Considerations for Using etools in Research: Part 11 and System Validation

Similar documents
GxP Auditing, Remediation, and Staff Augmentation

GxP Auditing, Remediation, and Staff Augmentation

GxP Auditing, Remediation, and Quality System Resourcing

Applicability of US Regulations to Canadian Research

Data Reliability - Internet

Risk-based Approach to Part 11 and GxP Compliance

Data Integrity in Clinical Trials the Sponsor Perspective

Introduction to 21 CFR 11 - Good Electronic Records Management

CUSTOMER AND SUPPLIER ROLES AND RESPONSIBILITIES FOR 21 CFR 11 COMPLIANCE ASSESSMENT. 21 CFR Part 11 FAQ. (Frequently Asked Questions)

Risk-Based Approach to SAS Program Validation

GCP Basics - refresher

EU Annex 11 US FDA 211, 820, 11; other guidelines Orlando López 11-MAY-2011

ICH GCP E6(R2): Changes? Yes Challenges? Not as Difficult as You May Fear Lorrie D. Divers, President QRCP Solutions, Inc.

Chapter 1. Pharmaceutical Industry Overview

Compliance & Validation Validation of Software-as-a-Service (SaaS Solutions)

Source Documents Elettronici: Criticità Applicative e approccio alla convalida. Paolo Morelli CEO - Arithmos

Quality Assurance QA STANDARD OPERATING PROCEDURE FOR FDA or Pharmaceutical Sponsored Audits

Standard Operating Procedures (SOPs)

Understanding GxP Regulations for Healthcare

Understanding the New Common Rule and Its Impact to Industry

21CFR11 Compliance and Automated Manufacturing

References Concept. Principle. EU Annex 11 US FDA , (g), (i), 11 Orlando Lopez 2/15/11. Old Annex 11.

The interface between Good Clinical Practice and Good Manufacturing Practice

1 The Clinical Research Coordinator (CRC)... 1

Clinical Trials and the Code of Federal Regulations. Darlene Kitterman, MBA Director, Investigator Support & Integration Services September 24, 2014

Strategies for Risk Based Validation of Laboratory Systems

GCP Refresher and GCP/GCDMP Trends. in the CTN. Denise King, MS, RD, CCRA & Lauren Yesko, BS. Presented by:

Standard Operating Procedures Guidelines for Good Clinical Practice

Regulatory Overview Annex 11 and Part 11. Sion Wyn Conformity +[44] (0)

For analytical laboratories. A primer Good laboratory practice and current good manufacturing practice

Quality Assurance for the Research Team: Connecting Day-to-Day Operations to a Regulatory Framework

KINGSMANN CARE GROUP

Overview of Amgen s CQP Commissioning and Qualification Program Steve Wisniewski Principal Compliance Consultant, CAI Past Chairman ISPE C&Q COP

LEVERAGING YOUR VENDORS TO SUPPORT DATA INTEGRITY:

DATA INTEGRITY ASSURANCE AS KEY FACTOR FOR SURVIVING CORPORATE AUDITS AND REGULATORY INSECTIONS

Design Qualification SOP

Global Compliance Trends and Warning Letters

Introduction to Clinical Research

Impacto de las Nuevas Tendencias Regulatorias en la Producción de Parenterales. Innovacion en Packaging Primario

Paperless recorders and 21 CFR part 11 compliance Videographic recorders

Validation and Automated Validation

Implementing Compliant Medical Device Best Practice Business Processes Using Oracle E-Business Suite

MEDICAL DEVICE CLINICAL INVESTIGATIONS AND ISO 14155

Human Research Audit Program. Gabrielle Gaspard, MPH, CCRC Assistant Director, Human Research Compliance

Human Research Protection Program Good Clinical Practice Guidance for Investigators Regulatory File Essential Documents

SIMATIC IT. SIMATIC IT R&D SUITE V7.1 Compliance Response ERES. Introduction 1. The Requirements in Short 2

