Back Arrow Email Privacy Regulations

We’re not just securing email and eSigning.

We’ve been helping medical device, health, biotech, and life sciences companies speed business securely, meeting FDA Guidelines in 21 CFR Part 11.

And we’ve been doing it with them since 2007.

FDA 21 CFR Part 11 Compliance and Legality in the United States

RMail Logo
Audit-Ready Compliance
Yes. May be configured for compliance with FDA Guidelines on 21 CFR Part 11 .
RMail Email Encryption
Relied upon in the United States since 2000.
Geography
Each of the United States.
Recommended Service
RSign® eSignatures with special settings and RMail® email encryption with Registered Receipt™ audit-ready email proof of compliance with FDA Guidelines on 21 CFR Part 11. RMail and RSign electronic signature services have options to enable privacy features.

Common Use

RSign eSignatures with encryption are used with e-prescriptions, and within the medical device, health care, life sciences, pharmaceutical, and biotech industries. RMail email encryption is commonly used to meet the same privacy needs.

Watch full video of Heather Dunn discuss RSign at Optimize!2020.

Open Quotes

RSign is a saving grace, and every customer is getting their payments a lot quicker than they would have if otherwise mailing out of the documents.

Close Quotes

Heather Dunn

Claims Supervisor, Mercury Insurance

Legal Aspects

RPost Services May be Configured to Support Compliance with FDA Guidelines on 21 CFR Part 11. The RMail® encryption, file sharing and eSignature services, RSign® services and RMail® Registered Email™ services support compliance with 21 CFR Part 11 with regard to preserving a time-stamped audit trail and archiving the content of documents submitted or signed electronically for FDA purposes.

The Food and Drug Administration (FDA) has published guidance for compliance with specific regulations in 21 CFR Part 11. This guidance is intended to describe the FDA’s current thinking regarding the scope and application of part 11 of Title 21 of the Code of Federal Regulations; Electronic Records; Electronic Signatures (21 CFR Part 11). RPost Services Support Compliance with FDA Guidelines on 21 CFR Part 11.

Preserving the RMail Registered Receipt™ and RSign® signature certificate associated with any document sent by email or sent for electronic signature with RMail and RSign automatically preserves a time-stamped audit trail and original content of the document (and email message body text content as well as electronic signature). This is preserved in the form of a Registered Receipt™ email record or RSign signature certificate, which can be stored by the sender in any normal email box, email archive, or document archive (or with RMail or RSign services online depending on the service options and features). These electronic “receipts” are self-contained, can be independently authenticated, and can re-construct an authenticated time-stamped original content in a human readable and standard electronic format.

One can then optionally elect to preserve the original message and documents as that information is preserved with the transmission audit trail, within the electronic receipt itself.

With regards to the FDA guidance on 21 CFR Part 11, “Electronic Records; Electronic Signatures,” the RMail and RSign services simplify compliance with at least the following requirements. If one is emailing documents to the FDA, RMail and RSign can automatically add authenticated electronic signatures and provide a record returned to the sender that complies with Part 11; the process is as easy as attaching a DOC or PDF to an email and sending (sending via RMail or RSign).

Excerpts of important elements of FDA guidance on 21 CFR Part 11 as it relates to RSign and RMail follows:

  • Audit Trail: “…computer-generated, time-stamped audit trails (§ 11.10 (e), (k)(2) and any corresponding requirement in §11.30). Persons must still comply with all applicable predicate rule requirements related to documentation of, for example, date (e.g., § 58.130(e)), time, or sequencing of events, as well as any requirements for ensuring that changes to records do not obscure previous entries.”
  • Copies of Records: “…generating copies of records (§ 11.10 (b) and any corresponding requirement in §11.30)… We recommend that you supply copies of electronic records by: Producing copies of records held in common portable formats when records are maintained in these formats… In each case, we recommend that the copying process used produces copies that preserve the content and meaning of the record… You should allow inspection, review, and copying of records in a human readable form…”
  • Record Retention: “…for the protection of records to enable their accurate and ready retrieval throughout the records retention period (§ 11.10 (c) and any corresponding requirement in §11.30). Persons must still comply with all applicable predicate rule requirements for record retention and availability (e.g., §§ 211.180(c),(d), 108.25(g), and 108.35(h)). …any copies of the required records should preserve their content and meaning. As long as predicate rule requirements are fully satisfied and the content and meaning of the records are preserved and archived, you can delete the electronic version of the records. In addition, paper and electronic record and signature components can co-exist (i.e., a hybrid8 situation) as long as predicate rule requirements are met and the content and meaning of those records are preserved.”

Laws Referenced

The Food and Drug Administration (FDA) has published guidance for compliance with specific regulations in 21 CFR Part 11.

Disclaimer: Neither RPost nor its affiliates provide legal opinions. The information on RPost and its affiliates and products websites is for general information purposes only and is not intended to serve as legal advice or to provide any legal opinions. Laws and regulations change from time to time and neither RPost nor its affiliates guarantee that all of the information on RPost and its affiliates’ websites are current, correct, or with sufficient detail for the purpose of each reader. You should consult your legal counsel for specific jurisdictional details and other issues.

Tradenames are owned by the named company. Service benefit is summary, not intended to be a case study.​ RPost technology is patented. RMail, RSign, and RPost are trademarks owned by RPost.