Archive for the RESOURCES Category

Interview with Paolo Morelli: Artificial Intelligence in Clinical Research

AI in Clinical Research

Interview with Paolo Morelli: Artificial Intelligence in Clinical Research

On the 20th of May Paolo Morelli, CEO of Arithmos, joined the Scientific Board of Italian ePharma Day 2020 to discuss the growing role of the new technologies in clinical trials. We have taken this opportunity to talk to him about one of the most debated technologies of the last few years – Artificial Intelligence (AI) – to understand how it is currently used in the industry and what future it has.

There are so many discussions around the AI right now. What are biggest doubts related to it?

There are a number of questions that we are asking ourselves now. Here are just a few examples:

  • Will AI change and automate processes, in clinical research, making it more efficient?
  • Will researchers have to change the way they do their work?
  • Will pharma companies have to reorganize their R&D departments?
  • Will the approach to the training of clinical research personnel change?
  • Will patient privacy be protected?

For sure companies performing clinical trials are more and more interested in AI. They want to have data of higher qualityperform recruitment faster and in general, be more efficient. Also, when it comes to the financial side of the projects, the journey has just begun, and a lot is yet to come.

What does the notion of the AI encompass?

I suggest we start with what is not AI. For example, automation is not AI. Automation is the use of machines that follow a precise program defined by Human Intelligence. The artificial intelligence (AI), sometimes called machine intelligence, is opposite to the Human intelligence (HI). We can define AI as any device that collects information and takes actions that maximize its chance of successfully achieving its goals.

Is AI already used in the clinical trials?

Yes, I can outline two of the biggest areas where it is already in use. The first one is the use of AI over eSource/mSource data to support decision making (for ex: feasibility, communication with the patient) and the second one is the use of AI to reduce data entry and the burden of paper documentation (for ex. eConsent, Regulatory document completion, SDV).

How will the AI use be expanded in the future? Where else we can apply the AI in clinical trials?

For sure AI will allow a continuous communication with the patient, even though the human touch cannot be replaced by technology. I also believe that, at some point, SDV will be fully automated thanks to NLP technologies. With the proper training data set AI will be more successful in detecting data issues than Human Intelligence.

But even if patients and the industry are typically open to the innovative solutions, regulators will have a big role in the spread of the innovation, and can support it by setting up a modern regulatory framework.

Once the AI becomes integral part of the clinical trials industry, what will be the potential benefits for the patients?

AI in Clinical Research

The combination of AI with the scientific content will support a better communication with the patient: eConsent will allow a better understanding of the texts compared to the paper version of the Informed Consent. AI will answer questions that the subjects may have about the study, and the patient will be more informed about how his data is treated. I believe that we will see a bigger presence and influence of the patients in clinical research. It will be important, though, to overcome privacy challenges before introducing technology and informing the patients about the use of all their data.

Do you think the AI will replace the human professionals in clinical trials of the future?

The omnipresence of overly abundant data (both clinical data and project data) can be successfully triaged and managed with the assistance of AI. And yet, it is HI (human intelligence) that is needed to make the final decision from the options offered. Think about our air traffic control system, highly automated, advanced technology, and yet there remains the need for HI to make the final decisions regarding all these simultaneous active flights (projects).

What are the aspects that can determine success of the AI in clinical trials?

There are three main aspects that will determine the success of AI in Clinical Trials. Availability of the technology is not one of them.

One critical aspect is the availability of System Integrators as a bridge between technology and researchers. Their goal will be to understand clinical processes and to shape all this new technology around the clinical trial activities.

The second important aspect will be the ethics, morals, and governance around AI and ML. Regulators and Life Science companies will need to setup a framework before going too far down the road of AI.

And the last thing is data. AI needs data. Accurate data. Lots of it. We need to start collecting organised data and train AI before it can successfully achieve the desired result of making the clinical trials faster, more efficient, and ensuring higher quality.

At Arithmos, did you already start exploring such innovative technologies?

Arithmos, just as other PM Holding companies, has Innovation as its core value, it is at the heart of everything that we do. Looking at the impact of innovative technology on the Life Sciences industry, I believe that investing in this field was the right choice.

At Arithmos we are already supporting our clients with the digital technologies that optimise clinical trial processes and increase patient centricity, ensuring that patients get an active role in the clinical trials.

Would you like to learn how Arithmos can support you in innovating your clinical trials? Contact us by clicking here.

