本周二，美国食品药品管理局（FDA）发布了一个问答草稿指南，阐明了其对临床试验中电子系统使用的期望，包括电子记录、云计算和移动技术。

具体而言，该指南提供了28条问答，详细说明了药品制造商、临床试验者、临床研究机构（CRO）和机构审查委员会（IRB）应该如何保证电子系统符合当局的要求，且与纸质版等同。

该指南还更新了以往的指南，详细说明了这些机构应该如何采取基于风险的方法来确认这些系统，并实施对电子记录的审计跟踪。

在FDA早期的指南（2003年）中，第11章，电子记录；电子签字-范围和应用，当局提供了一个“对第11章要求的狭义途径和解释”。当局解释到，对于确认、审计跟踪、记录保留和记录拷贝等某些要求，当局将行使强制自由裁量权。

虽然FDA表示仍打算对这些规定行使强制自由裁量权，当局表示该指南将阐明第11章中“在目前的技术环境中，赞助方和其他被监管机构必须酌情实施的控制”，因为它们涉及到：

• 电子系统，包括现成商业电子系统（COTS）和定制商业电子系统，由赞助方和其他被监管机构拥有或管理的；

• 电子服务，由赞助方和其他受监管的机构外包的；

• 主要用于提供医疗服务的电子系统；

• 移动技术；和

• 通讯系统。

FDA表示，“如果这些系统对重要记录进行了处理…递交给FDA”，企业通常需要对电子系统进行确认，但是确认的程度取决于系统及其用途。

FDA还指出，由于在线、基于web系统的使用，封闭系统和开放系统的法规几乎不相关。FDA表明，赞助方应该对这些系统实施额外的安全措施，如文件加密，以抵消在线系统中可能的物理安全丢失。

FDA表示，除了采取措施确保电子系统仅限于授权用户，还应有其他安全措施，如防火墙、防病毒和反间谍软件。

对于外包服务，如数据管理和云计算服务，FDA表示，对于处理和储存的记录，企业应有责任确保这些服务“有充分的控制以保证其可靠性和保密性”。

移动技术

该指南也提到了移动技术在临床调查中的使用，包括智能手机、平板电脑、移动应用程序和可穿戴式传感器，不管该技术是由赞助方提供，还是由研究参与者提供。

根据FDA，赞助方应该确保有适当的控制，以确保使用移动技术的人员是研究参与者，如指纹传感器或用户名和密码登录。

FDA表示，当从移动技术中捕获数据时，赞助方也应确保，把在研究的每个数据元素绑定到一个特定的数据源，如特定的人、设备或仪器。

FDA还表示，由于个人移动设备产生的数据最终会被传送到赞助方的电子系统，本指南中详述的访问控制、审计跟踪和确认有助于保证数据的可靠性，因此当局并不打算检查临床试验中使用的个人移动设备

奥咨达服务

 

FDA 510K 申报服务和周期（含工厂注册和合同范围内产品列名）
FDA De Novo
FDA MD 预提交（Pre-submission）申报服务和周期
FDA PMA申报服务和周期
FDA产品列名 申报服务和周期
FDA豁免510K-服务

 

英语原文  

FDA Issues Draft Q&A on Electronic Systems in Clinical Investigations

Posted 20 June 2017 By Michael Mezher

The US Food and Drug Administration (FDA)on Tuesday issued a draft questions and answers guidance to clarifyexpectations for using electronic systems, including electronic records, cloudcomputing and mobile technology, in clinical investigations.

Specifically, the guidance provides 28questions and answers detailing how drugmakers, clinical investigators,clinical research organizations (CROs) and institutional review boards (IRBs)can ensure such electronic systems meet the agency's requirements and areequivalent to paper ones.

The guidance also updates past guidancedetailing how those parties can take a risk-based approach to validating suchsystems and implement audit trails for electronic records.

In FDA's earlier guidance from 2003, Part11, Electronic Records; Electronic Signatures – Scope and Application, theagency provided a "narrow approach and interpretation of part 11requirements" and explained it would exercise enforcement discretion forcertain requirements for validation, audit trails, record retention and recordcopying.

While FDA says it still intends to exerciseenforcement discretion for those provisions, the agency says this guidance willclarify the part 11 "controls that sponsors and other regulated entitiesmust implement as appropriate, in the current technological environment"as they relate to:

Electronic systems, including commercialoff-the-shelf (COTS) and customized electronic systems owned or managed by sponsorsand other regulated entities;

Electronic services, outsourced by thesponsor or other regulated entities;

Electronic systems primarily used in theprovision of medical care;

Mobile technology; and

Telecommunication systems

In general, FDA says companies will need tovalidate electronic systems "if those systems process critical records …that are submitted to FDA," though the extent of the validation willdepend on the system and its intended use.

FDA also notes that the distinction in theregulations between closed and open systems is "seldom relevant" dueto the use of online, web-based systems, and says that sponsors shouldimplement additional security measures for those systems, such as documentencryption, to offset the physical security that may be lost with onlinesystems.

In addition to taking measures to ensureaccess to electronic systems is limited to authorized users, FDA says thereshould be other security measures in place such as firewalls, and antivirus andanti-spyware software.

For outsourced services, such as datamanagement and cloud computer services, FDA says companies are responsible forensuring those services "have adequate controls in place to ensure thereliability and confidentiality" of the records they process or store.

 

Mobile Technology

The guidance also addresses the use ofmobile technology in clinical investigations, whether the technology isprovided by the sponsor or brought by the study participant, including smartphones and tablets, mobile apps and wearable sensors.

According to FDA, sponsors should ensurethere are controls in place, such as thumbprint sensors or username andpassword logins, to ensure the mobile technology is being used by the studyparticipant.

When capturing data from mobiletechnologies, FDA says sponsors should also make sure that each data element ina study is tied to a specific data originator, such as a particular person,device or instrument.

FDA also says it does not intend to inspectindividual mobile devices used in a clinical trial, as the data generated bythose devices will ultimately be transmitted to a sponsor's electronic systemsand because the access controls, audit trails and validation detailed in theguidance "help ensure the reliability of the data."