Rethinking the Need for “Signatures” in EDC Systems

Clinical research shares a number of common requirements and needs for improvement as other industries. One familiar example immediately comes to mind: why do we continue to provide a signature for our credit card transactions? It turns out the answer, in large part, is because that’s the way it’s always been done. This directly translates to the clinical research industry, whose unofficial mantra – particularly surrounding operational processes and tools around clinical data management – has become “we’ve always done it that way.”

The original purpose of providing a signature was to verify the person authorizing or approving a transaction or document was who they purported to be – the user was providing authentication. Similarly, the original purpose of having a clinical trial’s principal investigator (PI) sign a CRF was to signify they were approving the data that was collected on the CRF as being accurate. It is valid to question whether this original purpose is still being fulfilled and, if not, whether there is a better way to achieve that purpose. So much analytical processing is done on the data that is collected in a clinical trial, yet the manner in which it is collected – the process and tools such as electronic data capture systems (EDC) – is never questioned. Why? Refer to the mantra above. We’ve always done it that way.

Physical signatures are nothing more than an image of squiggly lines. Oftentimes, they are not legible and they can easily be forged. It seems they are simply a placeholder, as if to say, “a signature was collected.” The reason physical signatures have nearly become irrelevant is because they are not verified against anything. If someone gives their credit card to a friend and they go to make a purchase, they may simply squiggle something on the receipt and walk out the door with the merchandise. The clerk is not verifying the signature to make sure it’s authentic; the fact that the friend had the card was verification enough.

Many EDC systems still use usernames and passwords for authentication. Some may require an additional pin number for PIs to use when “signing” a case report form (CRF). These are static security mechanisms. In the same manner that someone can give their credit card to a friend, a PI can give their username, password, and even pin number to a site coordinator to sign on their behalf. So, the original purpose of the signature upon document approval is being usurped simply by functioning as a placeholder so that it can be said, “a signature was collected.”

There is a better way to authentically and securely approve the clinical data gathered from CRFs: leverage the technology residing in the mobile devices that have proliferated our society. TrialKit, Clinical Studio’s mobile companion, is a robust app that makes it possible to collect, approve, and review data through on any smartphone or tablet, which allows for a two-step authentication process that is much more secure and harder to “forge” than the traditional username and password paradigm. Two-step authentication combines a username and password (first step) with a dynamic code that is sent to a mobile device or email address (second step) on any  log-in attempt. This code is different for every log-in attempt.

Finally, as an industry, we need to determine if it is valuable for a principal investigator to sign each and every form in a study. The initial purpose of a signature was to convey the importance and weight of their action. However, considering the immense volume of data that constitutes clinical trials, the effective purpose has become no more than a mechanical burden that has to be done. Most EDC systems allow for the batch signing of records now, so there is little to no practical value of getting the PI to “sign” the forms.

With two-step authentication, there is a higher likelihood that the person signed into the system is who they say they are. In turn, this makes it much easier and logically consistent if a PI were to simply approve a CRF, rather than having to “sign” it, and there will be absolutely no loss of data integrity. However, for this to become the standard, industry regulations must first catch up with technology, and the rhetoric must shift from “we’ve never done it that way” to “this is a much better way.”

To learn more about collecting, approving, and reviewing data on your smartphone or tablet, get in touch with us today.