What do we need to do to safeguard clinical data integrity? This critical question has become increasingly relevant as the regulatory landscape continues to evolve. Throughout the last couple of years, regulatory guidance has evolved to place a much greater emphasis on computerized systems and data integrity. However, a persistent challenge in our industry lies in the lack of standardization of how we communicate, which is true in many areas, including regulatory authorities. While there are more standards than ever to facilitate ease of communication, each authority often communicates requirements in unique ways. Each within the same authority, terminology, and approach can evolve over time, leading to inconsistencies. For example, the shift from using “subject” to “participant” in ICH-GCP is a minor but illustrative example of such evolution.

For Sponsors, this fragmented approach creates complexities in understanding the nuances between regulatory guidance and ensuring compliance with increasingly stringent data integrity requirements.

Why Safeguarding Data Integrity is Non-Negotiable

Data is one of the most critical outputs of any clinical trial, second only to patient safety and well-being. What do we need to do to safeguard clinical data integrity? This starts with validating computerized systems, applying the ALCOA+ principles (Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, and Available), and implementing mechanisms to ensure data traceability. By embedding these practices into trial processes, sponsors can build trust in the reliability of their outcomes and mitigate the risk of compliance findings. It is surprising how long it took for the industry to recognize the need for more robust measures to ensure data integrity.

At Seuss+, we understand the pivotal role of data integrity in clinical trial success. Our frameworks ensure that systems used for data capture, storage, and reporting are fully aligned with global regulatory standards. By taking a structured approach, we help sponsors reduce risks, maintain compliance, and streamline trial timelines.

These commitments are increasingly shaped by evolving regulatory guidance, which emphasizes the importance of safeguarding clinical data integrity.

Key Regulatory Documents Driving Change

Recent guidance shaping the landscape of data integrity and computerized systems includes:

ICH-GCP:

• ICH E6 (R3), currently in draft (May 2023)

EMA:

• “Guideline on computerized systems and electronic data in clinical trials” (March 2023)

FDA:

• “Digital Health Technologies for Remote Data Acquisition in Clinical Investigations” (December 2023)
• “Conducting Clinical Trials With Decentralized Elements” (September 2024)

Bridging the gap for Sponsors

To help drive alignment, we have analyzed the key commonalities and differences between the authorities above, and in this article, I will share the points pertinent to data integrity and computerized systems.

A breakdown in key commonalities:

Data Integrity

• ICH, EMA, and FDA all prioritize data integrity in clinical trials.
• EMA and FDA consider ALCOA+ (Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, and Available) as the guiding principle to achieving good quality data.
• These principles ensure that electronic records are trustworthy, traceable, and can be relied upon for regulatory decision-making. Although the ALCOA+ terminology is not explicitly named in the ICH guidelines, the principles are very much embedded in the expectations for data quality and integrity throughout clinical trials.

System Validation

• All three emphasize that computerized systems used in clinical trials must be validated to ensure their accuracy, reliability, and consistent performance.

Audit Trails

• ICH, EMA, and FDA require that computerized systems maintain audit trails to ensure that any changes to electronic data are documented, allowing for traceability and transparency.
• The audit trail should capture who made changes, when, and why, ensuring that data is always attributable and modifications are easily traced.

Security and Access Controls

• All three bodies stress the need for robust security measures to protect clinical trial data from unauthorized access, breaches, or tampering.
• Systems must implement role-based access control and ensure that only authorized personnel can access, modify, or view sensitive data.

Data Privacy and Confidentiality

• Ensuring participant privacy is a core concern, particularly with the growing use of digital health technologies and remote data collection.
• All frameworks require compliance with relevant data protection laws: GDPR for EMA, HIPAA for FDA, general “data protection” for ICH.
• Systems must be designed to handle personally identifiable information (PII) securely, with appropriate safeguards for privacy.

Electronic Records and Signatures

• The use of electronic records and electronic signatures is supported by all three, though EMA and FDA provide much more detail including guidelines on how to ensure these are legally equivalent to paper-based records and wet signatures.
• All systems must be able to link electronic signatures to their respective records, ensuring accountability and traceability.
• However, just because these regulators generally allow for it, local regulations may also apply so the ability to use e-Signatures needs to be considered on a country-by-country basis.

Data Flow

• All mention data flow diagrams, contained within the protocol or in a protocol related document, however ICH leaves it as optional (“where necessary”), whereas FDA and EMA have electronic data flow diagrams as a requirement.
• FDA from the DHT to the “first durable electronic repository”, as a description of the electronic data flow for computerized systems used in clinical investigations in their source data guidance (2013) and “to final storage” in Conducting Clinical Trials with Decentralized Elements.
• EMA have included it within their guideline for computerized systems (2023), requiring a detailed diagram and description of the transmission of electronic data.

Electronic Source Data (eSource)

• ICH E6(R3), EMA (2023) and FDA (2013): All require robust data integrity mechanisms when capturing eSource data, including audit trails and traceability

A breakdown in the key differences:

Risk-Based Approach

• ICH E6(R3) and EMA (2023): Both specifically emphasize a risk-based approach to computerized system validation, adapting the level of validation to the risk the system poses to trial outcomes.
• FDA: While FDA guidance also requires system validation, it does not consider it in terms of using a risk-based approach. However, the recent guidance on “Conducting Clinical Trials With Decentralized Elements,” does recommend a risk-based approach and centralized monitoring for managing data quality concerns and indicates that the monitoring plan should be based on the sponsor’s risk assessment, linking risk and data integrity. FDA also considers risk assessment in terms of changes to the system and specifies that “some should be validated depending on risk” and in data collection and handling.

