Requirements for Computer Systems in the clinical practice Danilo Neri, PhD Pomezia, 13 Settembre 2005.

Requirements for Computer Systems in the

clinical practice

Requirements for Computer Systems in the

clinical practice

Danilo Neri, PhDPomezia, 13 Settembre 2005

Requirements for Computer Systems in the clinical practice


Requirements for Computer Requirements for Computer Systems in GCPSystems in GCP

The old scenarioThe old scenario The current scenarioThe current scenario The next scenarioThe next scenario



Traceability

Security Integrity

Fundamental Requirements for clinical data

Fundamental Requirements for clinical data

attributable

legible

contemporaneous (timeliness)

original

Accurate

Data shall be (regardless the format !)

CLOSED

OPEN

Records are fully under

Responsibility of the Firm

Responsibility of Records is shared with Third Parts

Traceability

Security Integrity

Different implications for different environments

Different implications for different environments

Traceability

Security Integrity







Evolution of Computer System in GCP: the old Scenario

Evolution of Computer System in GCP: the old Scenario

Case History Paper CRF

Clinical DB(eCRF)

w/o eSignature

1.1. Data are registered in the paper Case HistoryData are registered in the paper Case History

2.2. Data are reported in the CRF Paper FormData are reported in the CRF Paper Form

3.3. Data are migrated in the Clinical DB (option: Data are migrated in the Clinical DB (option: Electronic Signature)Electronic Signature)

1.1. Data are registered in the paper Case HistoryData are registered in the paper Case History

2.2. Data are reported in the CRF Paper FormData are reported in the CRF Paper Form

3.3. Data are migrated in the Clinical DB (option: Data are migrated in the Clinical DB (option: Electronic Signature)Electronic Signature)

Case History Paper CRF

Source Data Verification

ICH E6 for Computer Systems

21 CFR Part 11 Requirements (Closed System)

Protection of Privacy (21 CFR Part 21, EU 95/46/EC)

Regulations

Compliance Requriments for Computer Systems


Clinical DB(eCRF)

w/o eSignature

ICH E6 Requirements for Computer Systems (1.2)


5.5.3.a Ensure and document that the electronic 5.5.3.a Ensure and document that the electronic data processing system(s) conforms to the data processing system(s) conforms to the Sponsor’s established requirements for Sponsor’s established requirements for completeness, accuracy, reliability, and consistent completeness, accuracy, reliability, and consistent intended performance (i.e. validation).intended performance (i.e. validation).

International Conference on Harmonisation of TechnicalInternational Conference on Harmonisation of TechnicalRequirements for Registration of Pharmaceuticals for Human Use - ICH Requirements for Registration of Pharmaceuticals for Human Use - ICH

Harmonised Tripartite Guideline – Harmonised Tripartite Guideline – Guideline For Good Clinical PracticeGuideline For Good Clinical Practice

5.5.3.a Ensure and document that the electronic 5.5.3.a Ensure and document that the electronic data processing system(s) conforms to the data processing system(s) conforms to the Sponsor’s established requirements for Sponsor’s established requirements for completeness, accuracy, reliability, and consistent completeness, accuracy, reliability, and consistent intended performance (i.e. validation).intended performance (i.e. validation).

International Conference on Harmonisation of TechnicalInternational Conference on Harmonisation of TechnicalRequirements for Registration of Pharmaceuticals for Human Use - ICH Requirements for Registration of Pharmaceuticals for Human Use - ICH

Harmonised Tripartite Guideline – Harmonised Tripartite Guideline – Guideline For Good Clinical PracticeGuideline For Good Clinical Practice



Par. 5.8: Par. 5.8: Integrity of Data and Computer SoftwareIntegrity of Data and Computer SoftwareThe credibility of the numerical results of the The credibility of the numerical results of the analysis depends on the quality and VALIDITY of analysis depends on the quality and VALIDITY of the method and software used both for data the method and software used both for data management (data entry, storage, management (data entry, storage, verification,correction and retrieval) and also for verification,correction and retrieval) and also for processing the data statistically. The computer processing the data statistically. The computer software used for data management and statistical software used for data management and statistical analysis should be reliable and analysis should be reliable and documentation of documentation of appropriate software testing procedures should be appropriate software testing procedures should be available.available.

