The FDA has posted draft guidance designed to facilitate the use of data from electronic health records (EHR) in clinical research. The draft addresses the complications that arise from taking data collected and maintained by organizations that exist outside of the scope of FDA oversight, and using them to back up claims about the safety and efficacy of an experimental drug.
In theory, EHRs represent a useful tool for clinical trial sponsors. The FDA sees the data housed in EHRs as enabling improvements to patient safety and clinical trial efficiency. Specifically, the FDA is interested in the potential for EHRs to provide clinical trial investigators with longitudinal healthcare data and support the post-study follow-ups that are needed to assess long-term safety and efficacy. The snag is that EHRs and the data they hold are typically outside of the direct control of study sponsors and, by extension, the oversight of the FDA.
This lack of oversight clashes with the regulatory rigor applied to other sources of clinical trial data. “FDA’s acceptance of data from clinical investigations for decision-making purposes depends on FDA’s ability to verify the quality and the integrity of data during FDA on-site inspections and audits,” the regulator wrote in the draft guidance. “Sponsors are responsible for assessing the validity, reliability, and integrity of any data used to support a marketing application for a medical product.”
To help sponsors manage this issue, the FDA has drafted a list of best practices regarding the use of EHR data in clinical trials. Ideally, FDA wants sponsors to work with EHR technology that is covered by the Office of the National Coordinator for Health Information Technology (ONC) Health IT Certification Program. As EHR technologies have to meet standards to receive ONC certification, this designation “would give FDA confidence during inspections that the EHR data is reliable” and reassure it that the system complies with privacy and security requirements.
Sponsors can work with non-certified EHRs, but in doing so they will take on additional burdens. FDA expects sponsors that want to work with data from non-certified EHRs to assess whether the system has adequate controls for the confidentiality, integrity and reliability of the information. Systems that lack audit trails, are open to unauthorized users and don’t keep the records FDA will want to see during an inspection could cause problems for sponsors.
The draft is open for comment for 60 days.