This month, the European Medicines Agency released their final guideline on computerised systems and electronic data in clinical trials, highlighting the relationship between system providers, system owners, computerised systems and their electronic data.

The guideline covers computerised systems used for collecting and managing electronic clinical data, participant protection, data reliability and, following a risk proportionate approach, includes various systems and scenarios such as electronic medical records, data entry tools and AI, among others. Compliance with legislation and quality management practices is emphasised as essential when using computerised systems in clinical trials and it is advised that additional requirements may apply depending on the technology used. Legal and regulatory requirements within the document refer to Regulation (EU) No 536/2014, Directive 2001/20/EC, Directive 2005/28/EC, and ICH Guideline for Good Clinical Practice E6 R2.

Throughout the guidelines, ALCOA++ principles are outlined with a clear viewpoint that adherence and appropriate quality and risk management systems are vital for data integrity. Data governance is pertained to addressing ownership, responsibility, and compliance with integrity principles and it is also stipulated that roles and responsibilities should be clearly defined for investigators, institutions, sponsors, and service providers. Relevant computerised systems are required to be easily accessible with a unique identification method, and direct access to data should be provided in a timely manner if a system is decommissioned. So, as expected, we can see that the document covers the entire life cycle of electronic data and the computerised systems involved in its management.

ALCOA++ principles play a key role in the effectiveness of data integrity, requiring data to be Attributable, Legible, Contemporaneous, Original, Accurate, Complete, Consistent, Enduring, Available when needed, and Traceable. The ICH E6 (R2) GCP guideline recommends a risk-based approach to implementing a quality management system for clinical trials, with particular attention paid to risks relating to data integrity, in proportion to the to the significance of the risks involved. Special risks relating to transfer or delegation of activities should be taken into account, and the relevance of the system to participant safety and well-being should also be considered.

Through variables such as field values and reasons for changes, Metadata can provide context, resulting in meaningful electronic data. As data may be captured from various sources, the processes involved must be clearly defined and should be recorded within the trial protocol. More specifically, tools designed to capture necessary information are given clear guidance, such as to not prepopulate or automatically fill fields (unless the fields are non-editable and are derived from entered data) or that electronic signatures must meet authentication, non-repudiation, unbreakable link, and timestamp expectations. Adherence to data confidentiality rules and computerised system validation are defined to ensure accuracy, reliability, and consistent performance.

For clinical trials, computerised systems require security and access control features such as restricted access to authorised individuals, accurate capture of unmodifiable date and timestamp information and maintained blinding functionality, to name a few. Systems and databases must be assessed for fitness, operational responsibility, and documented procedures should be in place for their proper use and maintenance. Additionally, personnel must receive tailored training, and associated records kept for auditing purposes. It is established that records and documentation for electronic data must be identifiable and accessible to investigators and auditors while maintaining confidentiality.

It is advised that data capture is prompt and aims to collect all necessary information according to the protocol. Risk-based strategies should be employed for transcribed data from paper to electronic systems to ensure accuracy, whilst data collected externally and transferred through open networks must be protected and encrypted. Direct data capture can be performed using electronic devices and applications, automated devices, or wearables, however it is paramount that audit trail review procedures for such forms of data collection are established and documented. System owners are responsible for data quality and integrity so data generated during a trial must be available to them at all times, and relevant contractual agreements should state levels of control.

Computerised systems must validate both manual and automatic data inputs according to predefined criteria that is clearly evidenced via controlled documentation and it is important that edit checks are developed, validated, and implemented using traceable approaches that do not cause bias. The guidelines stipulate that it is the duty of the responsible party to ensure that Cloud solutions are qualified and contractual obligations detailed to include regular backups, replicated servers, disaster mitigation, and recovery plans to prevent data loss. Data accessibility checks, contingency agreements and procedures should be carried out to prevent data loss as well as to ensure patient safety.

Audit trails are required to include all changes made to data, with details on what, when, and why the changes were made. Such information must be stored in a visible and human-readable format within the system, according to the appropriate access privileges for personnel, but note that information that could jeopardise blinding should not be displayed. It is necessary that responsible parties can comprehend the audit trail and that changes are to be justifiable, documented, and a key part of validation procedures. Additionally, Metadata could also include access and event logs, and query reviews.

Data migration involves moving existing data and metadata from one system to another, so it requires careful validation and risk analysis. The verification of migrated data needs to be documented to ensure traceability, and the audit trail must remain connected to data and contextual information. It’s imperative that agreements are established prior to deployment to link data and metadata, especially when multiple parties are involved to avoid delays and to establish and mitigate potential project risks.

For data archiving, a suitable inventory and archiving system must be maintained for the established regulatory period, and retention periods for all essential documents, including metadata should be respected. Security controls, validated transfers, and availability to authorised individuals should also be taken into account as well as factors such as future marketing authorisation needs. When archiving a copy of the database(s) and its data, procedures must be in place to allow for restoration (dynamic data files can be used if recommissioning is not possible). It is crucial that these requirements are outlined in contractual arrangements with service providers before such activities take place.

To summarise, the EMA Guideline on computerised systems and electronic data in clinical trials provides detailed guidance for collecting and managing electronic clinical data in a way that ensures participant protection and data reliability. Adherence to ALCOA++ principles, appropriate quality and risk management systems, and compliance with legal and regulatory requirements are essential for data integrity. Compliance with these guidelines and best practices is critical to ensure the accuracy, reliability, and consistent performance of computerised systems while maintaining the confidentiality and privacy of participant data.

Such guidance should be known by all responsible parties, CRO's and software providers alike particularly now that compliance is as important as ever with more regular audits that are increasingly and appropriately scrutable.

Experience and longstanding adherence is one of TARA PV's specialities - to discover how, view our white paper or head to our Homepage to download our datasheet.

Download a copy of EMA's guideline here.