Data Integrity: Best Practices for using eHRs in Clinical Investigations

The U.S. Food and Drug Administration, FDA, published its final guidance on the Use of Electronic Health Record Data in Clinical Investigations.

An electronic health record, eHR, may include, for example, a patient’s medical history, diagnoses, treatment plans, pharmacy records, and laboratory and test results. The FDA says the guidance is intended to assist sponsors, clinical investigators, contract research organizations (CRO´s), institutional review boards (IRBs), and other interested parties in the use of eHR data in clinical investigations. Furthermore, the guideline contains a Glossary for definitions and usage of specific terms. The guidance applies, amongst others, to the use of eHR data in clinical investigations of human drugs and biological products, medical devices, and combination products.

In detail the guidance provides recommendations on:

  • Deciding whether and how to use eHRs,
  • Using eHR systems that are interoperable with electronic data capture (EDC) systems,
  • Ensuring the quality and integrity of eHR data collected,
  • Ensuring that the use of eHR data collected and used as electronic source data meets FDA´s inspection, recordkeeping, and record retention requirements (see below).
  • The sponsor’s quality management plan (e.g., SOPs, software development life cycle model, change control procedures).

During FDA inspections

  • FDA must have access to records and may inspect and copy all records pertaining to a clinical investigation,
  • All relevant information in the eHR must be made available as original records in the eHR or as certified copies,
  • FDA may request other paper or electronic records to support data in the eCRF (electronic Case Report Form),
  • FDA may request to review the eHR audit trail,
  • FDA does not intend to assess eHR systems for compliance with 21 CFR part 11. However, FDA intends to assess the sponsor´s EDC system (that extracts the eHR data for use in a clinical investigation) for compliance with part 11.

Data Integrity - BEST PRACTICES

  • Use of EHR Systems Certified by ONC:
    Certified eHR technology (certified by the Office of the National Coordinator for Health Information Technology, ONC) generally exhibits advantages, because many of the certification requirements are aimed toward ensuring interoperable data sharing and enabling processes to keep electronic data confidential and secure.
  • Use of EHR Systems Not Certified by ONC:
    Sponsors should consider whether such systems have the following privacy and security controls in place:
    - Policies and processes, and appropriate security measures employed to protect the study data,
    - Access to electronic systems is limited to authorized users,
    - Authors of records are identifiable,
    - Audit trails are available,
    - Records are available and retained for FDA inspection (see above).
  • After data are transmitted to the eCRF, the clinical investigator or delegated study personnel should be the only individuals authorized to make modifications or corrections to the data.
  • Modified and corrected data elements should have data element identifiers that reflect the date, time, data originator, and the reason for the change.
  • Modified and corrected data should not obscure previous entries.
  • Clinical investigators should review and electronically sign the completed eCRF for each study participant before data are archived or submitted to the FDA.
  • If modifications are made to the eCRF after the clinical investigator has already signed the eCRF, the changes should be reviewed and approved by the clinical investigator.
  • Use of electronic signatures for records that are subject to 21 CFR part 11 must comply with relevant requirements in that regulation.

When informed consent is required,

  • the consent must include a statement describing the extent to which confidentiality of records identifying the subject will be maintained and should identify entities, such as health care providers, clinical investigators, sponsors, CRO´s, study monitors, and regulatory agencies who may gain access to the patient’s eHR.
  • the consent must also note the possibility that FDA may inspect records and should not state that FDA needs permission from the subject for access to the records (FDA does not need permission to inspect records containing health information). FDA may inspect study records to assess investigator compliance with the study protocol and validity of the data reported by the sponsor. The Agency may inspect and copy records relating to the clinical investigation (see above). It will generally not copy records that include the subject’s name (unless there is reason to believe the records do not represent the actual cases studied or results obtained). When FDA requires subject names, FDA will treat such information as confidential. However, FDA may be required to disclose this information to third parties, such as to a court of law.
  • sponsors and clinical investigators should have a detailed understanding of data flow and data visibility (for systems that are interoperable or fully integrated).

Go back


Stay informed with the GMP Newsletters from ECA

GMP Newsletter

The ECA offers various free of charge GMP newsletters for which you can subscribe to according to your needs.

To subscribe, please click here.