Mobile Apps for Clinical Use: Any Special Rules or SDLC Modifications?

Q: For electronic methods of collecting clinical investigation data with a mobile application, should we have any special concerns?

For example, what additional controls should we consider during the development and validation activities, compared to our existing system development life cycle (SDLC) practices? Are there any specific requirements or controls that apply to these types of mobile apps?

A: There are no new requirements for the development and validation of mobile apps used in clinical studies — that is, compared to any other regulated computerized system.

Like any other computerized system, you must validate that the app meets your intended use requirements. You also must validate that it has all the regulatory controls you would need for any other application running on a computer or network.

You can follow your normal SDLC practices in developing and validating the app.

You can follow your normal SDLC practices in developing and validating the app.

Your 21 CFR Part 11 controls and requirements must be in place to assure the authenticity, concurrency, attributability (to person and process), and reliability of the data and records. This includes, of course, documentation of when changes are made, and by whom.

You have to assure data cannot be deleted accidentally. If the app allows for signatures, those signatures must be linked to the record in such a way that when records are exported to a different medium, the signature stays intact with the record.

Another important requirement is that the app must record who is entering the data — who is logged on and entering, modifying or deleting data. That person must have the authority to do what he/she is doing within the application.

Finally, Good Laboratory Practice (GLP) studies must show the reason for changes made to a record, including the audit trail. So you need to ensure there is a complete record of why any changes are made, even if they are not made within the application but externally.

Answered by Jan Olson, Vice President of EduQuest, who served as an expert field investigator and director of information management resources during her 22-year career at FDA and later co-wrote PDA’s Good Electronic Records Management guidance. Jan also is the co-instructor of EduQuest’s FDA Auditing of Computerized Systems and Part 11/Annex 11 Compliance training class.


Leave a Reply

Your email address will not be published. Required fields are marked *