Capturing and Reporting Electronic Data - ACS Publications

Have time-sequenced development and modification of the system's documentation for .... all versions of the software applications, software developmen...
0 downloads 0 Views 1MB Size
Chapter 13

Good Laboratory Practice Considerations for Electronic Records Kendy L. Keatley Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013

Gilead Sciences, Inc., 2860 Wilderness Place, Boulder, CO 80301

GLPs are in place to ensure both data quality and integrity. The use of computerized systems and data exchange between systems external to one another dictates the creation of electronic records. As such, these records are subject to the same GLP parameters as paper records. The data must be accurate, authentic, attributable, current and legible. The regulatory guidelines below, although not all inclusive, address implementation and consistency of electronic data interchange, and promote the integrity of any data created, modified, maintained, archived, retrieved or transmitted via computerized systems.

Both the United States Environmental Protection Agency (EPA) and Food and Drug Administration (FDA) have issued regulatory documents to address electronic reporting to the Agencies. Two comprehensive and useful Electronic Data Interchange (EDI) guidelines in place by the EPA are the EDI Implementation Guideline (1) and Federal Register Notice Interim Final Notice, Filing of Electronic Reports via Electronic Data Interchange (2). EPA

86

© 2002 American Chemical Society

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.

87 has also issued the Cross-Media Electronic Reporting and Record-keeping Rule, otherwise known as CROMERRR (3). Although the proposed rule was signed, it is pending publication in the Federal Register while under review by the Bush Administration. The FDA's Guidance for Industry, Computerized System Used in Clinical Trials (4) addresses a number of GLP aspects of

Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013

electronic records applicable to all areas of the GLP arena. The FDA's Electronic Standards for the Transmission of Regulatory Information (ESTRI) Gateway to define strategic plans for electronic submissions to the Agency is currently underway. The Agency already has in place Guidance for Industry, Providing Regulatory Submissions in Electronic Format - General Considerations (5). In addition, applicable to the scope of all electronic records and signatures is 21 CFR Part 11, FDA's Final Rule, Electronic Records; Electronic Signatures, effective August 20,1997 (6).

21 CFR, Part 11; Electronic Records; Electronic Signatures Before the above cited guidelines can be applied, knowledge of the Final Rule for electronic records and signatures is necessary. Following are the provisions of Subpart Β - Electronic Records and Subpart C - Electronic Signatures.

Subpart Β - Electronic Records (§11.10) Controls for closed systems (environment in which access is controlled by persons responsible for the electronic records). Persons using

closed systems to "create, modify, maintain, or transmit electronic records" need to employ the following procedures and controls, and ensure the signer cannot repudiate the records as not genuine. • • • • •



Validate the systems. Generate accurate and complete copies of records in readable and electronic form subject for inspection, review, and copying. Protect records for retrieval during records retention period. Ensure limited access to authorized individuals. Use secure, computer generated, time stamped audit trails for date and time of operator entry/action to create, modify, or delete records; changes should not obscure the previous record; the audit trail must be retained and available for agency review and copying. Use operational system checks to permit sequencing of steps and events.

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.

88 • • • • •

Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013



Use authority checks to ensure only authorized individuals use/access a system, alter records or electronically sign a record. Use device checks to determine the validity of data input source or operational instruction. Determine that those who develop, maintain or use the system have the education, training and experience for their assigned tasks. Have written procedures in place to hold individuals accountable and responsible for actions under the use of their electronic signature. Have controls over the distribution, access and use of documentation used for system operation and maintenance. Have time-sequenced development and modification of the system's documentation for revisions and change control procedures for audit trails.

(§11.30) Controls for open systems (environment in which system access is not controlled by those responsible for the electronic records). Persons using

open systems need to employ the same procedures and controls outlined in §11.10. Additional measuresfordocument encryption and digital signatures (signatures based on cryptographic methods) need to be in place to ensure record "authenticity, integrity, and confidentiality". (§11.50) Signature manifestations. Signed electronic records need to clearly indicate the printed name of the signer; the date and time when the signature was executed; and, the purpose (review, approval, etc.) with the signature. These items are under the same controls as electronic records. (§11.70) Signature/record linking. Electronic signatures and handwritten signatures executed to electronic records need to be linked to the respective records to ensure signatures cannot be "excised, copied or otherwise transferred". Subpart C - Electronic Signatures (§11.100) General requirements.

