Dissecting Electronic Signatures for the Life Sciences



Similar documents
Article. Robust Signature Capture Using SigPlus Software. Copyright Topaz Systems Inc. All rights reserved.

Signature Requirements for the etmf

21 CFR PART 11 ELECTRONIC RECORDS, ELECTRONIC SIGNATURES CFR Part 11 Compliance PLA 2.1

Compliance Matrix for 21 CFR Part 11: Electronic Records

POLICY ISSUES IN E-COMMERCE APPLICATIONS: ELECTRONIC RECORD AND SIGNATURE COMPLIANCE FDA 21 CFR 11 ALPHATRUST PRONTO ENTERPRISE PLATFORM

21 CFR Part 11 White Paper

Self-Assessment of eresearch Compliance with 21 CFR Part 11, Electronic Record; Electronic Signatures

CoSign for 21CFR Part 11 Compliance

The Impact of 21 CFR Part 11 on Product Development

rsdm and 21 CFR Part 11

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

Arkansas Department of Information Systems Arkansas Department of Finance and Administration

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

21 CFR Part 11 Implementation Spectrum ES

Assessment of Vaisala Veriteq vlog Validation System Compliance to 21 CFR Part 11 Requirements

Guidance for Industry. 21 CFR Part 11; Electronic Records; Electronic Signatures. Electronic Copies of Electronic Records

Electronic records and electronic signatures in the regulated environment of the pharmaceutical and medical device industries

Guidance for Industry Computerized Systems Used in Clinical Investigations

InfinityQS SPC Quality System & FDA s 21 CFR Part 11 Requirements

Issues in Information Security and Verifiability for Biomedical Technology Companies

Department of Veterans Affairs VA DIRECTIVE 6510 VA IDENTITY AND ACCESS MANAGEMENT

State of Arkansas Policy Statement on the Use of Electronic Signatures by State Agencies June 2008

Compliance Response Edition 07/2009. SIMATIC WinCC V7.0 Compliance Response Electronic Records / Electronic Signatures. simatic wincc DOKUMENTATION

Enabling SharePoint for 21 CFR Part 11 Compliance - Electronic Signature Use Case

IBM esignature overview

CITY OF PALO ALTO OFFICE OF THE CITY ATTORNEY

Innovations in Digital Signature. Rethinking Digital Signatures

Guidance for Industry

Electronic Signature Guidance

Manual 074 Electronic Records and Electronic Signatures 1. Purpose

U.S. FDA Title 21 CFR Part 11 Compliance Assessment of SAP Records Management

Guidance for Industry and FDA Staff FDA Acceptance of Foreign Clinical Studies Not Conducted Under an IND Frequently Asked Questions

Implementation of 21CFR11 Features in Micromeritics Software Software ID

How To Choose An Electronic Signature

Moving Towards an Electronic Real Estate Transaction

Oracle WebCenter Content

Declaration of Conformity 21 CFR Part 11 SIMATIC WinCC flexible 2007

AlphaTrust PRONTO Enterprise Platform Product Overview

Guidance for Industry

Electronic Signature Article

Identity Management & Digital Signatures in the BioPharmaceutical Industry John Hendrix; Program Director CTST 2009

Empower TM 2 Software

Full Compliance Contents

Use of Electronic Health Record Data in Clinical Investigations

Tools to Aid in 21 CFR Part 11 Compliance with EZChrom Elite Chromatography Data System. White Paper. By Frank Tontala

Electronic Signatures: A New Opportunity for Growth. May 10, 2005

FDA Title 21 CFR Part 11:Electronic Records; Electronic Signatures; Final Rule (1997)

Authentication Levels. White Paper April 23, 2014

Considerations for validating SDS Software v2.x Enterprise Edition for the 7900HT Fast Real-Time PCR System per the GAMP 5 guide

Eclipsys Sunrise Clinical Manager Enterprise Electronic Medical Record (SCM) and Title 21 Code of Federal Regulations Part 11 (21CFR11)

