User's blog

Category: Compliance & Reporting

  • Data Retention Standards

    Data retention is a critical aspect of regulatory compliance, ethical accountability, and operational continuity in clinical research. Research sites using DecenTrialz must ensure that all data collected, generated, and stored during the course of trial recruitment and pre-screening is retained in accordance with applicable laws, institutional policies, and sponsor agreements.

    This section outlines the default data retention policies on the DecenTrialz platform, site-level responsibilities, and key considerations under HIPAA.

    What Is Data Retention in the Context of Clinical Trials?

    Data retention refers to the duration for which clinical trial-related data, including participant screening records, communication logs, audit trails, and regulatory documentation, is securely stored and made accessible for verification, monitoring, or inspection.

    Even though DecenTrialz only handles pre-screening and referral activities, records generated during this phase are subject to the same ethical and regulatory scrutiny as those generated during the full study lifecycle.

    Platform-Level Data Retention Policies (DecenTrialz)

    By default, DecenTrialz maintains a minimum data retention period of 6 years, consistent with HIPAA regulations.

    Data stored includes:

    • Pre-screener responses
    • Eligibility outcomes (without PHI unless consented)
    • Communication records with participants
    • Audit logs of site activity
    • Referral timestamps and status history
    • Site user access records

    All retained data is:

    • Encrypted at rest and in transit
    • Time-stamped and version-controlled
    • Hosted on secure U.S.-based servers compliant with HIPAA and 21 CFR Part 11

    No participant-identifiable data is retained beyond the referral stage unless explicitly consented and governed by the research site’s own data handling protocol.

    Site-Level Responsibilities for Retention

    Although DecenTrialz enforces foundational data retention standards, research sites are ultimately responsible for aligning retention practices with:

    • Local IRB or EC (Ethics Committee) policies
    • Institutional SOPs
    • Sponsor contracts
    • National data protection laws (e.g., HIPAA in the United States, GDPR if operating cross-border)

    You must ensure that:

    • Required study logs and reports are downloaded and archived before trial closure
    • PI (Principal Investigator) oversight is maintained for long-term document custody
    • Participant communication notes and eligibility status history are preserved in case of audits

    Sites may export DecenTrialz-generated data to their internal systems using the “Download Record Archive” feature prior to trial archival.

    Retention of Consent-Related Records

    Even during the pre-screening stage, some communications (such as expressions of interest or voluntary opt-ins) may constitute limited informed consent records. These must also be retained for a minimum of 6 years, or longer if your IRB or sponsor requires.

    If your site collects any additional documentation from participants outside of the DecenTrialz system (e.g., handwritten notes, phone transcripts), retention of those records must also follow institutional policy.

    Data Destruction After Retention Period

    At the end of the applicable retention period:

    • DecenTrialz will notify site administrators prior to scheduled data archiving or destruction
    • Sites may request extended retention or secure export for permanent archiving

    Sites must not delete any data prematurely without written authorization from the sponsor and/or IRB.

    Key Note: Maintaining accurate, secure, and complete data records is an ethical obligation and a legal requirement. Failure to retain data for the appropriate duration can lead to regulatory penalties, audit deficiencies, or even trial invalidation. Always confirm your site’s retention policy with your IRB or institution’s research office and document all retention-related decisions for audit readiness.

  • Reporting to Sponsors

    Timely and transparent communication with study sponsors is a critical responsibility for all research sites. The DecenTrialz platform is equipped with features that support standardized, audit-ready reporting to sponsors at every phase of participant engagement and study operations,  particularly during the pre-screening and referral process.

    This section outlines what information can be shared with sponsors, how to generate reports from the platform, and the ethical and regulatory considerations for site-to-sponsor communication.

    What Can Be Reported to Sponsors via DecenTrialz?

    Sponsors may require regular updates from sites to track recruitment progress, assess protocol adherence, and ensure overall study performance. The DecenTrialz platform enables sites to report pre-screening-level data that is:

    • De-identified (unless explicit participant consent allows otherwise)
    • Aggregated or participant-level, depending on sponsor needs and IRB allowances
    • Fully aligned with ICH-GCP, HIPAA, and 21 CFR Part 11 requirements

    Typical reporting categories include:

    Report TypeDetails Shared
    Prescreening Funnel MetricsNumber of pre-screeners started, completed, disqualified
    Referral ActivityNumber of participants referred, referral timestamps
    Eligibility TrendsCommon inclusion/exclusion barriers (non-identifiable)
    Participant DispositionInterested, declined, unreachable, withdrawn (no PHI shared)
    Communication LogsContact attempt dates, no content of messages shared

    Important: Sites must never share identifiable health data or direct participant contact details with sponsors unless:

    • Explicit consent has been obtained
    • Sharing is IRB-approved
    • Required by a regulatory agreement and properly documented

    How to Generate Reports for Sponsors

    Site admins and delegated coordinators can generate sponsor-ready reports directly from the Reporting Module on DecenTrialz.

