On June 20, 2017, the U.S. Food and Drug Administration (FDA) published a Question & Answers draft document on the use of electronic records and electronic signatures in clinical investigations. Comments and suggestions regarding this draft document should be submitted within 60 days.
The document provides guidance to sponsors, clinical investigators, institutional review boards (IRBs), contract research organizations (CROs), and other interested parties on the use of electronic records and electronic signatures in clinical investigations of medical products. As previously reported in EMA Q&A on GCP the European Medicines Agency published similar Q&As this year.
FDA says that "the guidance clarifies, updates, and expands upon recommendations in the guidance for industry Part 11, Electronic Records; Electronic Signatures – Scope and Application (referred to as the 2003 part 11 guidance) that pertain to clinical investigations conducted under 21 CFR parts 312 and 812. Thus, this guidance is limited to outlining the scope and application of part 11 requirements for clinical investigations of medical products."
The guidance discusses:
Procedures that may be followed to help ensure that electronic records and electronic signatures meet FDA requirements and that the records and signatures are considered trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper;
The use of a risk-based approach when deciding to validate electronic systems, implement audit trails for electronic records, and archive records that are pertinent to clinical investigations.
The goals of the guidance are:
Update recommendations for applying and implementing part 11 requirements in the current environment of electronic systems used in clinical investigations;
Clarify and further expand on the risk-based approach described in the 2003 part 11 guidance to validation, audit trails, and archiving of records;
Encourage and facilitate the use of electronic records and systems to improve the quality and efficiency of clinical investigations.
According to FDA the guidance applies to the following electronic records and electronic signatures:
Records required for clinical investigations of medical products that are maintained in electronic format in place of paper format, including all records that are necessary for FDA to reconstruct a study;
Records required for clinical investigations of medical products that are maintained in electronic format and where the electronic record is relied on to perform regulated activities;
Records for clinical investigations submitted to FDA in electronic format under predicate rules, even if such records are not specifically identified in FDA regulations;
Electronic signatures required for clinical investigations intended to be the equivalent of handwritten signatures, initials, and other general signings.
The following twenty-eight Q&As are disussed:
What should sponsors and other regulated entities consider when using a risk-based approach for validation of electronic systems used in clinical investigations?
For electronic systems owned or managed by sponsors and other regulated entities that fall under the scope of 21 CFR part 11, what will be FDA’s focus during inspections?
Should sponsors and other regulated entities perform audits of the vendor’s electronic systems and products?
Under 21 CFR 11.10(d), what are FDA’s expectations regarding the use of internal and external security safeguards?
Under what circumstances are part 11 requirements not applicable for electronic copies of paper records?
Can sponsors and other regulated entities use and retain electronic copies of source documents in place of the original paper source documents?
Can electronic copies be used as accurate reproductions of electronic records?
Can sponsors and other regulated entities use durable electronic storage devices to archive required records from a clinical investigation?
Does FDA provide preliminary audit service to inspect an electronic system used in a clinical investigation to ensure compliance with part 11 controls?
If a non-U.S. site is conducting a clinical investigation, are records required by FDA regulations subject to part 11 requirements?
If sponsors and other regulated entities outsource electronic services, who is responsible for meeting the regulatory requirements?
Should sponsors or other regulated entities establish service agreements with the electronic service vendor?
Does FDA consider it acceptable for data to be distributed across a cloud computing service’s hardware at several different geographic locations at the same time without being able to identify the exact location of the data at any given time?
What should sponsors and other regulated entities have available on site to demonstrate that their electronic service vendor is providing services in accordance with FDA’s regulatory requirements?
What should sponsors and other regulated entities consider when deciding to validate outsourced electronic services that are used in clinical investigations?
Under what circumstances would FDA choose to inspect the electronic service vendor?
What access controls should sponsors implement for mobile technology accessed by study participants for use in clinical investigations?
When using mobile technology to capture data directly from study participants in clinical investigations, how do sponsors identify the data originator?
Does FDA consider the mobile technology to contain the source data?
What should sponsors consider when implementing audit trails on data obtained directly from study participants using the mobile technology in the clinical investigation?
What should sponsors consider when using a risk-based approach to validation of mobile technology used in clinical investigations?
What security safeguards should sponsors implement to ensure security and confidentiality of data when mobile technology is used to capture, record, and transmit data directly from study participants in clinical investigations?
Does FDA expect sponsors, clinical investigators, study personnel, and study participants to be trained on the use of a specific mobile technology if the technology is used in a clinical investigation?
What methods may be used to create valid electronic signatures?
How should sponsors and regulated entities verify the identity of the individual who will be electronically signing records as required in 21 CFR 11.100(b)?
When an individual executes a series of signings during a single, continuous period of controlled system access, could the initial logging into an electronic system using a unique username and password be used to perform the first signing and satisfy the requirements found in 21 CFR 11.200(a)?
What requirements must electronic signatures based on biometrics meet to be considered an accepted biometric method?
Does FDA certify electronic systems and methods used to obtain electronic signatures?
Additionally, the document includes two appendices: APPENDIX I: OTHER GUIDANCES WITH APPLICABLE RECOMMENDATIONS and APPENDIX II: GLOSSARY OF TERMS.