Electronic medical records and other electronic systems are ubiquitous sources of the source data for clinical trials. There is confusion and misinformation about the FDA requirements from such data particularly in pragmatic trials where the clinics participating in the clinical trial also provide health care services. FDA’s new guidance on the topics answers many common questions.
Two core rules play a role in compliance with FDA requirements: Good Clinical Practices (GCP) which governs the conduct of the site staff and investigators, and 21 CFR Part 11 (Part 11), which describes the authentication and control of the electronic data. The guidance answers common aspects of those rules applicable to the use of electronic systems and technologies such as Electronic Medical Records (EMR), electronic signatures, and other electronic documents for clinical trials. The guidance document discusses five areas of electronic documents.
EMR does not need to be Part 11 compliant but once the data is moved to the Electronic Case Report Forms (eCRF), also called Electronic Data Capture (EDC) systems, it must be compliant with Part 11. That said, sponsors are responsible for ensuring that the electronic systems used as their clinical sites are appropriately validated for use in their trial, and the quality and integrity of the EMR data. It does not matter if the data was generated in the US or elsewhere.
Certified copies of the data can be used in place of the original record. Records can be stored remotely on the cloud and do not need to be physically at the site. FDA will verify all relevant aspects of the electronic data similarly to the non-electronic data with added emphasis on quality and integrity control measures. Audit trails should record deliberate actions that a user takes to create, modify, or delete electronic records but do not need to record all keystrokes.
Sites can use any IT service providers to maintain their systems provided they have quality agreements and appropriate policies to regulate all aspects of their service. The service provider must have a documented quality management system related to their service. FDA may audit the IT service provider. Any mode of electronic signature is acceptable so long as it is verifiable, attributable, and controlled.
The guidance document includes 29 questions spanning 5 areas of compliance and is a great resource for sponsor-site discussions when setting up to use the site’s existing EMR and other electronic resources.