Interested in more materials on Digital Transformation?

Webinar Q&A: How to Perform a Successful Data Migration in Life Sciences

Data Migration Webinar Q&A

Webinar Q&A: How to Perform a Successful Data Migration in Life Sciences

In the Life Sciences industry a structured, but lean, approach to data migration is vital for success. Such an approach not only ensures data integrity and consistency, but also minimizes the data migration impact on day-by-day business operations.

On May 14, Arithmos hosted a complimentary webinar on performing a successful data migration in Life Sciences. The webinar described the main risks and challenges of the data migration, ways to overcome them, and presented a case study of data migration in pharmacovigilance.

The webinar was conducted by Alessandro Longoni, a Senior Business Analyst & Project Manager of Arithmos. He has been working in the field of Life Sciences technology for 13 years and has particular expertise in pharmacovigilance and electronic data management.

Continue reading to discover the questions from the Q&A session from the webinar.

Register today to get access to the webinar recording

During a pharmacovigilance migration, should only the last version of the cases be migrated, or should we migrate all the versions?

It depends on the legacy and the target system. Some classical safety systems save each version of each case as an independent case.

If you use an ETL tool, to migrate to a new system, that does not operate according to this logic, we would advise to migrate only the last version of the case in order to avoid the duplicate cases. It is also advisable to migrate the case history (case workflow) if possible.

However, in all the cases, it is technically possible to migrate all the versions of the case if you find the right workaround. For example using the following naming format: <case_number>_<caseversion>.

The best practice in data migration is adopting the E2B XML approach – regardless of the number of case versions, only the last version is included in the legacy system.

What steps can be omitted in semi-automated data migration compared to the automated?

Data migration, regardless of the approach used (ETL, XML import, re-entry), must be included in a validation exercise.

The main steps and deliverables are the same regardless of the approach. However, the documents and activities in semi-automated and automated data migration projects require different accuracy and effort:

  • Data Migration Plan: it should include the strategy of the migration project and the main rules for data migration. This means that it covers the mapping needs for re-entry, and in case of the ETL tool, a data mapping document is highly suggested.

In case of the XML migration the format depends on the number of cases and the complexity (due to the difference between the configurations of target and legacy system). For simple migrations/low number of cases, the data migration plan could be sufficient. For complex migrations/high number of cases, we suggest a dedicated data mapping document

  • Data Mapping Specifications: see above
  • Data Migration Validation: it is a protocol that must be executed in the validation environment to verify the migration process. It is more extended in the case of ETL, but we suggest to use it regardless of data migration approaches.
  • Data Migration Production: it consists of the execution of the protocol, described above, that is conducted to migrate data in production. In case of an ETL approach, this phase will require 2-5 days for technical activities plus 1-2 days for business data verification (production downtime period). In case of an XML or re-entry process, this phase will take up to several months of business work (no production downtime period).
  • Data Migration Report

When you access the source data in read-only mode, is it possible to also access the files attached to the ICSR such as publication (in PDF format) or ACK from Regulatory Authorities (in XML format)? / How can we migrate attachments from one system to another? Should the client send the attachments separately from the XML files if the migration is performed by import/export migration?

Yes, it is possible. Of course, this possibility depends heavily on the structure of the legacy system database. Sometimes, technology constraints don’t allow you to extract some particular information, such as attachments or audit trail.

If the legacy system stores the attachments in the database with proper references to the relevant case, and if the target system supports the case attachment functionality, the best idea would be to perform the integration using the ETL tool.

If I have an E2B XML file as source of a case recorded in an Excel database, can I use it as a source for the migration into the new database in order to avoid doing a migration manually from the old database?

The standard approach to data migration is migrating data from the legacy to the target system and not from the source to the target. Nevertheless, a different approach can be chosen if it can grant a better data quality (like in the question) and efficiency. This approach must be described and justified in the Data Migration Plan. Also, we advise to carry out a final verification to detect every discrepancy between migrated data and data stored in the legacy system.

How can you calculate the number of the records from the source and target systems that need to be validated?

An ETL tool can reduce the need for the data verification, especially because a migration script works on specific fields independently from the number of records to be migrated. For example, if my script moves correctly the laboratory data, the number of tests executed by a specific patient is not relevant. This ensures the quality of the migrated data.

However, a minimum quality check of the fields has to be performed, and it should be based on the recommendations of your CSV manager and the risk assessment.

