The final article of the cycle provides additional clarifications regarding certain specific aspects associated with the use of electronic records in the context of clinical investigations.
Table of content
The Food and Drug Administration (FDA or the Agency), the US regulating authority in the sphere of healthcare products, has published a guidance document dedicated to electronic systems, electronic records, and electronic signatures in clinical investigations. The document provides an overview of the applicable regulatory requirements, as well as additional clarifications and recommendations to be taken into consideration by medical device manufacturers, sponsors responsible for clinical investigations, and other parties involved.
At the same time, provisions of the guidance are non-binding in their legal nature, nor are they intended to introduce new rules or impose new obligations. Moreover, the authority explicitly states that an alternative approach could be applied, provided such an approach complies with the relevant regulatory requirements and has been agreed with the authority in advance.
In particular, the present guidance provides critical insights into the management of digital health technologies (DHTs) for data collection in clinical investigations and the proper use of electronic signatures. It clarifies the FDA’s inspection focus concerning DHTs, outlines the requirements for secure electronic signatures, and describes acceptable methods for verifying identity and ensuring the authenticity of electronic signatures.
The guidance ensures that clinical data collected via DHTs and signed electronically comply with Part 11 regulations to maintain data integrity and authenticity.
FDA’s Inspection Focus for Source Data from DHTs
For clinical investigations using DHTs, the FDA does not intend to inspect the devices themselves for source data verification. Instead, the FDA considers the source data to be located in the durable electronic data repository (e.g., EDC system, cloud-based platform) into which the DHT transmits the data via a secure, uninterrupted connection.
The transmission process must follow a pre-specified, validated plan, including an information security plan. During an inspection, the FDA may verify the data submitted by the sponsor against the electronic source data stored in the repository.
Electronic Signatures in Clinical Investigations
An electronic signature, under FDA regulations, is a data compilation that serves as the legal equivalent of a handwritten signature. Electronic signatures associated with electronic records that meet Part 11 requirements are generally considered as reliable and enforceable as handwritten signatures.
Key requirements for electronic signatures include:
- Printed Name and Timestamp: Signed electronic records must display the signer’s name, the date and time of signature, and the meaning associated with the signature (e.g., approval or review).
- Link to Record: Electronic signatures must be securely linked to the record, preventing removal, transfer, or falsification. Any changes made to a record after it has been signed must be captured in the audit trail.
Part 11 does not specify any particular method for generating valid electronic signatures.
Acceptable methods include:
- Computer-readable ID cards;
- Biometrics (e.g., fingerprints or facial recognition);
- Digital signatures;
- Username and password combinations.
Regulated entities can also use commercial electronic signature services but must ensure that these services comply with Part 11 through appropriate validation processes.
Handwritten Signatures on Electronic Records
Signatures drawn with a finger or stylus on a mobile platform are considered handwritten signatures, not electronic signatures. A handwritten signature executed on an electronic record must be linked to that record in the same way it would be on a paper document, ensuring the record’s authenticity and preventing tampering.
The FDA does not prescribe a specific method for verifying the identity of individuals who sign electronic records.
However, regulated entities can use several methods, such as:
- Government-issued identification;
- Security questions;
- Strong digital login credentials with multi-factor authentication;
- Video observation.
The method chosen must ensure that the person signing the electronic record is properly authenticated.
Biometrics, such as fingerprints, retinal patterns, or voice prints, are used to verify an individual’s identity uniquely and reliably.
Electronic signatures based on biometrics must ensure that only the genuine owner of the biometric data can use the signature. These signatures are considered trustworthy and reliable if they meet the requirements of Part 11, and they should not change over time.
FDA Certification of Electronic Signature Systems
The FDA does not certify electronic signature systems. However, the FDA considers electronic signatures trustworthy and reliable if the systems generating them meet Part 11 requirements, regardless of the technology or vendor used.
Users of electronic signatures must submit a letter of non-repudiation to the FDA to certify that the electronic signature is intended to be the legally binding equivalent of a handwritten signature. Organizations can submit a single letter covering all electronic signatures used within that organization.
Conclusion
In summary, the present FDA guidance provides clarity on the handling of digital health technologies and electronic signatures in clinical investigations. Regulated entities must ensure that DHTs used for data collection transmit information securely to a durable electronic data repository. Additionally, electronic signatures must meet Part 11 requirements, including the use of secure methods for identity verification and linking signatures to the respective electronic records. These measures ensure the authenticity, integrity, and legal validity of clinical investigation data, maintaining FDA compliance throughout the trial.
How Can RegDesk Help?
RegDesk is an AI-powered Regulatory Information Management System that provides medical device companies with regulatory intelligence for over 120 markets worldwide. It can help you prepare and publish global applications, manage standards, run change assessments, and obtain real-time alerts on regulatory changes through a centralized platform. Global expansion has never been this simple.
