I was analyzing the CFR21 part-11 standard for computerized system usage in clinical trials. CFR21 part 11 is modified to the following document.

The following are the base requirements of any software which needs to comply to the said standards. Please note that there is no software which can provide “Part11 compliant Software”. This is because part11 requires both procedural controls and administrative controls apart from technical controls to be in place. Hence the software can address the technology controls for the organization to assist being part of part11 compliance.

Analyzing the guideline document from the US Government department of health and human services, here are some of the features that the system should have to be part11 compliant.

• System should be configurable in terms of satisfying the requirements of the study protocol (For e.g. record data in metric units, blind the study)
• Data entry screens should have sufficient and configurable data validation framework to prevent errors in data creation, modification, maintenance, archiving, retrieval, or
  transmission
• Documented Standard Operating Procedures (SOP’s) to create, modify, maintain, or transmit electronic records, including when collecting source data at clinical trial sites
• The software should be able to churn out reports in various compliant format (XML, PDF etc) which should be able to report all entered data out in some form or another.
• System should have a capability to back-up data
• System should have authentication and authorization mechanism in place which allows only authorized individuals to view authorized information.
• Software system should have individual username/password for every individual accessing the system
• System should be able to capture all necessary audit trails data
• System dates and time should be correct and the change of dates should have controlled access in terms of changing the system properties
• Physical security at the location where the software system is hosted should also be ensured
• System should be able to reconstruct the source data
• Sufficient back-up and recovery procedures should be in place
• Disaster recovery framework should be in place and the data should be stored at remote location apart from the location where the primary system is executing
• Change control process should be in place. All changes should be documented and audited
• Training for the software should be conducted.

As part of this post, I will try to cover various healthcare standards and the various interesting links through out the web along these standards.

To that extent this blog is more of a weblog than a blog.

CFR-21 Part 11

Title 21 CFR Part 11 of the Code of Federal Regulations deals with the Food and Drug Administration (FDA) guidelines on electronic records and electronic signatures in the United States. Part 11, as it is commonly called, defines the criteria under which electronic records and electronic signatures are considered to be trustworthy, reliable and equivalent to paper records.

Wikipedia Link - http://en.wikipedia.org/wiki/Title_21_CFR_Part_11

US Gov Draft Document - http://www.fda.gov/downloads/Drugs/GuidanceComplianceRegulatoryInformation/Guidances/UCM070266.pdf

Part 11 requires drug makers, medical device manufacturers, biotech companies, biologics developers, and other FDA-regulated industries, with some specific exceptions, to implement controls, including audits, system validations, audit trails, electronic signatures, and documentation for software and systems involved in processing electronic data that are (a) required to be maintained by the FDA predicate rules or (b) used to demonstrate compliance to a predicate rule.

In May 2007, the FDA issued the final version of their guidance on computerized systems in clinical investigations. This guidance supersedes the guidance of the same name dated April 1999; and supplements the guidance for industry on Part 11, Electronic Records; Electronic Signatures — Scope and Application and the Agency’s international harmonization efforts when applying these guidance to source data generated at clinical study sites.