International Conference on Harmonisation of TechnicalInternational Conference on Harmonisation of TechnicalRequirements for Registration of Pharmaceuticals for Human Use –Requirements for Registration of Pharmaceuticals for Human Use –

ICH Harmonised Tripartite Guideline – ICH Harmonised Tripartite Guideline – Guideline Guideline for statistical principle on Clinical trialGuideline Guideline for statistical principle on Clinical trial

Par. 5.8: Par. 5.8: Integrity of Data and Computer SoftwareIntegrity of Data and Computer SoftwareThe credibility of the numerical results of the The credibility of the numerical results of the analysis depends on the quality and VALIDITY of analysis depends on the quality and VALIDITY of the method and software used both for data the method and software used both for data management (data entry, storage, management (data entry, storage, verification,correction and retrieval) and also for verification,correction and retrieval) and also for processing the data statistically. The computer processing the data statistically. The computer software used for data management and statistical software used for data management and statistical analysis should be reliable and analysis should be reliable and documentation of documentation of appropriate software testing procedures should be appropriate software testing procedures should be available.available.

International Conference on Harmonisation of TechnicalInternational Conference on Harmonisation of TechnicalRequirements for Registration of Pharmaceuticals for Human Use –Requirements for Registration of Pharmaceuticals for Human Use –

ICH Harmonised Tripartite Guideline – ICH Harmonised Tripartite Guideline – Guideline Guideline for statistical principle on Clinical trialGuideline Guideline for statistical principle on Clinical trial

RECORD LIFE CYCLE

•creation•modifying

•maintenance•archiving•retrieving

•transmission

Electronic RecordElectronic Signature

ElectronicRecords

Criteria set forth for

ElectronicSignature

Criteria set forth for

EQUIVALENCE

Paper RecordHandwritten Signature

Code of Federal Regulations

21 CFR Part 11;Eletronic Records;

Electronic Signature

August, 1997

21 CFR Part 1121 CFR Part 11

Control for Closed Systems [ref. §11.10] - The use of closed systems to manage electronic records implies:

21 CFR Part 11 Requirements for Electronic Records

21 CFR Part 11 Requirements for Electronic Records

(a) Validation of computer system

(b) Accurate and complete copies of records

(c) Protection of the data

(d) Limiting access

(e) Audit trails

(f) Operational system checks

(g) Authority checks

(h) Control on validity of input actions

(i) Adequate education and training

(l) Control on documentation distribution and change

control procedure application

What is Computer System Validation?

What is Computer System Validation?

CSV is the documented evidence, to a CSV is the documented evidence, to a high degree of assurance, that a high degree of assurance, that a computer system performs its intended computer system performs its intended functions accurately and reliably.functions accurately and reliably.

CSV is the documented evidence, to a CSV is the documented evidence, to a high degree of assurance, that a high degree of assurance, that a computer system performs its intended computer system performs its intended functions accurately and reliably.functions accurately and reliably.

Documented evidence

High degree of assurance

intended functions

accurately and reliably

ISO equivalent RequirementsISO equivalent Requirements

Note: In ISO/IEC 14598 the relevant entity is a Note: In ISO/IEC 14598 the relevant entity is a software productsoftware product

An entity is a product, process, person, An entity is a product, process, person, activity, machine, service, system, department, activity, machine, service, system, department,

company, institution, or organization.company, institution, or organization.

(The Quality is) The totality of (The Quality is) The totality of characteristics of an entity that bear characteristics of an entity that bear on its ability to satisfy stated and on its ability to satisfy stated and implied need. implied need.

[ISO 8402: 1994][ISO 8402: 1994]

(The Quality is) The totality of (The Quality is) The totality of characteristics of an entity that bear characteristics of an entity that bear on its ability to satisfy stated and on its ability to satisfy stated and implied need. implied need.

