Each quality or technical manager tracks a lot of data in their daily routine. There are product testing records, process records, receiving and shipping records, attendance records and so on. Each record has a purpose in helping to maintain some semblance of order for, what I call, “the two goals of quality management” — consistency of product and process, and continuous improvement. We review and sign off, document inconsistencies, look for non-compliance concerns and dig through all these records to identify areas for improvement.
Most records are the old-fashioned type — hard copy, a piece of paper where data is logged. We all have rules about managing these papers. We group them appropriately, put them in a file and keep them per the records retention policy. We even have rules for those who complete the documents. We’ve defined the one right way to correct a record entry: Horizontal line through it, initialed and the new entry nearby. We recognize that both the original entry and the corrected entry must be legible for our internal and regulatory purposes.
But what about electronic records? Most processes today are controlled electronically. Many records are created in an electronic form that holds the data. There is so much good about electronic records, from space savings to ease of modification, that it truly is a great way for records to be kept. So how do you record a change to an electronic record? Do you want to know who made the change, when, and, even why? Was this an employee authorized to make that change?
There are regulatory rules for electronic records as well as those collected with pen and paper. But just what are those rules? While I could not identify an electronic records policy in the Department of Agriculture’s (USDA) Food Safety and Inspection Service (FSIS) regulations, the FSIS does have requirements in Code of Federal Regulations, 9, 320, that records be maintained, and it even has details on which records are covered and where some must be stored.
The Food and Drug Administration (FDA) does have a regulation about electronic records and electronic signatures in CFR, 21, 11. It is a worthwhile read to learn more about these records. This rule was issued in March 1997 for this purpose: “[To] provide criteria for acceptance by FDA of electronic records, electronic signatures and handwritten signatures executed to electronic records as equivalent to paper records and handwritten signatures executed on paper.” Because that is such a mouthful, FDA provided a guidance document titled, “Guidance for Industry Part 11, Electronic Records; Electronic Signatures — Scope and Application.”
As processes increasingly become digital, keeping track of the rules for record keeping is vital.
I have found a few key items of note in this guidance.
If you print your electronic logs and save those, your records are not considered electronic records. Here is the language in the guidance: “… when persons use computers to generate paper printouts of electronic records, and those paper records meet all the requirements of the applicable predicate rules, and persons rely on the paper records to perform their regulated activities, FDA would generally not consider persons to be ‘using electronic records in lieu of paper records’ under [sections] 11.2(a) and 11.2(b). In these instances, the use of computer systems in the generation of paper records would not trigger part 11.”
Another area is electronic signatures. If you are using or plan to use electronic signatures in place of handwritten signatures, you are expected to certify to the FDA that the electronic signature is considered legally binding using a handwritten signature on a paper form. This is in section 11.100.
To summarize, FDA does accept electronic forms and electronic signatures, but there are some key rules about how to implement and manage electronic data. If you’re planning to use electronic records or signatures, read the CFR and the guidance document so that you can comply.
Records are a part of every program managed in quality and safety — be sure you manage them appropriately and meet the legal expectations.