Unlocking the Potential of Electronic Signature Legitimateness for Research and Development in the United States

How to eSign a document: electronic signature legitimateness for Research and Development in United States

receiver downline today's event the webinar and its entirety will run approximately 1.5 hours which includes a q a session and if you have questions now or during the webinar please enter those questions into the Q a chat pod we'll answer as many questions as time allows our speakers today include first Leonard Sachs associate director clinical methodologies office medical policy and Cedar next we'll welcome Elizabeth kankowski Health Science policy analyst clinical methodologies office medical policy Cedar and our final speaker will be casa yalu director division of clinical compliance evaluation office of scientific investigation in Cedar now please join me in welcoming our first presenter for today's webinar Dr Sachs excellent sex from The Office of Medical policy the center for drug evaluation research at FDA and I'd like to welcome you all to this webinar where we will be discussing our draft guidance entitled electronic systems electronic electronic records and electronic signatures in clinical investigations questions and answers and I'll be joined today by my colleagues Beth kankowski and uh Casa ayalu who will delve into some of the details I will begin with a couple of introductory remarks as we all know there are a myriad of ways in which electronic systems are used in clinical investigations to provide the records that FDA relies on electronic systems can be used to capture data in clinical trials that can be used to copy data it can be used to transfer data from one location to another or from one system to another it can be used to store data and they can be used for data analysis and they may apply to many different records for example they may apply to trial data to Source documents inform consent required forms tracking of product agreement with contact research organizations and so on our party living regulations were written in 1997 and they were designed to ensure the Integrity of electronic records and signatures they're applied to those electronic records and signatures that are required by FDA regulations or by critical rules and the part 11 requirements include a list of controls to ensure that electronic records and signatures are equivalent to paper records and these controls include the need for validation of electronic systems to make sure their function is intended the need for order trails that we're able to trace data elements and any changes that are made to them the need for access controls to make sure that we have attributability of records and we can determine who entered them uh the need for protection of Records during the record retention period so that they can be inspected and the training of people using these electronic systems to make electronic records in the 26 years since part 11 regulations were published there's been enormous progress in electronic data capture and management there have been many changes in the way electronic systems and records are obtained and managed many electronic functions are outsourced to service providers who are not part of the healthcare system for example cloud storage and computational systems commercial of the self software for data management that can be purchased and electronic signature packages that are produced by vendors clinical trial data may also be obtained from Real World data sources like electronic health records which are not subject to FDA regulations digital Health Technologies or another area where we see a new source of electronic clinical data the internet has become a new and most widely used vehicle for data transfer electronic data flow between systems has become more efficient and more prevalent and electronic signatures audit trails and encryption are in widespread use in many different sectors Healthcare banking Commerce and income tax so how do we ensure that data Integrity in these situations what's new in this draft guidance over the years fdas published several guidances to keep Pace with a changing electronic environment the draft guidance we're discussing today when finalized will replace our prior guidance entitle the use of electronic records and electronic signatures in clinical investigations under 21 CFR part 11 questions and answers which we wrote in 2017 in preparing this draft guidance we've attempted to address the many public comments we've received in previous dockets and the many questions that have been submitted directly to the agency the major differences between this and the prior draft guidance revolve around real world data which is data that's obtained generally during the course of clinical care and has not specifically designed for clinical investigations we talk about non-us sites recognizing that a very large proportion of our Trials take place globally and some of these are not conducted under IND we talk about validating validation using a risk-based approach which takes into account commercial off the shelf software and customized systems we talk about certified copies and the relationship to our part 11 requirements we talk a little bit about digital Health Technologies these are instruments that are used to record data directly from patients things such as cell phones smartphone smart watches glucose monitors and activity trackers and we talk about electronic data transfer my first bullet indicates that we've added a number of other centers within FDA to this guidance as far as the goals and limitations of this guidance code I think it's important to realize that given the enormous range of circumstances involving electronic records and the large variety of programs that are used to process them it's really not possible to adverse every specific use case our goal in this guidance is to outline the principles for ensuring Integrity of electronic records that can be broadly applied I want to emphasize that this is a draft guidance and we will review all public comments in detail as we prepare to finalize this craft so at this point I'll hand over to my colleague Beth konkowski to begin going systematically through some of the aspects of the guidance thank you Leonard my name is Beth kinkoski I'm a health science policy analyst and Cedars Office of Medical policy today I will provide an overview of the guidance of electronic systems electronic records and electronic signatures in clinical investigations questions and answers in my presentation I will provide an overview of each of the main sections of the guidance Casa Island will then provide an overview of the guidance from the office of scientific investigations perspective regarding inspections the main sections of the guidance include electronic records electronic systems Information Technology service providers and services digital Health Technologies and electronic signatures Leonard provided background on why part 11 is important and how even as technology and methods for data collection change we still need to consider the quality and integrity of data used for regulatory purposes now sponsors have the opportunity to use real world data sources and marketing applications in general part 11 applies to these data sources however FDA recognizes that some of these sources such as ehrs or Registries are not originally created in part 11 compliance systems and may still be used for marketing applications in these situations sponsors should still ensure the quality and integrity of electronic records to support marketing applications as many clinical investigations now include non-us or foreign clinical investigation sites it's not always clear If part 11 applies electronic records from non-us Clinical investigation sites which are not conducted under a investigational new drug application investigational device exemption application or investigational new animal drug file should be credible and accurate the quality of data should be comparable to data collected under an IND IDE or inad one of the most common questions we receive about part 11 relates to certified