Implementing Electronic Signatures Still a Challenge


Using esignature technology can help life science companies reduce the costs of conducting clinical trials and improve security while ensuring compliance with 21 CFR Part 11, but selecting the right type of system poses a challenge, according to an expert who hosted a recent webinar.

Among the benefits of using esignatures are compliance with good x practices [GxP, the catch-all category that includes good laboratory practices (GLP), good manufacturing practices (GMP) and good clinical practices (GCP)], computer system validation, internal standard operating procedures (SOPs) and other regulations, said Rodd Schlerf of Algorithmic Research (AR), an international provider of digital signature and data security solutions with headquarters in Petah Tikva, Israel.

"Many applications require signatures and approvals," Schlerf noted. "The value proposition for esignatures is that they are the final step in the transition to paperless operations." He listed the advantages of esignatures under four general headings:

Speed and agility are especially important in the pharmaceutical industry, due to the need to get products to market quickly and take full advantage of limited patent life, Schlerf observed. Using esignatures can help, particularly with getting information to decision-makers quickly; Improved security and regulatory compliance are even more significant benefits of esignatures, especially when it comes to quality and protection of the company's product portfolio, Schlerf said; Operational efficiency improves when esignatures replace signatures on paper documents, saving time and increasing productivity. According to one estimate, the cost of every single paper document produced in a corporate environment from creation to final shredding ranges from $10 to $75 or more. "Esignatures can help eliminate legacy costs if they are used properly," Schlerf said; and Using esignatures improves companies' ability to collaborate with contract research organizations (CROs) and do other kinds of outsourcing. This frees up the company to "focus on revenue-producing operations, not paperwork," said Schlerf. "You can reduce or offload organizational overhead," he added, giving as an example the kind of human resources documents that need to be filled in periodically and can constitute a significant paperwork burden if ordinary employee signatures are required.

Choosing the Right Electronic Signature

When converting to esignatures, it is important to make the right choice among the many options now available. Pitfalls await the unwary. "Some forms of esignatures are less secure than paper," Schlerf noted. He termed these "basic" esignatures, in the simplest form of which a piece of paper is signed and scanned into a computer, creating a "bitmap" or "jpeg" file that can be appended to any document. "But if you can cut and paste it, so can someone else or the document can be altered without your knowledge," he said.

Only slightly more sophisticated are signing pads like those used at supermarket checkout counters. Proprietary software is available that can make these more secure but the cost is prohibitive except in small workgroups. In any case, signing pads are also considered a legacy system, Schlerf said. These "basic" esignature technologies also raise serious compliance questions regarding data integrity and audit trails.

"The next step up is 'point' electronic systems," said Schlerf. This heading includes electronic lab notebooks and various systems used in electronic data capture (EDC). Under this type of system, users usually sign into an electronic proprietary database.

On the plus side, this type of esignature can solve real-time business needs. The esignatures can be validated and are Part 11 compliant as closed systems, Schlerf said. On the minus side, he said, these systems require a software license for every application, "and that costs money." Moreover, using this type of system one typically signs a database record and not a specific document. There is also the risk of creating a legacy system, since the esignatures and records are locked within a closed system that must be supported and maintained as long as the record needs to be kept.

Finally, these systems do not completely eliminate paper, Schlerf argued. Often, nurses involved in clinical trails using EDC will take the initial records on paper and later enter them into the computer, making double work on record-keeping. There are similar drawbacks to "container" esignature methods, which also do not completely eliminate paper and cannot be verified outside the closed system in which they are designed to function, he said.

AR specializes in public key infrastructure (PKI) esignatures, which are based on technology that was first developed 30 years ago. Under the "public key/private key" concept, parties don't have to exchange a common secret (such as a password) to conduct secure transactions, Schlerf said. The Signatures and Authentication for Everyone (SAFE) BioPharma consortium, which develops standards and associated operating rules to deliver unique identity keys for regulatory compliant and legally enforceable digital signatures, is based on PKI.

Unfortunately, Schlerf said, "traditional" PKI is costly to set up, and users need to manage it in the field. "Managed" PKI seeks to solve this problem by having a third party manage the technology, but this "outsources your trust network" and may not cost much less than traditional PKI, Schlerf said. AR's PKI system, called CoSign, is meant to solve these problems with a "black box" server-based system. -- Martin Gidron (