INSIGHTS

EMA – Computerised Systems and Electronic Data in Clinical Trials

Scope of the guideline - focusing on laboratories processing clinical samples

The guidelines include all computerised systems that are used in the creation / capture of electronic clinical data with the potential to affect participant protection and the reliability of trial data. This includes:

Tools that automatically capture data related to the transit and storage temperatures for IMP or clinical samples (temperature loggers, temperature controlled storage etc).
Tools to capture, generate, handle, or store data in a clinical environment where analysis, tests, scans, imaging, evaluations, etc. involving trial participants or samples from trial participants are performed in support of clinical trials (e.g. core facility laboratory equipment and software, , medical imaging and related software).
Portals or other systems for supplying information (portals for data transfer or upload).
Systems/tools used to conduct remote activities such as monitoring or auditing (auditing software or apps).
Other computerised systems implemented e.g. statistical software and document management systems (e.g. Q-Pulse).

Requirements for Computerised systems

A description of the system – a list of physical and logical locations of data, functional and operational responsibility and assessment of fitness for purpose, access logs etc.
Documented procedures in place.
Training – should include Computerised systems where necessary and security.
Security – prevent unauthorized access and unwarranted changes. Authorized individuals only – recorded permissions. All systems should have individual accounts – sharing of accounts is considered unacceptable and a violation of data integrity and ICH E6 principles.
Timestamp of actions – automatically created and users should be unable to modify.
All the above should be documented and maintained.

Requirements for Electronic data

For each trial it should be identified what electronic data will be collected, modified, imported, exported and archived.
How data will be retrieved and transmitted needs to be included.
The location of all source data should be specified prior to the start of the trial and updated when needed.
Data transferred between systems needs to be validated to ensure data integrity.
The audit trail should be enabled, secure, computer generated, and time stamped. This ensures changes to data are traceable. These should be reviewed to identify missing data, detect signs of manipulation, abnormalities, incorrect processing, unauthorized access and malfunction (need to include this in trial audit calendars).
Data should be backed up – replicated servers strongly recommended stored behind a separate firewall. Frequency should be risk based. Checks of accessibility should be completed.
Migration of data (to permanently move) should be risk assessed and validated.
Retention – 25 years
All of the above should be documented in the analytical plan.

PostMarket Surveillance

An effective Post Market Surveillance Process is required by the EU MDR, EU IVDR and UK MDR to ensure by continuous monitoring that the medical device is fit for purpose, safe and continuing to work as designed, after it has been released onto the market. Above all it ensures patient safety isn't compromised. It helps to identify any issues or potential issues so that corrective action can be implemented.

The process below shows a simplified process for PMS for a Class 1/A IVDR.