[ISO 8402: 1994][ISO 8402: 1994]

GAMP Validation LifecycleGAMP Validation Lifecycle

SystemBuild

related to

related to

related to

UserRequirementsSpecification

Performance Qualification

Functional Specification

Operational Qualification

Installation Qualification

DesignSpecification

Configuration

Testing

RiskAssessment

RiskAssessment

Design R

eview

Validation DeliverablesValidation DeliverablesUser

Requirements

Specifications

AuditReport

Functional Specification

s

Design Specification

s

Unit TestingSystem Acceptance

Testing

Test PlanInstallationOperationalPerformanceQualificationProtocol &

Reports

SOPs

Decommissioning

Decommissioning

Plan/Report

Requirement Part 11 ICH E6

Validation of Computer system

11.10.(a) 5.5.3.a

Accurate and Complete Copies of Record

11.10.(b) 4.9.7

Data Protection 11.10.(c)2.10;4.9.1;5.5.3.f

Limiting Access 11.10.(d)§ 2.11; 5.5.3.d

Audit Trail 11.10.(e)4.9.3;

5.5.3.c

Part 11 vs ICH E6 Requirements (1/2)Part 11 vs ICH E6 Requirements (1/2)

Requirement Part 11 ICH E6

Operational System check 11.10.(f)2.6

4.9.1

Authority Check 11.10.(g)

2.11;4.1.5;4.9.3

5.5.3.e

Device Check 11.10.(h) --

Training 11.10.(i) 2.8

System Documentation 11.10.(k) 5.5.3.b

Part 11 vs ICH E6 Requirements (2/2)Part 11 vs ICH E6 Requirements (2/2)







1.1. Data are registered in the Case HistoryData are registered in the Case History

2.2. Data are directly recorded in the Clinical DB Data are directly recorded in the Clinical DB through remote access and electronically signedthrough remote access and electronically signed

1.1. Data are registered in the Case HistoryData are registered in the Case History

2.2. Data are directly recorded in the Clinical DB Data are directly recorded in the Clinical DB through remote access and electronically signedthrough remote access and electronically signed

Case History

Network Clinical DB(eCRF)

+ eSignature

Evolution of Computer System in GCP: the current Scenario

Evolution of Computer System in GCP: the current Scenario



21 CFR Part 11 Requirements (Open System + eSig Reqs)


Regulations



Case History

Network Clinical DB(eCRF)

+ eSignature

Control for Open Systems [ref. §11.30] - The use of open systems to manage electronic records implies:

21 CFR Part 11: Requirements for Open Systems

21 CFR Part 11: Requirements for Open Systems

Controls for Closed System (see previous slide); several requirements (I.e. Device Checks) might be enforced

Document encryption

Digital signatures standards

[ref. §11.50; 11.70; 11.100] -The use of Electronic Signature (ES) for signing Electronic Records (ER)

implies:

Using ES when required by the predicate rule(s)

ES manifestation

ES / ER linking

Procedure for managing attribution and use of ES

21 CFR Part 11: Requirements for Electronic Signatures

21 CFR Part 11: Requirements for Electronic Signatures

Fundamental requirement: Signature-Record Linking

Fundamental requirement: Signature-Record Linking

21 C

FR

P

AR

T 1

121 C

FR

P

AR

T 1

1Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.

Electronic signatures and handwritten signatures executed to electronic records shall be linked to their respective electronic records to ensure that the signatures cannot be excised, copied, or otherwise transferred to falsify an electronic record by ordinary means.