A numeric check of the records moved, (100%), is always required to ensure that there were no exceptions during the script run.

This article is based on a webinar presented by Alessandro Longoni on 14th May 2020. Register today to get access to the webinar recording.

Webinar Q&A: Agatha – Quality and Content Management Solution

Agatha Quality and Content Management Solution

Webinar Q&A: Agatha – Quality and Content Management Solution

Biotechnology, pharmaceutical, and medical device companies develop highly complex products. For them, accuracy, consistency, efficiency, and quality are not goals; they are imperatives because the medicines, therapies, and devices they make can improve the quality of patients’ lives and safeguard their health.

On April 17, Arithmos with its partner Agatha Inc. hosted a complimentary webinar on Agatha – a cloud-based Quality and Content Management tool for Life Sciences and healthcare organizations. Agatha addresses the imperatives for their core business processes like managing clinical trials, optimising quality processes, and organising regulatory submissions. The system is highly configurable, allowing for tailored customizations that fit the company’s workflow.

The webinar was conducted by:

  • Silvia Gabanti, Managing Director of Arithmos. Silvia has an impressive 15-year track record in the industry. She began her career in the CRO environment where she developed experience in applications for pharmacovigilance and clinical trials. On her career record, she also has extensive experience with Oracle applications – as analyst she was working with pharmacovigilance and clinical systems like Oracle Clinical.
  • Guillaume Gerard, Chief Operating Officer of Agatha Inc. For the past 15 years Guillaume has been helping Lifesciences organizations worldwide to deliver cloud-based content management applications. His areas of expertise include the compliance aspects and architecture of such systems, as well as the functional expertise on the clinical document management side (Trial Master File) and Quality Management.

Continue reading to discover the questions from the Q&A session from the webinar.

Register today to get access to the webinar recording

What is Agatha’s policy for data backup?

Agatha handles all aspects of the data center operations, including regular backups of all data.  All customer data are backed up daily, and daily backups are retained for 15 days.

It also provides the ability for customers to export all customer data (files, audit logs, metadata) at any time.

Is Agatha compliant with GDPR?

GDPR is a comprehensive privacy regulatory requirement.  Agatha is fully compliant with the requirements in regard to how it stores data and collects information.  There are some aspects of GDPR which are the responsibility of the business entity, for example naming a Privacy Officer.

Are document lifecycle statuses customizable?

Yes, lifecycle stages and other aspects of the review and approval workflows can be fully configured. That includes changing labels, adding steps, reordering steps and changing workflows from serial to parallel structures.

Are electronic signatures compliant to CFR21 part 11?

Yes, electronic signatures within Agatha are fully compliant with health authority requirements.Beyond signatures, Agatha is completely compliant with the FDA’s CFR21 Part 11. We maintain a CFR 21 Part 11 compliance checklist for every release of our service, and any customer can receive a compliance letter that can be used during audits.

Are activities tracked into an audit trail?

Yes, all activities are captured. This includes operations on documents as well as access and any change of settings. When an audit is performed, everything that has been collected in the audit trail process and stored can be provided directly to the auditor via a login with auditor access.

Is it possible to load data via an api from external applications (eg. eTMF, CTMS, EDC, …) and if yes, what kind of data can be loaded, only documents or also xml, json, xls?

It is possible – there is a full set of APIs available that allows data to be loaded, and external applications to be integrated.

Can documents have an expiration date?

Yes, documents can have an expiration date. This can be done using a “valid until” metadata, and processes can be triggered based on that metadata.

Could Agatha be used during the product development stages?

Absolutely. Many aspects of the Agatha solution are appropriate prior to the clinical trial phase, for example management of SOPs and collection of regulatory documentation.

Can Agatha manage the migration of legacy documents?

Yes, most projects include migration steps. There is an import tool that lets the client map data from a source system to Agatha and complete the import.

Is it possible to enable two-factor authentication (e.g. username & password plus SMS) in Agatha application?

Yes, two-factor authentication is the  standard model for the use of Agatha. Two-factor authentication is enabled  on a per-client basis.

Are there any penetration tests that could be shared with customers?

Yes, as part of Agatha hosting service penetration tests are conducted yearly. Reports and results are made available to clients during audits.

During the webinar it was mentioned that Agatha is cost effective. How does it price compare to the competition?

