Following are general guidance on the use of computerized system in clinical trials:
Each study protocol should identify at which steps a computerized system will be used to create, modify, maintain, archive, retrieve, or transmit data.
For each study, documentation should identify what software and, if known, what hardware is to be used in computerized systems that create, modify, maintain, archive, retrieve, or transmit data. This documentation should be retained as part of study records.
Source documents should be retained to enable a reconstruction and evaluation of the trial.
When original observations are entered directly into a computerized system, the electronic record is the source document.
The design of a computerized system should ensure that all applicable regulatory requirements for record keeping and record retention in clinical trials are met with the same degree of confidence as is provided with paper systems.
Clinical investigators should retain either the original or a certified copy of all source documents sent to a sponsor or contract research organization, including query resolution correspondence.
Any change to a record required to be maintained should not obscure the original information. The record should clearly indicate that a change was made and clearly provide a means to locate and read the prior information.
Changes to data that are stored on electronic media will always require an audit trail. Documentation should include who made the changes, when, and why they were made.
The FDA may inspect all records that are intended to support submissions to the Agency, regardless of how they were created or maintained.
Data should be retrievable in such a fashion that all information regarding each individual subject in a study is attributable to that subject.
Computerized systems should be designed: (1) So that all requirements assigned to these systems in a study protocol are satisfied (e.g., data are recorded in metric units, requirements that the study be blinded); and, (2) to preclude errors in data creation, modification, maintenance, archiving, retrieval, or transmission.
Security measures should be in place to prevent unauthorized access to the data and to the computerized system.
Standard Operating Procedures (SOPs) pertinent to the use of the computerized system should be available on site.