Compliance Corner: Audit Alert!—Clarity on e-Records: FDA to Re-Evaluate 21 CFR 11
On July 8, 2010, the FDA announced an initiative that, among other things, says that your name, or rather, how you sign it, are newly important to their inspectors.
It’s not only the correlation between handwritten and electronic signatures, but actually the entirety of guidelines in FDA 21 CFR Part 11 that are now coming under greater scrutiny, both to see how the industry has implemented the guidance so far and to investigate modifications in Part 11 that will bring electronic records up to standards that ultimately ensure patient safety.
This means that you should brace yourself for more extensive audits. Medical device manufacturers who are using monitoring methods where security, ease and speed of data retrieval and reporting, and audit trails are not key to the monitoring system’s software design should take a serious look at Part 11 requirements. (Click for a systematic review of 21 CFR Part 11 requirements for environmental monitoring.)
As background, the last time the FDA spelled out its enforcement guidelines for Part 11 was in August 2003 in its “Part 11, Electronic Records; Electronic Signatures—Scope and Application” guidelines. Additionally, the FDA intends to take appropriate action to enforce Part 11 for issues raised during the inspections that fall outside the enforcement discretion discussed in the Guidance. At the same time, the FDA has increased specialized training for its investigators to help them uncover data manipulation and fraud. The stepped up inspections reportedly will help FDA regulators decide whether the Guidance needs minor modification, whether an entirely new Part 11 will be required, or if Part 11 should be left as is.
What will inspectors be looking for? The bottom line is that any way in which electronic records can affect product quality or patient safety will certainly be fair game for scrutiny. You need to be able to ensure the reliability and integrity of data and answer any and all questions about the trustworthiness of your data.
According to the some of the training seminars that have rapidly developed since the July 8 announcement to explain what it all means, the key areas to focus on include:
- Security around restricting access to systems and data by authorized individuals;
- Accountability of individuals with signing authority;
- Correlation between signatures—handwritten and electronic records;
- Electronic audit trail, ideally one that cannot be deactivated;
- Accurate and complete copies where there is a correlation between paper and electronic records for important data;
- Data retrieval—data is immediately available when needed to be produced;
- And to a lesser extent, system validation.
This is not a passing moment for the FDA or your company. The pace of inspections and the detail that inspectors will drill down to is on the increase for domestic facilities and offshore ones as well.
As someone who keeps an ear to the ground for Veriteq, now a Vaisala company, on how compliance is operating in the real world, I would like drug manufacturers to fully realize how their environmental monitoring methods may be out-of-compliance. For example, if the environmental monitoring systems being used do not have redundancies that ensure continuous (gap-free) records all the efforts to be Part 11-compliant may not materialize.
I’ve observed that many think their systems either have this ability or it’s not considered (i.e., for truly continuous monitoring), only to discover they do not—after power outages, network interruptions, and the like. I would be delighted to share my observations in greater detail. Contact me at firstname.lastname@example.org or 978-621-1628, or leave a comment here.