copies FDA has adopted the ich E6 R2 good clinical practice definition of a certified copy which is a copy of the original record that has the same information including data that describe the context content and structure as the original certified copies must be verified by a dated signature or by generation through a validated process such as scanning or printing copies may be maintained and retained in place of the original records which means when you create electronic certified copies paper copies do not need to be retained copies should include the date and time when they are created and written standard operating procedures should be developed to ensure consistency question 6 discusses electronic transmission of electronic records part 11 does not specifically address electronic communication methods used in the transmission of Records such as email the regulated entity is responsible for ensuring the secure transfer of Records audit trails should capture the date and time and Originators of those records section B of the guidance discusses electronic systems used to produce and manage electronic records in a clinical investigation Casa will cover a lot more about electronic systems validation and the documentation that should be maintained associated with those systems some examples of electronic systems include those that manage electronic case report forms or electronic Trial Master files this section of the guidance discusses many more examples these safeguards are the procedures and processes in place to safeguard the authenticity integrity and when appropriate confidentiality of electronic records access controls need to be in place to limit system access a risk-based approach should be utilized when creating those access controls records should be used to track authorized personnel and their access privileges security safeguards such as firewalls and antivirus software should be in place and continually updated so security breaches should be reported to FDA and irbs section c of the guidance covers Information Technology service providers and their services I.T service vendors provide services such as data hosting cloud computing software platform and infrastructure services sponsors another regulated entities are responsible for ensuring that electronic records produced by it service vendors meet applicable part 11 regulatory requirements such as accurate and complete records access controls audit Trails data security and confidentiality pasta will discuss more about contracts that should be in place with vendors and inspection expectations section V of the guidance covers digital Health Technologies a digital Health technology is a system that uses Computing platforms connectivity software and or censored for healthcare and related uses dhts may take the form of hardware and or software and in many instances you may run on a general purpose Computing platform such as a mobile phone in December 2021 FDA published a draft guidance on digital Health Technologies for remote data acquisition and clinical investigations the part 11 guidance we're discussing today should be used in combination with this guidance when designing your clinical investigation utilizing digital Health Technologies next the guidance addresses what is the data originator if a DHT is used to collect data for patient reported outcome measures such as the patient recording information on a mobile app on their smartphone the trial participant is considered the data originator if the DHT transmits data automatically such as an activity tracker or cardiac monitor the DHT itself is the data originator this sponsor should develop and maintain a list of authorized data Originators for each clinical investigation question 22 of the guidance discusses to transfer of data from the DHT to the electronic data repository data from a DHT is generally transferred to a durable electronic data repository such as an EDC system a clinical investigation site database and or a vendor database transmission should occur contemporaneously or as soon as possible after data are generated the date and time the data are transferred from the DHT to the electronic data repository should be included in the audit Trail Source data captured by a DHT can be subsequently moved from one durable electronic data repository to another using a validated process DHT Source data electron Source data are considered to be located in the first durable electronic data repository to which the data are transferred when the data captured by the DHT including all Associated metadata are securely transferred to and retained in the durable electronic data repository ing to the sponsor's pre-specified plan then FDA does not intend to inspect individual dhts for Source data section e of the guidance covers electronic signatures the first few slides are a summary of what is defined in the regulations an electronic signature is a computer data compilation of any symbol or series of symbols executed adopted or authorized by an individual to be the legally binding equivalent of an individual's handwritten signature part 11 specifies that the electronic signature must contain the printed name of the signer the date and time when the signature was executed and the meaning associated with the signature such as a document is approved or has been reviewed electronic signatures must be linked to the respective electronic records to ensure that the signatures cannot be excised copied or otherwise transferred to falsify an electronic record by ordinary means electronic signatures drawn with a finger or an electronic stylus are not considered electronic signatures these are in fact handwritten signatures electronic signatures may also be based on Biometrics based on the regulation question 24 of the guidance discusses methods for electronic signatures part 11 does not specify particular methods to create electronic signatures some common examples include ID cards Biometrics digital signatures or username and password combinations there are now various commercial off the shelf or Cuts electronic signature services available to create electronic signatures sponsors investigators and other regulated entities should ensure that these cut Services conform to part 11 requirements based on information provided by the vendors or the sponsor's own validation of the services when warranted question 28 asks if FDA certifies individual electronic systems or methods used to obtain electronic signatures such as Adobe or FDA does not certify these individual vendor Services sponsors should work directly with vendors to ensure compliance with part 11. on a different note from the guidance FDA recently published a technical Amendment for part 11. part 11 100 c one requires submission of a non-repudiation letter to certify a person's electronic signature is intended to be the legally binding equivalent of traditional handwritten signatures you may now submit letters electronically through the electronic submission Gateway mailbox ESG helpdesk fda.hhs.gov a paper copy is no longer required FDA has a web page on non-repudiation letters which always has the most up-to-date information this is a draft guidance we appreciate your comments on the guidance please submit them through the docket by May 15th we will then review all docket comments and update the guidance as appropriate guidance is intended to identify policy regarding regulations 21cfr part 11 remains in place and must be interpreted in our current technological environments please keep this in mind as you submit your docket comments thank you that was all I had for today Dr Casa ayalu will present next after his presentation we will be available for questions and answers the webinar if you think of additional questions please feel free to reach out to us at the Office of Medical policy mailbox c-d-e-r-o-m-p fda.hhs.gov thank you welcome and thank you for joining this webinar my name is Casa yellow I'm the director of the division of critical compliance evaluation the office of scientific investigations at the center for drug violation and research at the FD as most Tofino gcp inspection play crucial