This is a question that I hear posed fairly frequently, I guess as a result of organisations managing electronic records rather than – or in addition to – traditional paper records. A typical scenario is an electronic document received into the Records Centre as two individual components; is it legitimate for the Records Manager to combine the individual files into a single PDF. Another scenario I’m often asked about is a large report that is circulated as a hard-copy for signature. Is it OK for the Records Manager to scan just the signature page and integrate it into an existing PDF of the same report; scanning of the whole paper document would create a file that was too large to manage and would not necessarily be text searchable.
For the regulated pharmaceutical and biotechnology sectors, I have been unable to locate a regulation or law that deals specifically with these scenarios (if anyone can point me to one, please comment below!). So to answer the question we really need to look at the regulations and guidance to identify any predicate rules or principles for us to base an answer upon. The best guidance that I think is relevant here is a reflection paper from the European Medicines Agency on “Expectations for Electronic Source Documents Used in Clinical Trials“. This paper also refers to the CDISC Standard for Electronic Source Data Within Clinical Trials which discusses a group of 12 high-level principles which, if adhered to, provide a good basis for the acceptability of electronic source data. Compliance with these principles helps us to answer the question posed.
Regulated documents need to be trustworthy. Furthermore, their trustworthiness must be able to withstand scrutiny, either by an auditor, a regulatory inspector or legal counsel. The EMEA reflection paper requires that documents are: accurate; legible; contemporaneous; original; attributable; complete; consistent; enduring; and available. The CDISC standard also adds ‘not modified’.
Whilst the manipulation of PDF files is well meant and helps to reduce duplication and encourage good records management working practices, it has the potential to introduce a question as to the reliability and authenticity of the record. Take the example of the signed study report. The signatory did not read, review and sign the content of the PDF file. Although the Records Manager knows that the content of the PDF and the hard-copy are the same – or assumes that they are – , the signature was not applied to the PDF and should therefore not be attached or associated with it. This would be akin to taking the signature page from a hard-copy study report and stapling it to an alternative version. Or taking the signature from one contract and attaching it to a paper version of a different copy. An alternative approach for signatures is to create a standalone signature sheet where the signatory affirms his/her approval of the content of a separate document that he/she has reviewed.
The example of combining different PDF files has similar problems. Although the Records Manager knows that the files should be combined, this process has the potential to call into question the validity of the concatenated document. If we use the analogy of the study report again, this process is like having the individual components reviewed but the Records Manager assembling the final study report and archiving it with no final approval. Following report assembly, the sponsor and investigator review and approve the compiled document.
To conclude, I said at the outset that I could not locate specific regulations on this. There will always be exceptions and the final decision has to be taken following a risk-based approach. However, my recommendation would be to identify document management processes that avoid the need to manipulate signature pages and/or manipulate individual components of a document. Our goal is always to create and manage reliable, authentic, trustworthy records.