Is referenced content sufficient to meet record content requirements?

[Mark Meer]

We've taken great pains to avoid data redundancy in our records, by employing a robust system of unique record IDs and referencing/linking.

So, for example, when the FDA call for:

21 CFR 820.198:
...
e) When an investigation is made under this section, a record of the investigation shall be maintained by the formally designated unit identified in paragraph (a) of this section. The record of investigation shall include:
...
(3) Any unique device identifier (UDI) or universal product code (UPC), and any other device identification(s) and control number(s) used;
(4) The name, address, and phone number of the complainant;
...

I'm presuming that it is sufficient to simply:

• reference the device by serial number only...but this serial number can then be used to retrieve the unit's production record on which the UDI is recorded.
• reference the complainant by name only...but this reference can then be used to retrieve the complainant's contact information from a contacts database.

I'm assuming this. ...but we've had some pretty strict FDA auditors in terms of their interpretation of the regulations, so there's some push here to add fields for putting this information directly in the records, rather than having simple references.

Curious if anyone has ever had push-back from auditors when references are used in lieu of required record data.

 

[mihzago]

What could maybe help is if you document your own definition of a complaint file/record and state that references or other linked records are considered to be part of the complaint file.

There's nothing in the regulation that says all the required information must be included in a single location/document, as long as it can be reasonably accessible.

 

[Mark Meer]

There's nothing in the regulation that says all the required information must be included in a single location/document, as long as it can be reasonably accessible.

I agree with the rationale, but were I to play devil's advocate, I'd point out that the regulation does say: "...a record of the investigation shall be maintained by the formally designated unit..." (emph. added).

In our case production records (where UDIs are recorded) are maintained by different department/personnel than the complaint investigation records. Similarly the (customer) contact database is maintained by someone else (though accessible to persons handling complaints), on a completely different platform.

As you say, all this information is ultimately easily retrievable and accessible to auditors (one of our explicit documentation requirements), so I'd hope auditors wouldn't take issue with our approach.
....but as far as our day-to-day operations, there are different persons responsible for maintaining the different record types (as interrelated as they may be..).

 

[yodon]

One of my worries would be that if one of these systems broke down, you may never be able to re-create the (complete) record. With a complete snapshot (record), you wouldn't have that risk.

I'd also be a bit concerned with the difference between 'static' data as would be in the complete record -v- the 'dynamic' data which would be the case if maintained separately. The dynamic data could be changed over time and may not reflect the data at the time of the complaint.

 

[Mark Meer]

One of my worries would be that if one of these systems broke down, you may never be able to re-create the (complete) record. With a complete snapshot (record), you wouldn't have that risk.

I'd also be a bit concerned with the difference between 'static' data as would be in the complete record -v- the 'dynamic' data which would be the case if maintained separately. The dynamic data could be changed over time and may not reflect the data at the time of the complaint.

Good points.

To your first point: Assuming my approach is acceptable (from FDA perspective), then this would be simply a risk assessment. From my point of view, having redundant data fields that personnel have to fill in manually each time a record is created, is itself prone to errors (our UDIs, for example, are ~34 character strings...easy to make translation errors/typos).
So, in a sense, removing these redundancies through references is a preventative measure, balanced against the potential that one set of records is compromised (for which I'd say the probability is low).

To your second point: Totally understand from a record-keeping perspective - you want a "snapshot" of the data at the time. ...but practically speaking, wouldn't it be most valuable to have the most relevant information?
Take customer contact information, for example:
- If the complaint record simply references the customer by ID, then you always access the most up-to-date customer contact details. Why would you want to reference an address that is obsolete?
- For traceability, this is mitigated by the fact that the customer records have a time-stamped record of changes. Hence if you really needed to retrieve that obsolete address at the time of the complaint, you could do so.

So, I still believe that a system that makes use of references to avoid redundant data is still justifiable despite these concerns. However, I'm still not 100% confident that an FDA auditor would agree...