Ref. §11.70. Preamble 15,53,107,108,109,110,11,112,113Ref. §11.70. Preamble 15,53,107,108,109,110,11,112,113

Signed Record Signature

IMMUTABLE BY ORDINARY

MEANS







1.1. Data are registered directly in the Data are registered directly in the electronic Case History (ECH)electronic Case History (ECH)

2.2. Case History are printed based Case History are printed based upon ECHupon ECH

3.3. Data are reported in paper CRF and Data are reported in paper CRF and then migrated to the clinical DB or then migrated to the clinical DB or directly entered in the Clinical DBdirectly entered in the Clinical DB

1.1. Data are registered directly in the Data are registered directly in the electronic Case History (ECH)electronic Case History (ECH)

2.2. Case History are printed based Case History are printed based upon ECHupon ECH

3.3. Data are reported in paper CRF and Data are reported in paper CRF and then migrated to the clinical DB or then migrated to the clinical DB or directly entered in the Clinical DBdirectly entered in the Clinical DB

Printed Case

History

Electronic Case

History

Paper CRF

Network

Clinical DB(eCRF)

+ eSignature

Evolution of Computer System in GCP:

the near next Scenario

Evolution of Computer System in GCP:

the near next Scenario

Current use of Computer System for Electronic History Case

Current use of Computer System for Electronic History Case

Electronic Case

History

+ eSignature

Paper CRF

Network

Printed Case

History

Clinical DB(eCRF)

+ eSignature


Requirements for Computer SystemsRequirements for Computer Systems


21 CFR Part 11 Requirements (Open System + eSig Reqs)


Regulations

Privacy related local laws (DL675/196, DL196/2003)

Regulations

Ministry of Health Rules

?

Quality ISO requirements

Directive 95/46/EC, 24 October 1995Directive 95/46/EC, 24 October 1995

Member States shall protect the Member States shall protect the fundamental rights and freedoms of fundamental rights and freedoms of

natural persons, and in particular natural persons, and in particular their their right to privacyright to privacy with respect to with respect to

the the processing of personal dataprocessing of personal data

Directive 95/46/EC, 24 October 1995Directive 95/46/EC, 24 October 1995

Member States shall protect the Member States shall protect the fundamental rights and freedoms of fundamental rights and freedoms of

natural persons, and in particular natural persons, and in particular their their right to privacyright to privacy with respect to with respect to

the the processing of personal dataprocessing of personal data

Requirements for Privacy ProtectionRequirements for Privacy Protection

Legal “trigger” Legal “trigger” Legal “trigger” Legal “trigger”

Directive 95/46/EC: Processing of Personal Data

Directive 95/46/EC: Processing of Personal Data

Directive 95/46/EC, 24 October 1995Chapter I, Art. 2

Any operation or set of operations which is performed Any operation or set of operations which is performed upon personal data, whether or not by automatic means, upon personal data, whether or not by automatic means, such as:such as:•collectioncollection•recordingrecording•organizationorganization•storagestorage•adaptation or alteration, adaptation or alteration, •retrievalretrieval•ConsultationConsultation

Any operation or set of operations which is performed Any operation or set of operations which is performed upon personal data, whether or not by automatic means, upon personal data, whether or not by automatic means, such as:such as:•collectioncollection•recordingrecording•organizationorganization•storagestorage•adaptation or alteration, adaptation or alteration, •retrievalretrieval•ConsultationConsultation

•useuse•disclosure by transmissiondisclosure by transmission•dissemination or otherwise dissemination or otherwise making availablemaking available•alignment or combinationalignment or combination•blocking, erasure or blocking, erasure or destructiondestruction

Directive 95/46/EC: Application FieldDirective 95/46/EC: Application Field

Processing of personal data wholly or partly by Processing of personal data wholly or partly by automatic meansautomatic means

Processing of personal data which form part of Processing of personal data which form part of a filing system or are intended to form part of a a filing system or are intended to form part of a

filing systemfiling system

Processing of personal data wholly or partly by Processing of personal data wholly or partly by automatic meansautomatic means

Processing of personal data which form part of Processing of personal data which form part of a filing system or are intended to form part of a a filing system or are intended to form part of a

filing systemfiling system

Directive 95/46/EC, 24 October 1995Chapter I, Art. 3

Directive 95/46/EC: Data QualityDirective 95/46/EC: Data Quality

Controller has to ensure that data are:Controller has to ensure that data are:•Processed fairly and lawfullyProcessed fairly and lawfully

•Collected for specified, explicit and legitimate Collected for specified, explicit and legitimate purposespurposes

