The U.S. Food and Drug Administration (FDA) has released a draft guidance on handling electronic source data[1] in clinical investigations, providing industry with practical tips on designing controls to ensure the reliability, quality and integrity of such data.  In doing so, the FDA has proposed additional requirements for sponsors, investigators and study staff, which may entail changes to clinical trial processes and procedures.


In recent years, the FDA has focused on the use of electronic case report forms (eCRF)[2] to allow for real-time data collection and early validation checks during and after the data capture process.  As technology improves, data elements of the eCRF increasingly are derived from electronic data sources.  As use of eCRFs and electronic source data has taken hold, other questions have arisen related to capture, traceability, sources, access and management of data.  The draft guidance, released November 20, 2012, addresses many of those questions.  Industry can provide feedback by submitting comments to the FDA at no later than January 22, 2013.

Highlights of the Draft Guidance

  1. Additional Steps for Study Document Development Phase

Under the draft guidance, study sponsors have additional obligations when using an eCRF, during the study document development phase.  First, sponsors must ensure that the data management plan incorporates a description of the computerized systems that will be used during the clinical investigation. Such description must detail the security measures that will be employed and the anticipated flow of the electronic data, including any intervening processing of the data that occurs before such data are transmitted to the eCRF.  Additionally, sponsors are urged to be proactive by implementing measures to detect and address data integrity issues that occur during this phase.  Such measures, which could include electronic prompts, flags, and data quality checks in the eCRF, must be incorporated in the data management plan.  In addition, in cases where the study is blinded, masked data elements essential to the blinding process and captured in the eCRF must be listed in the data management plan.[3]

With regard to the study protocol, the draft guidance requires the study sponsor to co-develop with the investigator for each site a list of “authorized data originators.”  Authorized data originators may include the person, system, device or instrument from which each data element in the case report form is captured.  Examples of possible data originators include:

  • Investigators
  • Clinical investigation site staff
  • Clinical investigation subjects
  • Consulting services (e.g., a radiologist reporting on a computed tomography (CT) scan)
  • Medical devices (e.g., electrocardiograph (ECG) machine and other medical instruments such as a blood pressure machine)
  • Electronic health records (EHR)
  • Automated laboratory reporting systems
  • Barcode readers (e.g., that are used to record medications or devices).

The authorized data originator list should include the user name of the person, system, device or instrument, or, in the case of a study subject, a unique identifier, as well as the period of time in which the data originator is authorized to capture data under the protocol.  The sponsor and investigator should develop a mechanism to maintain and update the list to reflect staff changes that occur at the site during the investigation. 

Persons serving as authorized data originators may rely on log-on codes or passwords to obtain access to the eCRF, and such codes and passwords must be in compliance with the requirements of 21 CFR part 11.  If electronic thumbprints or other biometric identifiers are used in lieu of log-on codes or passwords, they should be designed to ensure that they cannot be used by anyone other than the authorized data user.

The protocol also should describe interim analyses conducted by authorized third parties (e.g., sponsor, CRO, data safety monitoring board or others) to verify the accuracy and integrity of data elements in the eCRF prior to submission of the eCRF to the sponsor and FDA.

  1. Tracking Data Origination in the eCRF

As noted above, each data element that is incorporated into the eCRF must be captured by an authorized data originator.  Pursuant to the draft guidance, the authorized data originator enters the data element in one of two ways:  by manually entering it into the eCRF, or by automatic electronic transmission. 

The draft guidance distinguishes data that are manually entered into the eCRF from data that are electronically transmitted from one electronic source to the eCRF.  Under the draft guidance, if the data element is manually entered by a data originator and is derived from paper records, such paper record is considered the source document.  In contrast, if, for instance, an investigator (an authorized data originator) electronically enters a blood pressure reading acquired during a clinical study visit and also manually enters a value collected during that study visit, the eCRF is considered the source data.  Additionally, if a medical device, such as a glucometer, captures a reading and transmits the measurement directly to the eCRF, then the medical device is the authorized data originator as well as the source data.  However, if the device transmits directly to an EHR, which then transmits to the eCRF, the EHR is considered the source data.  Other issues may arise on account of the requirement that investigative sites must allow the FDA and others access to the source data.