Decentralized and Remote Data Collection

• ICH E6(R3) and FDA (2023): Both encourage the use of digital health technologies for remote data collection in decentralized clinical trials, with FDA (2023) providing specific guidance on the use of DHTs like wearables.
• EMA (2023): Raises considerations for various technologies that are often used in decentralized and hybrid clinical trials in an agnostic way.

Data Security and Cybersecurity

• ICH E6(R3) and EMA (2023): Places a strong focus on data security, addressing growing concerns about data breaches and cyber-attacks in clinical trials.
• FDA: While the FDA’s 2007 and 2023 guidance address data security, including the importance of access control and audit trails, they do not focus on it as heavily.

Electronic Records and Signatures

• FDA 21 CFR Part 11: The most comprehensive guidance regarding the use of electronic records and electronic signatures. Part 11 specifies detailed requirements for electronic recordkeeping and electronic signatures that ensure the same level of accountability and reliability as paper records.
• ICH E6(R3) and EMA (2023): Both adhere to the basic principles of electronic records and electronic signatures. However, they focus more on their implementation within the overall framework of data integrity and risk-based validation, without offering the same level of detailed prescription as the FDA’s Part 11.

Patient Privacy and Data Protection

• EMA (2023): Stresses strict adherence to GDPR (General Data Protection Regulation), which governs data privacy and protection for clinical trial participants within the EU. EMA ensures that all computerized systems comply with GDPR requirements for handling personal data.
• –FDA: The FDA focuses on HIPAA (Health Insurance Portability and Accountability Act), ensuring that patient health information is protected in US-based trials. HIPAA compliance is critical for any digital systems managing personally identifiable information (PII).
• ICH E6(R3): Calls for global attention to data privacy, with the expectation that trial sponsors and sites comply with local privacy laws.

Interoperability and integration

• FDA: Guidance relating to DHTs from 2023 encourage the evaluation of the quality of interoperability.
• EMA: According to EMA data transfer between systems should be validated to ensure the data remains accurate. Also that the format, timing and actions needing to be applied to the data are captured in the data flow or accompanying description. Interfaces supporting data transfer is mentioned in an agnostic way. Specifically relating to integration, IRT integrated into EDC is mentioned, as it the additional requirement or addressing this feature need in the system requirement and UAT, but it is again agnostic. EMA also considers integration in terms of EHR/EMR.
• ICH: Only specifies that data transfer between computerized systems must retain data integrity, preserve confidentiality and traceability.

Digital Health Technologies (DHTs) and Mobile Health:

• FDA (2023): Provides specific guidance for the use of Digital Health Technologies (DHTs) for remote data acquisition, which includes wearables, mobile apps, and telemedicine devices. This guidance outlines validation, patient safety, and data integrity considerations specific to these tools in decentralized clinical trials.
• ICH E6(R3): Encourages the use of patient-centric digital tools, such as eConsent, ePRO, and remote monitoring devices, within the framework of modernized clinical trials. However, the ICH does not provide detailed, technology-specific guidance like the FDA does.
• EMA (2023): Has more an agnostic approach of DHTs and decentralized models, emphasizing the importance of maintaining data flow, traceability, and security for any electronic data generated by digital health technologies.

Taking Appropriate Action

In today’s regulatory environment, clinical development teams within Sponsor or CRO organizations must elevate their focus on safeguarding data integrity. Achieving this requires deeper collaboration and greater transparency, particularly in the sharing of validation documentation and data processes. What do we need to do to safeguard clinical data integrity? The answer begins with implementing key measures that establish a foundation for compliance and data trustworthiness:

• Ensure data flow processes are clearly mapped to document how clinical data moves from collection through to final storage, ensuring compliance with regulatory expectations.
• Conduct a comprehensive risk assessment on all computerized systems to identify vulnerabilities and prioritize mitigations.
  Validate all systems to confirm they are fit for purpose, reliable, and compliant with trial requirements.

By embedding these practices into your clinical trial processes, your organization can maintain greater control over data integrity. These steps are critical to ensuring that trial data is accurate, complete, and trustworthy throughout all phases of development, while also mitigating risks of non-compliance during inspections.

Beyond compliance, implementing these measures strengthens the overall quality of clinical trial outcomes. Reliable and timely data facilitates informed decision-making, ensuring smoother trial execution and enhanced trust among regulators and investors. Stakeholders gain confidence that your organization adheres to the highest standards of data quality, which is critical to regulatory approval and continued investment.

Moreover, documenting data processes enables teams to optimize workflows and ensure seamless, timely data transfers. Clear records and system validation serve as a shield against potential regulatory findings, reducing operational risks and bolstering readiness for inspections.

What do we need to do to safeguard clinical data integrity? At Seuss+, we specialize in partnering with sponsors to design and implement these essential safeguards, ensuring your clinical trial operations remain efficient, compliant, and aligned with the latest global standards.