On February 20, 2003, FDA released Draft Guidance for Industry; Part 11, Electronic Records; Electronic Signatures - Scope and Application, which signals a dramatic change in agency requirements for electronic records. In addition to withdrawing all five previous draft guidance documents on validation, timestamps, maintenance of records, e-copies of records and glossary, the new document also indicated FDA will withdraw the Compliance Policy Guide issued in 1999. The new guidance also clarified new approaches on validation, audit trails, legacy systems, copies of records and record retention that state the agency "intends to exercise enforcement discretion with regard to the Part 11 requirements" in those areas.
FDA has issued Guidance for Industry: General Principles of Software Validation; Final Guidance for Industry and FDA Staff. It was issued jointly by the Center for Devices and Radiological Health (CDRH) and Center for Biologics Evaluation and Research (CBER). It supercedes the previous document "General Principles of Software Validation", from June 1997.
The Environmental Protection Agency has published a proposed rule for managing electronic reporting and records. It is called Cross Media Electronic Reporting and Record-Keeping Rule, or CROMERRR. A copy of the rule is available at this link. More can be found at the EPA's Central Data Exchange web page.
FDA has established six dockets for managing development and publishing of guidance documents on 21 CFR Part 11. In late September 2001, draft guidance was published in two of the dockets. It included a draft glossary (Glossary of Terms (00D-1543)) and draft guidance for validation (Validation (00D-1538)). Draft guidance for timestamps was published in March 2002 (Timestamps (00D-1542)). Draft guidance for long term retention of electronic records was published in September 2002, Maintenance of Electronic Records, and resides in the Archive (00D-1529) docket. In November 2002, draft guidance for Electronic Copies of Electronic Records was published in the Electronic Copies for FDA (00D-1540) docket. However, this last guidance has been withdrawn by FDA because, "The agency wishes to limit the time spent by industry reviewing and commenting on the guidance, which may no longer represent FDA’s approach under the CGMP initiative." The withdrawal notice was published on Feb. 4, 2003. On February 20, 2003, FDA further indicated the previous four guidance documents will be withdrawn, too, in Draft Guidance for Industry; Part 11, Electronic Records; Electronic Signatures - Scope and Application. The remaining docket addresses Audit Trails (00D-1541).
President Clinton has signed what is touted as the ESIGN Commerce Act into law. Read the details of the Electronic Signatures In Global and National Commerce Act to see how electronic signatures may now be used legally based on federal law.
In a presentation late in Fall, 1999, Greg Brolund of CDER described CDER's 21 CFR Part 11 Implementation Study to analyze issues raised by industry, FDA inspectors and software companies. The study was conducted at the direction of Janet Woodcock and contains some interesting recommendations.
CDER has introduced an Electronic Regulatory Submissions and Review (ERSR) web page. It contains information about their program to enable the electronic submission of regulatory information to the Center and the review of it by CDER staff.
Electronic Records; Electronic Signatures (21 CFR Part 11) links to an FDA web page that contains documents produced by the agency over the time that the rule evolved. One of the documents is the rule itself, which became effective on August 20, 1997. FDA also published a Compliance Policy Guide on May 13, 1999, "which represents the agency's current thinking on what is required to be fully compliant with 21 CFR Part 11." However, FDA announced the intent to withdraw the Compliance Policy Guide on February 20, 2003, in Draft Guidance for Industry; Part 11, Electronic Records; Electronic Signatures - Scope and Application.
General Principles of Software Validation is a draft guidance for industry published by the Center for Devices and Radiological Health in June, 1997.
Computerized Systems Used in Clinical Trials is guidance for industry published in April, 1999, and includes discussion of requirements for use of electronic records and electronic signatures with clinical computer systems.
Regulatory Submissions in Electronic Format; General Considerations and Regulatory Submissions in Electronic Format; New Drug Applications were released on January 27, 1999, as guidance to assist with making regulatory submissions in electronic format to CDER and CBER.
Guidance for Industry: Preparing Data for Electronic Submission in ANDAs was published in September, 1999, by CDER's Office of Generic Drugs. Although OGD does not have a comprehensive electronic submission process yet, this guidance describes a process that allows the submission of some types of data and certain text information in electronic format.
To help sponsors follow guidance documents, FDA has posted an example of an Electronic New Drug Application Submission. FDA also has established an email address, email@example.com, for sponsors who have questions about guidance and the example electronic NDA.
Security and Electronic Signature Standards; Proposed Rule (45 CFR Part 142) was a Health and Human Services proposal for standards around security of individual health records and use of electronic signatures by health plans and providers. The final rule was published with substantial changes as a portion of 45 CFR Part 160 and 164. See more information at this link.
