A small writeup on the subject for easy reference.
Regulation 21 CFR Part 11.10 (e) Use of secure, computer-generated,
time-stamped audit trails to independently record the date and time
of operator entries and actions that create, modify, or delete
electronic records. Record changes shall not obscure previously
recorded information. Such audit trail documentation shall be
retained for a period at least as long as that required for the
subject electronic records and shall be available for agency review
and copying.
- Comment 68, the agency advises that the requirement in Sec.
11.10 (e) for audit trails of operator actions would cover those
actions intended to delete records. Thus, the agency would expect
firms to document such deletions, and would expect the audit trail
mechanisms to be included in the validation of the electronic
records system.
http://www.fda.gov/ora/compliance_ref/part11/frs/background/11cfr-
http://www.fda.gov/ora/compliance_ref/part11/frs/background/11cfr-
fr_02.htm
2. Guidance for Industry Part 11, Electronic Records;
Electronic Signatures � Scope and Application Sec III C 2, Audit
Trail refer to Predicate rule 21 CFR Part 58.130(e) which reads as
follows.
58.130(e) All data generated during the conduct of a nonclinical
laboratory study, except those that are generated by automated data
collection systems, shall be recorded directly, promptly, and
legibly in ink. All data entries shall be dated on the date of entry
and signed or initialed by the person entering the data. Any change
in entries shall be made so as not to obscure the original entry,
shall indicate the reason for such change, and shall be dated and
signed or identified at the time of the change. In automated data
collection systems, the individual responsible for direct data input
shall be identified at the time of data input. Any change in
automated data entries shall be made so as not to obscure the
original entry, shall indicate the reason for change, shall be
dated, and the responsible individual shall be identified.
- Guidance for Industry Part 11, Electronic Records;
Electronic Signatures � Scope and Application Sec III C 5, Records
Retention, mentions “as long as predicate rule requirements are
fully satisfied and the content and meaning of the records are
preserved and archived, you can delete the electronic version of the
records.” - Regulation 21 CFR Part 11.100 (a) reads follows “Each
electronic signature shall be unique to one individual and shall not
be reused by, or reassigned to, anyone else.”
In the light of the above mentioned current regulatory requirements
and advice/comment given by FDA, we understand that deleting user id
records is not permitted by the regulatory provisions/guidelines.
Regds