Digitizing Signatures

Why deployment rates are up and what to consider before signing on the dotted line.
Mar 02, 2009

PhotoGraphy: Getty Images Illustration: Paul A. Belci
Digital signatures have finally hit the mainstream in clinical research at a time when fuel prices resemble roller coasters, priority mailing costs are skyrocketing, and companies are emphasizing security and sustainability of IP as a top priority. Talk about good timing!

Eleven years after the first FDA 21CFR Part 11 Electronic Signature/Record final rule and subsequent guidance, and more than three decades after the eventual founders of RSA introduced the concept of Public Key Infrastructure (PKI)-based digital signatures, pharmaceutical and biotech organizations are now reaping the benefits of this technology in the clinical trials space.

  • Several of the largest CROs estimate that adoption of digital signatures in clinical operations can reduce or eliminate more than $500,000 in annual priority mailer costs alone.
  • Almost all of the largest pharma companies have or are deploying digital signatures, with some claiming millions of dollars in operational cost savings. Firms report equally dramatic time/cost savings in regulatory submission and long-term records retention with digitally signed electronic records.
  • SAFE-BioPharma reports that roaming digital ID (digital signatures) are now accepted by the federal entity that provides a trusted electronic link across and into many of the U.S. government's major agencies, including FDA.

Simple and affordable

With newer approaches and technologies available for digital signature implementations, even small to medium sized biopharmaceutical, medical device, and clinical organizations can afford to set up, use, and maintain what was once costly and complex.

From an investment perspective, the cost of digital signature products is as much as 90% lower today than similar technologies were only five years ago. These new solutions are designed to support existing technical infrastructure, policies, and procedures, resulting in minimal disruption during deployment.

With these advances, it is quite common for digital signature deployments to be put into practice in a matter of days, even hours. Due to improved product packaging and implementation strategies provided by vendors, digital signatures now require only minimal validation to further streamline the process.

Across the clinical landscape

Digital signatures have been broadly deployed in thousands of Good Quality Practice (GxP) regulated applications, but Good Clinical Practice (GCP) operations seem to be at the forefront of adopting digital signatures for clinical documentation management and exchange.

CROs, in particular, are benefiting from digitally signing site documents such as monitoring trip reports and other documents where speed is of the essence for submission to study sponsors. Previously, the only solution for paper-based records was to use priority mail to expedite delivery. Today, self-contained portable and sustainable electronic records are signed and secured enabling trial sponsors, CROs, investigators, IRBs, and regulators to approve, exchange, and trust records over long retention periods.

Organizations hosting applications, such as a shared Clinical Trial Management System (CTMS) for diverse clinical ecosystems, are also quickly adopting digital signatures. One CRO currently hosts a CTMS for 6000 external collaboration partners—investigators, IRBs, and sponsors—to access and sign regulatory documents for ongoing studies. Other Application Service Providers (ASP) host a CTMS as a paid service, enabling clients to leverage digital signatures for secure clinical documents exchange.

Benefits of Digital Signatures
One of the more important uses of digital signatures by organizations deals with SOPs and controlled documents that may be called into evidence to support an audit.

Historically, the creation of electronic source documents had been achieved through the use of electronic document management (EDM) systems. This approach creates electronic records that become proprietary in nature and exclusively tied to the database and repository of the EDM system vendor. This means that source documents cannot be extracted from the system and exchanged and trusted externally, locking organizations into never-ending legacy systems to support. Subsequently, this approach fails to facilitate another emerging trend: electronic submissions to regulatory authorities.

Electronic records created using digital signatures can be verified for the signer's identity and intent, and provide proof of data integrity independent of the system that was used to create them.

Because both PDF (ISO standard 19005-1 PDF/A archive) and PKI digital signatures (standards governed by U.S. and EU governments and independent bodies) are standards based, electronic records can be retained for decades. Organizations can have full confidence that the documents will be both human readable and verifiable, even if the vendor or organization that created the digitally signed PDFs is no longer in business.

Since digital signatures can also be used to sign and secure data as well as documents, it is important to note that the Clinical Data Interchange Standards Consortium (CDISC) has also announced support for digital signatures to support interoperability and trust of data exchanges between research and health care systems.

Furthermore, with today's workflows and approvals often spanning across organizations (and EDM technologies), the only way to create signed electronic source documents is with digital signatures.

lorem ipsum