1 / 34

Electronic Records, 21 CFR Part 11 and Oracle 9 i Shon Naeymirad Principal Analyst/DBA Abbott Laboratories

Electronic Records, 21 CFR Part 11 and Oracle 9 i Shon Naeymirad Principal Analyst/DBA Abbott Laboratories. Agenda. 21 CFR Part 11 Electronic Record Electronic Signature How to build the final rule of 21 CFR Part 11 J2EE Platform Overview Oracle Application Development Framework (ADF).

lincoln
Download Presentation

Electronic Records, 21 CFR Part 11 and Oracle 9 i Shon Naeymirad Principal Analyst/DBA Abbott Laboratories

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Records, 21 CFR Part 11 and Oracle 9i Shon Naeymirad Principal Analyst/DBA Abbott Laboratories

  2. Agenda • 21 CFR Part 11 • Electronic Record • Electronic Signature • How to build the final rule of 21 CFR Part 11 • J2EE Platform Overview • Oracle Application Development Framework (ADF)

  3. 21 CFR Part 11 : Electronic Records; ElectronicSignatures • 1991, members of the pharmaceutical industry met with the agency to determine how they could accommodate paperless record systems under the current good manufacturing practice (CGMP) regulations in parts 210 and 211 (21 CFR parts 210 and 211). FDA created a Task Force on Electronic Identification/Signatures to develop a uniform approach by which the agency could accept electronic signatures and records in all program areas. • 1992, report, a task force subgroup, the Electronic Identification/Signature Working Group, recommended publication of an advance notice of proposed rulemaking (ANPRM) to obtain public comment on the issues involved. • 1994. A complete discussion of the options considered by FDA and other background information on the agency’s policy on electronic records and electronic signatures can be found in the ANPRM and the proposed rule. • 1997, The final rule provides criteria under which FDA will consider electronic records to be equivalent to paper records, and electronic signatures equivalent to traditional handwritten signatures. Part 11 (21 CFR part 11) applies to any paper records required by statute or agency regulations and supersedes any existing paper record requirements by providing that electronic records may be used in lieu of paper records. Electronic signatures which meet the requirements of the rule will be considered to be equivalent to full handwritten signatures, initials, and other general signings required by agency regulations. DEPARTMENT OF HEALTH ANDHUMAN SERVICESFood and Drug Administration 21 CFR Part 11[Docket No. 92N–0251]RIN 0910–AA29 Electronic Records; ElectronicSignatures

  4. Paper Record Complaint Form Reporter Name: Event Description: Event Date: Blank Form =context Reporter Name:Jim Smith Event Description: Patient Infection Event Date: January 10, 2001 Data =content Form + Data =record

  5. Database Records

  6. Database Record Data Definition Complaint Table Complaint ID Number(10) Unique ID for complaint table Reporter ID Number(10) Foreign Key to Reporter Table Complaint Desc Varchar2(4000) Description Complaint Date Date Date of Call Days Open Number(6) Calculated Field

  7. Electronic Record - Context

  8. Electronic Record - Content

  9. Electronic Records Electronic Record Context = Reporter.Name Complaint.Complaint Description Complaint.Date Electronic Record Content = Jim Smith Patient Infection January 10, 2001 Electronic Record: Context + Content = Reporter.Name: Jim Smith Complaint.Complaint Description:Patient Infection Complaint.Date:January 10, 2001

  10. Paper vs. Electronic Records Electronic Record Context = Reporter.Name Complaint.Complaint Desc Complaint.Date *Record definition includes 2 tables and 3 fields but excludes 8 fields in those tables plus all fields in the address table. Electronic Record = Paper Record Reporter.Name: Jim Smith Complaint.Complaint Desc:Patient Infection Complaint.Date:January 10, 2001 Complaint Form Reporter Name:Jim Smith Event Description: Patient Infection Event Date: January 10, 2001

  11. Key Point You must define the context of the electronic record (i.e., the collection of fields and tables that comprise the record) independent of the underlying database structures. Otherwise, you risk the interpretation that all information in the database is part of the “electronic record.” As with any definition we need to store that definition so it can be applied consistently and referred to when is needed.

  12. Attestation vs. Signature Attestation, simply stated, is attesting to the fact that a person changed a record, and links the record to the person who changed it, and when the change occurred. A signature, on the other hand, implies approval, acceptance, or authorization (like signing a check, to authorize your bank to release funds). Key Point: Your software should differentiate between attestation and signature since you need attestation on all required records but signatures only on certain records as defined by predicate rule. “Don’t allow IT to define what records to apply signatures.”