Agatha provides the best value among similar products because, as a ready-to-use and pre-validated system,  it is less expensive to bring into product and on-board users.   It also has lower subscription prices, because it does not operate on top of another product platform. It also has truly packaged modules, as it was shown during the webinar.  Typically, it is 2 times more affordable than the competition.

If you are interested in a specific quote, contact us for a brief conversation. We will ensure we understand the specific functionality you need and the number of users and provide the best offer.

Clinical Oversight Solution: How to Select the Right Vendor

Oversight Solution: Vendor Selection

Clinical Oversight Solution: How to Select the Right Vendor


On June 2017 ICH GCP E6 (R2) entered into force, introducing new guidelines and increasing the responsibility of the Sponsor when it comes to outsourcing the activities to the CROs.

 “The sponsor should ensure oversight of any trial-related duties and functions carried out on its behalf, including trial-related duties and functions that are subcontracted to another party by the sponsor’s contracted CRO(s).”

Clinical Trial Oversight – 5.2.2. Addendum

After ICH GCP E6 (R2) entered in force, sponsors needed to face the following obligations:

  • Checking if the quality requirements, agreed with the CROs, have been met
  • Confirming if the project execution, by the CRO, is aligned with expectations
  • Implementing a risk-based QMS throughout the clinical trial

The reasons that brought the authorities to update the ICH GCP regulation are clear: on one side the increasing complexity, scale, and overall costs of the clinical trials, on the other – the strong shift from a paper-based clinical trial process to digital-based one.

Challenges in ensuring oversight

Although now CRO oversight is considered to be a top priority for the sponsors, it is also true that designing and implementing oversight process is extremely challenging. Introducing a technology solution is the most efficient way to ensure the oversight due to the amount and complexity of data that needs to be analysed.

In order to perform oversight efficiently, this solution needs to:

  • Give a global overview of all the company vendors involved in each study
  • Convert non-homogeneous data into a format that is homogeneous and allows easy comparison, control and performance analysis, for example the visit frequency analysis

As very few sponsors are already in possession of such solution, it needs to be acquired externally through a vendor selection process.

Technologies for ensuring oversight

There is a number of tools that the sponsors can adopt as part of their oversight strategy. The two most widespread are Clinical Trial Management System (CTMS) and Oversight solution.


CTMS is a type of software that merges the data from different sources and allows the sponsors to analyse it. CTMS is one of the most common tools on the clinical market and has planning and reporting functions that include participant contact information, deadlines, and milestones.

The main CTMS constraint is the low level of customisation of the tool due to limited integrated customization capabilities. With each CRO having its own report template, it is difficult to accommodate this variety with one CTMS, so only a limited number of studies and CROs can be overseen with it.

Additionally, a CTMS was born as a clinical tool, which limits the inclusion of other data like procurement and pharmacovigilance.

Clinical Oversight solution

A clinical oversight solution is another option that can be used by a sponsor in order to comply with the Addendum of ICH GCP E6 (R2).

An oversight solution is more than a software, it is a complex package that includes the following elements:

  • Business analysis activities to understand the need of the sponsor and review the types of data submitted by CROs
  • Software that covers clinical, procurement, and pharmacovigilance aspects of the study
  • Maintenance services and configuration of the reports of the new CROs

Oversight solution allows creation of multiple dashboards thus being able to accommodate different formats of incoming data, which makes it a perfect tool for sponsors that have multiple CROs and multiple studies.

Being more complex than a CTMS, oversight solution also comes at a higher price.

In this article we will be focusing on the selection of a vendor for oversight solution, as it is more flexible and allows the inclusion of a higher number of CROs and studies.

Oversight solution: vendor selection

Step 1: Kick Off Meeting

During this step the sponsor plans the project activity, defines roles and responsibilities, timeline, budget restriction, and the outputs. It is critical to include the following participants who will be the key figures in the process:

  • Project manager
  • Business owner
  • IT team representative (system owner)
  • Key user that uses the data provided by the CROs; for example, a data manager

Step 2: Defining Business Requirements

The sponsor should list the main requirements for the oversight system. The best approach is starting with the higher level expectations and defining only 5-7 main points. They help to understand the key micro-areas and to create a shortlist of the solutions available on the market.

