Regulatory Compliance in Clinical Research

Clinical trials are an essential step in the approval of new medical treatments, interventions, and therapies, acting as formal, rigorous scientific studies to ensure their safety and effectiveness. With patient lives and large investments at stake, various regulatory requirements have been put in place to ensure the rights and well-being of the participants are protected, and that research conduct is both ethical and scientifically sound.

Compliance with clinical research regulatory requirements is mandatory, and is enforced through various stages of approval and oversight. In this article, we provide a general overview of regulatory compliance in clinical trials – for clinical researchers to understand the complex regulatory landscape, and to help patients rest assured in knowing the various frameworks that are in place to ensure that their safety is given utmost priority.

What is compliance in clinical research?

In clinical research, regulatory compliance refers to the adherence to the rules, regulations, guidelines, and ethical principles set forth by regulatory authorities concerning the conduct of research studies involving human participants.

Compliance in clinical trials is enforced through review and approvals by regulatory agencies and IRBs to ensure that trial sponsors follow requirements related to the design of studies, participant recruitment, informed consent processes, data collection and management procedures, adverse event and safety reporting, record-keeping and reporting practices, and monitoring. The primary focus is on ensuring that research is conducted ethically, with complete respect for participants’ autonomy, safety, and privacy.

Patient compliance vs regulatory compliance

Note that compliance also refers to the participants’ compliance with – or adherence to – the study protocol, including the treatment regimen. We write about patient adherence and compliance in a separate article, which can be found here. This article is focused on regulatory compliance – compliance with national and international laws and regulations for ethical clinical research studies and guidelines for upholding scientific integrity.

Why is regulatory compliance important in clinical research?

Regulatory compliance is of utmost importance in clinical research for several reasons. Regulatory requirements are in place to:

1. Ensure the ethical treatment and protection of participants involved in clinical trials

Regulations aim to safeguard participants’ rights, well-being and safety, and privacy. Compliance measures help minimize risks to participants associated with the clinical study.

2. Maintain scientific integrity and the credibility of data generated from clinical trials

By stipulating certain data recording and reporting practices, clinical research regulations aim to minimize bias and enhance the reliability of trial outcomes. Rigorous quality control measures support data accuracy and integrity, which is vital for drawing accurate conclusions from clinical research results. This then supports strong evidence-based decisions about the safety and efficacy of new medical interventions.

3. Foster trust between researchers, sponsors, regulatory authorities, and patients

Demonstrating compliance assures stakeholders that studies are conducted responsibly, in accordance with established standards put in place to protect both participants and public health.

Ultimately, regulatory compliance in clinical research is essential for advancing scientific knowledge, protecting patient safety, maintaining data integrity, upholding scientific integrity, and maintaining public trust in medical research.

Regulatory requirements in clinical research: Informed consent, IRBs, and training

A central aspect of regulatory compliance in clinical research is obtaining informed consent from participants. The informed consent process ensures that individuals have been fully informed about the study's purpose, the procedures involved, its potential risks and benefits, confidentiality measures, and their right to withdraw at any time without penalty. Beyond simply informing the participant, informed consent should verify that the participant understands what has been explained to them; this can be done through methods such as asking questions or asking them to repeat key points. Researchers must obtain valid informed consent for every participant before they can be enrolled into a trial.

In addition to informed consent, regulations also govern other aspects of clinical research such as protocol design, data collection and management procedures, safety reporting, monitoring and oversight, documentation practices, and the protection of sensitive health information. Regulations are compiled in various codes and frameworks set forth by different regulatory agencies – we go into these in the next section.

The role of institutional review boards (IRBs)

Institutional review boards (IRBs, in the US, or independent ethics committees, IECs, in the EU and UK) play a vital role in ensuring ethical conduct in clinical research. IRBs review research protocols to ensure they appropriately protect the rights, welfare, and safety of human participants involved in clinical trials. IRB approval is mandatory before a study can be initiated. The IRB will review all study-related materials, as well as the general study design, eligibility criteria, informed consent procedures, data management plans, and the potential risks and benefits associated with the research protocol.

The primary goal of IRB approval is to ensure an unbiased evaluation of the scientific merit and ethical considerations of a study, and to verify that the benefits of participating in a clinical trial outweigh the potential risks for patients. IRBs are composed of professionals typically including scientists, healthcare professionals, ethicists, and community representatives; together, they make a collective decision whether or not to approve a proposed study, in consideration of regulatory requirements and established ethical guidelines.

