Integrity of electronic digital records - Medical Devices

James

Involved In Discussions
#1
Hi

Just wondered if 13485 requires demonstrable security / integrity of systems used for electronic record keeping?

One of the departments under my MDR / 13485 scope (with Health Institution Exemption) for class 1 devices uses an MS Access database for some client records, relating to devices issued to them, including the manufacturing notes for custom made devices. There is no robust audit system inherent to the database to see what text changed / when / by whom, which means that records could effectively be altered. This doesn't seem appropriate to me. Printing the record to a time stamped PDF or similar may be a way of managing this. Any views?

Thanks

James
 
Elsmar Forum Sponsor

William55401

Involved In Discussions
#2
Short answer, yes, integrity of digital / electronic records is important to the standard.

Longer answer. To me, the use of a pdf is a snapshot in time and does not address the core issue of modifications to the electronic record. How is the MS database used? Will individuals go to the pdf or is the MS Access data base truly the system in use?

Citations from the standard (13485:2016)

"4.1.6 The organization shall document procedures for the validation of the application of computer
software used in the quality management system. Such software applications shall be validated prior to
initial use and, as appropriate, after changes to such software or its application.
The specific approach and activities associated with software validation and revalidation shall be
proportionate to the risk associated with the use of the software. Records of such activities shall be maintained (see 4.2.5)."

from 4.2.5 Records
"Records shall remain legible, readily identifiable and retrievable. Changes to a record shall remain identifiable."
 
Last edited:

James

Involved In Discussions
#3
Longer answer. To me, the use of a pdf is a snapshot in time and does not address the core issue of modifications to the electronic record. How is the MS database used? Will individuals go to the pdf or is the MS Access data base truly the system in use?
Thanks - the PDF would be used to evidence record keeping integrity, but as you have highlighted its far from ideal, and doesn't comply with 4.2.5

We'll need to think again I think
 

Ronen E

Problem Solver
Staff member
Moderator
#4
One of the departments under my MDR / 13485 scope (with Health Institution Exemption) for class 1 devices uses an MS Access database for some client records, relating to devices issued to them, including the manufacturing notes for custom made devices.
Hi James,

Not answering your question but still important -

You might want to keep a clear identification of the different product/regulatory categories. To me, what you wrote above doesn't seem to reconcile. Where the "Health Institution Exemption" applies, the rest of the MDR doesn't, so device classification is N/A and there's no meaning or need in the designation "class 1 devices". The same goes for (true) custom made devices, which are governed by yet other parts of the MDR (i.e. either you go by the "Health Institution Exemption" (Article 5 s. 5) or by the custom made devices provisions, but not both). Further, the "Health Institution Exemption" applies only where the devices are made and used within the health institution, so you might want to make sure that "issuing devices to clients" (as noted) doesn't violate that.

Cheers,
Ronen.
 

James

Involved In Discussions
#5
Where the "Health Institution Exemption" applies, the rest of the MDR doesn't, so device classification is N/A and there's no meaning or need in the designation "class 1 devices".
Thanks Ronen, I guess I've got into the habit of indicating class 1, just to clarify that our devices are low risk which may be relevant. In terms of the HIE, this has caused some consternation because our trust is commissioned by NHS England to also provide services to neighbouring trusts (not commercially). I discussed this with the MHRA, who felt it reasonable that the 'legal entity' could apply to other trusts under commissioned arrangements, as long as manufacturing accountabilities were explicit.
 
