

5. Procedure

5.1 Volunteer Coding and Identity Protection

1. Assign a unique Volunteer ID (e.g., VOL-104-001) at the time of enrollment.
2. Ensure personal identifiers (name, address, contact) are recorded only in the screening log (Annexure-1) maintained under lock and key.
3. CRFs and study documents must refer to the volunteer only by their assigned ID.

5.2 Secure Storage of Physical Records

1. Keep all identifiable documents in locked cabinets within an access-controlled archive room.
2. Access must be granted only to authorized personnel listed in Annexure-2: Access Control Log.

5.3 Electronic Data Protection

1. Store volunteer data in password-protected systems with access restricted to designated users.
2. Enable audit trails to track all data access and modifications.
3. Backups must be encrypted and stored separately as per the data policy.

5.4 Training and Confidentiality Agreements

1. All staff handling volunteer data must:
   • Sign a Confidentiality Agreement (Annexure-3)
   • Undergo annual training on data privacy

5.5 Disclosure and Exceptions

1. Volunteer data may be disclosed only:
   • With written consent from the subject
   • During authorized regulatory inspections or audits
2. All disclosures must be documented in Annexure-4: Disclosure Record Log.

5.6 Disposal and Archival

1. Archive documents with volunteer identifiers for the minimum retention period mandated by regulations (typically 5 years post-study or as per sponsor).
2. At end of retention period, destroy documents using secure methods (shredding/incineration) and document in Annexure-5: Confidential Data Disposal Log.

6. Abbreviations

• BA: Bioavailability
• BE: Bioequivalence
• PI: Principal Investigator
• CRC: Clinical Research Coordinator
• QA: Quality Assurance
• CRF: Case Report Form

7. Documents

1. Volunteer Screening Log – Annexure-1
2. Access Control Log – Annexure-2
3. Confidentiality Agreement Form – Annexure-3
4. Disclosure Record Log – Annexure-4
5. Confidential Data Disposal Log – Annexure-5

8. References

• ICH E6(R2) – Good Clinical Practice
• Indian GCP Guidelines
• Schedule Y – Drugs and Cosmetics Rules
• Data Protection and Privacy Bill (India)

9. SOP Version

Version: 2.0

10. Approval Section

	Prepared By	Checked By	Approved By
Signature
Date
Name
Designation
Department

11. Annexures

Annexure-1: Volunteer Screening Log

Volunteer ID	Full Name	Contact	Screening Date	Enrolled
VOL-104-001	Rajesh Kumar	9876543210	10/04/2025	Yes

Annexure-2: Access Control Log

Name	Designation	Access Level	Date Granted
Sunita Reddy	Data Manager	Full	05/04/2025

Annexure-3: Confidentiality Agreement Form

Employee Name	Role	Date Signed	Signature
Ajay Verma	CRC	08/04/2025	Signed

Annexure-4: Disclosure Record Log

Date	Recipient	Purpose	Authorized By
15/04/2025	Regulatory Inspector	Routine Inspection	PI

Annexure-5: Confidential Data Disposal Log

Date	Documents Destroyed	Method	Destroyed By	Verified By
17/04/2025	Old CRFs (Study BE-2020)	Shredding	Admin	QA

Revision History:

Revision Date	Revision No.	Details	Reason	Approved By
10/01/2022	1.0	Initial Release	Regulatory Requirement	QA Head
17/04/2025	2.0	Enhanced with electronic data controls and annexures	GCP Compliance	QA Head