• • •

The electronic signature is to be unique and not reused or assigned again. The organization must identify the individual before using the signature. The person is to certify to the agency that the signature used on or after August 20, 1997, is the legally binding equivalent of a traditional handwritten signature prior to, or at the time o£ such use. (§11.200) Electronic signature components and controls. Electronic

signatures not based on biometrics (method of identity based on measurement of physical feature or repeatable action that is measurable) require at least two

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.

89

Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013

distinct "identification components", such as an ID code and password. When a series of signatures is used during a continuous period, the first executed signature must contain all of the components, while subsequent signings need only include one of the components. Signings that are not performed during a continuous period must include all of the components with each signature. Biométrie signatures should be designed to exclude use by another. (§11300) Controls for identification codes/passwords. Controls need to be implemented to ensure the security and integrity of identification codes and passwords that include the following. • • • • •

Ensure that the combination used is unique. Ensure ID codes/passwords are periodically checked, recalled or revised. Have rigorous "loss management" procedures in place to de-authorize lost, stolen, missing or otherwise compromised signatures and re-issue the signature. Use safeguards to prevent unauthorized use, and detect and immediately report these attempts to the system security unit and organizational management. Test devices that bear or generate ID codes/passwords, both initially and periodically, to ensure that they still function and have not been altered.

Review of FDA's Guidance for Industry, Computerized Systems Used in Clinical Trials Computerized Systems Used in Clinical Trials addresses various aspects of electronic records and the requirements of the Electronic Records/Electronic Signatures Rule. The Guidance outlines measures to ensure that the fundamental elements of data quality, that is, that the data are "attributable, original, accurate, contemporaneous, and legible", are met where computerized systems are being used. Although the Guidance was written for clinical trials, the principles outlined for electronic records and electronic signatures are applicable to any data where computerized systems are being used. An electronic record is defined as "any combination of text, graphics, data, audio, pictorial, or any other information representation in digital form that is created, modified, maintained, archived, retrieved, or distributed by a computer system". An electronic signature is defined as "a computer data compilation of any symbol or series of symbols, executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual's handwritten signature". Following are those aspects of the Guidance specific to electronic records and electronic signatures.

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.

90 General Principles

• • •

Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013

• • • • • •

The study protocol should define at which steps the computerized system will be used to create, modify, archive, retrieve, or transmit data. There should be documentation that identifies both the software and hardware used; the documentation should be retained as part of the study records. The original documents or records, also known as source documents, should be retained for reconstruction and evaluation. Original observations entered directly into a computer create an electronic record which is the source document. The design of the system should ensure that regulatory requirements for record keeping and record retention are met. Changes to records should not obscure the original and should indicate that a change was made; there should be a means to locate and read the prior information. Changes to data should delineate whom, when, and why the changes were made. Computer systems should be designed to meet the specified protocol requirements and preclude errors in data creation, modification, maintenance, archival, retrieval, or transmission. Security measures are needed to prevent unauthorized access to the data and the system.

Standard Operating Procedures SOPs for the use of computerized systems should include (but are not limited to) the following: • • • • • •

System setup and installation. Data collection and handling. System maintenance. Data backup, recovery and contingency plans. Security. Change control.

Data Entry Electronic Signatures

Individuals with authority for data entry need to have established electronic signatures in the form of ID codes/passwords or biométrie signatures. The data

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.

91

entry is to be attributable to the individual making the entry including changes made to any entry. The printed name of that person should be displayed on the screen at all times to preclude data entry by someone else and ensure the authority of the individual making the entries. At no time should a system be logged on to providing access by another individual. In leaving a workstation, the person should log off, the system may be designed to do an automatic log off after a designated time period. For absences during short periods, die system design should provide for unauthorized access. At established intervals, passwords and other access protections should be changed.

Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013

Audit Trails

The Electronics Records/Electronic Signatures Rule (21 CFR 11.10(e)) dictates that electronic record systems maintain an audit trail to ensure the authenticity, integrity, and as appropriate, the confidentiality of those records. As such, individuals must use secure, computer generated, time stamped audit trails to "independently" record the date and time of operator entries that create, change or delete records. The audit trail should be designed to preclude modification of the audit trail by that individual. The audit trail must be incremental and chronological, and is subject to the required record retention period of the study records. Date/Time Stamps

Only authorized personnel should be able to change a date/time stamp, and that action should be well documented. Measures also need to be taken to ensure the correctness of the stamp. Date/time stamps should include the year, month, day, hour, and minute. System Features Systems used for data (direct) entry should ensure the quality of date collection. Measures (i.e., flags, prompts or other "help features") for consistency of use, alerts for unacceptable ranges, and annotations are essential. Retrieval of Data

Systems for data entry should include features for inspection and review of the data. "Data tags" should be used to distinguish changes or deletions indicated in the audit trail. The ability to retrieve the data is a requirement even under circumstances where the system has been updated. This may have to be

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.

92 accomplished by maintaining support of older systems or by transcribing data to newer systems. If transcribed, the transcription process needs to be validated and complete copies of the study data and any collateral information should be generated. Reconstruction of Study

Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013

Not only the data, but also how the data were obtained CM- managed needs to be indicated to reconstruct a study. As such, all versions of the software applications, software development tools for processing data and the operating systems must be retained, along with the ability to run die software. Security Physical Security

External safeguards need to be in place to ensure limited physical access to computerized systems, and ensure that only authorized personnel have access. Personnel should be fully aware of the security system in place. These security measures should be outlined in SOPs. Logical Security

The logical security of a computerized system should address the internal safeguards of the system and how access to the data is limited. These safeguards should outline how data access is restricted through use of the software, log on, security procedure and audit trail. A cumulative record accessible with the system should be kept indicating the names of authorized personnel, their titles and their access privileges. If a computerized system is used for other purposes, efforts need to be made to preclude compromising the data through interaction with other software. The system should be re-evaluated if "any" software changes are made to determine changes on the logical security. In addition, controls for computer viruses should be used. System Dependability The dependability of a computerized system relies upon documentation that fully describes the hardware, software and physical environment (systems documentation). Requirements for established "completeness, accuracy, reliability and consistent intended performance" should also be met.

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.

93 Software Validation

"Off the shelf software may or may not have design level validation (software validation that takes place in parts in the software life cycle before delivered to the end user) from the vendor. Under these circumstances, functional testing of the software must be performed to determine the limitations, problems and defect corrections of the software. Software validation must be performed and have documentation in place for the following.

Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013

• • • • •

Design specification describing both what the software is intended to do and how. Written test plan for structural and functional analysis. Test results and evaluation that demonstrates the design specification has been met. Written procedures to evaluate, test and re-validate changes in the software, equipment or component replacement or new instrumentation. Documentation of all changes.

The FDA has in place Draft Guidance, General Principles of Software (7). Although the Guidance is meant to address medical device software, it is a useful guide for validation of any software either developed in house or purchased off the shelf. Validation, Version 1.1

System Controls These controls include software version control, contingency plans, and backup and recovery. Software version control should ensure that the software used as stated in the systems documentation is the version used for the data collection. Written procedures should be in place to have a contingency plan in the event of a system failure. SOPs need to be in place to fully outline procedures to prevent the loss of data and to address backups of the data. The backups need to be stored in a secure location. Backup and recovery logs should be maintained to assess, as appropriate, any losi* of data. Training of Personnel Any individual entering or processing data should have the "education, training and experience", or a combination thereof to do so. Training should be provided not only for specific operations, but also on a continuing basis, as needed, for familiarity with any changes in operation. These requirements are to be documented.

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.

94 Records Inspection The computerized system must be able at all times to generate accurate and complete copies of records in both human readable form and electronic form subject to inspection, review or copying. Certification of Electronic Signatures

Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013

The Electronic Records/Electronic Signatures Rule requires certification that die electronic signature of an individual is the legally binding equivalent of their handwritten signature (21 CFR 11.100 (c)). The certification is to be submitted in paper form with a handwritten signature.