Docket 92S-0251 - Electronic Submissions is an electronic docket established by FDA to list the types of submissions that are acceptable in electronic form.
The Current Codified CGMP Regulations, 21 CFR Parts 210 and 211 are the GMP's, which can be very handy to search for specific types of information in the regulation.
Current Good Manufacturing Practice (CGMP) Final Rule, 21 CFR Parts 808, 812 and 820; Quality System Regulation for Medical Devices are updated regulations with emphasis on added design controls and quality systems.
Human Drug CGMP Notes are published quarterly within FDA to distribute information about issues on human use pharmaceuticals manufacturing practices. It includes a section at the end called "Toward the Electronic Government", which often features issues around the ESig Rule.
21 CFR part 11 Information from Meetings, Presentations and Publications
The Electronic John Hancock by Helen Gillespie was published in October, 1997, and is a high level description of how the rule fits into LIMS operations.
Drug Information Association- Information Technology Initiatives in Drug Registration Submissions - January 12-14, 1998 includes presentations by Paul Motise - Highlights and Interpretation of the Regulation, Stan Woollen - Guidance for Use of Electronic Records in Clinical Trials, and Steve Kopco - Electronic Records/Signatures: Final Rule. The last of the three was to present an industry perspective of the rule.
Guidance for Industry: Submissions in Electronic Format, April 30, 1998, had CDER representatives from the Office of Information Technology and the Electronic Submissions Technical Working Group provide an overview of draft guidance documents. In addition, they presented an example of a full electronic submission, described CDER's procedures for processing these electronic submissions, and discussed lessons learned from electronic submissions received since September, 1997.
Computerized Systems Used in Clinical Trials was presented at the June, 1998, DIA Annual Meeting. CDER AERS Electronic Submissions Pilot, which discusses electronic submission of adverse events, was presented at the same session.
At a day-long tutorial held in September, 1998, participants were asked to anonymously answer "Yes" or "No" to statements describing their company response to 21 CFR Part 11. Thanks to Jim Bradburn for allowing the results of the survey to be shared.
21 CFR Part 11 and other related sources of information
The National Conference of Commissioners on Uniform State Laws (NCCUSL) proposes and promotes areas of law uniformity across states, the District of Columbia, Commonwealth of Puerto Rico, and the U.S. Virgin Islands. They have drafted and approved the Uniform Electronic Transactions Act (1999), which establishes rules for transactions using electronic records and electronic signatures. Almost 40 states have adopted it.
Have you ever had the feeling that you are the only one who didn't understand how digital signatures work? Well, that makes at least two of us. The American Bar Association has on online Tutorial explaining digital signature technology. The full ABA Digital Signature Guideline is also available.
The Chief Information Officer Council has established What Every CIO Needs to Know About Metadata, which is a quick and informative description of metadata and how metadata applies to data and records.
The National Center for State Courts maintains Digital Signature Links, which supplies a series of links that present information how digital signatures are being used in the courts and as part of other legal transactions.
Karl Zoeckler has authored A Framework for Implementing Electronic Records Programs - The Legal Acceptability Guide for Electronic Records (LAGER). LAGER was developed as a collaboration of groups coordinated by CENSA (see below).
CENSA is the Collaborative Electronic Notebook Systems Association. It is an international industry association, focused on driving the state of the art for electronic recordkeeping systems and collaborative technologies wherever they are used, with an emphasis on pharmaceutical and chemical needs. Their website has a section called CENSA Weblinks, which leads to many other sites that are focused on technologies that are relevant in light of the FDA's rule.
InterPARES, or International Research on Permanent Authentic Records in Electronic Systems, is a project "in which academics, national archival institutions and private industry representatives will collaborate to develop the theoretical and methodological knowledge required for the permanent preservation of authentic records created in electronic systems." The multiyear effort will focus on solving issues associated with permanent electronic archives. Their website also has many sources of information on the subject.
For the Record: Protecting Electronic Health Information (1997), is a 288 page report from the Committee on Maintaining Privacy and Security in Health Care Applications of the National Information Infrastructure, sponsored as part of the National Academy of Sciences/National Research Council. It includes several chapters on maintaining security and privacy of electronic health information.
The German Digital Signature Law, or Article 3 of the Information and Communication Services Act, provides the conditions for a secure infrastructure for the use of digital signatures in Germany. It was enacted on July 13, 1997, and promotes conditions assuring that manipulation of signed data can be reliably ascertained.
The Indiana University Electronic Records Project, Phase II, has established a page describing their activities, which includes much information on design and implementation of electronic record recordkeeping systems.