Thread starter Similar threads Forum Replies Date
Q How to handle the integrity of electronic data in databases? Records and Data - Quality, Legal and Other Evidence 13
T ISO 17025:2017 requirement 5.7.b. about maintenance the integrity of the management system ISO 17025 related Discussions 1
R What is meant by Use of COMPONENTS WITH HIGH-INTEGRITY CHARACTERISTICS in ME EQUIPMENT (clause no 4.9) IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
M Package Integrity Test ASTM F 2096 or ASTM 1929 Quality Assurance and Compliance Software Tools and Solutions 1
V Every good documentation practice observation is an data integrity issue US Food and Drug Administration (FDA) 7
V What is the criteria to cite an good documentation practices observation as an data integrity related issue US Food and Drug Administration (FDA) 6
Sidney Vianna ISO 9001 News Tirelessly Improving the Brand Integrity of ISO 9001 - Working Group under ISO TC 176 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 42
I HEPA Filter Integrity test ISO class 9 room Qualification and Validation (including 21 CFR Part 11) 2
Q MHRA has released a new guidance document related to 'GXP' Data Integrity EU Medical Device Regulations 3
R Wet Signature Document Attachments in SAP - Risk on Data Integrity issue? Records and Data - Quality, Legal and Other Evidence 6
E Definition Integrity - The meaning of the word INTEGRITY in ISO 13485 Control of Records Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 6
V Data Quality and Data Integrity - Audit Trail - Part 11 - WHO - FDA - MHRA - PDA US Food and Drug Administration (FDA) 6
N Foil Package Integrity Testing ISO 4074 Other Medical Device Related Standards 1
D Integrity and Inspection of Concrete Blocks Inspection, Prints (Drawings), Testing, Sampling and Related Topics 7
sagai Safety Integrity Requirement as per ISO/IEC 61508 Other ISO and International Standards and European Regulations 2
somashekar 5.4.2 b) Integrity of QMS in Change Management ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
H Package Integrity Testing Acceptance Criteria ISO 13485:2016 - Medical Device Quality Management Systems 3
S Suggested process to show compliance for this 820.120(a) for Label Integrity 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
M How to validate a Dye Test method used to evaluate Package Integrity Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 8
N High Integrity Components Definition according to clause 4.9 of IEC60601-1 3rd ED IEC 60601 - Medical Electrical Equipment Safety Standards Series 43
I SIL (Safety Integrity Level) calculation per IEC 61508. Reliability Analysis - Predictions, Testing and Standards 6
V ISO 26262 - How to handle OEM ASIL A (Automotive Software Integrity Requirements) Other ISO and International Standards and European Regulations 4
J Outline of Data Integrity Training or a Data Intergrity Agreement example wanted Quality Manager and Management Related Issues 2
S A question on Maintaining the Integrity of the QMS (5.4.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
H Surgical Sealant Package Integrity Test for Glass Vial Filled Product Other Medical Device Related Standards 3
W Oven Leak Test Method - Integrity of the chamber to hold gas Qualification and Validation (including 21 CFR Part 11) 3
J Container Closure Integrity & Sterility Test - The Dye Immersion Method Quality Assurance and Compliance Software Tools and Solutions 16
A Internal auditors independence & integrity Internal Auditing 9
bobdoering Determining a Good Variable for Small Scale Weld Integrity Capability Evaluation Capability, Accuracy and Stability - Processes, Machines, etc. 7
K Data Integrity Verification Tool Quality Assurance and Compliance Software Tools and Solutions 3
I How Must Safety Integrity Level (SIL) For Ball Valves Be Calculated? Reliability Analysis - Predictions, Testing and Standards 3
T Automotive Software Integrity Level (ASIL) - What are the Requirements & Details? Software Quality Assurance 2
A Import Data Integrity Software Quality Assurance 2
S Employer asking me to compromise on integrity Career and Occupation Discussions 46
R Meat Sample Integrity General Measurement Device and Calibration Topics 4
A Integrity of Flue gas analyzer? General Measurement Device and Calibration Topics 5
Y Label Integrity Validation - Instances of labels peeling off unexpectedly Inspection, Prints (Drawings), Testing, Sampling and Related Topics 3
D cGMP and Batch Integrity of Bulk Storage Tanks US Food and Drug Administration (FDA) 8
D Industry Standard for Brazed Joint Integrity - Customer Specification Various Other Specifications, Standards, and related Requirements 1
apestate Integrity in reporting, and Poorly defined Tolerances and Requirements Records and Data - Quality, Legal and Other Evidence 4
CarolX Integrity lost? Conflict of Interest? ISO 9000 'Keepers' Profit from their books Philosophy, Gurus, Innovation and Evolution 42
Marc NIST 'High Integrity Software Systems Assurance' resource (site semi-abandoned) Software Quality Assurance 2
P Lot integrity - We have many paperwork problems - Wht can I do? QS-9000 - American Automotive Manufacturers Standard 2
P Lot Integrity - Process Steps where Identification is Lost (eg.: Quench) Misc. Quality Assurance and Business Systems Related Topics 6
C Cleaning of electronic transmitter Other Medical Device Related Standards 2
D Preservation of Electronic Data / Information Technology ISO 13485:2016 - Medical Device Quality Management Systems 4
M Is IEC 60601-1-2 required by FDA for all electronic medical devices? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
Anonymous16-2 21 CFR Part 11 - Steps to take if we want to validate an electronic system Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
R Electronic and hand-written footnotes for GDP Document Control Systems, Procedures, Forms and Templates 1
A 21 CFR part 11 - section 11.100 - Electronic Signature Certification Other US Medical Device Regulations 6

Similar threads

Top Bottom