•Adequate, relevant and not excessive in relation Adequate, relevant and not excessive in relation to the purposes to the purposes

•Accurate and, where necessary, kept up to dateAccurate and, where necessary, kept up to date•Kept in a form which permits identification of Kept in a form which permits identification of data subjects for no longer than is necessarydata subjects for no longer than is necessary

Controller has to ensure that data are:Controller has to ensure that data are:•Processed fairly and lawfullyProcessed fairly and lawfully

•Collected for specified, explicit and legitimate Collected for specified, explicit and legitimate purposespurposes

•Adequate, relevant and not excessive in relation Adequate, relevant and not excessive in relation to the purposes to the purposes

•Accurate and, where necessary, kept up to dateAccurate and, where necessary, kept up to date•Kept in a form which permits identification of Kept in a form which permits identification of data subjects for no longer than is necessarydata subjects for no longer than is necessary

Directive 95/46/EC, 24 October 1995Chapter II, Art. 6

Directive 95/46/EC: Data Subject’s RightsDirective 95/46/EC:

Data Subject’s Rights

• Information

• Access to Data

• Right to object

Directive 95/46/EC: Data Subject’s Information

Directive 95/46/EC: Data Subject’s Information


Data subject has to know:Data subject has to know:

•Identity of the Controller (or Representative)Identity of the Controller (or Representative)•Purpose of the Data ProcessingPurpose of the Data Processing

•Recipient of the DataRecipient of the Data•Own rightsOwn rights

Data subject has to know:Data subject has to know:

•Identity of the Controller (or Representative)Identity of the Controller (or Representative)•Purpose of the Data ProcessingPurpose of the Data Processing

•Recipient of the DataRecipient of the Data•Own rightsOwn rights

Directive 95/46/EC: Data Subject’s Access to Data

Directive 95/46/EC: Data Subject’s Access to Data


Data Subject has to obtain from the Controller:Data Subject has to obtain from the Controller:

•Information about subject’s personal data effective Information about subject’s personal data effective use, data undergoing process, logic involved in any use, data undergoing process, logic involved in any

automatic processing of data, own rightsautomatic processing of data, own rights

•Erasure or blocking of data not compliant to Erasure or blocking of data not compliant to 95/46/EC95/46/EC

•Notification about data disclosure to third partiesNotification about data disclosure to third parties

Data Subject has to obtain from the Controller:Data Subject has to obtain from the Controller:

•Information about subject’s personal data effective Information about subject’s personal data effective use, data undergoing process, logic involved in any use, data undergoing process, logic involved in any

automatic processing of data, own rightsautomatic processing of data, own rights

•Erasure or blocking of data not compliant to Erasure or blocking of data not compliant to 95/46/EC95/46/EC

•Notification about data disclosure to third partiesNotification about data disclosure to third parties

Directive 95/46/EC: Confidentiality of Processing

Directive 95/46/EC: Confidentiality of Processing


“

““Any person acting under the authority of the Any person acting under the authority of the controller or of the processor, including the controller or of the processor, including the

processor himself, who has access to personal processor himself, who has access to personal data must not process them except on instructions data must not process them except on instructions

from the controller, unless he is required to do so by from the controller, unless he is required to do so by law.”law.”

““Any person acting under the authority of the Any person acting under the authority of the controller or of the processor, including the controller or of the processor, including the

processor himself, who has access to personal processor himself, who has access to personal data must not process them except on instructions data must not process them except on instructions

from the controller, unless he is required to do so by from the controller, unless he is required to do so by law.”law.”

Directive 95/46/EC: Security of Processing

Directive 95/46/EC: Security of Processing


•Safely processingSafely processing

•Protection against accidental or maliciousProtection against accidental or malicious• lossloss•alterationalteration•unauthorized disclosure or accessunauthorized disclosure or access

•Security measures implementationSecurity measures implementation

•Safely processingSafely processing

•Protection against accidental or maliciousProtection against accidental or malicious• lossloss•alterationalteration•unauthorized disclosure or accessunauthorized disclosure or access

•Security measures implementationSecurity measures implementation

Italian laws DL675/196, DL196/2003 include Italian laws DL675/196, DL196/2003 include the statements of EU directivethe statements of EU directive

The Technical attachment B dedicated to The Technical attachment B dedicated to Electronic data management. Electronic data management.