The importance of training and education in research compliance

Training and education are essential components in maintaining compliance with regulatory requirements in clinical research. Investigators, study coordinators and monitors, healthcare providers directly involved in the clinical trial, site staff, and other key actors should receive training on regulatory compliance to ensure that all trial operations are conducted accordingly.

Training topics include familiarization with GCP guidelines and privacy protection measures (such as HIPAA regulations; more on this below), as well as study-specific protocols including informed consent procedures, data management practices, use of software systems, adverse event reporting, protocol adherence monitoring, and participant safety monitoring. It’s important that everyone involved in a study be up-to-date with institutional practices and standard operating procedures (SOPs) as well as applicable legal regulations.

Regulatory agencies, ethical guidelines, and regulations governing clinical research studies

General overview of relevant authorities and regulations

Specific regulations vary depending on the country and/or region wherein the study is being conducted. In the United States, clinical trials involving investigational drugs or devices are regulated by the U.S. Food and Drug Administration (FDA), an agency of the U.S. Department of Health and Human Services (HHS). Both FDA and HHS have set forth regulations for research involving human subjects, which are compiled in the Code of Federal Regulations (CFR) Title 21 and Title 45 CFR, respectively. Privacy protections for sensitive health data obtained from patients are stipulated in the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. Further detail on these components is given in the following subsections.

Another term that is referenced very often when referring to clinical trial conduct is a major international guideline known as Good Clinical Practice (GCP), which was developed by the International Council for Harmonisation (ICH). These guidelines provide a framework for conducting trials according to standardized procedures, emphasizing patient safety and data quality, and also aiming to reduce redundancy in research. Although compliance with GCP is not mandatory for FDA-regulated studies conducted within the US, the FDA has recognized GCP principles as guidance and has incorporated some aspects into FDA regulations.

FDA and Title 21 CFR

Who regulates clinical trials in the US?

In the United States, clinical trials are primarily regulated by the FDA, through its Center for Drug Evaluation and Research (CDER; for pharmaceuticals) or Center for Devices and Radiological Health (CDRH; for medical devices). The FDA conducts oversight to ensure that trials adhere to ethical standards, prioritize participant safety, generate valid scientific evidence, and comply with applicable regulations throughout all phases of a trial. FDA regulations are outlined in Title 21 CFR, and apply to research being conducted on a medical product intended to be licensed for sale in the US.

What is 21 CFR in clinical trials?

Title 21 of the Code of Federal Regulations compiles FDA regulations. It consists of various parts relative to clinical research, as explained below:

  • CFR Title 21 Part 50 (or Title 21 CFR 50) concerns the protection of human subjects, and sets forth regulations related to informed consent requirements for participants in medical research studies. It establishes specific criteria that must be met to ensure that individuals provide voluntary informed consent before they participate in any clinical trial involving drugs, biologics, or medical devices regulated by the FDA within the US. These regulations are in place to ensure that participants have sufficient information to make an informed decision about participating in a research study.
  • Title 21 CFR 56 defines regulations for the composition, operation, and responsibility of institutional review boards (IRBs) reviewing FDA-regulated clinical studies.
  • Title 21 CFR 312 sets forth regulations for human research involving investigational drugs, covering aspects related to IND applications.
  • Title 21 CFR 812 contains regulations for human research involving investigational devices.
  • Title 21 CFR 11 governs the use of electronic records and electronic signatures, and has become increasingly relevant to clinical trials as eConsent and remote trials gain popularity.

The role of the FDA in clinical research compliance

The FDA evaluates proposed research protocols and data from pre-clinical laboratory (and/or animal) studies before human studies begin, in what's known as an Investigational New Drug (IND) application. Trial sponsors can also consult with the FDA for guidance in preparing the IND, in a pre IND meeting.

Later – typically years later – after several phases of clinical trials are completed, the FDA reviews all final safety and efficacy data collected as part of a New Drug Application (NDA), before making a decision on whether to approve a drug for a given use.

Apart from these two major regulatory approval steps, the FDA also establishes regulations and guidance relating to informed consent procedures, study design, data collection methods, the use of digital tools, adverse event reporting and safety monitoring requirements, and other aspects of clinical research. FDA regulation and oversight applies to most human research studies involving both pharmaceuticals and medical devices.