Source Documents and Regulatory Binders October 6, 2016

TOP 10 INVESTIGATOR RESPONSIBILITIES WHEN CONDUCTING HUMAN SUBJECTS RESEARCH

Jean Guichard. Introduction to Good Process Record Management (GxP) #: Internet-WP Version: e1.00 /EN

COMPLIANCE WITH EU ANNEX 15: VALIDATION AND QUALIFICATION

Objectives. The Regulatory Binder = Investigator Site File= Trial Center File 8/16/2010. Essential Documents: Maintaining the Site's Regulatory Binder

Developing a Robust Quality System to Assure Data Integrity

UNIFI 1.5 : Simplifying Qualification and Validation June 2012

Good Clinical Practice

elearning Catalog DIAglobal.org/eLearning

PTC s Windchill Product Lifecycle Management (PLM) System Facilitates Part 11 / Annex 11 Compliance

Expanded Access. to Investigational Drugs & Biologics. for Treatment Use

Whitepaper BMS and Process Historian Validation Strategy

Good Clinical Practice (GCP): how does a laboratory that supports a clinical trial ensure compliance with these Regulations

WCG ACADEMY COURSE OVERVIEW

Guidance for Industry - Computerized Systems Used in Clinical Trials

Phlexglobal Whitepaper

Top 6 Challenges of the Pharmaceutical Manufacturing Industry & Their Solutions

How to support compliance with GAMP 5

Human Research Protection Program. Investigator Manual

21 CFR Part 11 and NetDimensions. Please note: McDowall Consulting is the source of much of the vertical specific domain information.

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

Objectives Discuss the importance of proper data collection. Identify the types of data collected for clinical trials. List potential source documents

Basics Of Labwasher Cleaning Validation

RECRUITING OF AND ADVERTISING FOR SUBJECTS

Auditing Software Vendors

Audit and Regulatory Inspection Nopanan Yaibuathes Clinical Research and Compliance Manager Roche Thailand Ltd.

Discussion Paper on the Validation of Pharmacovigilance Software provided via SaaS

Regulations and guidance for the pharmaceutical industry

Quality & Safety GLP. 44 q&more 02/14

Medicare and Medicaid Audits

Regulatory Expectations, Standards & Guidelines

Standard operating procedures revisited: a 2014 perspective

Definition The original 1987 FDA Guideline on General Principles of Process Validation defined process validation as:

Good Clinical Practice (GCP) & Clinical Trial Registries

White paper: Code of GMP Chapter 4 Documentation - PIC/S versus EU

Process validation in medical devices

EU and FDA GMP Regulations: Overview and Comparison

How did it evolve? o Public disasters, serious fraud and abuse of human rights. o Trials of War criminals-nuremberg code 1949

Computer Validation - Introduction to Risk Management - The GAMP 5 Approach

IT Compliance in the FDA Regulated Industry. IT Responsibilities 10 Years Ago TODAY! 11/17/2008. Business. Security. Compliance. IT & Automation Forum

PCI Pharmaceutical Consulting

Risk-Based Approach to Software Quality and Validation

CSV Inspection Readiness through Effective Document Control. Eileen Cortes April 27, 2017

Software Quality Regulatory Trends

Investigator Manual. Human Subjects Protection Program

10 "Must-Haves" for the Life Sciences Learning Management System

PROPOSAL FOR REVISION OF THE SUPPLEMENTARY GUIDELINES ON GOOD MANUFACTURING PRACTICES: VALIDATION, APPENDIX 7:NON-STERILE PROCESS VALIDATION

VALIDATION PROGRAMS 2016 AN ADVANCED APPROACH FOR A RAPIDLY CHANGING ENVIRONMENT. Steve Thompson

Implementation Life-cycle SOP

Cross-walk between EU Annex 11 and US FDA 211, 820, 11; other guidelines and regulations Orlando López Rev05MAR15

Let s get started with the module Essential Data Steps: A Self Assessment.