This interpretation of the revised Annex

21 CFR Part 11 Deployment Guide for Wonderware System Platform 3.1, InTouch 10.1 and Historian 9.0

Business Issues in the implementation of Digital signatures

State of Arizona Policy Authority Office of the Secretary of State

Electronic Signature, Attestation, and Authorship

Guidance for Industry COMPUTERIZED SYSTEMS USED IN CLINICAL TRIALS

Minnesota State Colleges and Universities System Procedures Chapter 5 Administration Procedures associated with Board Policy 5.22

California State Board of Pharmacy and Medical Board of California

Electronic and Digital Signatures

Fill out All Authorization and Prior Authorization Forms Using the Fillable PDFs and Sign Electronically

Guidance for Industry Part 11, Electronic Records; Electronic Signatures Scope and Application

E-Signature. The Pharmacy Perspective

Electronic Prescribing of Controlled Substances: Establishing a Secure, Auditable Chain of Trust

A Planning Guide for Electronic Prescriptions for Controlled Substances (EPCS)

Compliance in the BioPharma Industry. White Paper v1.0

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

A unique biometrics based identifier, such as a fingerprint, voice print, or a retinal scan; or

Adventist HealthCare, Inc.

Administrative Guidelines for the Use of Electronic Signatures

PKI Adoption Case Study (for the OASIS PKIA TC) ClinPhone Complies with FDA Regulations Using PKIbased Digital Signatures

Agilent MicroLab Software with Spectroscopy Configuration Manager and Spectroscopy Database Administrator (SCM/SDA)

Implement best practices by using FileMaker Pro 7 as the backbone of your 21 CFR 11 compliant system.

21 CFR Part 11 Electronic Records & Signatures

Article. Electronic Signature Forensics. Copyright Topaz Systems Inc. All rights reserved.

Minnesota State Colleges and Universities System Guideline Chapter 5 Administration

21 CFR Part 11 Compliance Using STATISTICA

Digital Witness Statement Evidential Authenticity Standards

Sympatec GmbH System-Partikel-Technik WINDOX 4. Electronic Records/ Electronic Signatures Compliance Assessment Worksheet for 21 CFR Part 11

Supplement to the Guidance for Electronic Data Capture in Clinical Trials

Why Use Electronic Transactions Instead of Paper? Electronic Signatures, Identity Credentialing, Digital Timestamps and Content Authentication

ELECTRONIC SIGNATURE LAW. (Published in the Official Journal No 25355, ) CHAPTER ONE Purpose, Scope and Definitions

ELECTRONIC PRESENTATION AND E-SIGNATURE FOR ELECTRONIC FORMS, DOCUMENTS AND BUSINESS RECORDS ALPHATRUST PRONTO ENTERPRISE PLATFORM

Intland s Medical Template

NYS BEST PRACTICE GUIDELINE G04-001

Implementing Title 21 CFR Part 11 (Electronic Records ; Electronic Signatures) in Manufacturing Presented by: Steve Malyszko, P.E.

Article. Electronic Notary Practices. Copyright Topaz Systems Inc. All rights reserved.

Alfresco CoSign. A White Paper from Zaizi Limited. March 2013

FDA 21 CFR Part 11 Electronic records and signatures solutions for the Life Sciences Industry

Electronic Prescribing In New York State

Research Article. Research of network payment system based on multi-factor authentication

This policy applies to research administrators, investigators, research staff, Human Investigation Committee (HIC) members and HIC staff.