HHS, Title 45 CFR, and HIPAA

Department of Health and Human Services (HHS)

The United States Department of Health and Human Services, or HHS, is an executive branch department of the US federal government. Their mission is “to enhance the health and well-being of Americans by providing for effective health and human services and by fostering sound, sustained advances in the sciences underlying medicine, public health, and social services.”[]

The HHS consists of numerous agencies and offices, many of which belong to the U.S. Public Health Service, including the Centers for Disease Control and Prevention (CDC), the National Institutes of Health (NIH), and the Food & Drug Administration (FDA).

The Office for Human Research Protections (OHRP)

The Office for Human Research Protections (OHRP) is an office under the HHS which is concerned with ethical oversight in clinical research studies conducted by the HHS, usually via the NIH. OHRP belongs to the Office of the Assistant Secretary for Health, in the Office of the Secretary of HHS.

The main responsibility of OHRP is implementing Title 45 CFR 46 (see below). The OHRP gives guidance on research ethics, provides education to IRBs, and advises the HHS Secretary on issues related to medical ethics.

Title 45 CFR part 46

US 45 CFR part 46 subpart A, also known as the Common Rule, is a set of regulations set forth by the HHS, which was largely based on the Belmont Report. Formally called the Federal Policy for the Protection of Human Subjects, the Common Rule has the principal aim of protecting human subjects in research – both biomedical and behavioral – supported or conducted by HHS. Title 45 CFR part 46 also includes subparts B, C, and D, which deal with additional regulations for pregnant women and fetuses (B), prisoners (C), and children (D).

The regulations set forth in Title 45 CFR part 46 A (the Common Rule) largely overlap with FDA regulations set forth in Title 21 CFR, but they are not identical. Investigators must be familiar with both sets of regulations in order to be able to implement them appropriately. This FDA publication provides a clear overview of the differences between the human subject protections set forth by the FDA in Title 21 CFR and those set forth by the HHS in Title 45 CFR.

HIPAA Privacy Rule and the protection of personal health information

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law established in 1996, which consists of 5 titles. Title II set forth aspects of ‘administrative simplification,’ and required that the HHS establish rules and standards for the use and sharing of health data. This is particularly relevant for electronic healthcare transactions between providers and in the use of digital health records, which have become ubiquitous in clinical research.

One of the rules of Title II of HIPAA is the HIPAA Privacy Rule, which aims to safeguard patient privacy by establishing specific standards for the protection of protected health information (PHI). For more on this topic, refer to our article:

Data Privacy in Clinical Trials: Standards, Definitions, and Best Practices | Power

International regulatory authorities and global standards for research compliance

Outside the United States, different regulatory bodies are tasked with ensuring compliance with ethical research principles and guidelines. Examples include the European Medicines Agency (EMA) in Europe, Health Canada (HC) in Canada, the Therapeutic Goods Administration (TGA) in Australia, Pharmaceuticals and Medical Devices Agency (PMDA) in Japan, and the Medicines and Healthcare Products Regulatory Agency (MHRA) in the UK, among others. These authorities regulate and oversee clinical trials conducted within their jurisdictions, mirroring the functions of the HHS and FDA in the U.S.

To foster harmonization and standardization of research practices worldwide, the International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use (ICH) developed Good Clinical Practice (GCP) guidelines that aim to unify regulatory requirements across different regions. GCP standards promote consistency in key areas like study design principles, documentation, data management practices, and safety monitoring procedures, thereby also enforcing ethical research practices. In the US, GCP guidelines are not legally binding, but rather serve as general guidelines, many of which have been adopted by the FDA into enforceable regulations.

How do you ensure regulatory compliance in clinical trials? Clinical trial compliance checklist

To ensure regulatory compliance in clinical trials, sponsors and investigators can consider the following 10-point clinical trial compliance checklist:

1. Adhere to national regulations

Familiarize yourself carefully with the specific regulations set forth by the relevant agency governing and overseeing clinical research in your country (such as FDA regulations in the US), as well as any applicable international guidelines like ICH-GCP.

2. Develop robust and ethical protocols

Detailed study protocols should incorporate ethical considerations in all aspects of research design, including establishment of eligibility criteria, determination of study endpoints, and decisions on which and how many tests and procedures are necessary to collect enough data to answer the research question without exposing participants to undue risk.

3. Consider patient-centric approaches

Patient centricity is a conceptual framework that can help sponsors design protocols that prioritize patient experience and minimize the burden they experience during participation. In general, patient-centric study design and conduct is aligned with many principles of ethical research.

4. Train study staff thoroughly

Comprehensive training should be provided (or verified) for all individuals involved in conducting a clinical trial. Study coordinators, investigators, monitors, data managers, and other personnel must understand their roles and responsibilities and be sufficiently familiar with regulatory compliance requirements and protocols.