Quality Site Visit Report FGK Clinical Research (FGK) GmbH, Munich Germany. Audit No. CT6018. Date of Audit: 3rd to 5th May 2017

10/17/2016. Learning Objectives. What is Drug Accountability. Patricia Novo, MPA, MPH Beth Jeffries, BS, CCRP

REGULATORY ISSUES: HOW TO APPLY FOR AN IND. Penny Jester and Maaike Everts

Transcription:

Considerations for Using etools in Research: Part 11 and System Validation Mitchell Parrish, JD, RAC, CIP, VP of Legal Affairs James Riddle, MCSE, CIP, CPIA, VP of Client Services 04/19/18 description Technology is advancing all around us. Traditional paperbased processes are rapidly being replaced with a proliferation of electronic tools to capture and automate clinical research activity. Automation is a foregone conclusion, and research sites need to prepare themselves for the electronic future that lies ahead. topics u.s. and international regulations part 11 and annex 11: two parts, records and signatures validating your system division of responsibility

Preparing for the Electronic Future Technology is advancing all around us. Traditional paper-based processes are rapidly being replaced with a proliferation of electronic tools to capture and automate clinical research activity. Automation is a foregone conclusion, and research sites need to prepare themselves for the electronic future that lies ahead. The Key Question: As electronic tools proliferate at research sites, one has to ask: What are the special regulatory and technological requirements pertaining to the use of etools? 1. What are etools? With advancements in technology and clinical research, research sites have increasingly relied on electronic tools to capture and automate the paper-based processes that were previously used to record and document results of trials. etools in research now include everything from electronic source documentation to electronic consenting tools, electronic regulatory binders, electronic patient diaries, and electronic clinical trial management systems. Common etools Used at Research Sites econsent etmf esource ereg Binders ecrf ectms epro ecoa ediary 3

During a recent webinar related to digital tools and Part 11 compliance, Kinetiq asked audience members if they use some type of etool. The survey results revealed that 60% of respondents were currently using etools and 25% would be in the near future. Do you use some type of etool for research? Yes Not Yet No 2. What Regulations Apply? Food and Drug Administration - Part 11 21 CFR Part 11 has been around for 20 years, and it governs and articulates when the FDA will accept an electronic record or electronic signature in lieu of a handwritten record or handwritten signature to support an FDA predicate rule. To comply with Part 11, computer systems that create, modify, maintain, or transmit electronic records subject to FDA predicate rules must be validated (21 CFR 11.10(a)). Validation in essence lays out what test, documentation, and controls must be in place for the FDA to trust your computerized records the same way the agency trusts handwritten physical records. Put simply if the FDA requires you to keep a record, and you keep that record in electronic format, then Part 11 applies. A predicate rule is any FDA regulation requiring the keeping of records, signatures, or approvals the FDA requires you to store and potentially produce for FDA. These records may relate to research, but they also go beyond research to good manufacturing practice, good clinical practice, GXP anything the FDA requires you to keep on record. If the FDA requires you to keep it or approve it, and you do so electronically, Part 11 applies. 4

FDA has several guidance documents on requirements for computer system validation that outline what users of these esystems have to do to prove to FDA certain standards are met and the system is fit for purpose. In June of 2017, FDA issued new draft guidance on Part 11 and computer system validation ( Use of Electronic Records and Electronic Signatures in Clinical Investigations Under 21 CFR Part 11 Questions and Answers ). The draft guidance places a greater emphasis on electronic records and specifically etools in clinical research. We will discuss enforcement of Part 11 and computer system validation expectations later in this whitepaper. Health Insurance Portability and Accountability Act (HIPAA) If your etool collects, maintains, stores, or transmits protected health information, and you are a covered entity or business associate, then HIPAA 45 CFR 164 regulations would also apply. Most commonly, this type of information would be in your site s emr (electronic medical record) system. FDA guidance indicates that Part 11 applies to emr systems, but the guidance specifies that FDA will use enforcement discretion in applying Part 11 and computer system validation requirements on emrs if the emr system is certified by the Office of the National Coordinator for Health Information Technology (ONC) or Health Information Technology for Economic and Clinical Health (HITECH). International Conference on Harmonization (ICH GCP E6 R2) The United States is not alone in recognizing the emerging significance and potential risk of new digital tools. The R2 revisions to the International Conference on Harmonisation (ICH) E6 guideline for good clinical practice (GCP) include some very specific guidance and expectations relating to validating computer systems to ensure the electronic records and electronic signatures they contain meet the same standards and are as trustworthy as paper records. You can find those new expectations at ICH GCP E6(R2) under 1.65 and 5.53. EuraLex Annex 11 Annex 11 states that electronic systems used in GxP activities subject to European regulatory agencies need to be validated. If you are conducting research that must comply EU standards from the European Medical Association (EMA) and Good Manufacturing Practice (GMP) then requirements for computer system validation under EudraLex Volume 4 Annex 11 apply. In a helpful twist, the EU regulations regarding validation of electronic records and electronic computer systems regulations Annex 11 tie in with the US FDA s Part 11. Just remember 11! 5

The Annex 11 requirements were written more recently, so they include language and guidance that is more contemporary than Part 11, which was drafted back in the late 1990s. General Data Protection Regulations New regulations for data protection in the European Union are now in effect and will have an impact on etools used in research. Similar to HIPAA protections in the US, the General Data Protection Regulations in the EU afford protections to participants and others who have their electronic data stored in etools. If your research-related etools are collecting information about EU citizens then you will need to ensure GDPR is being followed. 3. Part 11 and Annex 11: Two Parts, Records and Signatures When considering the applicability of 21 CFR Part 11, many in the research world only think about the electronic signature requirements under 21 CFR 11, Subpart C. They incorrectly equate Part 11 only with electronic signatures. But Subpart C is only a small portion of the regulation. The bigger portion pertains to electronic records, under Subpart B. Even if you are utilizing a handwritten signature on top of an electronic record, those electronic records themselves are also subject to Part 11, and the computer systems creating and maintaining those electronic records must be validated. Electronic records could be digital scans of regulatory documents, electronic source records, batch release records, IRB records, and other common research-related records required by an FDA predicate rule. The take-home message: If the FDA requires you to keep a record and you store it in the computer system, 21 CFR Part 11 applies. Annex 11 has similar requirements. Now that we have explored where Part 11 applies, you can start imagining what types of records you are keeping at your research location that are required by FDA or EMA predicate rules. And, you might be storing those records in an electronic format, generating them completely in electronic format, approving and routing them with some sort of electronic approval tool, and applying electronic signatures. Examples include electronic case report forms, electronic diaries, electronic patient reported outcomes, and electronic regulatory binders. In the most recent FDA guidance related to computer software validation, the FDA specifically identifies other types of systems, such as electronic voice response systems, mhealth applications, and electronic IRB administration systems. 6

esystems that store predicate rule information are specifically called out in the FDA guidance as requiring validation by the user of the system. This may be the sponsor, institution, or a private research center. Whoever has responsibility for storing the predicate rule record is on the hook for ensuring validation of the system. The software vendor can help, but ultimately it is the user who has to make sure the systems are fit for purpose, and perform risk-based software validation work. 4. Validating Your System The key to Part 11 and Annex 11 compliance is computer system validation. FDA Definition Validation means confirmation by examination and provision of objective evidence that the particular requirements for a specific intended use can be consistently fulfilled. (21 CFR 820.3) GCP Definition Validation of computerized systems is a process of establishing and documenting that the specific requirements of a computerized system can be consistently fulfilled from design until decommissioning of the system or transition to a new system. (ICH GCP E6(R2) 1.65) In order to comply with the FDA s expectation that required records stored in an electronic format are the equivalent of handwritten or paper records, you have to validate your computer system to ensure it is working as designed. This involves testing and documenting the system using a specific and proven methodology to create an evidence set that demonstrates to the FDA it can trust the electronic records as being equivalent to handwritten or paper records. Validation Produces an Evidence Set Software Need Validation Plan Requirements Software Tracability Matrix Resolved/ Unresolved Issues Testing Summary Validation Maintenance Plan Software Certification An evidence set is a set of documents that will demonstrate to the FDA and EMA that the electronic records in the computer system can be trusted and accepted as the equivalent to paper records. 7

