HB Ad Slot
HB Mobile Ad Slot
FDA Clinical Investigations: New Guidance on Electronic Systems
Wednesday, November 20, 2024

On October 2, 2024, the U.S. Food and Drug Administration (FDA) released guidance in a question and answer format regarding the use of electronic systems, electronic records, and electronic signatures in clinical investigations of medical products, foods, tobacco products, and new animal drugs (the Guidance).

Previously, in 1997, the FDA published a final rule (21 C.F.R. Part 11 Regulations) outlining requirements for records created, modified, maintained, archived, or transmitted in electronic form. The FDA issued further guidance on this topic in August 2003. Since that time, the FDA has acknowledged that advances in technology have expanded the use and capabilities of electronic systems in clinical investigations and have issued several guidance updates, including updates in 2017 and 2023.

Electronic Records

In terms of compliance with Part 11 regulatory requirements, the Guidance confirmed that, with respect to electronic health record systems that are sources of real-world data, the FDA does not intend to assess compliance by such systems with the Part 11 regulations. The FDA did clarify, however, that if a sponsor is conducting a clinical investigation with a non-U.S. site under investigational new drug application (IND), investigational device exemption (IDE), or investigational new animal drug (INAD) file or other clinical investigation subject to FDA regulation, Part 11 Regulations requirements apply to records in electronic form.

Regarding records retention, the FDA clarifies that if a regulated entity intends to maintain a copy of the electronic record in place of original (paper or electronic) records, then a certified copy is required. A certified copy is one that has been verified in some way to maintain the same information (including any metadata of the original record). Once a certified copy is created, the original record may be discarded. Additionally, the FDA notes that there are various ways for regulated entities to retain electronic records including electronic storage devices and using cloud computing services. Regulated entities must simply ensure that the electronic records are maintain for applicable retention period and be available for inspection.

Finally, the FDA notes that Part 11 regulations do not address electronic communication methods like email systems or text messages.

Electronic Systems Deployed by Regulated Entities

As noted in the 2003 guidance, the FDA intends to use a risk-based approach for validation of electronic systems deployed in clinical investigations. Considerations for the risk-based approach will include:

  • The intended use of the system;
  • The purpose and importance of the data or records that are collected, generated, maintained, or retained in the system; and
  • The potential of the system to affect the rights, safety, and welfare of participants or the reliability of trial results.

Additionally, the FDA notes that electronic systems should be validated prior to use in a clinical investigation. Regulated entities may evaluate an information technology (IT) service provider’s validation process by reviewing:

  • Processes for developing and managing the system;
  • Validation processes;
  • Functional testing of the electronic system; and
  • Change control procedures and tracking logs.

When inspecting an electronic system during a sponsor investigation the FDA will generally focus on the following:

  • Data collection, data handling, data security, and data management plans and procedures;
  • The life cycle of the electronic system, from design and implementation to decommissioning or transitioning to a new system;
  • Processes and procedures that are in place to ensure that the data and records required to reconstruct the clinical investigation are not altered in value or meaning, including during the transfer of data to durable electronic data repositories;
  • Processes and procedures to ensure only authorized individuals are given appropriate access to electronic systems;
  • Change control procedures and any changes made to the system once in use;
  • Relevant contracts with IT service providers or other contracted entities that detail their functions and responsibilities; and
  • Corrective and preventive actions implemented to address errors and noncompliance that may reasonably be expected to impact data integrity or the protection of participants.

The Guidance also noted various factors that the FDA will focus on during investigations of clinical investigation systems, as well as required and recommended safeguards for electronic systems deployed by any regulated entity.

Information Technology Service Providers and Services

The Guidance continues to list various factors regulated entities should consider when assessing the suitability of IT service and IT service providers. The Guidance also recommends certain components to be included in any written agreement with IT service providers. Finally, the FDA notes that it may inspect IT service providers who have assumed regulatory responsibilities.

Digital Health Technologies

The Guidance notes that sponsors should ensure that any data obtained from digital health technologies are correctly attributed to the originator, and digital health technologies should be designed to prevent unauthorized changes to data through the use of access controls. The FDA acknowledges that implement access controls for certain digital health technologies (such as wearables) may be difficult. Nevertheless, a sponsor needs to consider how to address authentication and data attribution, especially when the data may be used to support a clinical investigation endpoint.

Electronic Signatures

Finally, the FDA notes that various methods may be used to create valid electronic signatures and various methods may be used to verify the identity of any individual that electronic signs records. For instance, electronic signatures based on biometrics must be designed in a way to ensure that no one may sign the records other than the genuine individual. The Guidance also notes that the FDA does not consider signatures drawn with a finger or an electronic stylus as handwritten signatures.

Conclusion

The Guidance offers important insight into how the FDA is viewing the area of electronic systems, records, and signatures. All stakeholders, including sponsors, clinical investigators, institutional review boards (IRBs), and contract research organizations (CROs) should take note of the FDA’s recommendations and guidance for best practices and implement changes in their organization as needed.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins