Guidance for Industry
Computerized Systems Used in Clinical Trials
This draft guidance, when
finalized, will represent the Food and Drug Administration's (FDA's) current
thinking on this topic. It does not create or confer any rights for or on any
person and does not operate to bind FDA or the public. You can use an
alternative approach if the approach satisfies the requirements of the
applicable statutes and regulations. If you want to discuss an alternative
approach, contact the FDA staff responsible for implementing this guidance. If
you cannot identify the appropriate FDA staff, call the appropriate number
listed on the title page of this guidance.
This document provides guidance about computerized systems
that are used to create, modify, maintain, archive, retrieve, or transmit
clinical data required to be maintained and/or submitted to the Food and Drug
Administration (FDA) These data form the basis for the Agency's decisions
regarding the safety and effectiveness of new human and animal drugs,
biological products, medical devices, and certain food and color additives. Because the data have broad public health
significance, they are expected to be of the highest quality and integrity.
This guidance document addresses long-standing FDA regulations concerning
clinical trial records. It also addresses requirements of the Electronic
Records/Electronic Signatures rule (21 CFR part 11).
Once finalized, this document will supersede the guidance of
the same name issued in April 1999. Revisions will make it consistent with
Agency policy as reflected in the guidance for industry on Part 11,
Electronic Records; Electronic Signatures — Scope and Application, which
issued in August 2003, and the Agency's international harmonization efforts.
FDA's guidance documents, including this guidance, do not
establish legally enforceable responsibilities. Instead, guidances describe
the Agency's current thinking on a topic and should be viewed only as
recommendations, unless specific regulatory or statutory requirements are
cited. The use of the word should in Agency guidances means that
something is suggested or recommended, but not required.
FDA has the authority to
inspect all records relating to clinical investigations conducted under 21 CFR
312, 511.1(b), and 812 , regardless of how they
were created or maintained (e.g., §§ 312.58, 312.68, and 812.145). FDA
established the Bioresearch Monitoring (BIMO) Program of inspections and audits
to monitor the conduct and reporting of clinical trials to ensure that
supporting data from these trials meet the highest standards of quality and
integrity, and conform to FDA's regulations. FDA's acceptance of data from
clinical trials for decision-making purposes depends on FDA's ability to verify
the quality and integrity of the data during FDA on-site inspections and
audits. To be acceptable, the data should meet certain fundamental elements of
quality whether collected or recorded electronically or on paper. For example,
data should be attributable, legible, contemporaneous, original
and accurate.
This guidance addresses how Agency expectations and
regulatory requirements regarding data quality might be satisfied where
computerized systems are being used to create, modify, maintain, archive,
retrieve, or transmit clinical data. Although the primary focus of this
guidance is on computerized systems used at clinical sites to collect data, the
principles set forth may also be appropriate for computerized systems belonging
to contract research organizations, data management centers, and sponsors.
Persons using the data from computerized systems should have confidence that
the data are no less reliable than data in paper form.
Computerized medical devices, diagnostic laboratory
instruments, and instruments in analytical laboratories that are used in
clinical trials are not the subject of this guidance. This guidance does not
address electronic submissions or methods of their transmission to the Agency, except to the degree to which these records comply
with Part 11.
The principles in this guidance may be applied where supporting data or source documents
are created (1) in hardcopy and later entered into a computerized system, (2)
by direct entry by a human into a computerized system, and (3) automatically by
a computerized system.
The Agency recommends the following general principles with
regard to computerized systems that are used to create, modify, maintain,
archive, retrieve, or transmit clinical data required to be maintained and/or
submitted to FDA.
1. We recommend that each study
protocol identify at which steps a computerized system will be used to create,
modify, maintain, archive, retrieve, or transmit data.
2. For each study, we recommend
that documentation identify what software and hardware are to be used in
computerized systems that create, modify, maintain, archive, retrieve, or
transmit data. We also recommend that this documentation be retained as part
of the study records.
3. We recommend that computerized
systems be designed (1) so that all requirements assigned to these systems in a
study protocol are satisfied (e.g., data are recorded in metric units, the
study blinded) and (2) to preclude errors in data creation, modification,
maintenance, archiving, retrieval, or transmission.
4. It is important to design a
computerized system in such a manner so that all applicable regulatory
requirements for record keeping and record retention in clinical trials are met
with the same degree of confidence as is provided with paper systems.
5. Under 21 CFR 312.62 ,
511.1(b)(7)(ii) and 812.140, the clinical
investigator must retain records required to be maintained under part 312, §
511.1(b) and § 812, respectively, for a period of time specified in these
regulations. Retaining the original source document
or a certified copy of the source document at the site where the investigation
was conducted can assist in meeting these regulatory requirements. It can also
assist in the reconstruction and evaluation of the trial throughout and after
the completion of the trial.
6.
When original observations are entered directly into a computerized
system, the electronic record is the source document.
7.
Records relating to an investigation must be adequate and accurate in
the case of investigational new drug applications (INDs) (see § 312.57 and §
312.62), complete in the case of new animal drugs for investigational use
(INADs) (see §511.1(b)(7)(ii)), and accurate,
complete and current in the case of investigational device exemptions (IDEs)
(see § 812.140(a) and § 812.140(b)). An audit trail that is electronic or
consists of other physical, logical, or procedural security measures to ensure
that only authorized additions, deletions, or alterations of information in the
electronic record have occurred may be needed to facilitate compliance with
applicable records regulations. Firms should determine and document the need
for audit trails based on a risk assessment that takes into consideration
circumstances surrounding system use, the likelihood that information might be
compromised, and any system vulnerabilities. We recommend that audit trials or
other security methods used to capture electronic record activities document
who made the changes, when, and why changes were made to the electronic record.
8.
We recommend that data be retrievable in such a fashion that all
information regarding each individual subject in a study is attributable to
that subject.
9. To ensure the authenticity and
integrity of electronic records, it is important that security measures be in
place to prevent unauthorized access to the data in the electronic record and
to the computerized system.
As described in the FDA guidance entitled Part 11,
Electronic Records; Electronic Signatures- Scope and Application (August
2003), while the re-examination of part 11 is underway, FDA intends to exercise
enforcement discretion with respect to part 11 requirements for validation,
audit trail, record retention, and record copying. That is, FDA does not
intend to take enforcement action to enforce compliance with these requirements
of part 11 while the agency re-examines part 11. Note that part 11 remains in
effect and that the exercise of enforcement discretion applies only to the
extent identified in the FDA guidance on part 11. Also, records must still be
maintained or submitted in accordance with the underlying requirements set
forth in the Federal Food, Drug, and Cosmetic Act (Act), the Public Health
Service Act (PHS Act), and FDA regulations (other than part 11), which are
referred to in this guidance document as predicate rules, and FDA
can take regulatory action for noncompliance with such predicate rules.
Specific details about the Agency’s approach to enforcing
part 11 can be found in the Part 11 Scope and Application guidance.
We recommend that standard operating procedures (SOPs)
pertinent to the use of the computerized system be available on site. We
recommend that SOPs be established for the following:
·
System Setup/Installation
·
Data Collection and Handling
·
System Maintenance
·
Data Backup, Recovery, and Contingency Plans
·
Security
·
Change Control
·
Alternative Recording Methods (in the case of system
unavailability)
To ensure that individuals
have the authority to proceed with data entry, data entry systems must be
designed to limit access so that only authorized individuals are able to input
data
(§ 11.10(d)). Examples of methods for
controlling access include using combined identification codes/passwords or
biometric-based identification at the start of a data entry session. Controls
and procedures must be in place that are designed to ensure the authenticity
and integrity of electronic records created, modified, maintained, or
transmitted using the data entry system
(§ 11.10). Therefore, we recommend that each user of the system
have an individual account into which the user logs-in at the beginning of a
data entry session, inputs information (including changes) on the electronic
record, and logs out at the completion of data entry session.
We recommend that individuals work only under their own
password or other access key and not share these with others. We recommend
that individuals not be allowed to log onto the system to provide another
person access to the system. We also recommend that passwords or other access
keys be changed at established intervals.
When someone leaves a workstation, we recommend that the SOP
require that person to log off the system. Alternatively, an automatic log off may be appropriate for long idle
periods. For short periods of inactivity, we recommend that some kind of
automatic protection be installed against unauthorized data entry. An example
could be an automatic screen saver that prevents data entry until a password is
entered.
Section 11.10(e) requires persons who use electronic record
systems to maintain an audit trail as one of the procedures to protect the
authenticity, integrity, and, when appropriate, the confidentiality of
electronic records. As clarified in the Part 11 Scope and Application
guidance, however, the Agency intends to exercise enforcement discretion
regarding specific part 11 requirements related to computer-generated,
time-stamped audit trails (§ 11.10(e), (k)(2) and any corresponding requirement
in § 11.30). Persons must still comply with all applicable predicate rule
requirements for clinical trials, including, for example, that records related
to the conduct of the study must be adequate and accurate (§§ 312.57, 312.62,
and 812.140). It is therefore important to keep track of all changes made to
information in the electronic records that document activities related to the
conduct of the trial. Computer-generated, time-stamped audit trails or
information related to the creation, modification, or deletion of electronic
records may be useful to ensure compliance with the appropriate predicate
rule.
In addition, clinical investigators must, upon request by
FDA, at reasonable times, permit agency employees to have access to, and copy
and verify any required records or reports made by the investigator (§§
312.68, 511.1(b)(7)(ii) and 812.145). In order for the Agency to review and
copy this information, FDA personnel should be able to review audit trails or
other documents that track electronic record activities both at the study site
and at any other location where associated electronic study records are
maintained. To enable FDA's review, information about the creation,
modification, or deletion of electronic records should be created
incrementally, and in chronological order. To facilitate FDA’s inspection of
this information, we recommend that clinical investigators retain either the
original or a certified copy of any documentation created to track electronic
records activities.
Even if there are no applicable predicate rule requirements,
it may be important to have computer-generated, time-stamped audit trails or
other physical, logical, or procedural security measures to ensure the
trustworthiness and reliability of electronic records. We recommend that any decision
on whether to apply computer-generated audit trails or other appropriate
security measures be based on the need to comply with predicate rule
requirements, a justified and documented risk assessment, and a determination
of the potential effect on data quality and record integrity. Firms should
determine and document the need for audit trails based on a risk assessment
that takes into consideration circumstances surrounding system use, the
likelihood that information might be compromised, and any system
vulnerabilities.
If you determine that audit trails or other appropriate
security measures are needed to ensure electronic record integrity, we
recommend that personnel who create, modify, or delete electronic records not
be able to modify the documents or security measures used to track electronic
record changes. We recommend that audit trials or other security methods
used to capture electronic record activities document who made the changes,
when, and why changes were made to the electronic record.
Some examples of methods for tracking changes to electronic
records include:
We recommend that controls be
put in place to ensure that the system's date and time are correct. The
ability to change the date or time should be limited to authorized personnel
and such personnel should be notified if a system date or time discrepancy is
detected. We recommend that someone always document changes to date or time.
We do not expect documentation of time changes that systems make automatically
to adjust to daylight savings time conventions.
We also recommend that dates and
times include the year, month, day, hour, and minute. The Agency encourages
establishments to synchronize systems to the date and time provided by trusted
third parties.
Clinical study computerized systems are likely be used in
multi-center trials and may be located in different time zones. For systems
that span different time zones, it is better to implement time stamps with a
clear understanding of the time zone reference used. We recommend that system
documentation explain time zone references as well as zone acronyms or other
naming conventions.
The Agency recommends that a number of computerized system
features be available to facilitate the collection, inspection, review, and
retrieval of quality clinical data. Key features are described here.
We recommend that prompts, flags, or other help features be
incorporated into the computerized system to encourage consistent use of
clinical terminology and to alert the user to data that are out of acceptable
range. We recommend against the use of features that automatically enter data
into a field when the field is bypassed.
FDA expects to be able to reconstruct a clinical study
submitted to the agency. This means that documentation, such as that described
in the General Principles, Sections III.1, III.2 and III.5, should fully
describe and explain how data were obtained and managed and how electronic
records were used to capture data. We suggest that your decision on how to
maintain records be based on predicate rule requirements and that this
documented decision be based on a justified risk assessment and a determination
of the value of the records over time. As explained in the Part 11 Scope and
Application guidance, FDA does not intend to object to required records that
are archived in electronic format; nonelectronic media such as microfilm,
microfiche, and paper; or to a standard electronic file format (such as PDF,
XML, or SGML). Persons must still comply with all predicate rule requirements,
and the records themselves and any copies of required records should preserve
their original content and meaning. Paper and electronic record and signature
components can co-exist (i.e., as a hybrid system) as long as the predicate
requirements (21 CFR parts 50, 56, 312, 511,
and 812) are met, and the content and meaning of those records are preserved.
It is not necessary to reprocess data from a study that can
be fully reconstructed from available documentation. Therefore, actual
application software, operation systems, and software development tools
involved in processing of data or records do not need to be retained.
In addition to internal safeguards built into the
computerized system, external safeguards should be put in place to ensure that
access to the computerized system and to the data is restricted to authorized
personnel as required by 21 CFR 11.10(d). We recommend that staff be kept
thoroughly aware of system security measures and the importance of limiting
access to authorized personnel.
SOPs should be developed and implemented for handling and
storing the system to prevent unauthorized access. Controlling system access
can be accomplished through the following provisions of part 11 that, as
discussed in the part 11 guidance, FDA intends to continue to enforce:
·
Operational system checks (§ 11.10(f));
·
Authority checks (§ 11.10(g));
·
Device (e.g., terminal) checks (§ 11.10(h)); and
·
The establishment of and adherence to written policies that hold
individuals accountable for actions initiated under their electronic signatures
(§ 11.10(j)).
The Agency recommends that access to data be restricted and
monitored through the system's software with its required log-on, security
procedures, and audit trail (or other selected security measures to track
electronic record activities). We recommend that procedures and controls be
implemented to prevent the data from being altered, browsed, queried, or
reported via external software applications that do not enter through the
protective system software.
We recommend that a cumulative record be available that
indicates, for any point in time, the names of authorized personnel, their
titles, and a description of their access privileges. We recommend that the
record be kept in the study documentation, accessible at the site.
If a sponsor supplies computerized systems exclusively for
clinical trials, we recommend that the systems remain dedicated to the purpose
for which they were intended and validated. If a computerized system being
used for a clinical study is part of a system normally used for other purposes,
we recommend that efforts be made to ensure that the study software be
logically and physically isolated as necessary to preclude unintended
interaction with nonstudy software. If any of the software programs are
changed, we recommend that the system be evaluated to determine the effect of
the changes on logical security.
We recommend that controls be implemented to prevent,
detect, and mitigate effects of computer viruses, worms, or other potentially
harmful software code on study data and software.
The Agency recommends that sponsors ensure and document that
all computerized systems conform to their own established requirements for
completeness, accuracy, reliability, and consistent intended performance.
We recommend that systems documentation be readily available
at the site where clinical trials are conducted and provide an overall
description of the computerized systems and the relationships among hardware,
software, and physical environment.
As noted in the Part 11 Scope and Application
guidance, the Agency intends to exercise enforcement discretion regarding
specific part 11 requirements for validation of computerized systems. We
suggest that your decision to validate computerized systems and the extent of
the validation take into account the impact the systems have on your ability to
meet predicate rule requirements. You should also consider the impact those
systems might have on the accuracy, reliability, integrity, availability, and
authenticity of required records and signatures. Even if there is no predicate
rule requirement to validate a system, it may still be important to validate
the system, based on criticality and risk, to ensure the accuracy, reliability,
integrity, availability and authenticity of required records and signatures.
We recommend that you base your approach on a justified and
documented risk assessment and determination of the potential of the system to
affect data quality and record integrity. For example, in the case where data
are directly entered into electronic records and the business practice is to
rely on the electronic record, validation of the computerized system is
important. However when a word processor is used to generate SOPs for use at
the clinical site, validation would not be
important.
If validation is required, FDA may ask to see the regulated
company's documentation that demonstrates software validation. The study
sponsor is responsible for making any such documentation available if requested
at the time of inspection at the site where software is used. Clinical
investigators are not generally responsible for validation unless they
originated or modified software.
As noted in the Part 11 Scope and Application
guidance, the Agency intends to exercise enforcement discretion with respect to
all part 11 requirements for systems that otherwise were fully operational
prior to August 20, 1997, the effective date of part 11, under the
circumstances described below. These systems are also known as legacy
systems. The Agency does not intend to take enforcement action to enforce
compliance with any part 11 requirements if all the following criteria are met
for a specific system:
·
The system was in operation before the part 11 effective date.
·
The system met all applicable predicate rule requirements prior
to the part 11 effective date.
·
The system currently meets all applicable predicate rule
requirements.
·
There is documented evidence and justification that the system is
fit for its intended use.
If a system has changed since August 20, 1997, and if the changes would prevent the system from meeting predicate rule requirements, part 11
controls should be applied to part 11 records and signatures pursuant to the
enforcement policy expressed in the part 11 guidance. Please refer to the Part
11 Scope and Application guidance for further information.
While the Agency has announced that it intends to exercise
enforcement discretion regarding specific part 11 requirements for validation
of computerized systems, persons must still comply with all predicate rule
requirements for validation. We suggested in the guidance for industry on part
11 that the impact of computerized systems on the accuracy, reliability,
integrity, availability, and authenticity of required records and signatures be
considered when you decide whether to validate, and noted that even absent a
predicate rule requirement to validate a system, it might still be important to
validate in some instances.
For most off-the-shelf software, the design level validation
will have already been done by the company that
wrote the software. Given the importance of ensuring valid clinical trial
data, FDA suggests that the sponsor or contract research organization (CRO) have documentation (either original validation
documents or on-site vendor audit documents) of this design level validation by
the vendor and would itself have performed functional testing (e.g., by use of
test data sets) and researched known software limitations, problems, and defect
corrections. Detailed documentation of any additional validation efforts
performed by the sponsor or CRO will preserve the findings of these
efforts.
In the special case of database and spreadsheet software
that is: (1) purchased off-the-shelf, (2) designed for and widely used for
general purposes, (3) unmodified, and (4) not being used for direct entry of
data, the sponsor or contract research organization may not have documentation
of design level validation. FDA suggests that the sponsor or contract research
organization perform functional testing (e.g., by use of test data sets) and
research known software limitations, problems, and defect corrections.
In the case of off-the-shelf software, we recommend that the
following be available to the Agency on request:
·
A written design specification that describes what the software
is intended to do and how it is intended to do it;
·
A written test plan based on the design specification, including
both structural and functional analysis; and
·
Test results and an evaluation of how these results demonstrate
that the predetermined design specification has been met.
Additional guidance on general software validation
principles can be found in FDA’s guidance entitled General Principles of
Software Validation; Final Guidance for Industry and FDA Staff.
FDA recommends that written procedures be put in place to
ensure that changes to the computerized system, such as software upgrades,
including security and performance patches, equipment,
or component replacement, or new instrumentation, will maintain the integrity
of the data and the integrity of protocols. We recommend that the effects of
any changes to the system be evaluated and a decision made regarding whether,
and if so, what level of validation activities related to those changes would
be appropriate. We recommend that validation be performed for those types of
changes that exceed previously established operational limits or design
specifications. Finally, we recommend that all changes to the system be
documented.
The Agency recommends that
appropriate system control measures be developed and implemented.
·
Software Version Control
We recommend that measures be put
in place to ensure that versions of software used to generate, collect,
maintain, and transmit data are the versions that are stated in the systems
documentation.
·
Contingency Plans
We recommend that written
procedures describe contingency plans for continuing the study by alternate
means in the event of failure of the computerized system.
·
Backup and Recovery of Electronic Records
When electronic formats are the
only ones used to create and preserve electronic records, the Agency recommends
that backup and recovery procedures be outlined clearly in SOPs and be
sufficient to protect against data loss. We also recommend that records be
backed up regularly in a way that would prevent a catastrophic loss and ensure
the quality and integrity of the data. We recommend that records be stored at
a secure location specified in the SOPs. Storage is typically offsite or in a
building separate from the original records.
We recommend that backup and
recovery logs be maintained to facilitate an assessment of the nature and scope
of data loss resulting from a system failure.
Firms that rely on electronic and
paper systems should determine the extent to which backup and recovery
procedures are needed based on the need to meet predicate rule requirements, a
justified and documented risk assessment, and a determination of the potential
effect on data quality and record integrity.
Under 21 CFR 11.10(i), firms using computerized systems must
determine that persons who develop, maintain, or use electronic systems have
the education, training, and experience to perform their assigned tasks.
The Agency recommends that training be provided to
individuals in the specific operations with regard to computerized systems that
they are to perform. We recommend that training be conducted by qualified
individuals on a continuing basis, as needed, to ensure familiarity with the
computerized system and with any changes to the system during the course of the
study.
We recommend that employee education, training, and
experience be documented.
FDA has the authority to inspect all records relating to
clinical investigations conducted under 21 CFR Parts 312 and 812, regardless of
how the records were created or maintained (21 CFR 312.58, 312.68, and 812.145).
Therefore, you should provide the FDA investigator with reasonable and useful
access to records during an FDA inspection. As noted in the Part 11,
Electronic Records; Electronic Signatures- Scope and Application guidance,
the Agency intends to exercise enforcement discretion with regard to specific
part 11 requirements for generating copies of records (§ 11.10(b) and any
corresponding requirement in § 11.30). We recommend that you supply copies of
electronic records by:
·
Producing copies of records held in common portable formats when
records are maintained in these formats
·
Using established automated conversion or export methods, where
available, to make copies available in a more common format (e.g., pdf, xml, or
sgml formats)
Regardless of the method used to produce copies of
electronic records, it is important that the copying process used produces
copies that preserve the content and meaning of the record. For example, if you
have the ability to search, sort, or trend records, copies given to FDA should
provide the same capability if it is reasonable and technically feasible. FDA
expects to inspect, review, and copy records in a human readable form at your
site, using your hardware and following your established procedures and
techniques for accessing records.
We recommend you contact the Agency if there is any doubt
about what file formats and media the Agency can read and copy.
As required by 21 CFR 11.100(c), persons using electronic
signatures to meet an FDA signature requirement must, prior to or at the time
of such use, certify to the Agency that the electronic signatures in their
system, used on or after August 20, 1997, are intended to be the legally
binding equivalent of traditional handwritten signatures.
As set forth in § 11.100(c)(1), the certification must be
submitted in paper, signed with a traditional handwritten signature, to the
Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, Maryland
20857. The certification is to be submitted prior to or at the time electronic
signatures are used. However, a single certification can be used to cover all
electronic signatures used by persons in a given organization. This
certification is created by persons to acknowledge that their electronic
signatures have the same legal significance as their traditional handwritten
signatures. See the following example of a certification statement:
Pursuant
to Section 11.100 of Title 21 of the Code of Federal Regulations, this is to certify
that ___[name of organization]__ intends that all electronic
signatures executed by our employees, agents, or representatives, located
anywhere in the world, are the legally binding equivalent of traditional
handwritten signatures.
The following is a list of definitions for terms as they are
used in, and for the purposes of, this guidance document.
Attributable Data: Attributable
data are those that can be traced to individuals responsible for observing and
recording the data. In an automated system, attributability could be achieved
by a computer system designed to identify individuals responsible for any
input.
Audit Trail: An audit trail is a secure,
computer generated, time-stamped electronic record that allows reconstruction
of the course of events relating to the creation, modification, and deletion of
an electronic record.
Certified Copy: A copy of original information that
has been verified, as indicated by dated signature, as an exact copy having all
of the same attributes and information as the original
Computerized System: A computerized system
includes computer hardware, software, and associated documents (e.g., user
manual) that create, modify, maintain, archive, retrieve, or transmit in
digital form information related to the conduct of a clinical trial.
Direct Entry: Recording data where an electronic
record is the original capture of the data. Examples are the keying by an
individual of original observations into the system, or automatic recording by
the system of the output of a balance that measures subject’s body weight.
Electronic Record: Any combination of text,
graphics, data, audio, pictorial, or other information representation in
digital form that is created, modified, maintained, archived, retrieved, or
distributed by a computer system.
Electronic Signature: A computer data compilation of
any symbol or series of symbols executed, adopted, or authorized by an
individual to be the legally binding equivalent of the individual's handwritten
signature.
Predicate rule: This term refers to underlying
requirements set forth in the Federal Food, Drug, and Cosmetic Act, the PHS
Act, and FDA regulations (other than 21 CFR part 11). Regulations governing
good clinical practice and human subject protection can be found at 21 CFR parts
50, 56, 312, 511, and 812.
Software Validation: Confirmation by examination and
provision of objective evidence that software specifications conform to user
needs and intended uses and that the particular requirements implemented
through the software can be consistently fulfilled. Design level validation
is that portion of the software validation that takes place in parts of the
software life cycle before the software is delivered to the end user.
Source Documents: Original documents and records
including, but not limited to, hospital records, clinical and office charts,
laboratory notes, memoranda, subjects' diaries or evaluation checklists, pharmacy
dispensing records, recorded data from automated instruments, copies or
transcriptions certified after verification as being accurate and complete,
microfiches, photographic negatives, microfilm or magnetic media, x-rays,
subject files, and records kept at the pharmacy, at the laboratories, and at
medico-technical departments involved in the clinical trial.
Transmit: Transmit is to transfer data within
or among clinical study sites, contract research organizations, data management
centers, or sponsors. Other Agency guidance covers transmission from sponsors
to the Agency.