    To Create a Sponsor Report:

    1. Navigate to Dashboard → Reporting → Sponsor Reports
    2. Select your trial of interest
    3. Choose reporting period (e.g., weekly, monthly, custom)
    4. Select metrics to include:
      • Referral stats
      • Pre-screener conversion
      • Communication status
      • IRB document updates (if applicable)
    5. Click Generate Report
    6. Download in PDF or CSV format, or securely share via sponsor-facing portal link (if activated)

    All reports are automatically:

    • Timestamped and version-controlled
    • Watermarked with trial ID and your site code
    • Backed by corresponding audit logs (see Section 5.3.1)

    Sponsor Portal Access (Optional)

    If enabled by the sponsor and permitted by the site, certain designated sponsor representatives may receive read-only access to a real-time recruitment dashboard.

    Sponsor views are:

    • Permission-controlled
    • Anonymized by default
    • Monitored by the platform to prevent data misuse

    You may control what metrics are shared and revoke access at any time via the Site Admin Panel.

    Regulatory and Ethical Responsibilities

    When reporting to sponsors, your site must adhere to the following standards:

    • Do not overstate or understate enrollment progress
    • Avoid sending reports via unsecured or personal email
    • Ensure internal consistency between platform data and your own site SOP logs
    • Include IRB reference numbers when submitting updates on approved protocol changes

    Sponsors rely on site-reported data to make trial-wide decisions, including budget adjustments, site activation status, and recruitment strategy shifts. Accuracy and ethical rigor are essential.

    Key Note: All sponsor reports generated through DecenTrialz are designed to protect participant confidentiality while ensuring full transparency around recruitment and referral activity. When in doubt, always confirm with your site PI or IRB liaison before sharing sensitive or detailed metrics.

  • Digital Audit Trails

    In clinical research, accurate documentation is not only a regulatory requirement but also a foundational aspect of ethical trial conduct. Digital audit trails within the DecenTrialz platform ensure that all participant-related actions, data access, and communication events are transparently recorded, time-stamped, and traceable.

    This section outlines how audit trails are maintained, what actions are tracked, who has access to audit logs, and how they support regulatory compliance for sites, sponsors, and IRBs.

    What Is a Digital Audit Trail?

    A digital audit trail is an automated, system-generated log that records the who, what, when, and how of every significant action taken within the platform.

    These logs are:

    • Immutable (cannot be edited after recording)
    • Time-stamped with date and time
    • Linked to specific user accounts and site roles
    • Stored securely in accordance with 21 CFR Part 11 and HIPAA standards

    Purpose: To provide complete accountability, support internal QA/QC, and enable defensible evidence during audits or regulatory inquiries.

    FAQ: Can our site request a log export for only one user?

    Yes. Use the filter tools in the Audit Log panel to generate reports by user role, action type, or date.

    Which Actions Are Tracked?

    The platform logs and preserves all material interactions related to trial management and participant engagement, including but not limited to:

    Action TrackedExamples
    User login and session activityLogin time, logout, failed attempts
    Trial creation or status updatesMarking a study as Live, Paused, Closed
    Participant match viewingWhich user viewed which match and when
    Consent progress loggingStatus changes, notes added
    Document uploadsIRB forms, eligibility criteria
    Participant communicationContact attempts, message timestamps
    User permission changesRole assignment, deactivation, reassignments
    Data exports or report generationMatch CSV exports, dashboard PDF downloads

    Each log entry contains:

    • Timestamp (UTC)
    • User ID and role
    • Site name and trial ID
    • Action type
    • Device metadata (e.g., IP address)

    Where to Access Audit Logs

    Site Administrators have full access to their site’s audit logs through the Compliance & Reporting Panel in their dashboard.

    • Navigate to Dashboard → Compliance → Audit Logs
    • Apply filters (date range, user role, trial ID)
    • Export reports (CSV, JSON, PDF)
    • Downloadable logs include platform watermark and authentication hash

    All logs are encrypted at rest and in transit. Logs are retained in compliance with HIPAA (minimum 6 years) and can be extended to meet sponsor or IRB-specific retention policies.

    Why Audit Trails Matter

    Audit trails:

    • Support regulatory readiness: Required by FDA, OHRP, and IRB bodies
    • Protect participant safety: Detect unusual access or communication patterns
    • Reduce compliance risk: Enable proactive review before issues arise
    • Ensure internal accountability: Hold staff and collaborators to SOP-aligned practices

    Best Practices for Sites

    • Review logs regularly during high-volume recruitment periods
    • Assign access based on minimum-necessary permissions
    • Escalate anomalies (e.g., data viewed outside working hours, access by wrong role)
    • Document corrective actions taken in response to any discrepancies

    If a user error or protocol deviation is detected via logs, report it immediately to your IRB and DecenTrialz Support.

    Key Note: Audit trails are not just a backend function,  they are your first line of defense in regulatory inspections. Proper use demonstrates transparency, preparedness, and ethical commitment to participant protection. All site staff should be trained to understand the role of audit logs and their implications.