role in clinical drug development to ensure the reliability Integrity of cultural data and to meet trigger the expectation for marketing approval of medical products in this presentation I will be highlighting some key points from the reverse draft guidance on electronic system electronically characters electronic signature clinical investigations specifically in relation to gcp inspections the revised draft guidance provides information that helps to understand inspection expectations related to electronic systems and Records the views expressed in this presentation are those of mine and non-necessarily is also of the U.S food and administration I have no financial interest to disclose the objective of my presentation is to provide you perspective on gcp inspection related to the revised draft guidance on electronic systems electronic recurs and electronic signatures in clinical investigations we'll be discussing about key elements in the revised everyday guidance that are related to gcp expectations such as procedures and controls that are critical to ensure the authenticity integrity and when appropriate the confidentiality of electronic recurrencies and electronic signatures including validation of computer systems access controls external security safeguards or details and reporters from audit Trails training maintaining and retaining records and digital Health technology and Source data and documentation of processes and procedures related to computer system don't pass getting started I have put a couple of Challenge questions for you after reading please provide your answers to each question and let's get started challenge question number one on the elements of data quality the fundamental elements of data quality Integrity expected from digital Health technology are different from paper records through or false electronic records including from digital Health technology must meet the same fundamental elements of data quality Integrity expected of vapor records therefore the answer is false challenge question number two on regular three requirements data generated from electronic clinical outcome assessment such as equal are not subject to similar regulatory requirements as data that come from Paper Source records true or false data generated from computer systems including those from electronic clinical outcome assessments are subject to similarly good requirements as data that come from Paper Source records that's a word to say electronic records are subject to the same regulatory expectation as people records therefore the answer is false and thank you for participating to answer the Challenge questions the food and dragon the cosmotic ACT requires new products to be safe and effective prior to marketing approval and if they determination on drug approval depend on the Assumption of reliable data from any source it's part of ensuring that new products are safe and effective prior to marketing approval here in the US if they has a comprehensive bias such monitoring program of on-site inspection and data or it's designed to monitor all aspects of the conduct and the reporting of the regulated research gcp inspections may be conducted by FDA to access compliance with regulations the inspection may also determine the validity and the reliability of data and support of marketing applications or regulated research the objectives of Obama inspection the Primal inspection program was established in 1977. its objectives are to ensure the protection of the rights safety and Welfare of human research participants involved with nfda regulated clinical research and to verify that accuracy and the reliability of steady data submitted to FDA in support of research or marketing applications last but not least it's also to access compliance with FDA regressions the Bible inspection objectives are the same for electronic records as well as paper based social vehicles historical requirements that are relevant to buy more inspections important regressions related to Bible inspections are included on the slide State before it's essential to note that electronic data or records are subject to the same regulatory requirements as data and records from people sponsors and investigators are expected to comply with all applicable regulatory requirements expected of paper records some of the regulations are listed on the left side of this slide including the 21c far part 312 that governs investigational new drug application part 50 protection on protection of human subjects and party 54 regulation that governs Financial Disclosure by clinical investigators at part 56 on institutional review boards as well as other regulatory requirements uh for today's discussion part 11 is the regulation we will be focusing on that's described on the right side of the slide part 11 is definitely regulation that establishes criteria under which the agency will accept electronic records and electronic signatures as equivalent to paper-based records and handwritten signatures it's imperative to note that part 11 is a companion regulation to other FDA regulations and laws called predicate rules where specific requirement for issues such as record keeping record content signatures and record retentions are addressed the predicate rules mandate what must be part 11 recurves they are also mandate the enforcement action that we take after inspections are conducted for each record required to be maintained under the predicate rules inspecting these are recommended to determine an advance whether they plan to rely on electronic or paper records to perform regulated activities requirements for electronic and paper records regardless of the types of Records the evidence submitted by a sponsor in the marketing application to support the safety and or the effectiveness of a drag must satisfy the ligand standards necessary for drug approval or licensing electronic records are subject to the same regulatory expectation as paper records compliance with the regulatory requirements will be valid in ance with appropriate predicate rules during an inspection let's look into the procedures and controls that fall under the scope of part 11. the revised draft guidance is important to help ensure that the clinical trials are conducted consistent with the regular requirements and expectations this draft guidance discusses about procedures and controls for electronic records including elements such as validation access controls external security safeguards or the trails reports and all its reports training maintaining and retaining records and documentations that are required and in the use of computer systems it is crucial for all stakeholders involved in clinical cultures to understand those elements from gcp inspection perspective to ensure compliance with the regulatory standards validation is critical to ensure that the electronic system is correctly performing its intended function uh consistent with FDA policy sponsors and other regulated entities should use a risk-based approach for validating electronic systems and or controlled by a sponsor or other regulated entities taking into account and each of the electronic system the intended use of the electronic system and the purpose and the significance of the record and the criticality of the D type generated from those computer systems during inspections of the inspectors identify computer system in use and asks the risk with identify the computer system if the inspection review activities related to electronic system validation in particular when there are potential concerns with data reliability or data integrity access controls are important to safeguard the authenticity the reliability and the integrative agricultural data and when appropriate to confidentiality of electronic records access controls should be integral to electronic system and regulated entities are expected to ensure that the access controls are in place in their computer systems access controls may include multi-factor authentication a strong logging credentials and Biometrics such as visual recognition fingerprints voice prints and Diaries scans or any other kind of parametrics during inspection