Research integrity
Data Integrity and Audit Trails: How a Trial Proves Its Numbers Are Real
Regulators do not only check a trial's final numbers; they check whether the data could have been changed without anyone knowing. The shared standard is often summarized as ALCOA: data should be attributable, legible, contemporaneous, original, and accurate, backed by audit trails that record every change. Good clinical practice builds this in so a result can always be traced back to its source.
Regulators do not only check a trial's final numbers; they check whether the data could have been changed without anyone knowing. The shared standard is often summarized as ALCOA: data should be attributable, legible, contemporaneous, original, and accurate, backed by audit trails that record every change. Good clinical practice builds this in so a result can always be traced back to its source.
Why the record matters as much as the result
A trial's conclusion is only as trustworthy as the data behind it, and the data are only trustworthy if they could not have been changed unnoticed. That is why regulators inspect the process of recording and handling data, not just the tidy tables in the final report.
Data integrity is the umbrella term for this. It asks a blunt question: if someone had altered a value, added a subject, or backdated an entry, would there be any way to tell? A system that cannot answer yes cannot fully support its own results.
ALCOA in plain language
The most durable summary of what good data looks like is the acronym ALCOA. Attributable means every entry is tied to the person who made it. Legible means it can be read and stays readable over time. Contemporaneous means it was recorded when the event happened, not reconstructed later.
Original means the first record, or a certified true copy, is preserved rather than only a transcription. Accurate means it reflects what actually occurred. Guidance has extended the idea with further terms, often given as complete, consistent, enduring, and available, which close gaps the original five left open.
What an audit trail is
An audit trail is the mechanism that makes ALCOA enforceable in electronic systems. It is a secure, computer-generated, time-stamped log that independently records the creation, modification, or deletion of data.
The design goal is that data cannot be changed without the change itself being recorded, including who made it, when, and often why. If a value is corrected, the original value remains visible alongside the correction. An audit trail that can be switched off or edited defeats its own purpose, which is why regulators examine how it is configured and controlled.
Source data and source data verification
Behind the trial database sit source documents: the original charts, laboratory printouts, device readouts, and worksheets where information was first captured. Good clinical practice defines these carefully because they are the ground truth the database is supposed to reflect.
Monitoring includes source data verification, in which recorded values are checked against those originals. When a copy is used in place of an original, it should be certified as a true copy after verification. This chain lets an inspector take a number from the final analysis and follow it all the way back to where a person first wrote it down.
How this connects to good clinical practice
These expectations are not add-ons; they are woven into the standards that govern trials. The integrated good clinical practice guidance strengthened the emphasis on data integrity and on risk-based approaches that focus effort where errors would matter most.
Under that framework, the sponsor is responsible for ensuring the systems used to capture and manage data are validated and controlled. Data integrity becomes a shared design requirement across the trial rather than a box checked at the end, which is what allows a regulator to trust the data without having watched it being collected.
How to read a data-integrity claim
When a trial or vendor asserts that its data are reliable, the informative question is how, not whether. Is the system validated? Are audit trails enabled, reviewed, and protected from editing? Can source data be traced to originals?
A specific answer, describing controls and verification, means something. A bare assurance that the data are accurate does not, because accuracy that cannot be checked is just a promise. Reading for the mechanism, rather than the reassurance, is how a careful reader tells a trustworthy record from a confident one.
References and sources
How this was researched. This explainer is built from the primary sources listed above and reflects Dr. Tojjar's own critical appraisal of that evidence. It explains and evaluates research and does not provide medical care.
This article is for general education and is not medical or professional advice. For guidance about your own health, talk with a qualified clinician.
Cite this article
Tojjar, D. (2026). Data Integrity and Audit Trails: How a Trial Proves Its Numbers Are Real. Dr. Damon Tojjar. https://readingtheevidence.org/articles/data-integrity-and-audit-trails-in-clinical-trials/
This article is part of Dr. Tojjar's guide to Research integrity.