of Health and Family Welfare, governs clinical trials through the New Drugs and Clinical Trials Rules, 2019, in conjunction with the Drugs and Cosmetics Act & Rules.

Global and Indian Expectations

The following regulatory guidelines form the backbone of data integrity compliance:

• ICH E6(R2) – Good Clinical Practice: Reinforces responsibilities for documentation, source data, and oversight.
• CDSCO GCP Guidelines – Align with WHO and ICH, but include India-specific consent and ethics provisions.
• WHO Guidance on Good Data and Record Management (2016) – Emphasizes electronic system controls and ALCOA principles.
• EMA Reflection Paper on GCP Data Integrity – Defines preventive measures and audit readiness.

ALCOA and ALCOA+ Principles in India

All data generated in Indian clinical trials should be:

• Attributable: Who recorded it?
• Legible: Can the data be read and understood?
• Contemporaneous: Recorded at the time of observation.
• Original: The first capture of the information.
• Accurate: Free from errors and inconsistencies.

The extended ALCOA+ adds: Complete, Consistent, Enduring, and Available.

Core Clinical Trial Insights

1. Common Data Integrity Failures at Indian Sites

Several Indian clinical trial sites have been cited by CDSCO and international regulators for recurring data integrity issues:

• Retrospective completion of CRFs and source documents
• Use of correction fluid (whiteners) on trial documents
• Failure to maintain audit trails in electronic systems
• Discrepancies between source data and eCRF entries
• Altered informed consent dates or missing signatures

In 2016, the U.S. FDA issued a warning letter to a leading Indian CRO citing “fabricated subject records,” including false blood sample timings and undocumented vital signs.

2. Roles and Responsibilities

Investigators: Must ensure all trial data are captured accurately, dated, and signed. Delegation logs must be maintained.

Site Staff: Should be trained on GCP and SOPs. All entries must be traceable to specific personnel.

Sponsors: Must implement robust monitoring plans, ensure proper EDC systems are used, and periodically audit source data.

3. Risk-Based Monitoring and Centralized Oversight

Implementing a risk-based monitoring (RBM) framework helps prioritize critical data points and protocol endpoints. In India, RBM adoption is increasing with:

• Remote Source Data Verification (rSDV)
• Trigger-based on-site monitoring
• Statistical monitoring to detect anomalies

4. Source Documentation Requirements

CDSCO mandates that all source data, including handwritten notes, diagnostic reports, and patient visit records, must be preserved in original form. Hospitals using EMRs must ensure access and audit trail capability for clinical trial monitors and regulators.

5. Electronic Systems and Validation

Systems like EDC, IWRS, eConsent platforms must be:

• 21 CFR Part 11 compliant (where applicable)
• Validated with documented SOPs
• Capable of generating audit trails

India’s NDCTR 2019 does not mandate 21 CFR Part 11 directly, but international trials conducted in India often require it for global acceptance.

6. Investigator Site Files and TMF Compliance

Maintaining a complete and up-to-date Trial Master File (TMF) and Investigator Site File (ISF) is a vital aspect of data integrity. This includes logs for monitoring visits, protocol deviations, informed consent versions, SAEs, and correspondence with sponsors/ECs.

7. Staff Training and GCP Refreshers

Periodic training in:

• Data entry protocols
• Handling queries and data corrections
• GCP refreshers with case studies on data fraud

is necessary to build a site culture of quality and accountability.

Best Practices & Preventive Measures

• Use bound logbooks or validated electronic systems to prevent page tampering
• Apply real-time data entry practices and discourage retrospective updates
• Ensure all changes are dated, reasoned, and signed
• Implement SOPs that define acceptable data correction practices
• Use site audits to proactively detect and correct documentation lapses

Scientific & Regulatory Evidence

• ICH E6(R2): Emphasizes risk-based monitoring, data protection, and sponsor oversight
• WHO GCP Handbook (2002): Promotes principles of accuracy, accountability, and traceability
• CDSCO GCP Guidelines (2001): India-specific adaptation of ICH-GCP standards
• U.S. FDA Warning Letters: Case references to support regulatory interpretations

Special Considerations

Multilingual Sites and Translation Errors

Sites with non-English-speaking participants must ensure certified translations of ICFs, diaries, and AE documentation. Translation discrepancies have led to regulatory concerns around patient understanding and informed decision-making.

Decentralized Trials (DCTs) and Data Capture

Mobile app-based ePROs and remote data capture pose challenges in verifying authenticity. Indian sites must validate tools and ensure compliance with Indian IT Act and DPDP Act (Digital Personal Data Protection Act, 2023).

Third-Party Vendors

When outsourcing lab tests, data transcription, or imaging, sponsors must audit vendors for SOPs and data archiving capabilities. Contracts must specify data integrity and traceability responsibilities.

When Sponsors Should Seek Regulatory Advice

• Before implementing new electronic data capture tools at Indian sites
• When transitioning from paper to electronic source documents
• In response to suspected data tampering at a site
• Before training or re-training site staff after inspection findings
• For clarification on acceptable documentation practices under NDCTR

FAQs

1. What are the most common data integrity issues found during inspections?

Backdated entries, overwriting data, missing audit trails, altered CRFs, inconsistent dates, and missing original source documents.

2. Can Indian clinical trial sites use scanned copies as source data?

Yes, but only if the scanned copy is verified as a certified true copy and audit trails are maintained for any digital systems used.

3. Is electronic source data allowed under CDSCO regulations?

Yes, but electronic systems must be validated, secure, and capable of generating audit trails. Access controls must also be enforced.

4. How can a sponsor detect data integrity issues remotely?

By using statistical monitoring, eCRF audit logs, remote SDV, trigger alerts for duplicate entries, and protocol deviation trends.

5. How frequently should site staff be trained on data integrity?

Initial GCP training is mandatory before study initiation. Refreshers are recommended every 6–12 months, or sooner if deviations are identified.

6. What happens if data integrity violations are found during inspection?

Depending on severity, consequences may include site blacklisting, trial suspension, data exclusion from submission, or legal action under CDSCO/Drugs Act provisions.

Conclusion

Maintaining data integrity in Indian clinical research is a shared responsibility between sponsors, CROs, investigators, and site staff. With growing reliance on digital platforms and decentralized elements, regulatory expectations are also evolving. A proactive culture of documentation excellence, audit preparedness, and ethical conduct is essential to ensure that India remains a credible and globally accepted destination for clinical trials.