This summer the Food and Drug Administration (FDA) posted draft guidance on the use of electronic records for automation analysts, laboratory managers and others who work in quality control and quality assurance in the food safety industry. The document, “Use of Electronic Records and Electronic Signatures in Clinical Investigations Under 21 CFR Part 11 – Questions and Answers,” builds on what the agency first issued in 2003.
Of course, you don’t need a IT analyst to tell you that a lot has changed between 2003 and today, which is why those under FDA’s purview—QC/QA manager and analysts, clinical data scientists, analytical chemists, compliance managers, consultants working in the life sciences industry who are also involved in computer system implementation, and auditors who internally inspect labelling records and practices—will want to pay close attention to the new industry guidance.
Risk-Based Approach Confirmed
In this key guidance document, the FDA clarifies the risk-based approach to validation of electronic systems, addresses electronic audit trails and archiving of electronic records, and focuses on the use of mobile technology to capture, record and transmit data study participants during clinical investigations.
“FDA continues to promote a narrow and practical interpretation while reminding sponsors that records must still be maintained or submitted in accordance with underlying predicate rules,” noted Clinical Leader.
FDA is encouraging sponsors to use a risk-based approach when deciding to validate electronic systems, implement audit trails, or archive clinical investigation records.
That risk-based approach to evaluate electronic systems could include consideration of a number of factors, including the purpose and significance of the record, the electronic system used to produce it, and a suggestion that validation for commercial off-the-shelf software be guided by an organization’s business practices and needs.
Spotlight Put on Mobile Communications
One of the major changes in this year’s rules centers around the use of mobile technology, which covers everything from smartphones and apps to wearable biosensors. The guidance applies whether the subjects bring and use their own devices, or the sponsor provides them as part of the study.
The FDA draft guidance addresses the following seven questions:
- What access controls should sponsors implement for mobile technology accessed by study participants for use in clinical investigations?
- When using mobile technology to capture data directly from study participants in clinical investigations, how do sponsors identify the data originator?
- Does FDA consider the mobile technology to contain the source data?
- What should sponsors consider when implementing audit trails on data obtained directly from study participants using the mobile technology in the clinical investigation?
- What should sponsors consider when using a risk-based approach to validation of mobile technology used in clinical investigations?
- What security safeguards should sponsors implement to ensure security and confidentiality of data when mobile technology is used to capture, record, and transmit data directly from study participants in clinical investigations?
- Does FDA expect sponsors, clinical investigators, study personnel, and study participants to be trained on the use of a specific mobile technology if the technology is used in a clinical investigation?
Notably, the answer to the last question is “yes”: The FDA expects everyone involved to be trained on use of any mobile technology used during clinical investigations, and if parts of the systems involved in the study are “more complex or pose a higher risk to the conduct of the study,” retraining may be necessary, according to the guidance.
How or when exactly such training (or retraining) needs will be determined seems to be an open question—but one that sponsors of clinical investigation will need to know in any final guidance.
Enlist Help When Complying With New Guidance
Carolyn Troiano, who has worked in FDA-regulated industries for more than 35 years, highlights the new guidance in her conference for ProfEdOnDemand, “Best Practices to Prepare for an FDA Computer System Audit.” The session will cover what is required for compliance, industry best practices related to computer system validation, cost-cutting compliance strategies, documenting the validation process, and how to stay on top of validation and best practices trends.