Embracing Digital Transformation: Electronic Signatures in Clinical Research

Arzneimittel Nutzenbewertung

By Dr. rer. nat. Barbara Schulz

Digitalisation is profoundly reshaping professional landscapes, and clinical research—a field historically reliant on manually recorded paper documents—is no exception. Paper documents are rapidly being replaced by electronic alternatives, simplifying many aspects of our work. However, ensuring the validity and security of these digital records is paramount, especially when it comes to electronically signed documents in clinical research.

Types of Electronic Signatures

A critical aspect of electronic documentation is the method of signing. In European countries, electronic signatures are governed by the eIDAS regulation. There are three types of electronic signatures (1, 2):

  1. Simple Electronic Signature (SES):
    A basic form of signature linked to electronic data. The signer is not easily identifiable, and another person could use the signature. Moreover, the electronic data associated with this signature is not protected against subsequent changes.
    Example: A scanned image of a handwritten signature pasted into a document.
  2. Advanced Electronic Signature (AES):
    This type of signature is uniquely linked to the signer and capable of identifying them. It “is created using electronic signature creation data the signatory can, with a high level of confidence, use under his control” (2). Any alteration to the signed data invalidates the signature.
    Example: Digital signatures using cryptographic keys.
  3. Qualified Electronic Signature (QES):
    This signature meets all the criteria of AES, with additional certification from a Qualified Trust Service Provider (QTSP) (3). QTSPs are recognised across EU countries and ensure the signer’s identity through processes such as video identification or in-person verification. The list of QTSPs is published by the EU.

Regulatory Requirements in Germany and Switzerland

In Germany, the use of electronic signatures is outlined in §§ 126, 126a, and 126b of the Bürgerliches Gesetzbuch (BGB). While some documents cannot be signed electronically, a QES can substitute for a manual signature where written form is required unless explicitly excluded. Contracts requiring text form can be signed using an AES.

Switzerland follows similar regulations to the EU, with the document type determining the signature form required. However, Switzerland does not yet recognise European QTSPs (4). Instead, providers of qualified electronic signatures must be accredited by the Swiss Accreditation Service (SAS).

Electronic Signatures in Clinical Research

In clinical research, adherence to general regulations is essential, along with specific rules set by relevant authorities. The European Medicines Agency (EMA) has published guidelines on computerised systems and electronic data, which stipulate (5):

  • Signers must be authenticated.
  • Signatures must include a timestamp and withstand repudiation.
  • There must be an unbreakable link between the electronic record and the signature.

These EMA requirements closely mirror those defined by the FDA in 21 CFR Part 11 (6), which specifies:

  • Signatures must display the signer’s printed name, date, and time of signature.
  • The reason for the signature must be documented (e.g., authorship, review).
  • There must be a secure link between electronic records and the signature, ensuring it cannot be altered, copied, or removed.
  • A signature must be attributable to a single individual, and the signer must verify their identity (usually by identification code and password).

In everyday clinical research, an AES is generally sufficient. Most service providers integrate 21 CFR Part 11-compliant versions, which are considered state-of-the-art for nearly all clinical research documents. However, a notable exception is the process of obtaining informed consent. The ICH-GCP guideline mandates that informed consent be obtained “by means of a written, signed, and dated informed consent form” (7). In Germany, this may necessitate a QES for electronic informed consent. The Austrian authority BASG explicitly states that only QES is accepted for obtaining informed consent (8).

Implementation of Electronic Signatures in Clinical Research

Providers of systems used in clinical research, such as electronic case report forms (eCRF) or document management systems (DMS), have long implemented 21 CFR Part 11-compliant signatures. Persons working in clinical research are used to state their role (author, reviewer, approver) when signing off a document in a DMS. Clinical investigators are usually well trained to provide a reason for any changes in the eCRF, while audit trails track changes, signature dates, and breaks in signatures.

However, attention must be paid when integrating external electronic signature applications, which serve various businesses. These providers may account for regulations regarding advanced and qualified signatures, but 21 CFR Part 11 compliance might not be their focus. Before such applications are integrated into clinical research, 21 CFR Part 11 compliance must be confirmed.

In European countries, compliance with the General Data Protection Regulation (GDPR, 9) is also crucial when choosing the suitable electronic signature solution. Many electronic signature providers use sharepoints to manage documents. Before selecting a provider, it is important to check whether the GDPR is applicable to the provider and its sharepoint location, and whether GDPR requirements are met. An important aspect of GDPR is, e.g., data minimisation, ensuring that personal data processing is “adequate, relevant, and limited to what is necessary” (9) for the stated purpose.

