Technology & Compliance

Technology Stack

Data aggregation on tablets
The study tablet has the apps configured for the protocol, this includes the data aggregation and analytics apps. There is secure access to the tablet at the study site, trial physicians can start entering subject data immediately. There is complete audit trail of all the data entered and changes made in the tablet. Patient reported outcomes and any data from medical devices can also be directly fed into the tablet.

Cloud storage on AWS servers
Secure cloud storage of all the trial data in one location is AWS cloud server. The server environment is HIPAA compliant and there is built-in encryption for data movements from the tablet to the server, and also for the data rest. Data is immediately accessible through APIs, in real time.

Actionable real-time analytics
Trial analytics is run in real time, operational analytics includes site performance metrics; number of subjects enrolled, queries issued/resolved, site adherence to protocol etc. Clinical metrics includes AEs, medications and all the trial end points summarized in a dashboard format. These metrics are customized for the protocol and provides study insights to make real-time decisions. These decisions can be minor changes to the protocol, or for a non-working trial – completely stopping the study.
Data collection and analysis are integrated and baked into the apps. Since the analytics is programmed even before the trial begins, right data collected for all the analytics to happen. Once the trial data starts coming in, the analytics portion of the app will get populated. This real-time analytics starts immediately, which allows the trial physician and the trial sponsor to track the study from day one.

Secure querying between the trial site and trial monitors (study sponsor) on the study tablet allows faster resolution of study issues. Real time messaging allows the trial monitor in the field to quickly address study issues. Faster issue resolution leads to faster study closure and the drug getting to market sooner.


Data Security
iClinical uses cloud provider Amazon Web Services (AWS). AWS implements the highest industry standards for security, and is regularly audited against comprehensive frameworks to ensure quality and stability. More information is available here:

Data Encryption
All data is encrypted. We have encryptions at every stage of data entry and transmission to ensure high levels of data security against hacking. All data in transit use HTTPS connections. All data at rest are encrypted as well..

Data Segregation
iClinical provisions a separate, single-tenant deployment and data storage for all its customers, to completely eliminate any possibility of accidental data sharing..

Application Security
iClinical applications follow industry best practices and HIPPA guidelines for application safeguard. We have provisions for safeguards such as input data validation via pre-configured edit checks, password encryption, etc..

Business continuity and quality check
iClinical security configurations are guided by a industry standards and policies, which are reviewed regularly by our executive team and external auditors from the globe.


iClinical has implemented procedures to safeguard clinical trial information in compliance with the guidelines issued by 21 CFR Part 11 and the United States Department of Health and Human Services regarding the Health Insurance Portability and Accountability Act (HIPAA).

The 21 CFR Part 11 steps include :

  • Completion of the required Risk Assessment and Privacy and Security Assessment
  • Limiting system access to authorized individuals
  • Use of operational system checks
  • Use of authority checks
  • Use of device checks
  • Determination that persons who develop, maintain, or use electronic systems have the education, training, and experience to perform their assigned tasks
  • Establishment of and adherence to written policies that hold individuals accountable for actions initiated under their electronic signatures
  • Appropriate controls over systems documentation
  • Controls for open systems corresponding to controls for closed systems

The HIPAA steps include :

  • Completion of the required Risk Assessment and Privacy and Security Assessment
  • Implementation of procedural and technical safeguards to prevent iClinical employees from accessing PHI
  • Encryption of protected information at rest and in transit according to industry best security standards
  • Implementation of audit trail and record retention capabilities
  • Regular reassessment of all policies and procedures to ensure that HIPAA rules continue to be addressed

If you have further questions or would like more details about our safeguards, policies, and procedures, please contact us by email at