regress identity should maintain a list of authorized users and should demonstrate a grant role-based access to their computer systems it is recommended to provide access only after ensuring that the site Personnel or the sponsored staff have received the appropriate training to use the computer assistance if the inspectors to review access controls for electronic systems to determine whether access to clinical trial information they will work to identify and document any instances in which the clinical investigator or study staff had unauthorized access to restricted information such as information related to masking or blinding security safeguards are crucial for the safety and privacy of study participants and for the reliability of data and the confidentiality of the study data critical cultural data may get affected by security breaches sponsors or other service providers should have security safeguards such as cyber security plans in place to prevent detect document report and remedy security breaches regressive entities such as sponsors and service providers are expected to have security safeguards to protect the confidentiality of the data the reliability and the Integrity of the data and to prevent detect and mitigate effects of computer viruses worms or rather potential harmful software code on the clinical trial data or details are critically important for the quality and integrity of the data as well as verifying clinical trial data they are important to give context or meaning and to track changes to study data order 12 should describe when by whom and the reason changes were made to the data or record all the trials should be retained and made available during the inspection they should not be modified or disabled to uh periodic review of 4012 uh helps to ensure data quality and integrity and Regulators such as FDA requirements to have a plan to conduct periodic review of the audit Trails during inspection inspections May review electronic system contained all the trials and whether the audit Trails fully capture the creation modification or deletion of the system data including the ability to capture the metadata inspectors also review a sample of their audit trials for electronic systems to determine whether electronic Source data was entered contemporously at the time of collection they also try to determine if the audit Trail could be turned on and off and when such functionalities are available if it was able turned off during data capture and handling during the trial and the reason why that was training is required to persons that develop maintain or use electronic record or electronic signature system to perform their assign tasks and dogs training should be conducted as applicable before the start of the clinical investigation that's needed when changes are implemented to electronic systems training and experience with electronic systems used in chemical investigation should be also documented current training materials should also be available to study personnel and participants doing clinical study as needed inspections may need to verify whether the clinical investigators or sponsors or other service providers are qualified by training and experience to conduct the study and inspectors determine whether it's those who use the electronic systems are provided training to perform the specific operation before use sponsors investigators and other regressive entities are required to retain electronic records for prescribed period of time there are various ways to retain electronic records including in durable electronic storage devices and using Cloud Computing Services sponsor investigators and other service providers should ensure that the confidentiality Integrity of original data and the meaning of the records are preserved the relationship between the characters Source data and all Associated data should be preserved in a secure and trustable manner during inspection if they may requests review record is including all Associated metadata the auditorial information to reconstruct the clinical investigation when systems are decommissioned it cannot be recommissioned sponsor should ensure that files containing the metadata are retained and can be linked to corresponding data elements three inspectors May verify that the sponsor maintain uh require a curds for the prescribed or pre-specified period of time inspectors try to determine if the sponsor had a process in the procedure for retention and access to oracurdism data including metadata associated with those records during inspection if the inspectors May verify that the investigators maintain required record this example would be like history performance informed consent medical records and progress notes from patients and records of the disposition of drug including dates quantity and the use of distribution product by subject is for the prescribed period of time sponsors and investigators are required to retain the study related records discussed before and for two years after drug approval or if the drug is not approved until two years after shipment and delivery of the drug for investigational use is continued and FDA has been notified for digital Health Technologies and for inspection purpose electronic Source data are considered to be located in the first durable electronic data Repository they currently does not intend to inspect individual digital Health technology for Source data however if they may speak data located in the first durable electronic data repository as applicable all Associated metadata should be securely transferred to and retained in the durable electronic data Repository during inspections if the inspectors determine if the sponsor provide the clinical investigators or to other stakeholders with information necessary to conduct the investigation properly prior to start of the clinical trial sponsor of research of services including those Outsourcing service providers and activities associated with investigation should ensure that clinical trials are performed ing to the protocol investigational plan and ing to gcp as well as the Apple a couple everyday with three requirements if the inspection will review and devalue the sponsors oversight of services with focus on service that apply significant role in the clinical trial the inspection also tried to determine if the sponsor has the processes and procedures for selection of services and activities and determine what criteria the sponsor may have used to identify and select the service providers and whether those service providers made the pre-specified criterias for outsourcing Services inspectors may call like copies of the agreement with the service providers between service providers and sponsors they may determine if personal roles have appropriate qualification in training and they may look into standard office procedures and other relevant documentation to to understand the sponsors processes and they may review the sponsor communication with third party Soul service providers documentation for electronic systems by the sponsor or cro or other regular entities should be based on the nature of the electronic system the intended to use and the functionality of that electronic system and the purpose and the significance of the record as well as the criticality of the data generated from the electronic systems for each study specific protocol the sponsor or cro or other religion entities should identify the electronic systems used to capture collect and create a modify and maintain or archive and retrieval transmit electronic curves pertinent to the clinical investigations sponsor or cro or other regulated parties should provide documentation addressing important element such as system setup and installation and system maintenance validation plan and validation reports the user acceptance test reports and changes control procedures the list goes on and all the trail information and training information and so forth similarly at the investigative site information regarding electronic system and or controlled by the sponsor and cro usage investigation should be available the sponsor should provide the clinical