Archive

Posts Tagged ‘21CFR11’

HIPAA and 21CFR11 overlaps

October 12th, 2009

Both HIPAA and 21 CFR Part 11 are concern with safeguarding Data. While 21CFR11 applies to Life Sciences Organizations (LSO), HIPAA applies to Healthcare Providers (HCP) and other "covered entities", such as insurance companies.

 
21 CFR Part 11 sets out the procedural and system requirements for controlling and auditing electronic records and signatures. It requires employing procedures and controls designed to ensure the authenticity, integrity, and, when appropriate, the confidentiality of electronic records.
 
Similarly HIPAA security rules are described as followed:
 
Physical Safeguards
Facility access controls
Work station use
Work station security
Device & Media controls
 
Technical Safeguards
Access control
Audit control
Integrity controls
Person or entity authentication
Transmission security
 
Administrative Safeguards
Security and access management
Secure incident handling
and implement policies and procedures to prevent, detect, contain and
correct security violations.
 
 
There are obvious requirement overlaps around
 
- Operational policies and SOPs 
- System and Record Access Control
- Audit trail
- Record keeping and retention
 
It just makes sense to start consolidating these requirements into one set. 
This has to happen sooner or later as we start sharing standardized medical records between healthcare providers and Pharmaceutical companies for Clinical Trials or Adverse Events reporting.
 
 

General, Technology , ,

Hybrid system for consent form and other signed records

October 9th, 2009
Officially Part11 does not require that electronic records be signed using electronic signatures.
So electronic records may be signed with handwritten signatures that are applied to electronic records or handwritten signatures that are applied to a piece of paper that is link to the record.
The FDA is planned to publish guidance on how to achieve this link in the future, but for now it is suggested that you include in the paper as much information as possible to accurately identify the unique electronic record. As minimum that should include file name, byte size, creation date and a hash or checksum value such as
CRC (Cyclic Redundancy CheckOfficially Part11 does not require that electronic records be signed using electronic signatures.
So electronic records may be signed with handwritten signatures that are applied to electronic records or handwritten signatures that are applied to a piece of paper that is link to the record.
The FDA is planned to publish guidance on how to achieve this link in the future, but for now it is suggested that you include in the paper as much information as possible to accurately identify the unique electronic record. As minimum that should include file name, byte size, creation date and a hash or checksum value such as
CRC (Cyclic Redundancy Check).
Part11 does not require that electronic records be signed using electronic signatures.
So electronic records may be signed with handwritten signatures that are applied to electronic records or handwritten signatures that are applied to a piece of paper that is link to the record (referred to as hybrid).
The FDA is planned to publish guidance on how to achieve this link in the future, but for now it is suggested that you include in the paper as much information as possible to accurately identify the unique electronic record. As minimum that should include file name, byte size, creation date and a hash or checksum value such as CRC (Cyclic Redundancy Check).

Technology ,