Step 3: Vendor Selection and Assessment

At this step the sponsor works with the shortlist of the oversight solution vendors compiled previously. Normally, the shortlist includes 3-5 solutions. The following actions will help to filter out the least suitable vendors and define the main candidates:

  • Send to the vendor candidates a survey that gathers information of the size of the company, its capabilities and its ISO certificates
  • Set up a demo appointment and share the list of the oversight requirements during the demo. The advised time is 1-1.5 hours
  • Request a ballpark estimate
  • Create an evaluation matrix based on the survey and demo outcomes in order to understand which vendor has the highest score

When it comes to requesting the ballpark estimate, it is vital to keep the following in mind:

  • All the potential vendors should receive the same description with the same requirements. The more precise and coherent the request, the more likely the different proposals will be comparable.
  • The more flexible the solution, that the vendor offers, the less technical adjustments will be needed, allowing the sponsor to lower the expenses.
  • Aside from the main ballpark estimate, it is important to keep in mind additional costs, like CRO onboarding and data dashboards personalization.

Step 4: Vendor Confirmation

Once the vendor is chosen, the sponsor conducts an audit and verifies the vendor’s compliance and the internal processes. This can either be done directly by the vendor or can be outsourced to an external consultant.

In case of a successful audit, the collaboration with the vendor is formalized with an appropriate contract.


Each of the four steps are very important for making the right choice and ensuring compliance. However, the most critical step is defining the requisites and the expected results. The correct definition at this stage is the secret for the successful oversight and smooth collaboration.

Sponsors need to make sure that they involve all the stakeholders in the definition of the requisites and avoid the silos between the departments. If such key stakeholders as business department and IT teams are interested in different characteristics and have different expectations, sponsor needs to ensure that it shortlists the solutions that are a good trade-off for both of them.

Given the increasing outsourcing trend in clinical trials, it is not surprising that ICH E6(R2) was introduced, as it allows to address, in more detail, the relations between the sponsors and third parties. ICH E6(R2) has changed the way the information circulates between the sponsors and the CROs and has pushed the companies towards adopting new technology to collect, organize, and share the information in a more efficient and cost-effective way.

How can we support you?

Arithmos has extensive expertise in oversight vendor selection. We support you at every stage of the vendor selection, from business analysis to solution integration. Our extensive knowledge of oversight allows us to choose and customize for you an oversight solution that guarantees efficiency and compliance.

Contact us to learn more about our oversight vendor selection support.

Career Insights: Interview with Michele Montanari, Life Science Applications Manager

Life Science Applications Manager

Career Insights: Interview with Michele Montanari, Life Science Applications Manager

This is the second blog in a new ‘Career Insights’ series and we talk to Michele Montanari, Life Science Applications Manager, to find out more on his background, career path, and his interests outside of work.

Life Science Applications Manager

Have you always been passionate about Life Sciences field?

I have decided to work in the field of Life Sciences already back in school, because I was so passionate about it. One of my first Christmas presents was a toy chemistry set!

I have studied Chemistry and Pharmacy at the University and then started looking for a job in pharmaceutical industry. That was 14 years ago. I tried doing job interviews for Medical Representative positions, but it didn’t click. Then I switched to the clinical field, and it was a perfect match!

What has been your journey to your current role at Arithmos?

I have known Paolo Morelli, the CEO of Arithmos, for many years. I was inspired by Paolo’s idea to create an innovative company with entrepreneurship spirit. Besides, I always loved technology, so the idea of adding it to my profile h was very appealing.

In Arithmos I started as Project Manager, then became Senior Project Manager, and last year I was promoted to Life Science Applications Manager.

What are your duties as Life Science Applications Manager?

I am responsible for supervision of all the activities of Life Science team, including management of the team and resources, quality delivery of projects and adhering to deadlines. We implement the existing applications, such as Symphony EDC and Argus BluePrint, do vendor selections and support our clients with such tasks as data migration and system integration.

What career achievements are you most proud of?

Becoming a Life Science Applications Manager. It gives me an opportunity to learn every day. I get to work closely with clients and manage our portfolio. I wasn’t involved with these tasks so much before, and I love exploring these sides of Arithmos.

As Applications Manager I also act as a brand ambassador and represent Arithmos during meetings with clients and partners. I enjoy helping to shape our image and conveying our values.

What most inspires you about working in this field?

Life Sciences is a very dynamic industry. In Arithmos I have the possibility to use my creativity and suggest innovative solutions for our clients. Technology in Life Sciences has reached such a level of development that it allows me to go off the beaten path and think outside the box to solve the tasks.

What would be your top tips for early career Life Sciences technology specialists looking to develop in this field?