8

The key to Part 11 and Annex 11 compliance is computer system validation. 9

In its guidance for computer system validation, the FDA supports the use of Good Automated Manufacturing Process (GAMP) 5 model. This model provides a simple yet proven methodology for ensuring systems are fit for purpose, examined, and consistently delivering the desired results. A Basic Framework User Requirements Specification Verifies Performance Qualification Tests (PQ) Functional Specifications Verifies Operational Qualification Tests (OQ) Design Specifications Verifies Installation Qualification Tests (IQ) System Build Project Chronology What does Computer System Validation look at? If you purchase SaaS software for your site, the vendor will often complete most of the validation activity and will provide you with a statement of compliance. Many vendors will also have a 3rd party auditor verify and attest to the vendor s Part 11 compliance and computer system validation program *. You should collect these validation documents for your site s Part 11 compliance records. However, the vendor cannot ensure that you complete the user level requirements such as verifying staff is adequately trained, or that your site has appropriate computer software, technology, or information security standard operating procedures. All of this needs to be accomplished at the site level, and it is critical it be done properly and completely to avoid an FDA inspection finding. *See see pg 14 for details on the Kinetiq approach. 10

What is Risk-Based Validation? You may be asking yourself, how in the world, as a clinical research site, am I going to go about doing all of this validation work and testing? The FDA is understandably cognizant to the complexity of these requirements, and, similar to its stance on clinical research monitoring strategies, allows organizations to implement risk-based validation programs. Research sites can implement a riskbased strategy and do validation activities commensurate with the potential harm caused by a failure in the system. Risk Assessment Checklist: 1. Develop risk assessment for site esystems. 2. Justify standards, protocols, acceptance criteria, procedures, and records based on risk assessment. 3. Build site-level validation and compliance plans commensurate with risk assessment. Review your system inventory and, for each system, document the risk and what validation standard operating procedures you will follow to ensure the system is validated appropriately. Best practice is to maintain documents acknowledging your consideration of the risks and your constructed system validation process. Most etools systems that are capturing patient reported outcomes, electronic consenting records, eirb systems, etc. are likely low- or medium-risk compared to drug or device batch production control systems. These systems are therefore simpler to validate, as long as their associated records are not going to directly impact a person s well-being or his/her clinical care. Any system involves some risk. An example of a high-risk system would be computer software that runs the manufacturing facility constructing implantable pacemakers. The FDA would require that computer system to have a significant amount of evidence and documentation related to the system s reliability. Division of Responsibility in Validation The responsibility to comply with predicate rule standards and maintain records accordingly lies with the person generating the data, and that is typically not the software vendor. While the software vendor can address a lot of the back-end processes for validation within the software, it can t validate at the user level. Many vendors providing etools will provide a third-party attestation that they have developed their system to meet Part 11 and Annex 11 standards. The FDA s recent draft guidance on computer system validation indicates that the user of such system can rely on statements from the vendor. However, the vendor cannot complete the validation process entirely. The user of the system must take some action to complete the validation effort. 11

