| Comment Record |
|
Commentor |
Dr. Celso Bianco |
Date/Time |
2002-12-04 14:50:37 |
|
Organization |
America's Blood Centers |
|
Category |
Association |
| Comments for FDA General |
| Questions |
|
1. General Comments
|
America's Blood Centers
725 15th Street, NW, Suite 700
Washington DC 20005
December 4, 2002
Dockets Management Branch (HFA-305)
Food and Drug Administration
5630 Fishers Lane, Rm. 1060
Rockville, Maryland 20852
Re: FDA Docket No. 00D-1539: Guidance for Industry, 21 CFR Part 11; Electronic Records; Electronic Signatures, Maintenance of Electronic Records.''
Dear Docket Officer:
Thank you for the opportunity to comment on FDA’s draft guidance for industry on the maintenance of electronic records. For your information, ABC is a national network of locally-controlled, non-profit community blood centers that collect almost half of the US blood supply from volunteer donors. Collectively, we operate in 45 states and serve patients at more than half of the nation’s 6,000 hospitals. ABC’s total blood collections exceeded 7 million pints in 2001.
ABC appreciates FDA’s efforts in issuing this and other guidances to help blood centers comply with 21 CFR Part 11. In general, we believe that the guidance will be helpful to blood centers.
General Comments:
Underlying the draft guidance are a number of assumptions. ABC believes that the document would more useful if the following assumptions were clarified:
1. Scope. Only those records that normally would require (under other FDA guidelines) a physical signature, require an electronic signature.
2. Digital Signatures. It is acceptable that a digital signature be used as an electronic signature. A digital signature corresponds to a captured signature/agreement by an employee. Specifically, we believe that the use of a concatenated and/or hashed login/password of a user that can be readily corresponded to a signature or agreement that re-authentication for key actions is the same as signing a record. For example, it should be an acceptable signature practice to require an end user to have to re-enter the password for their login before being allowed to change a re-cord. This allows the system to re-authenticate the rights of the user to make the change. It also has the same net effect of asking the user to “sign their name” but is far more efficient.
3. Definition of open/closed systems. An open system is any system or subsystem or an application or process where human intervention is readily possible. A closed system is any system, subsystem, or interface within an application or process where no human intervention can occur. This definition should not be confused with open systems definition meaning access to a system outside of the firewall or LAN/WAN as it is often used under HIPPA guidelines
4. The only records and or audit trails that must be maintained for the retention period are the same as those which relate to the predicate rules.
5. For older systems where a blood center does not own the source code and/or the vendor is unwilling to add new features, a hand-signed paper record/report will suffice for the electronic record. Please clarify whether a “hybrid” record of this nature still falls under the guidance or reverts to the status of a hardcopy record.
ABC also has the following comments on specific sections of the draft guidance:
4. Regulatory Requirements, Section 11:50
The draft guidance notes that Part 11, Section 50 specifies that: “Signed electronic records shall contain information associated with the signing that clearly indicates the printed name of the signer, the date and time of signing and what the signature means. These items shall be ‘subject to the same controls as for electronic records and shall be included as part of any human readable form of the electronic record (such as electronic display or printout).’” According to the draft guidance: “Accordingly, the signature manifestation information, associated with an electronic record that is subject to this requirement must maintained for the duration of the record retention period.
We would like to point out that “Signature manifestation information” is not defined in FDA’s draft Part 11 guidance document, Glossary of Terms. We assume that it refers to the name of the signer, the date and time of signing and what the signature means, but recommend that the draft guidance on storage include a specific definition of this term and provide minimum requirements for signature manifestation information specified. Further, please clarify that the concept of a digital signature be considered as part of “Signature manifestation information.”
5.2. Factors That Might Affect The Reliability of Electronic Records During the Required Retention Period Should Be Identified and Controlled.
While the provisions of this section appear reasonable on first reading, ABC believes they are too open to individual auditor interpretation. We suggest that the guidance be modified to dis-tinguish between archived records and live or relevant/live data. For example, a blood center may no longer create or sell a certain product for several years and therefore, may elect to archive all records regarding these products from their active system due to space and other con-straints. These records (units, blood donors, etc.) could be archived in a format that permits the information to be retrieved but which is not in a form that could be read back into the system. Reports, on the other hand, might be archived in a format that could be readily retrieved by the system.
