FDA Articles

When FDA issued 21 CFR Part 11 in March of 1997,it was perceived as one of the most significant pieces of regulation to affect the pharmaceutical industry in many years. The stated purpose of the rule was to enable the use of technology for recordkeeping activities while ensuring the reliability, authenticity, integrity, and usability of electronic records. The agency has subsequently reiterated its support of the use of scientific and technological advances in pharmaceutical manufacturing.Unfortunately, the interpretation of some provisions of Part 11 and the guidance documents issued since 1997 may have had the opposite effect. Unlike previous regulations, which were issued with stepped implementation policies, Part 11 required all systems in use to become compliant, including so-called legacy systems that predated the rule.However, a stepped enforcement policy was announced that would give the industry some time to bring systems into compliance.

For many years, pharmaceutical companies have recognized the value of retaining research information about the products that they develop and manufacture. A long-term strategy
of capturing and storing data from research and development (R&D) projects has played an increasingly important role in helping companies make new discoveries, develop new
products, and speed time to market. Government regulations regarding electronic recordkeeping, particularly FDA’s 21 CFR Part 11, have been driving forces in the pharmaceutical industry to develop or purchase entirely electronic data archive systems.
Whereas implementing these systems tends to be expensive in terms of time and money, some compelling benefits can be realized from the use of such systems, including
● meeting regulatory requirements for long-term storage and
traceable histories of data and results
● reducing the time and costs necessary to bring products to

Part I of this article, which was published in Pharmaceutical Technology’s February 2002 issue, discussed regulatory requirements and security measures that apply to computer resources. Part II reviews how current technologies apply to the security requirements contained in 21 CFR Part 11, Electronic Records, Electronic Signatures, Final Rule. Application of electronic-based solutions to 21 CFR Part 11 security requirements The goal of an enterprise public-key infrastructure (PKI) is to protect information assets through electronic-based solutions that comprise hash algorithms, data encryption, digital certificates, message digests, digital signatures, and audit logs. The key condition and solution critical to 21 CFR Part 11 (hereafter referred to as Part 11) are authentication and encryption, respectively. Authentication verifies a person’s identity as well as the integrity of records. Encryption protects the privacy of records.

In Part I of this article, the author reviews regulatory requirements that apply to computer resources and current technologies that can be used to mitigate threats to and vulnerabilities in computer resources. Part II will review how current technologies can apply to the security requirements contained in 21 CFR Part 11, Electronic Records, Electronic Signatures, Final Rule. Computer security is used to regulate and record access to computer resources as well as manage records residing in a computer. It is one of the main factors to consider when implementing environments that will manage electronic records (hereafter referred to as records) set forth in FDA regulations or electronic records submitted in compliance with the Federal Food, Drug, and Cosmetic Act and the Public Health Service Act.

The relationship between the pharmaceutical industry and FDA has always developed in an environment that was governed not only by the passing of specific laws, but also by changes in attitude that, although less tangible, are just as influential. In my experience during the past
25 years, the FDA milestones that had the greatest impact in the industry were the prescription drug user fee act (PDUFA, 1992),the formation of the Office of Pharmaceutical Science (OPS,
1995), and the FDA Modernization Act (FDAMA, 1997), which came about as a result of Congress passing certain laws. Just as significant, however, was the change in attitude at FDA’s Center for Drug Evaluation and Research (CDER).

View Full Article

The proliferation of medical products
in recent years, combined with
increased pressure to make the
drug regulatory process more efficient
and effective, is prompting the Center
for Drug Evaluation and Research
(CDER) at FDA to adopt new approaches
to how it oversees the process for developing
and approving new drugs. The past 20
years have been the “era of drug effectiveness,”
says CDER director Janet Woodcock.
The coming decades, she predicts,
will focus more on drug safety and the
need to maximize benefits and minimize
risks associated with medical products.
FDA wants manufacturers to help improve
risk communication and to be more
accountable for what happens to drugs
after they are on the market. This shift will
not necessarily require new regulations or
onerous limitations on all products,
Woodcock emphasizes. CDER has developed

Concerns over risky medicines may reduce pressure to expand drug imports while boosting demand for more comparative analysis of therapies.

The growing alarm over harmful side effects from a number of popular prescription drugs is affecting a range of issues of critical importance for pharmaceutical and biotech manufacturers. Safety concerns may slow down efforts to expand drug importation from foreign nations. The National Institutes of Health (NIH) has halted important clinical trials due to fear that the painkillers under study increase risk for cardiovascular events. Congress is supporting more comparative studies of drugs and medical treatments and may take action to expand requirements for hospitals and physicians to report adverse drug events. The Food and Drug Administration (FDA) is on the defensive, as policymakers propose to revise how the agency evaluates pre- and post-approval drug safety data.

NO SURPRISES

When signing the US E-commerce bill, Bill Clinton used the latest digital gadgetry and his dog’s name as a password. Are we ready for the technology?

In recent “Pharmaceutical Files” we discussed first electronic signatures and logical security (1) and then biometrics (2) within the context of the Electronic Signatures and Electronic Records Final Rule (21 CFR Part 11) (3).
 
Electronic signatures consist of a unique combination of user identity and password and we discussed some of the issues surrounding the security of passwords and the access control needed for an application or system. Biometrics use biological traits and characteristics for the verification of an individual’s identity and to sign electronic records.

The 21 CFR Part 11 regulations also mention the term digital signature as a type of electronic signature when used with open systems (not controlled by those who are responsible for generating the electronic records).