Here is a common set of core documents a research site needs to maintain with its compliance records: 1. Validation documents such as system inventory, testing records, version history 2. SOPs on computer system validation, training, system security, testing approach, and risk assessment methods 3. Risk assessment documents 4. Training certificates 5. Disaster recovery and business continuity plan (hint you need this for HIPAA compliance as well) 6. Vendor attestations of Part 11 compliance 7. Certified letter receipt for the letter you sent the FDA letting the agency know you intend to use electronic signatures Conclusion Electronic tools hold the promise of more efficient and accurate clinical trials, which will move research forward and promote better health. Adoption of these tools is inevitable, just like the use of ATMs, smartphones, and online stores. Those sites that educate themselves on the regulatory requirements and prepare in advance for the future will be the best-equipped for this technological revolution. 12

References: FDA Guidance, General Principles of Software Validation (January 2002), https://www.fda. gov/downloads/medicaldevices/.../ucm085371.pdf FDA Guidance, Electronic Source Data in Clinical Investigations (September 2013), https://www.fda.gov/downloads/drugs/guidancecomplianceregulatoryinformation/ Guidances/UCM328691.pdf FDA Guidance, Part 11, Electronic Records; Electronic Signatures Scope and Application (August 2003), https://www.fda.gov/downloads/regulatoryinformation/guidances/ ucm125125.pdf FDA Draft Guidance, Use of Electronic Records and Electronic Signatures in Clinical Investigations Under 21 CFR Part 11 Questions and Answers (June 2017), https://www.fda.gov/downloads/drugs/guidancecomplianceregulatoryinformation/ Guidances/UCM563785.pdf?source=govdelivery&utm_medium=email&utm_ source=govdelivery FDA Draft Guidance, Use of Electronic Health Record Data in Clinical Investigations (May 2016), https://www.federalregister.gov/documents/2016/05/17/2016-11564/use-ofelectronic-health-record-data-in-clinical-investigations-draft-guidance-for-industry International Conference on Harmonization, GCP E6 (R2) (November 2016), http://www. ich.org/fileadmin/public_web_site/ich_products/guidelines/efficacy/e6/e6_r2 Step_4_2016_1109.pdf Kinetiq Knowledge Center, Using a Risk-Based Approach to System Validation, https://kinetiqideas.com/using-a-risk-based-approach-to-system-validation/ 13

About Kinetiq Kinetiq is the consulting and technology division of Quorum Review IRB that delivers innovative solutions to the challenges of human subject protection and compliance in clinical research. Kinetiq works with clinical researchers, research institutions, pharmaceutical, biotechnology and medical device companies as well as others around the world to develop contemporary approaches to a changing landscape. With the growing prevalence of technology in research, compliance with 21 CFR Part 11, HIPAA/HITECH, and Annex 11 is increasingly critical in research; but many organizations do not have a deep understanding of these regulatory standards. Kinetiq experts take your organization through a three-step process to build a riskbased program, ensuring you re compliant now and in the future. Training and Education Our proprietary training curriculum prepares your organization for the rigors compliance with Part 11, HIPAA/HITECH, or both. The training covers all aspects of preparation and compliance and delivers sample assessment documents. Mock Inspection Undergo a rigorous mock inspection to reveal any gaps in compliance before an inspector does. You receive a detailed report outlining your level of compliance with the regulatory frameworks and recommendations for remediation. Remediation Kinetiq offers a strategic partner from our independent consultant network who works to meet your organization s specific needs. Your Kinetiq consultant will provide a road map to filling any compliance gaps, including development of robust processes and staff training. Where does your organization stand? Contact us today for a free needs analysis 1501 Fourth Avenue, Suite 800, Seattle, WA 98101 www. 206 832 0808 or 866 810 1128 email: info@ 2018 Kinetiq 14

1501 Fourth Avenue Suite 800 Seattle, WA 98101 D/ 206 832 0808 T/ 866 810 1128 F/ 206 448 4193 kid.197.4.18 Title Goes Here 12/10/2015 description Social media can be a powerful tool to enhance the process of scientific medical trials, yet there is little to no guidance on how to approach social media in the research context. This whitepaper touches on some strategies to consider and potential pitfalls to avoid. topics the use of each social media platform privacy concerns irb reviewable subject matter

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback