How To:How to Use E-Signatures
About LMK’s How-To Series
LMK’s commitment to education inspires our most popular and most important service offering: TMF University. TMF University is LMK’s industry-first TMF training program, offering a wide range of courses to suit all needs; from beginners just learning to identify common regulatory documents to professionals seeking to hone their expertise.
Celebrating TMF University’s renewed focus on taking TMF action, LMK is happy to present this how-to blog post, the third post in a multi-week how-to series. You can read the series’ last post here. In the coming weeks we’ll continue to dispense with complexity and focus on what it takes to achieve a basic TMF skill we think every clinical research professional should know.
How can I be sure this electronic signature is acceptable for filing in the TMF?
An electronic signature (e-signature) can take many forms depending on the software and circumstances of use. When TMFs were exclusively paper one would only need to consider if a document was a copy or an original—which could be easily verified by physically examining the document. Now, with eTMF or hybrid arrangements, and with the introduction of e-signatures and other document handling advances, there are a great number of scenarios to consider. Signed documents enter the TMF from many sources: attached to an email, scanned, created in an eTMF directly, sent from a phone app, or generated as a report or output from many types of clinical trial tools. Additionally, these new document sources are often used in conjunction, multiplying the potential for the document to be altered. In light of the growing complexity of each document’s story (and the story of its signature), what new expectations does the FDA have for all of us?
The Regulatory Picture: The basis of the FDA’s treatment for e-signatures is 21 CFR Part 11, with Subpart C containing the most relevant information. As with most other topics, the CFR only forms a general foundation and is not frequently updated to reflect technological advances or current thinking. The most recent (and likely most useful) tool for understanding the FDA’s current perspective on e-signatures is the June 2017 draft guidance document, “Use of Electronic Records and Electronic Signatures in Clinical Investigations Under 21 CFR Part 11 – Questions and Answers”.
The FDA defines an e-signature as “a computer data compilation of any symbol or series of symbols executed, adopted, or authorized by an individual to be the legally binding equivalent of the individual’s handwritten signature.” The question then follows, what, according to the FDA, makes an e-signature a legally binding equivalent to a handwritten signature on a paper document. According to the FDA, this equivalency comes from compliance with 21 CFR Part 11, more specifically, electronic signatures must meet the following criteria:
- Are unique to one individual
- Clearly indicate the printed name of the signer
- Record the time and date of execution
- Define the meaning associated with the signature
- Should be linked to an electronic record/ledger to prevent easy duplication or transference to another individual
- The ledger/software that records this information is compliant to the systems regulation under 21 CFR Part 11
Practical Advice: The FDA treats e-signatures like any other electronic system. The FDA also recognizes the difference between e-signatures (which are software generated and traceable) and digital signatures (which graphically represent a signature). The FDA will not and does not define any method or software used to create electronic signatures. There are also no documents that the FDA has designated to be signed ‘wet ink’ only. It is therefore necessary to ensure your e-signature vendor is offering a 21 CFR Par 11 compliant system. If the vendor can certify compliance, your SOPs outline proper use, and everybody on your team knows not misuse the software (e.g. sharing passwords), then you can be confident of your compliance.
If your organization scans original paper documents, this is acceptable, however an SOP should be established to document the signature process. The electronic copy of your original document should be a certified copy according to ICH-GCP E6 R2 (we’ll discuss this concept in greater detail in our next how to post). Finally, copying an image file of a signature into a document is not complaint. If the document is originating in electronic format it must comply with 21 CFR Part 11. A ‘copy and paste’ signature is too easily falsified or used by multiple individuals.
The source of the clinical trial industry’s anxiety about signatures likely stems from the FDA’s deliberate choice to provide general guidance only. Although the FDA does not offer high-level detail on preferred e-signature systems or certify specific systems or methods, basic expectations are made clear through the guidance and 21 CFR Part 11. Although risk-averse regulatory professionals always prefer more detail from the FDA, the FDA’s choice benefits the clinical trial industry by preventing FDA policy from conflicting with technological improvements. You can be confident that as long as you meet the basic 21 CFR Part 11 requirements above, have a consistently applied SOP, and avoid those pesky copy-paste signatures, your document’s signatures will be inspection-ready and compliant.