  1. Metadata Tags

All data elements captured in the eCRF are required to have computer-generated metadata tags that contain the following:

  • Identification of the authorized data originator of the data element
  • Date and time that the data element was entered into the eCRF
  • Unique identification code of the study subject to which the data element belongs

The purposes of these metadata tags are to allow FDA and other authorized parties to examine the audit trail[4] of the data and to allow FDA to reconstruct the trial data if needed.  The metadata tags need not be readily visible, although the eCRF system must have the functionality to allow for viewing the metadata tags.

  1. Data Entry Quality Checks, Modifications and Corrections

Data quality checks must be performed during data entry.  To comply with the draft guidance, eCRF software applications must incorporate the use of electronic prompts, flags and other data quality check mechanisms to minimize errors and omissions during data entry into the eCRF.  Inaccuracies or omissions may be corrected; however, modified data elements should be assigned new metadata tags reflecting the date, time and the authorized data originator of the change.  These new modifications to the eCRF should not obscure prior entries, and a description field should be included to allow documentation of the rationale for the change to the original record.

  1. Investigator Review/Modifications

Under FDA regulations, investigators are required to maintain adequate case histories, and therefore investigators are obligated to review and approve data—even in electronic format—by electronically signing the eCRF for each subject before the data are archived or submitted to the FDA.[5]  Sites and investigators should implement a process that includes the following:

  • Periodic review and electronic signing of the eCRF by the investigator during the conduct of the clinical investigation, for inclusion in the audit trail.
  • Indicating when the investigator sign-off was performed (date and time) and by whom through the use of computer-generated metadata tags that are included in the portions of the eCRF that have been signed by the investigator.
  • Reflecting in the metadata the investigator as both the authorized data originator and the person responsible for sign-off (when the investigator is responsible for both entering data elements (as the authorized data originator) and for signing the eCRF).

If an investigator identifies errors or omissions during the data review, revised data elements may be entered by the investigator or by the authorized data user.  Such modified data elements must have new metadata tags that comply with the requirements discussed in Section III above.  Any changes made to a previously signed eCRF should be re-reviewed by the investigator.

The draft guidance allows the investigator to delegate reviewing the accuracy of certain data elements to other authorized research staff, but such staff must have their own log-on code or password, and the individual on the research staff to whom this obligation has been delegated should be captured in the investigative site delegation log. 

  1. Investigator Records

The investigator must maintain control of the eCRF and make it available to the FDA upon inspection.  The investigator and site also must provide the FDA and other authorized persons access to applicable source data, regardless of whether the source data is in electronic or paper format.

  1. Data Access

Sponsors, contract research organizations, data safety monitoring boards, and other authorized personnel can view the data elements in the eCRF before the investigator has executed an electronic signature.  In fact, the draft guidance encourages this type of pre-approval access and interim analyses to allow for early detection of study-related problems.  Additionally, as stated above, investigators are required to make available source data to FDA and other authorized persons.  To assure compliance, investigators need to be cognizant of what data qualifies as source data.


While the draft guidance does not present significant departures from FDA’s previously-stated positions on the use of electronic data in clinical investigations, it articulates a number of key points that may impact industry as use of eCRS becomes more prevalent:

  1. Under the draft guidance, the Sponsor has an obligation to document in the data management plan its use of electronic data flows, authorized data originators, and security and quality checks. 
  2. The draft guidance requires investigators to ensure that only authorized data originators input or transmit data.
  3. Investigators, research staff, and sites need to be able to identify "source data" as defined in the draft guidance, to ensure its availability during FDA inspections.
  4. Software solutions that support eCRFs will need to incorporate quality checks and mechanisms and metadata tag capabilities to be in compliance with this draft guidance.