  13. Time Zone

  14. UTC • Establish a procedure for determining the local date and time from a time stamp based on UTC, Coordinated Universal Time. • Coordinated Universal Time replaces Greenwich Mean Time to represent the Earth's prime meridian (0 degrees longitude). UTC is based upon the atomic time scale that is commonly referred to as GMT. In 1970 the International Telecommunication Union agreed upon a single acronym for use in all languages to be UTC. • Oracle server date and time must be set to UTC.

  15. How to build the final rule of 21 CFR Part 11 System • Understand system requirements • Design good data model • Define security roles • Enforce password change • Build Audit Trail for all tables • Select your framework • Automate your development • Performance tuning

  16. Build Audit Trail • Create history table for all tables • Use database insert, update, delete triggers to build history records • Record user, server date and time • Define your Electronic Record • Define approval process of Electronic Record • Build a mechanism to record versioning for your Electronic Records

  17. Oracle Security • From the authentication standpoint, Oracle’s Single Sign-On (SSO) Server provides a scalable and extensible solution to address Web-based SSO. • Oracle ID and password can be used as Electronic Signature. • Use Oracle Profile to enforce password expiration, re-use control and complexity. • Use Oracle Roles to control user access • Oracle database instance login trigger can be used to monitor all logins. • Time stamps must be stored with electronic signature.

  18. Oracle9iAS Security Components Oracle HTTP Server OC4J mod_ossl mod_osso JAAS Client Single Sign-On Oracle Internet Directory

  19. Oracle9iAS JAAS Provider Integration with OC4J and SSO/OID

  20. Oracle Profile CREATE PROFILE “NEWUSER" LIMIT CPU_PER_SESSION DEFAULT CPU_PER_CALL DEFAULT CONNECT_TIME DEFAULT IDLE_TIME DEFAULT SESSIONS_PER_USER DEFAULT LOGICAL_READS_PER_SESSION DEFAULT LOGICAL_READS_PER_CALL DEFAULT PRIVATE_SGA DEFAULT COMPOSITE_LIMIT DEFAULT FAILED_LOGIN_ATTEMPTS 5 PASSWORD_LOCK_TIME 90 PASSWORD_GRACE_TIME 1 PASSWORD_LIFE_TIME .0006 PASSWORD_REUSE_MAX 10 PASSWORD_REUSE_TIME UNLIMITED PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION

  21. Logon Trigger CREATE TRIGGER "SYSTEM"."LOGON_CHECK" AFTER LOGON ON DATABASE Begin -- Limit access -- Verify usage of tools that was used to logon -- Insert into appl_audit_tables end;

  22. J2EE Platform Overview • Open standard supported by a community process • Backed by Big names like Oracle, IBM, Sun • Architecture for Highly scaleable multi-tier enterprise applications • Extends java promise for “Write Once, Run Anywhere" portability

  23. J2EE Platform Roles • Product Provider – supplier of container e.g. Oracle • Tool Provider – supplier of tools for development and packaging • Application Developer • Application Assembler • Application Deployer • System Administrator

  24. Oracle9i Application Server Release 2 • Productive Development • Complete J2EE, Web Services • Lightweight J2EE Footprint • Most Reliable Deployment • Fast Application Server • High Availability and Clustering • Complete Management and Security • 100% Standards Compliant • J2EE 1.3, Web Services, SOAP, WSDL, UDDI, ebXML, RosettaNet, LDAP, SSL, XML ...

  25. J2EE Architecture Presentation JSP, Servlet, Custom Tags Business Logic EJB, Java Classes Database & Enterprise Information System JDBC, SQLJ, JCA, J2EE Services JNDI, JTA, JMS, JAAS, JAF, JavaMail, JAF, JAXP

  26. Oracle9iAS Architecture Oracle HTTP Server AJP13 JNDI Web Container HTTP JMS AJP mod_oc4j JDBC JTA Client JAAS EJB Container ORMI J2C JavaMail ORMI JAF EJB Client Oracle9iAS Containers for J2EE (OC4J)

  27. Model View Controller (MVC)

  28. Persistence Layer

  29. Object-relational Impedance Mismatch

  30. Oracle ADF Application Architecture

  31. Oracle9iAS Integration

  32. Summary • Your software should differentiate between attestation and signature. • You should define the context of the electronic record independent of the underlying database structures. • You must link the attestation, or person who created, modified or deleted the record, to the correct revision of the record. This audit trail functionality is required. • Design your electronic record around approval process • Select your framework for J2EE • Use existing tools to integrate and automate

  33. Q & Q U E S T I O N S A N S W E R S A

More Related