Transcription:

Vol. 12, No. 1, January 2016 Happy Trials to You Dissecting Electronic Signatures for the Life Sciences By Robert Finamore and John Harris Electronic signatures (e-signatures) can save substantial time and money. As a result, according to Forrester Research, the use of e-signatures has grown at an average annual rate of 53% since 2012, and more than 700 million documents and transactions are expected to be signed electronically by 2017. This trend applies to clinical research and other life science activities. For example, a nationally renowned clinical research institute that implemented an e-signature pilot program reduced the time required to obtain signatures on clinical trial documents from a range of 19 to 58 days to only three to four days. The FDA s definition of e-signatures is found in 21 CFR Part 11: Electronic Records, Electronic Signatures. These regulations specify FDA s requirements for using records and signatures in electronic form to meet the agency s recordkeeping requirements. However, the title of the regulation itself uses the term electronic signature, which can be misconstrued. The regulation deals with several different types of signatures in electronic form. The different types of signatures include standard electronic signatures, digital signatures, and handwritten signatures captured electronically. Before adopting an e- signature technology, it is important to understand the substantial differences between them. Electronic Signatures Most people think of standard e-signatures when considering Part 11. FDA defines an e- signature as a computer data compilation of any symbol or series of symbols executed, adopted or authorized by an individual to be the legally binding equivalent of the individual s handwritten signature. ( 11.3(b)(7)) This definition indicates that some information must be entered electronically and associated to a record (or document) for that record to be considered signed. Information about the signature is displayed with the record to indicate that it has been signed. ( 11.50) By FDA s definition, there are two types of standard e- signatures biometric and non-biometric: Biometric Signatures As defined in Part 11, biometric e-signatures involve a method of verifying an individual s identity based on measurement of the individual s physical feature(s) or repeatable action(s), where those features and/or actions are both unique to that individual and measurable. ( 11.3(b)(3)) This unique measurement must be captured every time a record is signed, and it must be securely linked to the signed record. Examples of biometric signatures include fingerprint and iris scans. These scanning technologies have to find a balance between resolution that is too low to prevent false positives (which would allow for fraudulent signing) and too high to prevent false negatives (which would create operational efficiencies). Another downside of this type of signature is that it normally requires attaching measurement hardware to a computer for execution of the signature. As a result, biometric signatures are not commonly used in the life sciences. Biometric signatures must comply with both the General s and Electronic s, as defined in 11.50, 11.70, 11.100 and 11.200(b) of the Part 11 regulation.

Non-Biometric Signatures The other type of standard e-signature is the non-biometric signature. This type of signature requires entry of two or more distinct signature components into the computerized system as the e-signature execution action. A user ID and password might constitute these distinct components, although there could be additional or alternate components, such as a badge scan instead of a user ID, or the additional entry of a code from a token or other code-generating device. Because most modern computerized systems already incorporate logical security functionality (e.g., user names and passwords), non-biometric signatures are the most common type of e-signature implemented in FDA-regulated applications, even though the regulations require additional controls for this type of e-signature. ( 11.300) Non-biometric electronic signatures must comply with both the General Signature Requirements and Electronic s, as defined in 11.50, 11.70, 11.100, 11.200(a), and 11.300 of the Part 11 regulation. Digital Signatures Many e-signature applications in the life sciences might require a higher level of security than that provided by standard e-signatures. Digital signatures are a form of non-biometric electronic signatures and, and as defined by FDA, are based on cryptographic methods of originator authentication, computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified. ( 11.3(b)(5)) Digital signatures are typically implemented using Public Key Infrastructure (PKI), which involves obtaining and utilizing public and private keys that are provided and managed by a trusted third party. A digital signature becomes invalid if the document changes in any way. It is the only type of electronic signature that can provide true non-repudiation. In addition to the applicable e-signature requirements mentioned above, digital signatures can also be used to fulfill the requirements for open systems, as detailed in 11.30 of the Part 11 regulation. For these reasons, organizations like SAFE-BioPharma, the European Medicines Agency, and the U.S. Drug Enforcement Agency (for prescriptions for controlled substances) require e- signatures to be digital signatures. Digital signatures integrate signature verification into the document itself. Because the digital signature s cryptographic information is embedded directly into the electronic document, the signature proves its own integrity independently, meaning signers do not have to rely on a web link to the e-signature vendor to verify the signature s validity. Digital signatures also provide increased transparency of a signature s validity and the signing process, perpetual assurance of validity, and reduced risk from cyber threats. Electronically Captured Handwritten Signatures Another type of signature is the electronically captured handwritten signature. The FDA considers a signature handwritten if the act of signing with a writing or marking instrument such as a pen or stylus is preserved. The scripted name or legal mark, while conventionally applied to paper, may also be applied to other devices that capture the name or mark. ( 11.3(b)(8)) A common example of this method is the capture of the signature image via signing with a stylus on a digitizing pad or touch screen. A common life sciences application for this type of signature is in sales force automation systems utilized by pharmaceutical sales reps in the field to capture the signatures of health care practitioners receiving drug samples. Such an electronically captured handwritten 2

