Trustworthy technologies - how to ensure the credibility of clinical trials in the digital era?

Introduction

Digitalization is transforming clinical trials at a pace unimaginable just a few years ago. Today, it’s hard to imagine a clinical trial without EDC (Electronic Data Capture) systems, such as eCRF (electronic Case Report Forms), eCOA (electronic Clinical Outcome Assessment), ePRO (electronic Patient-Reported Outcome), and tools supporting documentation management, project management, and randomization. Rapidly evolving technologies used in medicine and healthcare, such as wearable devices, mobile applications &devices (mHealth), and the increasingly widespread and comprehensive use of Artificial Intelligence (AI), cannot be ignored.

This brings simplification - data is collected faster, easier to analyze, and the progress of the trial can be continuously monitored. However, with technological progress, a new challenge arises: how to ensure the credibility, integrity, and security of data generated by so many complex systems. In a world where most information is electronic, the key question becomes: is the data on which we base scientific and medical decisions truly reliable?

Data quality in digital clinical trials

Data quality is not only about accuracy and completeness, but also about ensuring that data is acquired, processed, and stored in a controlled, auditable, and regulatory-compliant manner.

In clinical trials, data quality directly impacts patient safety and the credibility of results - therefore, organizations overseeing trials (sponsors, CROs - Contract/Clinical Research Organizations, investigators) must ensure that every IT system used supports data integrity. According to the ALCOA++ principles, data must be attributable, legible, contemporaneous, original, accurate, complete, consistent, enduring, available, and traceable (see also the next article ALCOA++ in Practice - A New Dimension of Data Quality ).

Data security - protecting patients and organizations

Clinical data is highly sensitive - it includes health information, personal data, and sometimes even genetic data. Protecting it is not only a matter of GDPR compliance, but also an ethical and regulatory requirement.

Every IT system used in clinical trials must provide access control, data encryption, user authorization, audit trails, and protection against data loss. Security also means business continuity - ensuring that in the event of a failure, cyberattack, or technical error, data remains intact and recoverable.

Regulations and standards - the foundation of credibility

We don’t need to reinvent the wheel - the industry already has numerous international regulations and guidelines that describe how to ensure the proper quality and security of data and computer systems in clinical trials. The key ones include:

• Regulation (EU) No 536/2014 of the European Parliament and of the Council , governing the conduct of clinical trials in the European Union.
• ICH E6 (R3) GCP (Good Clinical Practice) , describing ethical and scientific standards for conducting clinical trials.
• Guideline on Computerised Systems and Electronic Data in Clinical Trials - guidance on the use of computerized systems and electronic data in clinical trials.
• Annex 11 of the European Commission’s Good Manufacturing Practice (GMP, Volume 4), which specifies the principles for the use of computer systems used in the production, quality control, and distribution of medicinal products.
• 21 CFR Part 11 - Food and Drug Administration (FDA) guidelines on the credibility of electronic records and signatures.
• GAMP 5® (Good Automated Manufacturing Practice) - an international standard for good practices in the automation and validation of computer systems in the pharmaceutical industry and clinical trials.

These guidelines emphasize data integrity and patient safety, translating general principles into a set of practical procedural requirements. These include:

• mandatory validation of computer systems to confirm their compliance with regulatory objectives and requirements,
• clear rules for real-time data collection in accordance with the ALCOA++ principles,
• appropriate user management and access control,
• ensuring data and information security, including protection of patient privacy,
• implementation of risk-based quality management,
• clear definition of responsibilities of all parties for the implemented IT solutions.

In practice, this means that every system used in clinical trials - from EDC/eCRF and eCOA/ePRO platforms, through mobile apps and wearable devices, to AI tools and document or project management systems - must be assessed not only for its functionality but also for compliance with applicable regulations and quality standards.

From the perspective of those responsible for quality and safety (QA), these are tools to ensure that all regulatory criteria are met. This allows sponsors, investigators, and regulators to be confident that the data are credible, reliable, and secure, and that decisions based on them are scientifically and ethically sound.

Responsibility for meeting requirements

Knowing the regulations and principles of data integrity is one thing; ensuring practical compliance is another. According to ICH E6 (R3) GCP guidelines, responsibility for meeting computer system and data integrity requirements is shared but clearly assigned to several roles:

• Sponsor bears primary responsibility for ensuring that all IT systems used are validated and that vendors meet regulatory and quality requirements. The sponsor must ensure that all processes and systems used in the trial generate credible and complete data.
• Investigator is responsible for the proper use of systems at the trial site, ensuring that data entered reflects the actual conduct of the trial and complies with ALCOA++ principles.
• IT vendors / service providers (e.g., CROs) must deliver solutions compliant with GCP requirements, with documented system validation, appropriate quality certifications, and data security processes.

Ultimately, however, regulatory responsibility rests with the sponsor, who must demonstrate to regulatory authorities that all tools and processes in the study meet GCP and other applicable regulatory requirements.

Validation - evidence-based trust

Computer system validation process confirms that a system operates as intended and is secure and reliable. In practice, this involves not only software testing but also documentation proving that implementation, maintenance, and use meet regulatory requirements. Validation is required by all key regulations - from GCP to Annex 11 - and forms the foundation for assessing data quality. An unvalidated system means data that cannot be trusted.

Qualification - trust, but supported by verification

IT systems used in clinical trials are typically provided by external entities, such as CROs or software vendors. Because the sponsor bears ultimate responsibility for approving their use, a crucial element of the quality system is supplier qualification - the formal assessment of whether the supplier and technology meet regulatory and quality requirements. Therefore, the qualification process typically includes reviewing validation documentation, assessing security features, verifying quality certifications, and performing audits.

Summary

The digitalization of clinical trials offers enormous opportunities, but also demands a new approach to quality and data management. Integrity, security, validation, and qualification are the four pillars on which the credibility of digital-era clinical trials stands. With a proper understanding and implementation of regulations, sponsors and investigators can use the potential of modern technologies without compromising what matters most in clinical trials: trust in data and patient safety.