investigators with that information this information may include policies and procedures related to system account setup and system management related to access controls and user access privileged system user manuals and system training materials and Records the investigator should retain the such information for review during regulatory inspection in summary understanding the revised draft guidance in connection with inspection is crucial to ensure that clinical trials are conducted in ance with regulatory requirements before ending this presentation it would be uh useful to emphasize the following points electronic records used in clinical investigations should be fit for purpose sponsors or investigators or other regulated entities should use risk-based approach for Designing and utilizing computer systems that are important in conducting clinical trials or regulated research by focusing on the data and the processes that matter most basic requirements I.E predicate rules for clinical trial data do not change for people uh computer or electronic records or hybrid approach inspections how to access responsibilities for activities related to maintaining electronic system data integrity and procedures and controls for electronic recurs such as Access Control or the travels electronic system validation training of users and having appropriate standard procedures or documentation for use of the electronic systems thank you for your attention and I'm happy to answer any questions thank you very much again I'm just checking that you can hear me I've had some technical difficulties getting into into the webinar um I'm just about to begin with a couple of questions um so let's see uh a lot of questions in here let's try this one we're an electronic medical record service as a source documents in a clinical trial should the EMR be part 11 compliant so again when using an electronic health record as a source document which is the electronic Healthcare could be part 11 compliant um I can start answering that one and perhaps others can participate uh we've stated in Prior guidance on your exports electronic Source documentation that we do not expect electronic health records in themselves to be part 11 compliant they're not under the jurisdiction of FDA but once those records are transported into an electronic data capture tool used by sponsors that is the point at which party 11 compliance is required I don't know if anyone else on the on the panel has any thoughts uh that's that no I have nothing to let add butter greetings everybody we'll be getting back to the Q a shortly uh Leonard we do have you off mute we can hear you uh typing back there so if you've got another question ready to go uh feel free to read that out to folks and and if you want to direct that to specifically to Casa or Beth to get them to weigh in that'll be the best way but since you're off mute Leonard please feel free to go ahead and and bring up the next question all right it looks like Leonard is having a little bit of issues with his microphone uh Ray Ford is there any chance that you might be able to uh step in and and take over uh reviewing some of the questions absolutely uh we have a question that came in for Beth kankowski and here is the question uh for Beth can you please explain the relevance of 21 CFR part 11. to real world evidence studies intended to support new drug applications thanks I'd be happy to uh question one of the guidance actually uh touches on this a little bit and that's um now many clinical uh trials are actually using real world data and um a lot of these uh data sources come from uh systems that were not uh originally considered part 11 compliance such as a EHR or a registry we recognize that there really is no way to make that Source data on part 11 compliant um so you can still use that however um there's a burden associated with that to the sponsor where they need to ensure the quality and integrity of the data they're using to support their marketing application um so it takes a little extra legwork on the sponsors part to really try to understand where that data come from and to ensure the Integrity of that data um but it is definitely um something that we are starting to see on a regular basis now thank you for responding to that question we've got a few more questions for you uh I'm Beth kankowski and here's the next question scan and regarding scanned records and storing in the electronic systems does this fall into the definition of electronic records uh yes um the this guidance in particular definitely speaks to um scanned uh electronic records that might be stored in an electronic system um that many um Industries are now moving towards totally paperless systems and so um yes those would certainly still be considered electronic records where part 11 applies thank you for responding to that question we we have a truckload of questions here for you uh Beth kankowski so here is the next question as you mentioned that electronic records can be used to replace the original records is it only for clinical documents or in a commercial environment as well uh well Ray I can't really speak to the commercial environment we um the context of the guidance in part 11 in particular is a clinical investigations and the marketing submissions to the FDA um so we're really looking here at the clinical investigation documents um so I can't speak to the commercial side of things thank you for responding to that question moving on to the next question that came in we have a few more for Beth kankowski and here's the next question do documents need to be certified if they are moved from an electronic format into another electronic platform for example from a network drive into a validated etmf platform Sanctuary uh so I'm trying to make sure I understand that question correctly in that um not all electronic records need to be certified but um I guess we tend to think more of electronic records as kind of the view access of you have that original electronic Source documents and there will be many parties that have access to that and the ability to see it if you are truly moving a document from one place to another there does need to be a trail associated with that so that you can ensure the Integrity of that record in particular that and that it has not been altered um so that technically could be uh considered a certification process it um kind of depends on the context [Music] thank you for responding to that question we're going to move on I saw a question highlighted for Casa yalu and here is the question and it's regarding record integrity there are often times a sponsor wants to remove a data field from an ecrf that held data they are adamant and say that they will write a note to file saying that they are aware that removing the field will remove data as well is a MTF acceptable all right thank you for the question and uh uh any changes that would be made on electronic case Report Form should be agreed with the response that with the clinical investigator the investigator should agree the changes that would be made to the Acra as you know I mean regarding the the Integrity of any kind of Records there is no difference between paper and electronic therefore the ecrf should reflect what the confiscators clinical investigators have captured in the source and therefore that needs to be looked at from data Integrity perspective and if a change has to be made the sponsor should communicate and the clinical investigators have to have the agreement and the rational to make those changes and inspectors and Regulators such as FD should be able to understand exact exactly what those changes were and how those changes were made and that's what I would say thank you very much back to you thank you for responding to that question do you have another question for uh for Dr yalo and here is the question our responsible our sponsors responsible and expected to ensure that the cro electronic systems are validated to comply with part 11. yes and um yeah the sponsors are responsible to ensure that the system not all the systems the relevant systems based on risk assessment um are appropriately