MedInfoSys®: Compliance and Validation

The extent to which compliance and validation are issues with medical information varies by company: all that handle personal data on EU enquirers are subject to GDPR, but interpretations and approaches vary, and this variability is equally found when it comes to 21 CFR Part 11 (which is particularly affected by the approach taken to Adverse Events).

MedInfoSys® is fully-validated by NIP and provides all the functionality necessary to facilitate compliance:

  • Full audit trail, recording all changes in the system (who, what, when and, in some cases, why).
  • Export of audit trail data to human-readable formats: e.g. XML and CSV.
  • Configurable redaction functionality for GDPR, where – as well as being able to handle right-to-be-forgotten requests – companies can decide whether to redact fully manually or for the system to do this automatically, the age of enquiries to be redacted, how frequently it is done, the extent to which personal data can be emailed from the system, who (if anyone) can access redacted data, etc, etc.
  • Version control of key documents, including links between documents (enabling records to be “rewound” by an auditor)
  • Full system security:
    • Secure authentication of users when logging-on
    • Session timeout (such that users are prompted to log back in after a given period of inactivity)
    • Prompts for given system actions, e.g. to give reasons for changes made, or to record explicit sign off on certain system tasks.
    • Encryption of the connection to the system (https).
  • Prevention of editing and deletion of key system data and documents (including that, for GDPR, data is redacted rather than deleted, owing to overarching PV and legal commitments).
  • Archiving of correspondence to PDF, such that records are not only tamper-proof, but can be accessed many years hence.
  • Fully documented and tested code, in accordance with NIP’s quality system and a defined validation cycle.

NIP staff also frequently provide additional expertise, support and documentation to assist customers with validation on their side – particularly around writing validation plans, traceable PQ scripts and input to SOPs.

There is lots more detail available on this subject, but each company has specific needs, so please contact us to discuss your situation.