5. Don’t downplay IRB approvals

This is a mandatory step anyway, but necessary approvals must be obtained from both an IRB/IEC and the relevant authority prior to initiating a study. The IRB will evaluate all study-related materials, including outreach materials, and rejections can result in significant delays.

6. Optimize informed consent

The informed consent procedure, whether paper-based or remote as in eConsent, must allow researchers to verify that every participant has understood what the study involves. The informed consent form (ICF) is a primary focus of IRB approval, and must provide clear, legible, and complete information about the study's purpose, procedures involved and expectations, potential risks and benefits to participants, confidentiality and privacy measures implemented, and an explanation of participant rights.

7. Prioritize strong oversight and monitoring

A strong clinical trial monitoring strategy is a necessary part of clinical research, and is essential for upholding patient safety and quickly identifying and resolving any deviations or instances of non-compliance, either with the study protocol or with regulations. Modern software solutions support efficient monitoring approaches such as centralized monitoring and risk-based monitoring, which aim to streamline oversight and facilitate communication and dispute resolution while optimizing resource allocation.

8. Implement quality control measures

Establish internal protocols and standard operating procedures (SOPs) relating to all aspects of study operations that have implications in ethical treatment of subjects and protection of their safety and their personal information (hint: it’s essentially all steps). Quality control and quality assurance procedures should be established to verify and monitor data collection, handling, and storage/security to ensure patient privacy and compliance with HIPAA.

9. Maintain accurate documentation

It is essential to keep organized records of all study-related activities and documentation required by regulatory bodies, including case report forms (CRFs), protocol amendments, adverse event reports, follow-up records, etc., throughout the entire duration of the trial. These records also need to be archived and stored for a predetermined amount of time after study close-out. Along with strong monitoring (point #7) and quality control measures (point #8), reliable record-keeping is essential for generating audit trails to support and demonstrate regulatory compliance.

10. Maintain open communication

Supporting open communication between the sponsor, sites, investigators, IRBs, and regulatory authorities can help facilitate timely resolution of concerns, clarification of expectations, and to address compliance-related issues promptly. Delays are common in clinical research, but by establishing strong communication practices, you can make sure your needs are expressed clearly and firmly, helping to minimize further delays due to misunderstandings.

Non compliance in clinical trials

Even when all of the concepts described above are applied faithfully, non-compliance can occur at various levels during a clinical trial. Common issues of non-compliance to watch out for include:

  1. Failure to obtain adequate informed consent from participants
  2. Departures from approved research protocols without appropriate amendments and re-approvals (for example, changes made to inclusion/exclusion criteria or a deviation from scheduled assessments)
  3. Inadequate record-keeping practices (inability to produce source documents or to verify data, missing records, etc.)
  4. Falsification of data, including falsely filling in missing data or resolving queries without taking appropriate corrective action
  5. Embellishment (exaggeration) of results or conclusions drawn from study data in a biased manner
  6. Failure to report adverse events or safety concerns completely or in time
  7. Late submission of required documents such as periodic safety reports (i.e., DSUR) or protocol amendments
  8. Data breaches and HIPAA non-compliance
  9. Inadequate security measures (such as encryption, user permissions, passwords, etc.) in databases, data storage, or data sharing
  10. Insufficient training of study staff or poor maintenance of training records

Penalties for non-compliance in clinical research

Maintaining regulatory compliance is vital because it ensures patient safety and protects the integrity of scientific research. Non-compliance with regulatory requirements can have serious consequences, both ethically and legally. Depending on the severity of the compliance breach, regulatory authorities can impose penalties ranging from severe monetary fines to suspension or cancellation of the trial (or research activities in general). In severe cases, non-compliance or breaches can lead to criminal charges.


The regulatory landscape in clinical research is complex, as we’ve seen in this article. With multiple overlapping codes of conduct, such as Title 21 CFR and Title 45 CFR in the US, along with data privacy regulations like HIPAA and international guidelines like the GCP, it’s essential for clinical research teams to have thorough knowledge in regulatory compliance. Fortunately, once you’ve become familiar with these regulations, it’s just a matter of following guidelines and protocols and staying up to date with occasional updates. In the end, the multiple checks and balances comprising clinical research regulatory requirements are in place to protect the health and well-being of the participants who make this very research possible. We’ve come a long way in protecting the rights of human research subjects, and while they’re certainly complex, these frameworks represent major collaborative advances toward ensuring ethical and scientifically rigorous research practices, and should be celebrated as such.