Although many clinical trial sites wish to use technology, they are concerned about software compliance, particularly regarding 21 CFR Part 11 compliance. Using non-compliant technology can result in audits and tense interactions with the FDA and other regulatory authorities.
In order to obtain smoother and quicker approvals from the regulatory authorities, researches need to use software that are compliant with the regulatory guidelines.
The five most compliance guidelines that are concerned with clinical trial software are
FDA 21 Code of Federal Regulations (CFR) Part 11
FDA 21 Code of Federal Regulations (CFR) Part 11 mentions the regulations for clinical studies incorporating electronic records and electronic signatures. To comply with Part 11, you must comprehend the features of your electronic record system and the procedures you must take when utilizing it.
FDA recommendations for computerized systems used in clinical trials
The primary objective of 21 CFR Part 11 is to ensure that electronic records and electronic signatures are equally valid as paper records and handwritten signatures.
- We should specify each study protocol; use a computerized system to create, alter, manage, archive, retrieve, or transfer data.
- The electronic record serves as the source document when the first observations are input directly into a computerized system.
- As with paper-based systems, the design of a computerized system should guarantee that all applicable regulatory criteria for recordkeeping and record preservation in clinical trials are satisfied.
- All source materials supplied to a sponsor or contract research organization, including any correspondence relating to inquiry resolution, should be retained by clinical investigators either in their original form or as a certified copy.
- According to 21 CFR 11.10, an audit trail is always necessary for changes to data kept on electronic media.
- Regardless of how they were made or kept, any records intended to support submissions to the agency are subject to inspection by the FDA.
GDPR (General Data Protection Regulation)
GDPR protects people’s rights to reasonable control and better information. To do this, the GDPR strengthens the legal basis for personal data processing and places new roles and obligations on data controllers and processors.
GDPR recommendations for computerized systems used in clinical trials
The GDPR’s privacy and data protection regulations include the following.
- Request the people’s permission before processing their data.
- Using anonymization to safeguard acquired data’s privacy.
- Notifying users of data breaches.
- Managing the cross-border flow of data in a secure manner.
HIPPA (Health Insurance Portability and Accountability Act
A federal law known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandated the development of national standards to prevent the disclosure of sensitive patient health information without the patient’s knowledge or consent.
The privacy and the security rule are the two fundamental components of HIPAA.
HIPPA recommendations for computerized systems used in clinical trials
Protecting sensitive patient data is set by the Health Insurance Portability and Accountability Act (HIPAA).
The HIPPA security and privacy rules
The HIPAA Privacy Rule, also known as the Standards for Privacy of Individually Identifiable Health Information, or SPIHI, according to the U.S. Department of Health and Human Services (HHS), defines nationwide standards for the protection of specific health information.
The Security Rule also creates a set of federal security requirements for safeguarding health information stored or moved electronically.
By addressing the technical and non-technical measures that covered businesses must implement to secure persons’ electronic PHI, the Security Rule operationalizes the Privacy Rule’s protections (e-PHI).
EU GMP Annex 11
The EU published Annex 11 as one of several guidance documents that supplements the 27-member states’ GMP rules in 1992. Annex 11 was created to ensure that when a computer is used in place of a manual operation in the manufacture of pharmaceuticals when it comes to product quality, efficacy, or patent safety.
However, Annex 11 is not a legal requirement, but EMA recommends in its guidelines.
GCP (Good Clinical Practice)
Good Clinical Practice (GCP) is an international ethical and scientific quality standard for designing, conducting, recording and reporting trials that involve the participation of human subjects.
A combination of risk assessment, SOP adherence, a security system in place that prevents unauthorised access to the data and by establishing a structured validated system makes these software compliant with GCP .
Now in this article lets check the software that researchers commonly use to manage clinical trials and the compliances they need to check while using as per the regulators.
All the software need to be GCP compliant.
Software compliance in technology-enabled clinical trials
Here are the list of most common software tools that researchers use most often in clinical trials and discuss necessary compliance one by one in detail..
- Clinical Trial Training Platform (eLearning)
- Electronic Data Capture (EDC)
- Clinical Trial Management System (CTMS)
- Electronic Trial Master File (eTMF)
- Electronic Clinical Outcome Assessment (eCOA and ePRO)
- Electronic Health Record Mining
- Virtual site monitoring
Clinical trial training platform (e-Learning)
The clinical Trial Training Platform presents an opportunity to embrace the adaptability of on-demand learning. Before selecting an e-learning clinical trial platform, you should consider following compliances
The requirements of the Part 11 legislation of the FDA
- The accessibility and traceability of any record or action.
