- Find Regulatory Requirements for your country
- GHTF
- Validation Requirements
- Medical Device Software
- Sterilization
|
SUBSCRIBE (always Free) |
|
Medical Devices and HIPAA (Health Insurance Portability and Accountability Act) A Basic Introduction in plain English
ELECTRONIC SIGNATURES (21 CFR Part 11)
The general requirements of Electronic Signatures as spelled out by the Food and Drug administration (FDA) are:
(a) Each electronic signature shall be unique to one individual and shall not be reused by, or reassigned to, anyone else.
(b) Before an organization establishes, assigns, certifies, or otherwise sanctions an individual`s electronic signature, or any element of such electronic signature, the organization shall verify the identity of the individual.
(c) Persons using electronic signatures shall, prior to or at the time of such use, certify to the agency that the electronic signatures in their system, used on or after August 20, 1997, are intended to be the legally binding equivalent of traditional handwritten signatures.
(1) The certification shall be submitted in paper form and signed with a traditional handwritten signature, to the Office of Regional Operations (HFC-100), 5600 Fishers Lane, Rockville, MD 20857.
(2) Persons using electronic signatures shall, upon agency request, provide additional certification or testimony that a specific electronic signature is the legally binding equivalent of the signer`s handwritten signature.
An electronic signature is in essence an individual signature. It is the same as if someone picked up a pen and signed their name to a document. Problems however arise if a software related product is used to administer this ‘electronic signature’ since controls need to be in place to prevent someone else from doing so in my name.
In addition to providing an electronic signature you also need to be able to prove that it is identical to an individual’s real signature. That is no one else could have administered it either inadvertently or intentionally.
Essential features of electronic signatures that must be incorporated are: User Authentication, Nonrepudiation and Message integrity. User Authentication is essentially that – that there is assurance that the electronic signature is that of the identity of the individual administering it. Nonrepudiation is a big word for basically meaning that the persons sending and receiving the message are in fact those individuals. And Message integrity – ensures that the message transmitted is not altered from the original.