|
|
The benefits of electronic signatures and record keeping are significant. It increases the speed of information exchange and advanced searching capabilities, reduces the cost of record keeping storage space, increases data integration and trending information, improves product quality and consistency, and reduces vulnerability of signature fraud and report misfiling. If you choose to use electronic records that are electronically signed in lieu of paper records, then the FDA can audit your process for Part 11 compliancy and may cite you for failure to comply.
Specific Requirements
21 CFR Part 11 requirements are very specific on the use, management, and composition of electronic signatures. Electronic signatures are defined as “a computer data compilation of any symbols or series of symbols executed, adopted, or authorized, by an individual to be the legally binding equivalent of the individual’s handwritten signature.” Organizations must certify to the FDA their plans for using electronic signatures. Each organization must deliver to the FDA its corporate electronic signature certification, which documents the recognition that electronic signatures are the legally binding equivalent of handwritten signatures. A written policy must exist that holds individuals accountable and responsible for actions initiated under their electronic signatures. Electronic signatures must be unique and may not be re-assigned or re-used.
E-Signatures are an Optional Approach
The FDA is not forcing companies to implement electronic signatures and electronic records. Many companies continue to use paper-based signatures and records. The FDA is enforcing requirements for companies choosing to use electronic signatures. Simply capturing the logged-in system user's name does not meet the requirement of "capturing an electronic signature" as the currently logged-in user isn't necessarily the person performing or verifying an operation. Applications should be designed to ensure point verification for each operation.
Protecting Identities
The identity of the individuals receiving the electronic signature must be adequately verified prior to giving the signature user any component of an electronic signature. If a system was in use prior to 21 CFR Part 11 compliance initiatives, all user-ids and passwords must be re-issued in accordance with 21 CFR Part 11 requirements. Signed electronic records must contain the name, date and time of signing, and meaning of the signature. These four components must appear in every human-readable form of the electronic record. Date and time stamps must be applied automatically by the system, as opposed to relying upon user input. Further, the system must indicate when a user is signing on a behalf of another.
Survival is not Optional
Creating policies and procedures to manage electronic records and electronic signatures in FDA regulated businesses are necessary tasks to meet 21 CFR Part 11 compliance for any covered organization who wants to use these time-saving technologies. Additionally, it is also a necessity that such organizations create an effective and efficient method for communicating these policies and procedures, and for ensuring the understanding of the personnel working with the electronic signatures and electronic records. An FDA governed organization following the approaches provided through HQMS can successfully meet the policies, procedures and awareness training requirements of 21 CFR Part 11.
Preserving Electronic Records
Methods of preserving electronic records, including content, structure, context, audit trail and other security attributes; migration from one file format and computing platform to another; ensuring accessibility by end, especially when archiving to an environment different from the one in which the records were initially created. Development Implementation. Complete record tracking & archiving of electronic records are handled by HQMS in the following ways:
- Field Changes – The system will keep track of every change made to any field in the detail pages, including original & new values. An “Event Log” screen will be added for users to review all the changes made to every record. This includes data changes, attachments, emails, references, and printed reports.
- Deleted Items - Records will not be deleted from the database; rather, they will be archived. A new “Deleted Items” screen will be added and will only be available to System Administrators for review. Deleted items cannot be restored. System Administrators will be able to view a detail report of the deleted record, view the Event Log for the deleted item, and view the E-Signatures of the particular record.
- Record Archiving – In contrast to Deleted Items, the Record Archiving feature “marks” the records as archived (or inactive) instead of deleted when a certain amount time elapses after the record has been closed. These records will be excluded by default from the list queries to improve performance and focus the user on Open & Overdue items. Archived records could be retrieved by explicitly selecting the “Include Archived Records” option in the Query editor screen.
- Database Backup – Available only for Microsoft Access databases, an option to back-up the database will be available from the Database Configuration screen. For SQL Server, and other server-side database engines, the back-up function must be setup and maintained by System Administrators.
|
|
HQMS Links
Check out the following links:
|