Electronic Records Flashcards
What is a closed vs open system?
A closed system is when the individuals that control the content of the electronic records also authorize who gets to access the system. An open system is an environment where anyone and everyone has access to the system
What is a validated electronic system?
A validated system (e.g. redcap) is a system that has scripts/programming in place to ensure the system is working as it is supposed to, that it is consistent and accurate
What is some criteria that a closed electronic system must have to be 21 CFR 11 compliant?
- audit trail that tracks all changes, signatures, etc
- SOPs & training
- only authorized individuals can make changes and access the platform
- validated system
- ability to create accurate copies of records
- protection of the content of records
- authentication checks to ensure identity authorized individuals
- source verification checks
- order of events checks to ensure that any applicable functionalities are working in sequential fashion
- controls of documentation
What is an example of an open system? If a study is choosing to use an open system, then what do they need to implement to be CRF Part 11 compliant?
An example is email. One could send a participant a form to sign via email and they could send it back.
A study needs to ensure that they apply all the criteria that is required for a closed system to be CFR compliant AND they may also choose to apply additional safeguards, such as encryption.
What information needs to accompany an electronic signature per 21 CRF 11?
The printed name, date and time of signature and purpose (e.g. consent)
What are three general requirements for using electronic signatures? (Per 21 CRF 11)
- Only one electronic signature per individual (they cannot be shared)
- Before an individual uses their electronic signature, their identity needs to be verified
- The person needs to agree and acknowledge that their electronic signature is legally binding like their hand written signature
What is biometrics? What is an example?
Verifying and confirming someone’s identity through different metrics like physical features, thumb print, etc.
Thumb print, iris/eye scan. It has to be things that are unique to each individual.
What should electronic signatures that are not based upon biometrics have? (Per 21 CRF 11)
- At least a code and password associated with them
- Only used by that person
- Designed in a way that it is very difficult for someone to use the signature (i.e. you would need multiple people to forge it)
A sponsor currently has a CFR compliant closed electronic system and clinical trial platform. They wish to now ensure it is ICH GCP compliant. What are some additional items it must implement to achieve this?
What about the opposite scenario, if you were going from being ICH compliant to CFR compliant (for a closed system)?
ICH GCP:
- the system needs to ensure that blinding in protected
- system supports backups
- ensures that data integrity is maintained during migrations/updates
CFR:
- system has to have ability accurate copies/reports of the entered data
- must be accessible anytime during the record retention period
- If applicable, must have in-system verification that sequence of data entry is maintained
- Authority checks to ensure it’s only the authorized people that can make changes, etc.
- Validity checks
What are some of the shared electronic record criteria between 21 CRF 11 and GCP E6?
- audit trail of all changes, access, etc.
- authorized individuals are allowed to make changes and protections against unauthorized people from accessing it
- ensuring that the electronic platform has a system for validation
- Ensuring that everyone that uses the systems has the training (via SOPs, experience, etc)
How does ICH E6 describe a certified copy? In what instance would this need to be used?
A certified copy is a copy of the original (electronic or paper) that has had all of its information verified (e.g. by a dated signature or a validation process). It might be used as a copy of an ICF, or a copy of a medical exam that fades over time, electronic medical chart
According to the FDA and NIH, what studies need to be registered to clinical trials.gov? What information must be updated? Who is responsible for submitting this?
- Applicable clinical trials (drug, device and biological trials regulated by the FDA) + trials funded by the NIH
- AEs + results
- sponsor or their delegate (PI or other responsible party)
If electronic records are created within a closed system, then what must be done to ensure they are accurately retrievable throughout the required retention period?
a) The records must be backed up weekly.
b) The records must be archived in a separate location.
c) The records must be protected to enable accurate and ready retrieval throughout the retention period.
d) The records must be converted to paper format.
C) this is part of the criteria that must be met for closed records to the CFR compliant
If an audit trail is generated for electronic records, then how long must this audit trail be retained and for what purpose?
a) It must be retained for one year and used for internal audits only.
b) It must be retained indefinitely and used for system maintenance.
c) It must be retained until the end of the study and used only for legal disputes.
d) It must be retained for as long as the subject electronic records and must be available for agency review and copying.
D - the subject retention timelines are based on CFR 312 and 812 (2 years after a specific set of criteria)
If an organization intends to submit an electronic document to the FDA, then what must be checked to ensure the document can be submitted electronically without accompanying paper records?
a) The document must be listed on the FDA’s website as acceptable for electronic submission.
b) The document must be identified in public docket No. 92S-0251 as acceptable for electronic submission.
c) The document must be approved by the IRB before submission.
d) The document must be submitted with a digital signature only.
B - if the record is not listed as an acceptable electronic record, then they must submit it in paper format, or it is not considered as submitted.