Overview of Electronic Submissions EPA Submissions The EPA is currently in the implementation phase of the legal framework for a rule to address electronic submissions to the Agency. The rule titled the Cross-Media Electronic Reporting and Record-keeping Rule (CROMERRR), when codified, will be used for electronic reporting to the Agency. Current guidance for electronic submissions to EPA is in place under die Filing of Electronic Reports via Electronic Data Interchange (EDI). The policy includes general information for reporting of regulatory, compliance or informational purposes via EDI. The policy is meant to streamline and simplify legally admissible regulatory reporting to the Agency, and is meant to promote consistency in implementing EDI. It is important to note that electronic submissions must meet the same legal signature/certification requirements and any other regulatory requirements of paper submissions. Following are highlights of the policy, EDI is defined as "the transmission, in a standard syntax, of unambiguous information between computers that may belong to organizations completely external to each other". Currently EDI is based on standard formats and protocols under the American National Standards Institute (ANSI) Accredited Standards Committee (ASC) χ 12. EDI reporting is subject to the Agency's Terms and Conditions Agreement (TCA) which must be signed by the submitter before electronic reporting will be accepted. The TCA is used to certify and/or authenticate the submitter of reports to the Agency. Although this policy only provides a generic TCA model, there are program specific TCAs that should be obtainedfromthe Agency.

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.

Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013

95 Once a TCA has been submitted, EPA issues a Personal Identification Number (PIN). The assignment of a PIN is meant to ensure the integrity and authenticity of electronically submitted reports. The submitter's PIN must be included in all reports and is deemed to indicate authenticity. Also, responsibility and accountability for the PIN is directly linked to the individual assigned that PIN. That individual is responsible for both the accuracy and authenticity of the information submitted. It is the corporate officer of the submitter that must identify authorized personnel who may use PINs. It is also the submitter's responsibility to immediately notify EPA of personnel changes or if a PIN has been comprised in any way. The submitter must institute and maintain security procedures to ensure the security of assigned PINs. Records must be retained for the assignment and revocation of PINs. All record keeping requirements in existing regulations are applicable to electronic reporting. Submitters must retain records to ensure the authenticity, completeness, accuracy and integrity of electronic transmissions. Those records should create an audit trail for both the creation and submission of electronic transmissions. A Transmission Log is required to be kept for all parties using EDI. The Transmission Log should include the date, time, destination address and telephone number, and copy of the transmitted file. The documentation should also include who had access to the system during the creation and transmission of the files. The Log is to be retained without modification. A qualified individual with appropriate authority should be designated as responsible for the Log. The EPA EDI Implementation Guideline is a detailed reference for EDI

implementation. For updates, EPA has available Electronic Reporting at EPA: Electronic Commerce/Electronic

Data Interchange (EC/EDI) at URL

http://www.epa.gov/oppeedi 1. FDA Submissions The FDA has a number of aggressive initiatives underway for implementing electronic submission and review systems. The Electronic Standards (for the) Transmission (of) Regulatory Information, also known as ESTRI is FDA's "Gateway" that allows electronic filing of regulatory information. The Gateway applies a core set of open standards incorporating the International Committee for Hamonisation (ICH) M2 standardization efforts. More detailed information on the Gateway can be found at FDA's Frequently Asked Questions site at URL http://www.fda.gov/oc/electronicsubmissions/interfeq.htm. FDA's Guidance for Industry, Providing Regulatory Submissions in Electronic Format - General Considerations, outlines general issues common to all types of electronic submissions. It is one of a series of guidance

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.

96 documents and addresses submissions to the Center for Drug Evaluation and Research (CDER) and the Center for Biologies Evaluation and Research (CBER). Currently FDA recommends submission of Portable Document Format (PDF) files, which is a published file format, created by Adobe Systems Incorporated (www.adobe.com). The file format is intended to adhere to the requirements of the Electronic Records/Electronic Signatures Rule that includes the following.

Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013

• • • •

Enable the user to easily view a legible copy of the information. Enable the user to print the document, page by page, maintaining fonts, special orientations, table formats and page numbers. Include a well structured table of contents. Allow the user to copy text and images electronically into common word processing applications.

Some general aspects include the use of Times New Roman 12 point font, 8 1/2 by 11 inch page size with a 1 inch margin on all sides, landscape orientation, and avoiding the use of scanned documents. If scanned documents are used, the submitter needs to assure the resolution is such to allow the documents to be readable both on a screen and on paper. It is also suggested to avoid any applications that result in increased file size. The files should not include any security settings or passwords. The Agency should be able to read the file with Adobe Acrobat version 3.0 without the use of plug-ins. Although procedures for archiving documents with electronic signatures are being developed, currently, any documents requiring original signatures must also be submitted. For datasets provided in electronic format, the FDA is currently able to accept datasets in SAS System XPORT transport format (Version 5 SAS transport file). SAS XPORT is an open format published by the SAS Institute (www.sas.com/fda-esub). SAS transport files should not be compressed and should be organized so that their size is no more 25 MB per file. A single transportfileshould be used for each dataset. Recommended electronic media for submission include 3.5floppydisks, CD-ROMs or digital tape and should be sent directly to the appropriate FDA Coiter. All electronic media should be adequately secured and designated as "Electronic Regulatory Submission for Archive". The media should be labeled with the following. • •

Submission identifier. Proprietary and generic name.

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.

97

Downloaded by TUFTS UNIV on March 6, 2017 | http://pubs.acs.org Publication Date: August 1, 2002 | doi: 10.1021/bk-2002-0824.ch013

• • • •

Company name. Submission serial number. Submission date (DD-MM-YYYY). Disk/CD-ROM/tape number identifying the total number.

The FDA has established a public docket number 92S-0251 (8) that lists the FDA Centers that are prepared to receive regulatory submissions and specific records that can be accepted. The FDA intends to establish a series of guidance documents on electronic regulatory submissions for the following: New Drug Application (NDAs) to CDER; Marketing Applications to CBER; Abbreviated New Drug Applications (ANDAs); Postmarketing Safety Reports; Investigational New Drug Applications (INDs); Annual reports; Drug Master File (DMFs); Launch Material; and Advertising. Updated information on electronic submissions can be found at URL http://www.fda.gov/ora/compliance_reCpartll or by e-mailing to [email protected].

References 1. EPA, EDI Implementation Guideline, Draft of September 23, 1994 and October 18, 1994, URL http: //www.epa.gov/oppeedi1/guidelines/general.pdf. 2.

EPA, Notice of Agency's General Policy for Accepting Filing of Environmental Reports via Electronic Data Interchange(EDI),Interim

final notice. Federal Register Vol. 61, No. 172, 46684, September 4, 1996, URL http://www.epa.gov/oppeedi1/edipolic.htm. 3.

EPA, CROMERRR, Establishment of Electronic Reporting; Electronic

Records, January 19, 2001, URL

http://www.epa.gov/cdx/cromerr_rule.pdf. 4.

FDA, Guidance for Industry, Computerized Systems Used in Clinical Trials, April 1999, URL

http://www.fda.gov/ora/compliance_ref/bimo/ffinalcct.htm. 5. FDA, Guidance for Industry, Providing Regulatory Submissions in Electronic Format - General Considerations, January 1999, URL http://available at www.fda.gov/cder/guidance/index.htm. 6. FDA, 21 CFR Part 11, Electronic Records; Electronic Signatures; Final rule. Federal Register Vol. 62, No. 54, 13429, March 20, 1997, URL http://www.fda.gov/ora/compliance_ref/part11/default.htm. 7.

FDA, Draft Guidance, General Principles of Software Validation, Version

1.1, 1997, URL http://www.fda.gov/cdrh/comps/swareval.html. 8. Public Docket Number 92S-0251, URL http://www.fda.gov/ohrms/dockets/dockets/92s0251/92s0251.htm.

Garner et al.; Capturing and Reporting Electronic Data ACS Symposium Series; American Chemical Society: Washington, DC, 2002.