ABSTRACT
Accounts that are used to access clinical data management systems provide the user with varying degrees of power, or control, over data stored in the system. When the account permits the user to enter, modify, or delete data in electronic records, the username and password together constitute one kind of electronic signature. It is not the kind of signature that is the equivalent of a handwritten signature (such as the principal investigator signature for electronic case report forms (eCRF) in EDC) but rather is the kind of signature that makes the change to the data attributable to a particular person. All data management systems automatically associate the person who is responsible for the entry or change with the data usually through the username. By thinking of the username and password as the way to make actions on the data attributable, it is easier to put procedures into place that govern the username and password in compliance with 21 CFR Part 11. The username must uniquely de—ne a person and the combination of username and password constitute a signature.
