Qualified Electronic Signature

What is an electronic signature in clinical trials?

An electronic signature, or ‘e-signature’, is a type of digital signoff that can be used to enter into contracts and other legal agreements. In the context of clinical trials, electronic signatures are often used to confirm patient informed consent to participate in a trial. E-signatures provide a secure way for participants and sponsors to formally and legally agree with the contents of important documentation digitally.

Since the parties are not physically present for providing a handwritten signature, electronic signatures must meet certain requirements in order for them to be legally valid. They must be secure and provide proof that the signee is truly who they say they are and has understood what they are signing off on.

electronic signatures

EU eIDAS regulation

The European Union (EU) has implemented its own set of rules on electronic signatures, known as the EU electronic Identification Authentication & Signature (eIDAS) regulation. This regulation outlines how an electronically signed record should be validated, and defines three distinct types of signatures – basic, advanced, and qualified electronic signatures. Of these, qualified electronic signatures, or QES, offer the highest level of security.

Types of electronic signatures: Basic, advanced & qualified

The three main types of electronic signatures are basic electronic signature, advanced electronic signature (AdES), and qualified electronic signature (QES).

Basic electronic signatures provide minimal proof that the signature is genuine and linked to its signee, as they don’t involve any additional verification process. An example of a basic e-signature could include typing one’s name into an online form or adding a scanned copy of a handwritten signature beside an agreement.

Advanced e-signatures, or AdES, require more than a simple typed or scanned signature; the signee must also have taken certain steps that demonstrate their clear intention to approve an agreement with their signature, such as using two-factor authentication or a biometric verification method like fingerprint technologies, before signing off on documents. An AdES must consist of certain features:[1]

  • Ability to identify and link the unique signatory to the electronic signature
  • Signatory must solely control the keys used to create the e-signature
  • Ability to recognize if the data has been tampered after signing, and invalidate the signature if data has been altered

Finally, qualified e-signatures (QES) are certified electronic signatures with the highest level of security and truthfulness amongst e-signatures. We will explore features and requirements of a qualified electronic signature in the next section.

Qualified electronic signature / Qualified e-signature (QES)

A qualified electronic signature is essentially an advanced electronic signature enhanced by a qualified certificate that reliably identifies the signatory. A qualified electronic signature is legally equivalent to a handwritten signature, and is even considered to have a greater level of legitimacy.[2]

Qualified electronic signatures require the use of a qualified certificate created through a secure signature creation device (SSCD) or qualified signature creation device (QSCD), which is a hardware or software component that generates and stores the cryptographic keys necessary for creating the signature. The SSCD/QSCD ensures the integrity and confidentiality of the signature creation process.

In order for a QES to be considered legally binding and valid, it must have been created using specifically designed software and hardware, by a qualified trust services provider (QTSP).[1] This ensures that when QES are used in professional settings, such as clinical trial contexts, they support enhanced trust among partners while also providing protection against potential fraud risks, because all changes made within digital documents are automatically encoded through this type of highly secure signatory process.

Features of qualified electronic signatures (QES)

The main features of QES include:

  • Unique signer identification: Qualified electronic signatures are uniquely linked to the signer and allow for unequivocal identification. This typically uses cryptographic technology that associates the signature with the signer's unique identity.
  • Secure signature creation process: QES employ cryptographic algorithms in the signature creation process, which ensures that the signature is uniquely tied to the signed data and that any subsequent alterations to the data can be detected.
  • Trustworthiness: Qualified electronic signatures are issued by qualified trust service providers (TSPs) who validate the identity of the signer and vouch for the integrity of the signature. The TSPs adhere to specific legal requirements and are accredited by regulatory authorities.
  • Legal validity: QES are recognized as equivalent to a handwritten signature, and typically satisfy the requirements set forth in specific legislation or regulations governing electronic signatures, such as the eIDAS Regulation in the European Union.
  • Data integrity and non-repudiation: Qualified electronic signatures provide strong guarantees of data integrity, ensuring that the signed document remains unaltered after the signature is applied. They also offer non-repudiation, meaning that the signer cannot deny their participation or the validity of the signature.

When might qualified electronic signatures be used in a clinical trial?

The use cases for QESs in clinical trials depends on the regulations governing each country. However, there are many global applications for qualified electronic signatures within sponsor organizations conducting international studies or exploring remote or direct-to-patient studies outside of traditional clinical research site environments (more on this in the next section).

Qualified electronic signatures may prove useful in various contexts, depending on the structural framework of the trial and its protocol:

  • In clinical trial agreements (CTAs) and non-disclosure agreements (NDAs) signed between the sponsor and sites that are located in various distant locations or other countries
  • Signing of trial documentation involving multiple parties, such as standard operating procedures (SOPs), budgets, and third-party provider agreements
  • Informed consent forms, particularly as a way to sign electronic consent (eConsent) forms

The importance of qualified electronic signatures in remote, direct-to-patient (DtP), and decentralized clinical trials

​​Electronic signatures have played an important role in the evolution of clinical research, with their use becoming increasingly critical to maintain ethical practices and ensure regulatory compliance in the current landscape of increasingly globalized and remote clinical trials.

As remote healthcare becomes increasingly popular due to advances in technology, the demand is growing for reliable methods that ensure that data and patient information remains secure in electronic systems used to assist trial operations. The increased adoption of remote trial models, such as direct-to-patient clinical trials and decentralized clinical trials, have significantly increased data privacy concerns among research teams and sponsors alike. With this comes greater need for more advanced authentication techniques for identifying signatories and securing the legal implications of the various contracts involved in research studies. The use of qualified electronic signatures supports reliable verification and the necessary level of credibility, while still making the overall experience convenient for sponsors, investigators, sites, and study participants alike.

Electronic Signatures in Clinical Trials in the U.S.: 21 CFR Part 11

The FDA requires all essential records relating to medical studies conducted under its jurisdiction to be maintained according to Title 21 CFR Part 11 regulations, relating to the use of electronic records and electronic signatures.

Under the 21 CFR Part 11 regulations, any person who signs an electronic document must have full control over that document until it has been submitted – meaning no third parties may alter or change any information without it being detected. Additionally, there must be evidence of encryption/decryption processes used between signer and recipient so as to guarantee authenticity.

As long as all specified security measures have been implemented correctly, then qualified electronic signatures would qualify for compliance under 21 CFR Part 11 rulings, thereby satisfying federal law while helping expedite trial processes via streamlined digital workflows instead of traditional paper-based ones, which are prone to inaccuracies due to human error.

Implementation of qualified electronic signatures

An example of how qualified electronic signatures can be implemented is through solutions such as DocuSign, which provides a secure means for signing documents electronically in a way that fulfills validation criteria set forth by the EMA and FDA when conducting clinical trials involving human subjects.

For sponsors submitting regulatory documents to the FDA, such as FDA form 1571 and Form 356h, the guidelines for electronic signatures are less strict and QES are not mandatory.[3]