Electronic Source Data in Clinical Investigations
This guidance provides recommendations for capturing, reviewing, and retaining electronic source data in FDA-regulated clinical investigations. It aims to streamline and modernize clinical investigations by promoting the capture of source data in electronic form while ensuring reliability, quality, integrity, and traceability from electronic source to regulatory submission.
Recommended Actions
- Develop and maintain list of authorized data originators
- Implement system controls for:
- User authentication and access management
- Audit trail functionality
- Data element identifiers
- Electronic signatures
- Create data management plan describing:
- Electronic prompts and data quality checks
- Data exempt from investigator review
- Security measures
- Electronic data flow
- Establish procedures for:
- Clinical investigator review and signature
- Data modifications and corrections
- Record retention and access
- Training of authorized users
- Ensure compliance with 21 CFR Part 11 requirements for electronic systems and signatures
- Document system validation and controls for data reliability and integrity
Key Considerations
Clinical testing
- Clinical investigators must review and electronically sign completed eCRFs before data archival/submission
- Data exempt from investigator review should be listed in data management plan
- Only clinical investigators or delegated staff should perform modifications/corrections to eCRF data
- Changes after investigator signature require re-review and signature
Software
- Electronic prompts, flags and data quality checks should be used to minimize errors
- System should allow tracking of who entered/modified data and when
- Audit trail must not obscure original entries
- Access controls with unique user IDs and passwords required
- System should include functionality to reveal data element identifiers
Cybersecurity
- Controls must ensure security of authorized user names and passwords
- Only individuals with documented training and authorization should have access
- Log-on access should be disabled when individuals leave study
- Sponsors should describe security measures to protect data
Other considerations
- List of authorized data originators must be maintained and available at sites
- Data element identifiers should include originator, date/time, and subject ID
- Modifications must include reason for change
- Clinical investigator must retain control of records
- Electronic data flow should be described in protocol/data management plan
Relevant Guidances
- Electronic Records and Electronic Signatures - Scope and Application
- Content of Premarket Submissions for Device Software Functions
- Cybersecurity in Medical Devices: Design, Implementation, and Premarket Submissions
- Off-The-Shelf Software in Medical Devices: Documentation Requirements for Premarket Submissions
Related references and norms
- 21 CFR Part 11: Electronic Records; Electronic Signatures
- 21 CFR Part 312: Investigational New Drug Application
- 21 CFR Part 812: Investigational Device Exemptions
Original guidance
This post is licensed under CC BY 4.0 by the author.