signature is not considered a true electronic signature by FDA definition. It thus need not comply with the e-signature-specific requirements defined in 11.100-11.300 of the Part 11 regulation. However, as a handwritten signature executed to an electronic record, it does need to comply with the general signature requirements defined in 11.50 and 11.70 of the Part 11 regulation. True electronic signatures can allow signers to use their finger, mouse or stylus to draw their signature, provided the required security controls for standard e-signatures are implemented. Hybrid Systems Even though they are not electronically captured, traditional handwritten wet ink signatures can also fall within the scope of Part 11. This circumstance can occur in a hybrid system that incorporates both hard copy and electronic record elements. An example of this method would be printing a copy of an electronic record and signing the paper, with the intent that the signature approves the electronic version of the record. Although this type of signature application is relatively rare, it may be used in cases where the computerized system cannot support compliant e-signatures. Hybrid systems were not well considered when the Part 11 regulation was drafted; however, these hybrid signatures would fall within the definition of handwritten signatures executed to electronic records and would need to comply with 11.50 and 11.70 of the Part 11 regulation. The most common way to ensure a secure record/signature linkage is to record unique information (e.g., a checksum or hash) about the electronic record on the paper, so that if the record changes, the signature will be invalidated. Compliance with Part 11 electronic signature requirements is required only for approvals and signings that are specifically required within FDA predicate regulations, i.e., those that require companies to approve and maintain certain records or submit signed records to the agency as part of compliance. Within clinical research, records with signature requirements include institutional review board (IRB) documentation, study protocols, informed consent records, and certain principal investigator statements and agreements, among others. There are also signature requirements for key submission documents, such as INDs, NDAs and IDEs. Table 1 presents many, but not all, signature requirements from clinical research regulations. When electronic signatures are used to fulfill these requirements, Part 11 compliance is necessary. Table 1. Clinical Research s CFR Section 50.23(d)(1)(v), 50.24(a), 56.102(g), 56.102(m), 56.103(a), 56.109(a), 312.30(a)(2), 812.2(b)(1)(ii), 812.42, 812.62(a) 50.23(d)(3) IRB approval of a clinical investigation, including approval of the investigational new drug protocol and the administration of the investigational new drug IRB approval of (i) the required information sheet, (ii) the adequacy of the plan to disseminate information on the investigational product, (iii) the adequacy of the information and plans for its dissemination to health care providers, and (iv) an informed consent form 3