The law and the Technical attachment B The law and the Technical attachment B address nearly the same requirements set address nearly the same requirements set forth by pharmaceutical regulations, such as forth by pharmaceutical regulations, such as 21 CFR Part 1121 CFR Part 11

Italian laws DL675/196, DL196/2003 include Italian laws DL675/196, DL196/2003 include the statements of EU directivethe statements of EU directive

The Technical attachment B dedicated to The Technical attachment B dedicated to Electronic data management. Electronic data management.

The law and the Technical attachment B The law and the Technical attachment B address nearly the same requirements set address nearly the same requirements set forth by pharmaceutical regulations, such as forth by pharmaceutical regulations, such as 21 CFR Part 1121 CFR Part 11

Local Laws applicationLocal Laws application

(2) Le credenziali di autenticazione consistono in un codice per l'identificazione dell'incaricato (2) Le credenziali di autenticazione consistono in un codice per l'identificazione dell'incaricato associato a una parola chiave riservata conosciuta solamente dal medesimo oppure in un associato a una parola chiave riservata conosciuta solamente dal medesimo oppure in un dispositivo di autenticazione in possesso e uso esclusivo dell'incaricato, eventualmente dispositivo di autenticazione in possesso e uso esclusivo dell'incaricato, eventualmente associato a un codice identificativo o a una parola chiave, oppure in una caratteristica associato a un codice identificativo o a una parola chiave, oppure in una caratteristica biometrica dell'incaricato, eventualmente associata a un codice identificativo o a una parola biometrica dell'incaricato, eventualmente associata a un codice identificativo o a una parola chiave. chiave.

Requirements set forth by the Technical Attachment for data

management (1.2)

Requirements set forth by the Technical Attachment for data

management (1.2)

Security Management

(5) La parola chiave, quando è prevista dal sistema di autenticazione, è composta da almeno (5) La parola chiave, quando è prevista dal sistema di autenticazione, è composta da almeno otto caratteri oppure, nel caso in cui lo strumento elettronico non lo permetta, da un numero di otto caratteri oppure, nel caso in cui lo strumento elettronico non lo permetta, da un numero di caratteri pari al massimo consentito; essa non contiene riferimenti agevolmente riconducibili caratteri pari al massimo consentito; essa non contiene riferimenti agevolmente riconducibili all'incaricato ed è modificata da quest'ultimo al primo utilizzo e, successivamente, almeno ogni all'incaricato ed è modificata da quest'ultimo al primo utilizzo e, successivamente, almeno ogni sei mesi. In caso di trattamento di dati sensibili e di dati giudiziari la parola chiave è modificata sei mesi. In caso di trattamento di dati sensibili e di dati giudiziari la parola chiave è modificata almeno ogni tre mesi. almeno ogni tre mesi.

Password Management

(19.3) (Il documento programmatico sulla Sicurezza (DPS) deve contenere) l'analisi dei rischi (19.3) (Il documento programmatico sulla Sicurezza (DPS) deve contenere) l'analisi dei rischi che incombono sui dati; che incombono sui dati;

Risk Analysis

(19.4) (Il documento programmatico sulla Sicurezza (DPS) deve contenere) le misure da (19.4) (Il documento programmatico sulla Sicurezza (DPS) deve contenere) le misure da adottare per garantire l'integrità e la disponibilità dei dati, nonchè la protezione delle aree e dei adottare per garantire l'integrità e la disponibilità dei dati, nonchè la protezione delle aree e dei locali, rilevanti ai fini della loro custodia e accessibilitàlocali, rilevanti ai fini della loro custodia e accessibilità