Given the rapid pace of technology, and long retention periods required, ABC requests that the guidance clarify that it is acceptable to print reports from an older system with their audit time/date stamped audit trail and embedded user id/signature and have these scanned into a commonly used electronic media for future retrieval when there is no reasonable means to convert the data to a new system. For many smaller blood centers, the cost of formatting records to permit migration into a new system is prohibitive. Making conversion costs or requirements too burdensome risks preventing blood centers from moving to improved and more reliable systems
We also want to point out that the guidance provides apparently-conflicting requirements by stating that an establishment must be on supported technology and/or software but provides no reasonable means or alternatives to encourage migration to a new system. Rapid strides in software/hardware technology permit blood centers to acquire new systems that will measurably enhance product safety and compliance. This advantage will be lost in the face of a guidance that requires a new system to replicate the functionality of the old. As systems/technology move forward and the core logic to store and retrieve different types of record structures that lend meaning to the records are so vastly different, it could be nearly impossible to move the data off into another system that can replicate the meaning. Allowing reports to be run and “photo-graphed” makes far more sense. Because the general intent of other FDA’s regulations is to encourage all software/systems to be on supported versions, requiring too burdensome a process for moving data instead of being allowed to archive records may be a large disincentive for many blood centers to move to newer and better systems.
Finally, ABC suggests that when discussing metadata and record context, the use of an Entity Relationship Diagram (ERD) with embedded data types is probably more useful than a pure data dictionary. However, blood centers typically use a purchased product and ERD is not always available, nor is a full data dictionary. A reasonable alternative might be a block diagram of the file relationships.
5.3. Continued Availability and Readability of Electronic Record Information Should Be Ensured.
It is reasonable to expect that a blood center be able to retrieve archived or live records. It is also reasonable to supply evidence of a process which ensures the storage media is still readable, and is checked on a periodic basis. However, ABC believes that it is unreasonable to have to provide an elaborate technical proof of how often this is done based upon vendor suggestions per the specific media in place, etc.
5.4. Electronic Records Should Be Stored Under Appropriate Environmental Conditions
ABC believes this section is reasonable as long as auditors do not interpret the guidance as requiring technical proofs on storage. While it is reasonable to expect processes for checking on storage conditions, for example, we believe it is unreasonable to expect blood centers to formally escrow or “Fort Knox” every backup.
5.5. The Ability to Process an Electronic Record’s Information Throughout Its Records Retention Period Should Be Preserved.
The “spirit” of this requirement is that a blood center should be able to reconstruct an audit trail for a created and released product, and/or the disposition of all draws and an ability to trend dur-ing the key metrics required by the FDA (such as NFTs, etc.). ABC believes that this concept is reasonable and understandable. However, we believe it would be unreasonable to expect that after an extended period of time (10 years), raw records/data from a prior system can be processed in a new system in exactly the same manner as the old. Further, it should be permissible to have archived trending for X years and then use a new system on new data for the rest of the trending. Similarly, it should be permissible to present an audit trail even from an electronically stored paper “report” vs. trying to manipulate raw data. This brings us back to the previously-stated concept of archiving records vs. data. ABC believes that a blood center should be able to archive complete audit trail records but not be required to store that data and try to reconstruct it. (We would like to clarify, however, that we agree that in migration to a new system, it is reason-able to expect to be able to process the raw data again.)
6. Maintenance
The recommendations in the guidance for data migration are all quite reasonable. However, ABC questions the broad recommendation that records should be able to be searched, sorted, etc. in a new system as they were in the old system and achieve same results. We recommend that FDA clarify the scope of records/data in this recommendation, and delineate those functions that should be reasonably assumed. We agree that it is reasonable to require the key and critical records required for safety, such as units to products, interdictions to units, and interdictions to do-nors, is reasonable One should expect in a new system to have similar features and/or functions for those records, particularly if the vendor providing that system has achieved FDA approval for their software package. However, we believe it is unreasonable to imply that, for example, drive records need to be done the same way even though those records are also part of the system. While drive IDs are important, they could be renumbered per a required scheme. Similarly, ABC believes it is very important to make a distinction between requiring features and or func-tions for reasonable audit trails and common practice blood processing—and requiring a feature that provides a specific type of report.
We suggest revising this section of the guidance to reasonably approximate the processing of key safety critical functions. For example, it should be reasonable to have a manual process in lieu of a systemic one—if that is not available during a migration to a new system.
Thank you for the opportunity to comment. I would be pleased to answer any questions you may have.
Yours truly,
Celso Bianco, M.D.
Executive Vice President
|
|