CFR Section 50.24(a)(6), 50.27(a), 56.115(a)(1) IRB approval of informed consent procedures and an informed consent document; IRB approval of procedures and information to be used when providing an opportunity for a family member to object to a subject s participation in the clinical investigation 50.27, 812.140(a)(3) Written consent form signed and dated by the subject or the subject s legally authorized representative at the time of consent 50.27(b)(2) 54.4(a)(1) 56.108(a)(4), 56.109(a), 312.30(b)(2)(i)(b), 312.66, 812.35(a)(1), 812.35(b), 812.62(a) 312.23(a)(1)(ix) 312.23(b), 314.50(g)(1) 312.53(c)(1) 312.120(a)(i) 312.120(b)(11) 314.50(a)(5), 314.94(a)(1), 814.20(a), 814.104(a) 314.50(g)(3) IRB approval of a written summary of what is to be said to the subject or the representative (for a short form consent), and subject s or representative s signature on that short form, along with signatures of a witness and the person obtaining the consent Form FDA 3454 (attesting to the absence of financial interests and arrangements) signed and dated and by the CFO or other responsible corporate official or representative IRB approval of changes in approved research, including updates to study protocol Signature of the sponsor or the sponsor s authorized representative on IND cover sheet A reference to information submitted to the agency by a person other than the sponsor or applicant, which is required to contain a written statement that authorizes the reference and that is signed by the person who submitted the information Form FDA-1572 signed by investigator IEC approval before initiating a study, continuing IEC review of the ongoing study, and documenting the freely given informed consent of the subjects Any signed written commitments by investigators maintained by the sponsor or applicant and made available for agency review upon request Application signed by the applicant, or the applicant s attorney, agent or other authorized official Written statement signed by the [non-applicant] owner of data that the applicant may rely on the data in support of the approval of its application 314.53(c)(2)(i)(Q) A signed verification of compliance to 21 CFR 314.53 314.53(c)(4) 314.72(a)(2) 314.91(c)(2) 314.200(d)(3)IV 314.200(e)(2)IV Declarations required by this section, signed by the applicant or patent owner, or the applicant s or patent owner s attorney, agent (representative), or other authorized official Application form signed by the new owner The request for a reduction in the discontinuance notification period signed by the applicant or the applicant s attorney, agent (representative), or other authorized official A statement signed by the person responsible for such submission that it includes in full all studies and information specified in 314.200(d) A statement signed by the person responsible for such submission, that all appropriate records have been searched and, to the best of that person s knowledge and belief, it includes a true and accurate presentation of the facts 4

CFR Section 601.2(a) 601.25(b)(3)VIII 812.20(a)(3) 812.20(b)(4)&(5), 812.36(c)(ix), 812.43(c), 812.100, 812.110(b), 812.140(b)(3) Application signed by the applicant or the applicant s attorney, agent or other authorized official If the submission is by a licensed manufacturer, a statement signed by the authorized official of the licensed manufacturer; if the submission is by an interested person other than a licensed manufacturer, a statement signed by the person responsible for such submission A signed Application for an Investigational Device Exemption (IDE application) Agreement signed by investigators 814.102 A completed, dated and signed request for HUD designation 814.124 IRB approval for administration of HUD 814.44(b) Committee report and recommendation in the form of a meeting transcript signed by the chairperson of the committee For all of the above-mentioned signature types, the signatures must be securely captured, stored and linked to their associated records. All these signatures can be legally binding and, as such, there must be a high degree of assurance that the signatures cannot be forged and cannot be repudiated by the signer. The type of signature that is best for a specific use in a specific organization depends on how and why the e-signatures are used, as well as how mission-critical or sensitive the records are to the organization, and the level of transparency, longevity, security and independence required. For example, using nonbiometric e-signatures for IRB approvals in an electronic content management system is an efficient methodology. On the other hand, signing informed consent forms with nonbiometric e-signatures at numerous research sites would be much more difficult. In the latter case, electronically captured handwritten signatures would likely make more sense, e.g., scanning a signed hardcopy or capturing the signature electronically on a tablet using a stylus. Authors Robert J. Finamore is Director, IT Compliance & Validation at QPharma, Inc., a regulatory compliance consulting firm based in Morristown, NJ. Contact him at 1.973.656.0011 or Robert.Finamore@qpharmacorp.com. John Harris is Senior Vice President of Product Management at SIGNiX, an electronic signature solutions provider. Contact him at 1.877.890.5350 or jharris@signix.com. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information