- Improves the way that customers interact with the products and services.
- Creates a controlled environment and a validated learning management system
- Facilitates the creation, review, and approval of documents.
HIPPA compliant e-Learning platform capabilities
- User security is maintained.
- Preserves patient or medical records’ confidential information.
- It facilitates the work of thousands of hospital employees and medical specialists.
- It enables to read and review whenever and wherever they want.
The goal of the GDPR is to secure the user’s consent before storing and processing data for educational purposes.
Electronic Data Capture (EDC)
Electronic data capture stores the patient data that are gathered for the clinical study. EDC should be compliant with the following rules
- Your EDC should outline issues with employing electronic instruments, sponsor and investigator duties, and things to avoid per the FDA’s PRO Guidance.
- GDPR concerns are informed consent, IRBs, investigator requirements, and site-based documentation. It entails keeping track of things, handling data, and keeping records. Both payments and safety information are covered.
- EU Annex 11 compliant.
Clinical Trial Management System (CTMS)
CTMS is a project management solution for clinical operations teams. CTMS used in a clinical trial must comply with 21 CFR part 11. Here are a few crucial factors for CTMS compliance, including support for 21 CFR Part 11:
- An audit trail
- All data changes made in the system should have an audit trail created by the CTMS, including the details of who made the change.
- Archival Procedure
- The CTMS should archive data instead of destroying it. The primary distinction is that “we cannot restore the deleted data but archived data may. When we remove the data intentionally or maliciously, the Archival increases protection.
- Account Limitations
- The CTMS should provide controls over password expiration, idle session expiration, and locking of inactive accounts. Users should be required to be authorized and authenticated to the system.
Electronic Trial Master File (eTMF)
The eTMF (electronic trial master file) has evolved into a standard in clinical research, similar to some of the other clinical trial software on this list.
Various 21 CFR sub-sections apply to your data management and retention that you should be aware of:
- “Electronic records and electronic signatures are treated the same as paper records and handwritten signatures,” according to 21 CFR 11.10.
- All documents required by this part, including reproductions of such records, must be easily accessible for authorized inspection during the retention term, according to FDA 21 CFR 211.180.
- According to FDA 21 CFR 58.190, only authorized individuals are allowed access to the archives.
Electronic Consent (eConsent)
Digital strategy for informed consent should be compliant with FDA rules and regulations.
When selecting an eConsent, Food and Drug Administration (FDA) and the HIPAA authorization should approve the eConsent for research. Under both state and federal law, the signature must be valid.
Informed consent forms, HIPAA authorization forms, and their processes must adhere to all standards.
Electronic Clinical Outcome Assessment (eCOA)
Patient data collection is one of the necessary steps in clinical trials. Additionally, we need to create digital techniques to gather this data for any decentralized clinical study.
Your eCOA software must adhere to the following compliances.
- All eCOA activity, including data entered by participants and assessments captured during telehealth visits, must adhere to patient privacy laws like HIPAA (Health Insurance Portability and Accountability Act).
- According to General Data Protection Regulation (GDPR), all personal data—not just health-related data should be private and secure.
Electronic Health Record (EHR) Mining or Digital Patient Recruitment
The use of electronic health records (EHRs) to generate a sizable sample for a clinical study is rising. Your electronic health record software should follow the HIPAA Security Rule.
A few potential metrics are
- Tools for “access control,” such as passwords and PIN codes, can help to restrict access to your information to those who are permitted to see it.
- “Encrypting” of saved data.
Virtual site monitoring
Virtual clinical trials have advantages because, When conducting a virtual or decentralized clinical trial, you may have fewer or no actual locations to visit. Your virtual site monitoring software must adhere to FDA and HIPPA compliances;
Your virtual site monitoring software should follow the FDA and HIPPA compliance standards. While conducting a virtual trial, all data should be confidential and safe by FDA CFR Part 11 and HIPAA.
Nowadays, researchers usually conduct clinical trials digitally. Digital clinical trials have benefits for both participants and investigators. Finding the best software to design your clinical trial is mandatory. The software you choose must comply with regulations such as; FDA, HIPPA, GCP, EU GMP Annex 11, and GDPR. This avoids un-necessary regulatory delays and data acceptance issues.
Are You Looking For Ways To Make Your Clinical Trial Digital?
Or do you have any questions related to software and their Compliance? Provide your requirement details below to connect with us and explore our services.