Eleven years after the first FDA 21CFR Part 11 Electronic Signature/Record final rule and subsequent guidance, and more than three decades after the eventual founders of RSA introduced the concept of Public Key Infrastructure (PKI)-based digital signatures, pharmaceutical and biotech organizations are now reaping the benefits of this technology in the clinical trials space.
Simple and affordableWith newer approaches and technologies available for digital signature implementations, even small to medium sized biopharmaceutical, medical device, and clinical organizations can afford to set up, use, and maintain what was once costly and complex.
From an investment perspective, the cost of digital signature products is as much as 90% lower today than similar technologies were only five years ago. These new solutions are designed to support existing technical infrastructure, policies, and procedures, resulting in minimal disruption during deployment.
Across the clinical landscape
Digital signatures have been broadly deployed in thousands of Good Quality Practice (GxP) regulated applications, but Good Clinical Practice (GCP) operations seem to be at the forefront of adopting digital signatures for clinical documentation management and exchange.
CROs, in particular, are benefiting from digitally signing site documents such as monitoring trip reports and other documents where speed is of the essence for submission to study sponsors. Previously, the only solution for paper-based records was to use priority mail to expedite delivery. Today, self-contained portable and sustainable electronic records are signed and secured enabling trial sponsors, CROs, investigators, IRBs, and regulators to approve, exchange, and trust records over long retention periods.
Organizations hosting applications, such as a shared Clinical Trial Management System (CTMS) for diverse clinical ecosystems, are also quickly adopting digital signatures. One CRO currently hosts a CTMS for 6000 external collaboration partners—investigators, IRBs, and sponsors—to access and sign regulatory documents for ongoing studies. Other Application Service Providers (ASP) host a CTMS as a paid service, enabling clients to leverage digital signatures for secure clinical documents exchange.
Historically, the creation of electronic source documents had been achieved through the use of electronic document management (EDM) systems. This approach creates electronic records that become proprietary in nature and exclusively tied to the database and repository of the EDM system vendor. This means that source documents cannot be extracted from the system and exchanged and trusted externally, locking organizations into never-ending legacy systems to support. Subsequently, this approach fails to facilitate another emerging trend: electronic submissions to regulatory authorities.
Electronic records created using digital signatures can be verified for the signer's identity and intent, and provide proof of data integrity independent of the system that was used to create them.
Because both PDF (ISO standard 19005-1 PDF/A archive) and PKI digital signatures (standards governed by U.S. and EU governments and independent bodies) are standards based, electronic records can be retained for decades. Organizations can have full confidence that the documents will be both human readable and verifiable, even if the vendor or organization that created the digitally signed PDFs is no longer in business.
Since digital signatures can also be used to sign and secure data as well as documents, it is important to note that the Clinical Data Interchange Standards Consortium (CDISC) has also announced support for digital signatures to support interoperability and trust of data exchanges between research and health care systems.
Furthermore, with today's workflows and approvals often spanning across organizations (and EDM technologies), the only way to create signed electronic source documents is with digital signatures.