Aubrey Llanes, Product Director, eCOA

Data Integrity safeguards across clinical trials are more critical than ever, but don’t just take our word for it. Read what FDA and MHRA recently said about it.  Both agencies continue to stress the criticality of data integrity in clinical trials. At YPrime, we do too. Read our blog series for insights into data integrity impacts from eClinical technologies with a focus on IRT and eCOA. We discuss common risks and effective preventive actions that can be put in place on the IT infrastructure, platform and study level.

Risk Management in the Digital Age

Regulators across the globe are urging industry to strengthen their data integrity practices. Good risk mitigation and management is essential to data integrity, as many points of risk exist throughout the data lifecycle of a clinical trial. From the capture of endpoint data through data recording, storage, transfer and reporting, eClinical systems introduce risk to data integrity that must be managed by documenting eClinical data processes and by making them transparent and traceable through audit trails.

Risk management begins by asking three basic questions:

  • What might go wrong?
  • What is the likelihood that it will go wrong?
  • What are the consequences if it does go wrong?

The best way to make sure things don’t go wrong is to anticipate these problems before you build your eClinical system and put plans in place to solve them. Your system can help manage risk when the design incorporates tools that indicate risk for each function and how those risks can impact patient safety and data integrity.

While fundamental tried-and-true components will always include robust training, quality systems and 24/7/365 user support, others are more fluid and require frequent evaluation and modification, as the digital age paradigm continually shifts, and eCOA continues to evolve. For an introduction to the fundamentals, read our white paper series on Complying with ICH E6(R2). This blog addresses additional considerations that go hand in hand with the increased reliance on eSource data, and the electronic systems that clinical trials feed into and pull from continue to expand.  And, perhaps most important, key considerations when eCOA data are increasingly used to support key endpoints.

In developing a risk management plan, critically important considerations include:

  • Data transparency and audit trails
  • Web backup solutions
  • Cybersecurity
  • Compliance Strategies
  • Data standardization
  • Data Integrity Plans

Data transparency and audit trails. Transparency is the root of data integrity assessments, and is best demonstrated with a chain of custody from data origination to analysis. Audit trails should clearly document who touched the data, and in the case of data changes, who authorized them and implemented them. Data integrity continues to be a major theme across inspection results, especially with the Medicines and Healthcare products Regulatory Agency’s (MHRA) annual metrics reports. In many cases, changes arising from data clarification forms (DCFs) are not supported with proper source data, and documentation is notably absent.

Audit trails are often presented in a cumbersome format that is not easily reviewed by inspectors. The volume of data points and associated metadata often results in a non-linear data dump that can make it hard for an end user to understand. The provision of audit trail summaries in a human-readable format with chronological activity while a study is ongoing is a must-have for today’s eCOA features.

Web Backup: Electronic data collection devices are susceptible to the same vulnerabilities as any consumer electronic device, including malfunctions, damage to the device, loss of the device, and connectivity issues. Although well-documented as rare occurrences, trial data can be incomplete or missing entirely when devices fail. When a patient has a technical issue with an electronic device, clinical trial sites often default to manual, paper-based diaries because they may seem to be the most efficient solution in a crunch.

If your eCOA solutions employs the use of paper backup, you’re introducing multiple forms of risk through manual data entry. It’s well established that patient compliance with paper diary completion is abysmal and results in compromised data quality. In addition, regulators may require trial sponsors to demonstrate the measurement equivalence of the paper data and data captured electronically, depending on the trial phase, the endpoints being supported by those data, and the ratio of data collected with paper backup versus the original electronic mode.

As a contingency plan to avoid or minimize missing data, patients and sites should have access to a backup electronic data collection system to record their data until the original device is replaced. A web-based backup is a viable solution, and if designed to replicate, or emulate, the interface of the original data collection device, e.g., handheld device, the need for demonstration of measurement equivalence between the two may be minimized. Backup data collection plans created in parallel with the primary means of electronic data collection during the design of the trial allows a seamless and immediate transition to the backup system.

Cybersecurity is an unseen, but mission-critical consideration for eCOA risk management, and a topic of upcoming blogs covering system architecture and devices.  Cybersecurity for eCOA platforms and devices invites throngs of subtopics and related best practices, from software development approaches, branching and encryption, to data syncing, device rooting and security update frequency.

Enhanced compliance: One of the central challenges of any study involving patient diaries is maintaining compliance. There’s the question of when to act when gaps are evident – right after the first missed entry, or the second or third? Then there’s the question of whose job it is to monitor compliance. The CRO? CRA? Site staff? eCOA features such as customizable alerts and reminders go a long way in ensuring data completion.  Tools such as email alerts and reports give study personnel what they need to stay apprised of patient compliance. However, these tools don’t help if no one looks at the data or follows up on flagged issues. And some high-priority studies require more personalized attention, beyond your over-tasked clinical operations team. When you need a reliable solution for pivotal studies that can’t afford any missed data, more sophisticated data monitoring techniques may be needed, typically a combination of automation and clinical expertise to ensure eCOA data collection compliance. Using specific compliance thresholds and parameters, eClinical analysts can raise questions to sites or CRAs before compliance issues warrant rescue actions or compromise your study’s data integrity. In addition, data mining can quickly identify gaps, trends and anomalies. It’s especially powerful when multiple sources of data are combined.

Data integrity plans  

Rising complexity and increased reliance on technology in clinical trials demand more rigor and control over data flows through the clinical research ecosystem. It’s not enough to have robust QA systems in place. Regulatory-minded organizations will also have data integrity plans in place, which typically consists of mix of systems, processes and scheduled review cycles to ensure potential risks are addressed before they escalate into liabilities. The days of post-study data review are over.

In the design of eClinical systems, the hallmarks of regulation-compliant risk mitigation are transparency, traceability, and documentation. eClinical providers should partner with sponsors early on to implement this new, proactive mindset. Risk management should always be an integral part of eClinical system design.



Data integrity is a big topic. That’s why we’ve tapped subject matter experts to help distill critically important considerations into a blog series. Stay tuned for bi-weekly updates, as we discuss device security, enhanced compliance, data standardization and data integrity plans in more detail.