Alternative methods of signing include the use of signature cards (1), which require a certified card reader. These cards contain the cryptographic key necessary to produce a QES, but they are often impractical in clinical research due to the need for prior preparation and the inability to provide spontaneous signatures. This is especially cumbersome, when dealing with various external partners with different backgrounds.

Implementation of eConsent

Obtaining informed consent in clinical research is a particularly complex challenge. The process consists of several steps, many of which can be digitized (10). One approach for taking the final patient signature for informed consent is the use of biometric signatures, or “Signing on Glass”, where manual signatures are captured on electronic devices. Patient identification is performed by the site, similar to manual signatures (1, 10).

As mentioned above, in Germany and Austria, QES is required for informed consent signatures, necessitating a time-consuming identification process. Public electronic identification systems, such as Germany’s “Personalausweis mit Online-Funktion” or the EU eWallet, are expected to simplify this process in the future (1).

The FDA has stated in its FAQ that while the method of electronic signature for informed consent is flexible, it must comply with 21 CFR Part 11 (11).

Advantages of Electronic Signatures and Further Considerations

Electronic signatures offer numerous benefits, including faster, user-friendly processes and secure digital archives. They also make signature falsification more difficult, with AES providing a more secure option for validation.

However, acceptance of electronic signatures can vary by demographic, particularly among older users who may struggle with computer applications. In clinical research, reluctance may be encountered both from study site teams and study participants.

It is also important to note that electronic documents are considered original only in their digital form, with all associated metadata. Printed versions, even if accompanied by a certificate, are not regarded as valid originals. This can complicate hybrid setups that combine paper and electronic documents.

Another challenge is ensuring compatibility between electronic systems. Valid electronic signatures must be produced within one system or provider, as the process may not be supported when switching systems. Additionally, not every electronic document management system will accept all forms of electronic signatures. Ensuring compatibility between DMS and electronic signature systems is particularly critical in clinical research.

Legal retention obligations pose further challenges, as the validity of electronic signature certificates may not align with retention requirements (1), especially in clinical research.

In Summary

The transition to electronic signatures offers many advantages in clinical research, but careful attention must be given to regulatory requirements and potential challenges to ensure a seamless and secure adoption.

Sources:

[1] Jürgen Seeger, “Elektronische Unterschrift – Grundlagen, Tools, Anbieter,” iX – Magazin für professionelle Informationstechnik 6/2023, p. 86 (https://www.heise.de/select/ix/2023/6/2229313570103918321)

[2] Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2014.257.01.0073.01.ENG)

[3] eIDAS Qualified Trust Service Providers

[4] BAKOM – Federal Office of Communications

[5] EMA Guideline on Computerised Systems and Electronic Data (EMA/INS/GCP/112288/2023) (https://www.ema.europa.eu/en/documents/regulatory-procedural-guideline/guideline-computerised-systems-and-electronic-data-clinical-trials_en.pdf)

[6] FDA 21 CFR Part 11 (https://www.ecfr.gov/current/title-21/chapter-I/subchapter-A/part-11)

[7] Guideline for Good Clinical Practice E6(R2) EMA/CHMP/ICH/135/1995 (https://www.ema.europa.eu/en/ich-e6-r2-good-clinical-practice-scientific-guideline)

[8] BASG Regulatory Requirements

[9] General Data Protection Regulation (https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679)

[10] Elektronische Rekrutierung, Patientenaufklärung und Patienteneinwilligung BfArM im Dialog zu DCTs | 26. Mai 2021 | Dr. Andree Beckerling (Clariness) und Dr. Thorsten Ruppert (vfa) (https://www.bfarm.de/SharedDocs/Downloads/DE/Service/Termine-und-Veranstaltungen/dialogveranstaltungen/dialog_2021/210526/10_Beckerling_Ruppert.pdf?__blob=publicationFile

[11] FDA Use of Electronic Informed Consent Questions and Answers (https://www.fda.gov/media/116850/download)

Follow us on LinkedIn

Picture: @ H_Ko/AdobeStock.com 

 

Get the latest articles as soon as they are published: for practitioners in clinical research

 

  • Read about ideas & tools for effective clinical research

  • Follow today’s topics in clinical research

  • Knowledge base: study design, study management, digitalization & data management, biostatistics, safety

  • It’s free! Sign up now!

Anmeldeformular Newsletter / Clever Reach / EN