Backup

(13) I profili di autorizzazione, per ciascun incaricato o per classi omogenee di incaricati, sono (13) I profili di autorizzazione, per ciascun incaricato o per classi omogenee di incaricati, sono individuati e configurati anteriormente all'inizio del trattamento, in modo da limitare l'accesso ai individuati e configurati anteriormente all'inizio del trattamento, in modo da limitare l'accesso ai soli dati necessari per effettuare le operazioni di trattamento. ; soli dati necessari per effettuare le operazioni di trattamento. ;

User Profiles

(19.5) (Il documento programmatico sulla Sicurezza (DPS) deve contenere) la descrizione dei (19.5) (Il documento programmatico sulla Sicurezza (DPS) deve contenere) la descrizione dei criteri e delle modalità per il ripristino della disponibilità dei dati in seguito a distruzione o criteri e delle modalità per il ripristino della disponibilità dei dati in seguito a distruzione o danneggiamento danneggiamento

Restore

Requirements set forth by the Technical Attachment for data management (2.2)

Requirements set forth by the Technical Attachment for data management (2.2)

ISO RequirementsISO Requirements

Implementation of ISO Quality System in hospital Implementation of ISO Quality System in hospital management has been recommended by the Ministry management has been recommended by the Ministry of Healthof Health

Implementation of ISO Quality System in hospital Implementation of ISO Quality System in hospital management has been recommended by the Ministry management has been recommended by the Ministry of Healthof Health

The Electronic Case History may be a powerful and The Electronic Case History may be a powerful and fundamental key point of the Quality System fundamental key point of the Quality System provided that following requirements are met:provided that following requirements are met:

TraceabilityTraceabilityClarityClarityAccuracyAccuracyTrustworthiness Trustworthiness CompletenessCompleteness

The Electronic Case History may be a powerful and The Electronic Case History may be a powerful and fundamental key point of the Quality System fundamental key point of the Quality System provided that following requirements are met:provided that following requirements are met:

TraceabilityTraceabilityClarityClarityAccuracyAccuracyTrustworthiness Trustworthiness CompletenessCompleteness

Implied requirements almost equal to the ones set Implied requirements almost equal to the ones set forth by pharmaceutical regulationsforth by pharmaceutical regulations

Implied requirements almost equal to the ones set Implied requirements almost equal to the ones set forth by pharmaceutical regulationsforth by pharmaceutical regulations

Electronic Data for Source Data VerificationElectronic Data for Source Data Verification

Electronic Case

History

+ eSignature

Paper CRF

Network

Printed Case

History

Clinical DB(eCRF)

+ eSignature

Privacy related local laws (DL675/196, DL196/2003)

Ministry of Health Rules

Quality ISO requirements

Only if these requirements are met, Electronic Case History can be used for Source Data Verification


ConclusionsConclusions

Requirements for data managed by Computer Requirements for data managed by Computer System are increasing due to the increment of System are increasing due to the increment of Computer System in the product life cycleComputer System in the product life cycleElectronic Case History might be used provided Electronic Case History might be used provided that they verify the provisions set for Regulated that they verify the provisions set for Regulated Records Records The checklist for Computer System Compliance The checklist for Computer System Compliance may be used in order to justify the use of Electronic may be used in order to justify the use of Electronic Case History within the Source Data VerificationCase History within the Source Data Verification

Requirements for data managed by Computer Requirements for data managed by Computer System are increasing due to the increment of System are increasing due to the increment of Computer System in the product life cycleComputer System in the product life cycleElectronic Case History might be used provided Electronic Case History might be used provided that they verify the provisions set for Regulated that they verify the provisions set for Regulated Records Records The checklist for Computer System Compliance The checklist for Computer System Compliance may be used in order to justify the use of Electronic may be used in order to justify the use of Electronic Case History within the Source Data VerificationCase History within the Source Data Verification

Thanks for your attention

Should you have any question,

feel free to contact me

Requirements for Computer Systems in the clinical practice Danilo Neri, PhD Pomezia, 13 Settembre 2005.

Documents

scenario requirements

integrity of data

computer software

scenario slide

data management data

clinical practice requirements

gcp requirements

electronic signature