Published on 27/12/2025
Auditing and Validating Source Data from Wearables in Clinical Research
Introduction: The Auditability Challenge with Digital Health Technologies
With the rise of wearable devices in clinical trials, regulatory authorities have increased focus on how these digital health technologies (DHTs) generate, store, and transfer source data. For pharma sponsors and CROs, ensuring auditability and source data validation is essential for GCP compliance, regulatory acceptance, and maintaining data integrity.
This tutorial explores how to build robust data auditing frameworks for wearables—from source data origination to downstream validation and regulatory inspection readiness.
Defining Source Data in the Context of Wearables
According to ICH E6(R2), source data is all information in original records and certified copies necessary for reconstruction and evaluation of the trial. For wearables, this typically includes:
- Raw sensor signals (e.g., heart rate waveform, accelerometer values)
- Timestamps and metadata (e.g., device ID, sync frequency, firmware version)
- Transformed data (e.g., step count, sleep score, SpO₂ trends)
- Derived endpoints (e.g., daily step
Sponsors must clarify what constitutes source vs. derived data and ensure that each is accessible, traceable, and preserved during audits.
Key Regulatory Expectations: EMA, FDA, and ICH
Both the FDA and EMA require that source data from wearables meet audit standards similar to EDC or paper records:
- Attributable: Data must link to specific subjects and devices
- Legible: Clear metadata and timestamps for review
- Contemporaneous: Captured at the time of activity
- Original: Unmodified sensor output must be retrievable
- Accurate: Reflect true physiological or behavioral status
ICH E6(R2) further requires sponsors to maintain direct access to trial-related data, including that captured through digital endpoints.
Building a Source Data Mapping Framework
Sponsors and CROs should maintain a Source Data Mapping Matrix (SDMM) that outlines:
- Each data type (e.g., HR, sleep, temperature)
- Device source (e.g., Withings Scanwatch, Oura Ring)
- Capture method and frequency
- Storage location (local, cloud, EDC)
- Responsible vendor or platform
- Audit trail access and export format
Here’s a dummy SDMM table format:
| Data Type | Device | Source Location | Frequency | Storage | Audit Access |
|---|---|---|---|---|---|
| Heart Rate | Oura Ring | BLE API | Every 5 min | AWS S3 | CSV export |
| Steps | Fitbit Charge 5 | Fitbit Cloud | Hourly | Fitbit API | JSON logs |
Auditing Strategies for Wearable Platforms
Auditing wearable data platforms involves technical, procedural, and documentation-based inspections. Considerations include:
- Audit trail availability: Can all data actions be tracked (creation, edit, deletion)?
- Time synchronization: Are timestamps aligned with trial master clock or EDC?
- Backup and restore: Is wearable data recoverable from previous states?
- User access control: Are data exports role-based and encrypted?
CROs should maintain detailed logs of all access and data queries during monitoring or interim analysis. Refer to PharmaSOP for pre-built audit checklists tailored to DHTs.
Wearable System Validation and Inspection Readiness
Source validation begins with ensuring that wearable systems are fit for their intended use. Validation elements include:
- Functional verification: Do all sensors operate as per specifications?
- Signal fidelity: Do the devices record accurate and reproducible signals?
- Data handling: Are transformations (e.g., step counts) scientifically justified?
- Documentation: Does the vendor provide validation reports, audit trails, and UAT evidence?
Validation reports must be included in regulatory submissions and available during FDA/EMA inspections. For example, FDA’s DHT Guidance (Dec 2023) outlines expectations for wearable technology validation.
Vendor Oversight and Compliance Documentation
Sponsors must ensure that third-party wearable vendors operate under GxP or equivalent quality systems. Best practices include:
- Initial and periodic vendor audits
- Quality agreements defining audit rights and data access
- CAPA tracking from previous audit findings
- SOPs for onboarding, calibration, and device retirement
Maintain a centralized document repository for wearable vendors including SLAs, compliance certificates, and change control records.
Case Study: Audit Findings in a Decentralized Cardiology Trial
A Phase 3 cardiology trial used a wrist-worn DHT for continuous ECG monitoring. During FDA inspection, auditors identified:
- Absence of audit trail export capabilities for ECG data
- No SOP describing how ECG alerts were reviewed or annotated
- Cloud storage location outside FDA-acceptable jurisdiction
- Unclear linkage between device ID and subject ID
These findings led to a clinical hold pending remediation. The sponsor later implemented source validation SOPs, audit trail exports, and revised their vendor agreement.
Best Practices for Audit-Ready Wearable Data Systems
- [ ] Define and document source data elements for each device
- [ ] Maintain a Source Data Mapping Matrix (SDMM)
- [ ] Validate wearable platforms with documented UAT and functional checks
- [ ] Ensure audit trail and version history are accessible
- [ ] Train sites and CROs on wearable audit SOPs
- [ ] Prepare a DHT inspection binder with vendor documentation
Conclusion: Building Trust in Wearable Trial Data
As wearables become an integral part of clinical research, sponsors must go beyond data collection to ensure that all wearable data can withstand regulatory scrutiny. By validating source integrity, maintaining audit trails, and documenting each step of the data lifecycle, pharma companies and CROs can deliver compliant, high-quality outcomes from DHT-enabled trials.