validated either by looking into the documents certain parties like service providers like cro have or by potentially considering validating that system therefore yes they would be responsible if the responsibility is transferred to the cro and meaning written agreement if that that responsibility is transferred to cro we would like to see if the sponsor has actually some documentation to know the system they will be using for their Studies have been properly validated or there are documentation to help the validation had occurred again I mean it depends on the the particle system the intended purpose of that system not all systems uh do require the same kind of the same scope of validation or information if it is for example that I can throw this something that to capture patient safety or or primary endpoint really important items for the study it is very important for the sponsor to ensure that the CR also service providers have the proper validation for that system at the beginning of the use even when during the study when things change back to you right thank you for responding to that question moving back to our other panelists Beth kankowski we're still working with our Tech Team to help Dr sax and here is the next question for Beth kankowski could you please provide further information on the acceptability or the non-acceptability of thanks I'd be happy to talk a little bit about uh or adobe sign or any of those um there are many third-party electronic uh signature Services out there and my understanding um specifically speaking um we we've worked with and my understanding is they have a specific life sciences or Health Sciences um package which they have um worked to ensure that it complies with part 11 um and so it is really up to the sponsor and that um third-party electronic signature service vendor um to work out and ensure that you are using the part 11 um compliant system I recognize there's actually a higher cost associated with on that but that is um intended to ensure that it is specifically compliant with part 11 and that does apply to um as I said there are several um commercial uh electronic signature Services out there and my understanding is that they all offer fairly comparable um packages that um they have specifically validated to be ensure that they are compliant with part 11. foreign thank you for responding to that question we do have a few more questions for Beth kankowski and here's the next question can edcs be owned or hosted by sponsors with the appropriate safe security safeguards or must they only be under the control of a third party or a clinical trial side thank you uh no they can be um hosted or sponsored by um anyone pretty much there are now many third-party um and specific clinical trial um systems that are out there um however the it's always the sponsor's responsibility to ensure that it complies with part 11 but you are welcome to provide those Services um within your own company or to um contract that out to a third party yeah thank you for responding to that question we have one more question this round for Beth kankowski and here is the question when certified copies are made does this mean that we do not have to retain the original record uh thank you and uh that one is is another it depends uh the games talks a little bit about um when you are if you make a certified copy of a paper copy um and many times you are still going to retain that original Source record um if in many times now we are moving from a paper record to an electronic record and therefore moving to a paperless uh system um many times that is possible however um we also have a guidance that talks about electronic Source data and there are some times when you do want to retain that original paper uh Source data record uh so it does depend uh in what context uh you are moving from a paperless to an electronic system thank you for responding to that question we're going to move back over to Dr casayalu got a few questions that came in and here is the next question or here's the first question is an audit Trail review only recommended or is it mandatory uh auditory review is recommended and uh that I mean audit Trail is as I think during the presentation mentioned very important uh procedure to ensure data integrity and also Diamond to inform the sponsors and clinical investigators and how the data had been modified and who may have modified the information before it is critical for data integrity and the proper review of that or the trail by all stakeholders at the sponsor level as well as the clinical investigator level is uh Paramount and as most of you know we have enforcement discretion for during inspection for the audit Trail and but the audit Trail I mean just won't be interested in our detail when there are certain concerns and it would benefit the sponsors and other stakeholders to have a periodic review of or detail which doesn't happen often at least based on anecdotal experience and there are recommendations and white papers out on how to review the audit trail and I suggest that people to look into those kind of guidances on how to do the transformative studies and again it is very important to focus on on all details for the important elements risk-based kind of review of OD trails back to YouTube thank you thank you for responding that question we do have another question and here's the question are there any regulations or guidance documents that prohibit the use of USBS in a GMP environment there may be cases where USBS are needed to to be used for data transfer uh I I am and I think as uh the introduction um it's tasted not from the GMP and I am from the clinical compliance evaluation but the principle is the same I mean the USB is just a hardware a device to collect information or to gather and capture information and the expectation would be the same uh just like any other electronic record and there is no any uh regulation that provides the use of the USB and of course I mean people may be talking about the safeguards right the potential security concerns in using USB that needs to be taken into account but there is no regulation or a guidance that probably the use of USBS thank you very much thank you thank you for responding to that question we've got a couple more questions for Dr yalo and here's the next question should all metadata be required or is relevant metadata retention enough that's a great question actually it is I mean I think Ice Age guidance may have something and we encourage people to focus on relevant data whatever processing the procedures the focus should be in doing the the the the the the expected activities for Relevant data and the risk-based approach or the risk proportionate approach is intended to encourage all the stakeholders to focus on relevant data back to you worry thank you for responding that question we've got a couple more questions that came in for Dr yala and here's the next question it's a recommended to retain paper copies of side 1571s or 1572s if there is a retained electronically they're retained electronically with certification no there is no requirement to have uh to have both if the source originally is the information is captured electronically unless um a person wants to have additional copy that is not such a requirement to have a paper record uh thank you all right all right we have one more question this round for Dr yellow and here's the question EMA guideline on CS is focusing on the dynamic file retention for data metadata captured dynamically the FDA document seems to accept static forms of retention of data is this correct if yes is there a specific reason for the different approach foreign that is correct and that's also a great question um and FDA also prefers to have Dynamic data when it comes to assessing metadata or OD 12 however we recognize also in some instances and some stakeholders may not have that ability to have the dynamic data and they may have a static data like such as like a PDF document containing information related to audit Trail um that's the reason why we are impressing balls but we recommend and if it's possible to have the dynamic data and