Guest Column | January 5, 2026

How To Meet FDA Expectations For Hybrid And Decentralized Trial Oversight

A conversation with Claire Davies, shareholder, Polsinelli

Medical inquiry-GettyImages-1442715294

Over the past several years, decentralized and hybrid trials have unlocked new efficiencies. At the same time, they’ve exposed sponsors to fresh challenges in data integrity, oversight, and regulatory compliance. As digital health technologies, mobile providers, and remote consent platforms become central to study execution, the FDA continues to underscore that long-standing Good Clinical Practice (GCP) obligations still apply — regardless of where or how data are captured.

To explore the specific data integrity and accountability risks emerging in this new environment, Clinical Leader reached out to Claire Davies, a former FDA attorney in the Office of the Chief Counsel and current shareholder with Polsinelli.

In this discussion, Davies shared practical insights on mitigating data variability in remote assessments, managing vendor obligations for data quality and security, and preparing for agency scrutiny of eConsent and digital health technologies.

Clinical Leader: From your perspective as a former FDA attorney, what are the top data integrity risks that are unique to decentralized or hybrid trials?

Claire Davies: It’s always important to conduct a trial-specific risk assessment, but one key risk in trials with decentralized elements is data variability that can undermine data integrity. The FDA has repeatedly emphasized the importance of adequate training, oversight, and other measures to minimize variability when trial participants complete assessments at home rather than at a traditional site — signaling that this is an area where the agency has encountered, or anticipates, potential problems.

DCTs may also involve data collection performed by individuals who lack experience with FDA-regulated research. For example, a sponsor may contract with mobile providers who are not part of the study staff to perform certain tests or other protocol-driven activities. Role-based training on protocol adherence and proper data handling for these individuals should consider their level of clinical trial experience or familiarity with GCP.

Many DCTs rely on a patchwork of apps, wearables, ePRO, and telehealth platforms. Where do you see the greatest data vulnerabilities across these multiple digital touchpoints?
The use of digital health technologies (DHTs) for data collection has been a focus of mine, so vulnerabilities related to wearables and other DHTs are often top of mind. Many sponsors want to use consumer wearables to collect data, but those products often come with the vendor’s commercial data-use policies and terms of service, which can vary in transparency. Sponsors must understand, among other things, whether data generated with these wearables will flow through the vendor’s cloud or other intermediaries before reaching the sponsor or CRO. One vendor with weak security practices could compromise the data stream.

It's also so important to get the fundamentals right when using DHTs, such as demonstrating that DHT data are reliably transmitted to the sponsor’s electronic data system, confirming that the target study population can comfortably use the technology, and ensuring that technical support is available when needed. I continue to hear of missing data problems caused by preventable technical issues.

Based on your experience, what aspects of eConsent and remote re-consent are most likely to be scrutinized from a data integrity, documentation, and patient-understanding perspective in regulatory or legal reviews?
When an eConsent process is used to obtain consent remotely, legal and regulatory reviewers are likely to look closely at how the process ensures that prospective participants have a meaningful opportunity to ask questions. Relying solely on electronic messaging, without an option for video conferencing or telephone discussions, may raise concerns about the investigator’s — or their delegate’s — ability to evaluate whether participant questions were fully addressed and whether participants have appropriate technological literacy.

In addition, while it’s not a new requirement, verifying the identity of the individual signing the eConsent document is an area in which I continue to see questions. The FDA has accepted a variety of identity-verification methods, but regardless of the method selected, consistent, accurate documentation that verification occurred for each participant is paramount.

How should sponsors think about responsibility and liability for data quality and security across the ecosystem of vendors involved in a hybrid trial or DCT?

Sponsors should consult with their legal teams to ensure that their vendor contracts provide appropriate protection in the context of a DCT. Regardless of how contracts allocate obligations and risk, however, the sponsor remains ultimately responsible for oversight of the trial, including data quality and security.

To help document that oversight, sponsors should maintain a clear, risk-based procedure for vendor qualification. They should also have SOPs describing how they oversee any activities outsourced to CROs or other entities, including monitoring. When a CRO or another vendor will conduct most monitoring activities, the trial monitoring plan should clearly outline, for example, how potential data quality or other issues will be communicated to the sponsor, the sponsor’s role in determining appropriate corrective actions, and circumstances that may trigger reassessment of the monitoring plan.

How do you see FDA and other regulators approaching inspections of decentralized trials? What kinds of documentation, system logs, and remote-access capabilities should sponsors be preparing for now?

When I hear regulatory representatives speak publicly on this topic, their message is that the inspectional approach to DCTs is the same as for traditional trials. That said, two items that stand out as important to have readily available for a DCT inspection are: (1) a detailed diagram of the data flow from every source through final storage, and (2) a list of all third parties that provide data collection, handling, and processing. For a DCT, the PI should also be well-prepared to describe — and provide supporting documentation for — their oversight of trial personnel and any mobile healthcare providers performing study procedures at remote locations, particularly if those procedures include investigational product administration.

Sponsors and investigators should assume that FDA investigators will request read-only access to their electronic systems and databases. Understanding the logistical steps necessary to grant such access (e.g., new account creation) in advance can help avoid delays during the inspection. In addition, the FDA’s bioresearch monitoring program is an area where I anticipate increasing agency use of remote regulatory assessments, so sponsors should be prepared to walk the FDA through electronic systems and databases remotely.

Looking ahead to 2026, where do you expect regulatory expectations to tighten most around DCTs — data integrity, cybersecurity, patient safety oversight, or something else — and how should the industry prepare?

FDA regulatory requirements do not change based on whether a trial is decentralized, so I don’t expect to see a major shift in fundamental expectations in 2026. However, across the FDA and the broader federal landscape, the focus on cybersecurity seems to be intensifying, and sponsors would be well served to increase their attention to this area, as well. For example, sponsors should assess new and existing vendor agreements to ensure they expressly address cybersecurity, including incident-response and notification requirements, where applicable.

About The Author:

Claire Davies is a shareholder in Polsinelli’s Denver office, where she provides strategic counsel to help clients navigate FDA regulatory and compliance challenges. Claire has experience handling a wide range of issues involving medical devices, biological products, drugs and human cells, tissues, and cellular- and tissue-based products.

Prior to joining Polsinelli, Claire spent nearly a decade as an attorney in the FDA’s Office of the Chief Counsel. In that role, she served as the principal legal advisor on multiple rulemakings to revise FDA regulations governing informed consent and institutional review boards. Claire was also frequently involved in developing guidance on clinical trials.