Acknowledging the ever-evolving technological and clinical research landscape, the FDA has published a new draft question-and-answer guidance on using electronic systems, records and signatures in clinical trials, providing greater direction on validation, digital health technologies (DHT) and the applicability of regulatory requirements.

The guidance is a revision of 2017 draft guidance that takes industry feedback into account and provides sponsors, investigators, CROs and other stakeholders with the agency’s current thinking on electronic systems in clinical research, which have grown in capacity and use. This latest direction from the FDA also expands upon previous 2003 guidance on the scope and application of electronic records and signatures.

“The capabilities of electronic systems have improved, and features such as automated date and time stamps, audit trails, and the ability to generate complete and accurate copies and to archive records are standard components of many electronic systems [now],” the guidance reads. “Understanding the evolving uses of electronic records, electronic systems, and electronic signatures in clinical investigations is important for FDA in its assessment of the authenticity, integrity, and reliability of data.”

Risk-based approach to validation

The agency’s latest position on risk-based approaches to validating electronic systems recommends that stakeholders consider:

• The purpose and significance of the record and criticality of the data (how the record and data will be used to support a regulatory decision and/or ensure participant safety);
• The intended use of the electronic system in the trial; and
• The nature of the system, such as whether it’s a commercial off-the shelf (COTS) system or a customized system.

The guidance notes that validation is highly important for electronic systems used for data integration, data analysis, adverse event recording/processing, endpoint assessment and medical product dispensation, administration and accountability, and agency staff may ask for system validation documents during inspections.

Validation of COTS office utility software, such as word processing, PDF and spreadsheet products, should follow the organization’s internal business practices and the intended use of the product(s) in the trial. These products generally don’t need validation when they’re used as intended, according to the guidance.

But for new electronic systems tailor-made for a trial, or existing systems that have been customized, such as an interactive response technology (IRT) or electronic case report form (eCRF) solution, the FDA stresses the importance of sponsors reviewing the vendor’s standard operating procedures (SOP), the system and software development life cycle model, validation documentation, change control procedures, and change control tracking logs. Additionally, sponsors should perform user acceptance testing (UAT) and document this testing, including test criteria and results, to ensure the system meets its purpose. Alternatively, the agency believes it is acceptable to review the vendor’s UAT and document this occurred/met expectations, the guidance says.

Records should be kept for all changes to a system, and changes, such as software upgrades, security and performance patches, equipment/component replacements, and new instrumentation, should be assessed and validated depending on their risk, including changes that impact operational limits or design specifications, FDA said.

DHTs and collecting data

The guidance also offers specific advice on using DHTs to collect data while remaining compliant. For example, DHTs, defined in the latest guidance as systems “that use computing platforms, connectivity, software, and/or sensors for healthcare and related uses,” can be used to gather data from participants, but it’s important that sponsors define where the data originated from as part of their audit trails. The guidance explains how sponsors should go about doing this.

“Each electronic data element should be associated with an authorized data originator. The data originator may be a person, a computer system, a DHT, or an electronic health record that is authorized to enter, change, or transmit data elements via a secure protocol into a durable electronic data repository, such as an electronic data capture system, a clinical investigation site database, and/or a vendor database (e.g., database of the CRO, IT service provider, DHT manufacturer),” says the guidance.

For instance, when participants manually input data into a DHT and upload the data into an electronic repository, such as when using an electronic patient-reported outcome (ePRO) application or performing a cognitive test, the trial participant should be identified as the data originator, the guidance says. In situations where another person, such as a parent, caregiver, healthcare provider or trial staff member, enters the data on behalf of the participant, the individual inputting the data should be identified as the data originator and the reason for this documented.

Read the full draft guidance here: https://bit.ly/408icdd.