because it allows us easily to to navigate through the audit Trail to review and verify the audit Trail and it's a similar somehow similar to what they may suggesting except that we recognize that some someone stakehold ability to generate Dynamic data instead they may have the static data thank you back to you Ray thank you for responding that group of questions we're going to move back over to the top of the lineup Beth kankowski we've got some more questions that just came in and here is the first question are all individual electronic signature users required to submit a letter of non-repudiation thank you Ray uh yes um part uh 100 uh c one of the uh regulations that's not about non-repudiation letters and and it is a required part of the regulation uh what we do see most uh sponsors do is submit one General letter for their entire organization and in that letter it specifically says anyone um it's just a broad overarching anyone within our company um did submits the letter um we are certifying that the handwritten signature is equivalent to a electronic signature thank you for responding to that question we've got a few more questions that came in for Beth Gronkowski and here's the next question our em system does our EMR system does not have a part two sort of a certification available to us I told them they must provide it and they say it is not required is that true uh part 11 certification yes uh so most uh electronic medical record or uh electronic health record systems are not um part 11 compliance um and we do have a a specific guidance that talks about electronic health records and in that guidance there is um additional information on why we recognize that many of these are not uh organizations are not regulated by FDA and so we can't uh enforce part 11 compliance on many of these uh systems that uh most hospitals use thank you for responding to that question we've got a few more questions that came in and here's the next question every entry in electronic record for clinical for a clinical trial needs to have an eSignature or could we leverage a risk based approach to determine where eSignature is required or where the login information is enough to attribute the data entry thank you for [Music] thank you for sure what is meant is meant by chronic record of a clinical trial does that have to have a signature uh in general not every electronic record in a uh investigation actually needs to have an electronic signature there's actually only a handful of uh required records that require electronic signatures such as the 1572 investigator agreements um and those are the ones that you should focus on ensuring you have a electronic signature that is compliant with part 11. thank you for responding to that question we've got a couple of questions and here's the next question is there a way to confirm if a sponsor that has been working with FDA for several years has filed a letter of repudiation if this isn't clear due to staff turnover if not how should the letter of repudiation be addressed resubmit and possibly risk a redundant submission thank you for that question um there is not a specific uh method to verify that you have submitted a letter of non-repudiation and that it is on file um now that we are using the electronic submission Gateway um in order to gain access to that system um you generally have been required to submit a letter of uh non-repudiation so that should be one way to be able to gauge if you have that account and can currently access it um it likely has been submitted however if you weren't sure um feel free to go ahead submit that again uh now again you can do that electronically and you don't need to send the paper copy thank you for responding to that question we've got one more question in this round before moving on to the next panelist and here's the final question for Elizabeth kankowski in this round acknowledging that signature is drawn with a finger or stylus or actually handwritten signatures would this extend to signatures drawn using a computer mouse for example signature is drawn using a computer mouse versus a finger or stylus can vary greatly in quality and execution foreign sure I can speak a little bit to that um section 11.3 of the regulation defines handwritten signatures and in that it says the act of signing with a writing or marking instrument such as a pen or Stylus is preserved um I could probably argue that if you it is the act of signing that is being preserved even if you are using a mouse um so that is probably a reasonable way to use a handwritten signature however as you mentioned that it's often not the most legible formats um so I don't know if that would be recommended but um it is truly the active signing that is preserved that we are most interested in for considering something a handwritten signature yeah thank you for responding to that group of questions we're going to move on to Dr akasi Allen for this next round of questions and here's the first question is it necessary to validate the systems that are used for studies which are not intended for regulatory submissions well thank you very much for the uh thank you for the question um for regulatory purpose I mean the the recommendation or the draft guidance that we are discussing today is mainly addressing uh the studies uh um that are being regulated by FDA or will be included by FDA therefore the recommendation about validation is related to um regulated research however I mean sometimes people start with um with the purpose to just to conduct a study that they may eventually use the information for regulatory purpose and having a validation is not going to in any way harm but it's up to the sponsor or the stakeholder to determine um whether to conduct validation or not for for system that are intended for non-regulated uh activity that's what I would say thank you very much Ray back to you thank you for responding to that question we've got a couple more questions that came in for Dr yala and here is the next question does FDA expect direct access to the EMR systems to verify data during an inspection or certified copies generated from such systems adequate um the the FDA during inspection would like to access I mean that's that's applicable the The Source uh the source system in in this case I think the example the person provides anymore and um if it is if they email if the IMR is used for regulated activity we would like to have direct access as Apple coupled but um a certified copies of electronic records or paper records would be also acceptable and of course the expectation is certified copies or uh they they would need to contain the appropriate metadata and the audit Trail and they should be preserved the way they origin they were originally created and therefore both options are possible but if there is an original Source required this and during inspection we would prefer to access the the sorcery code if it is available back to you right thank you thank you for responding to that question we've got a couple more questions and here's another question on part 11 of paper records does part 11 apply to paper records kept in lieu of electronic records would it apply to computer printouts of source documents initially recorded on a personal or business computer and if somebody uses a computer just to to generate for for the paper printout that that computer for example a Word document that computer Maybe as as uh as a typewriter but it should be I think it's very important when we talk about electronic records from creation to archiving um the artists I mean if they intentionally the computer system was used to generate records for regulatory purpose that would be the source but printout is not going to be that that would be considered other people and not sure if I answered the proper question the other question properly and maybe missing some some elements but to just if a computer is used to print out something uh that's not going to be uh considered as electronic record back to you right I'm sorry thank you for responding that question we have one more question for uh Casa yalo in this round and here is the question when inspecting clinical research sites using sponsor provided systems and that Integrity concerns are discovered regarding missed entries possibly due to computer glitches would that be a side level violation failure to report or a sponsor level violation failure to have adequate systems it could be balls and uh but it depends and if the missed entry is related to for example to a clinical investigator activity um that could be related to the kind of mosquito responsibility it could be also system related it could be if the system is owned by somebody a third party or a sponsor potentially that could be also a result of that system therefore as discussed and during the presentation that tells us there is an issue with it that it's a system that potentially impacts data Integrity or data reliability at the end what matters is what was that missing entry if it if it is very relevant if it is important to patient safety to data reliability and data Integrity we may take that seriously but if it is something that that doesn't impact the patient's right the patient safety and the well-being as well as the data reliability integrity and it doesn't impact the the expectation by regulator is that may be okay too therefore um the the violation could be of the investigator site it could be a boss or it could be at the sponsor thank you back to you Ray thank you for responding that group of questions moving back to our other panelists we've got a few more questions that came in for Beth kinkowski and here's the first question does the statement please use the Adobe Acrobat self sign plug-in to insert your signature on fillable FDA forms outlining the policy's guidance on important information about digital electronic signatures still apply for FDA submissions for FDA forms and cover letters uh thank you Ray uh yes and that is still a valid form and the instruct you should follow the instructions on any specific FDA form before it is submitted thank you thank you for responding to that question we've got a few more questions and here's the next question what kind of certifications or documentation are required to be furnished by the commercial off the shelf electronic signature platforms to confirm that they are part 11 compliant does FDA look into those documents or is it the customer's responsibility for the verification part uh thank you yes uh section c of the games on Information Technology service providers and services talks a little more about kind of the relationship between the sponsor and any um third party IP service providers and what information needs to be on file versus [Music] um provided by the the third party um so usually the the third party or vendor has a lot of that information available um but then it is the regulated entities responsibility to review those documents and ensure that part 11 compliance is met um if you then are inspected um I think question um 19 of the guidance talks a little more of the FDA might look into that um but it's the sponsor's responsibility um to have that information available thank you for responding that question got another question on part 11 and here's the question are there any plans to update part 11. thank you Ray uh I cannot say that the recent technical amendment was actually a um pretty exciting undertaking to uh no longer require paper records um so we do consider that a update to the regulation um and as Leonard mentioned uh part 11 is more than 20 years old a lot of changes have taken place um in the electronic world since then um however our regulation process is well on the slow side um we've certainly talked about it but nothing is going to happen uh very quickly if we were to do something we would certainly go out um with a draft that would be open to comment um and would then be taken under advisement before anything was made final um so we certainly have talked about it um but it's not a speedy process thank you for responding that question we've got a question that came in on DHT and here's the question when DHT is used for trial which uses public network to transmit data to sponsor and the DHT is not meeting part 11 requirement can the data received by the sponsor is it considered as a source or raw data ah thank you uh the uh the DHT section of the games I think it's question uh 23 talks about the The Source data collected by the DHT and that we are considering once the data is transferred to the first durable electronic data repository um that is what is truly considered your Source data and we are not uh expecting part 11 compliance with the DHC itself thank you for responding to that question got a couple more questions for Elizabeth kankowski and here's the next question what if a clinical document is wet signed but has a typed in date for example 1572. should that adhere to the part 11 rules and be rejected from a compliance perspective thank you Ray uh and it's not clear if it is a paper or electronic document if it is um a paper document um with a wet signature um the the date um could be handwritten or typed um with an electronic record um also it if um it can have a handwritten uh signature um in the date to be typed in thank you for responding to those questions moving back over to Dr casayalu we have a very long question and we're gonna have five minutes left we're going to try to get this in and here's the question where multiple organizations are involved in a clinical investigation like a sponsor Sierra cro an investigator site what are the expectations of FDA for meeting the general requirements of part 11.100 is the sponsor required to ensure unique signatures and verify the identity of signatories of the third party organizations when signatures are required on study records for example training records reports study logs would an agreement between all parties stating that they will ensure part 11.100 requirements be met within the organization is that acceptable thank you Ray thank you for the question um respective of the number of I I think on most of the studies involve a lot of organizers these days and the expectation in terms of complying part 11 would remain the same whether the organization a single organization or multiple organization of course it depends on the role the different organization in the stakeholders would apply if there is for example a contracted kind of a cro kind of activity and if the cro takes that particular responsibility one may expect that the cro to take that responsibility for the function but if there are like service providers or traditionally we call vendors and it will be up to the sponsor to ensure those parties meet the the part 11 expectation and it is very important that I want to emphasize uh to to to to know the requirement to under the predicate rule because the predicate rule mandates what what we're doing is probably with party 11. or are the records required records to have signature electronic signature or verify uh the people who would be doing signing on those on those documentation and that that may help to to to narrow down uh on the expectation therefore it's up to the sponsor to identify uh those kind of activities first and uh to make sure that whether those activities are are required by the predicate tool and then of course uh verifying those people if they if the for those activities that are required under the predicate rule to ensure that people who will be signing uh have the proper verification uh thank you very much back to you thank you for responding to that question we've got just beyond a minute left we're going to try to get in one more question for Dr yalu and here's the question will FDA still evaluate or have already evaluated on the content of the mhra guidance on tat Integrity the EMA guidance on computerized systems to align on the requirements and is there any collaboration between the regulatory authorities yeah that's a great question thank you Ray and thank you for the question as well yeah FDA has a long-standing collaboration with both organization Museum as well as a mhare and we do exchange information and we do work uh to to converge our processes our expectations and um as you know one one tool is for example u