I have two pieces of advice:

  • Invest in communication skills. Working with technology doesn’t mean that you won’t talk to people, opposite to a wide-spread stereotype. You will be in touch with your team and with clients. Besides, your interlocutors will not always be people who understand technical slang and jargon. You will need to understand the profile of the person you are talking to, before using specialised terms.
  • Always evaluate the risks. There are 10 ways to do the same project, at 10 different costs and with 10 different timelines. To ensure the best performance, you need to evaluate the risks of each option and choose the less risky one. Of course, you can also choose to disregard a risk, but it should be a conscious decision and making it requires great skill.

What are your personal values?

I believe in respecting others, regardless of their age and position. For me this is the basis of any successful collaboration.

What do you love to do for fun?

Life Science Applications ManagerI am a huge music fan. Not only do I listen to it, but I also play it. I am a member of a rock band where I play a synthesizer. We write music and lyrics ourselves and we have performed all around Italy and European countries, such as France, Switzerland, Austria, and Slovenia.

My second hobby is beer brewing. I am almost a full-fledge professional at it! I started 8 years ago, and I would say that it was born from my passion for chemistry. There are a bunch of different beers in my portfolio, such as British, American, and Irish beer.

 Arithmos careers

We are always looking for talented and motivated professionals ready to join us. Would you like to be part of our successful team? To find out more about our job openings click here.

Choosing the Right EDC: Advice from a Data Manager

EDC Data Management

Choosing the Right EDC: Advice from a Data Manager

How do you select the best Electronic Data Capture (EDC) system for your study? What are the must-have features and what are the nice-haves? We have asked Pedro M. Lledó, a Clinical Data Management professional with over 20 years experience, to share his tips for choosing the right EDC based on its functionality.

Key factors to consider

When you are looking for a new EDC system for a study, you should consider the following key factors:

  • Vendor – find a reliable and seasoned company, with years of experience. They know how to avoid the most common errors when it comes to selling and implementing an EDC.
  • Type of study – the EDC choice depends on the type of study and the type of users involved. You don’t always need to get the most expensive and powerful EDC on the market. For example, for Phase I or Observational studies you shouldn’t search for a complexity of an eCRF for an oncology study.
  • System functionalities, including how the system is hosted (cloud or on premises).

When choosing a system, make sure you involve all the teams you’ll need during the study. Talk to them in advance and let them know what the adoption of a new EDC system means. For instance, if you involve only IT and DM departments, they can choose a system which does not support partial SDV. Clinical Operations department will learn about the system right before the study. When they discover that the partial SDV is not available, they will be concerned, as it is very important for them and for the sponsor.

The features listed below will ensure that you have efficiency, data integrity, smooth workflow, and your independence in training clinical personnel.

EDC Must-Haves

When you have identified several EDC candidates, check if they correspond to the most important criteria. Your future EDC should be:

  • Compliant – it must be a system that follows 21 CRF part 11 rules, ensuring it is FDA and EMA compliant.
  • Internet browser agnostic – it should run in the most popular browsers.
  • Easy to program different types of queries, intra page, inter page/visits – it should be possible to address the queries not only to the investigator site, but also to CRAs, DMs, and MMs.
  • Allowing per user access control – every user, depending on the assigned role(s), should have access only to the allowed data or actions.
  • Flexible – you should be able to create on page queries and offline periodic listings and reports. This is important because you need to receive the warnings at the datapoint where the problem is located. In addition, you need some standard periodic listings to group all the queries by type, page, module etc.
  • Easy to monitor – this includes the presence of integrated reporting, standard study performance reports, KPIs, metrics. We need to see how people that are related to the data cleaning are performing.
  • Easy to master independently – alongside a user-friendly interface, it is important to also have on-line help resources.

EDC Nice-Haves

The functionalities listed above are critical for having an efficient EDC that allows you to capture data in a smart way. However, if you would like to reduce the number of errors in your data, further boost data integrity, and ease the life of your Data Managers, I suggest to look for an EDC that allows you to:

  • Easily configure register of data managers, CRAs, sites and user accounts.
  • Carry out partial source data verification (SDV monitoring). This function allows you to save the resources and focus only on the critical variables during the verification process.
  • Configure query workflow. It gives you additional flexibility and control when it comes to defining the query workflow, thus reducing such risks as overriding queries.
  • Use it also on portable devices with a nice page rendering. A lot of medical personnel use mobile devices for activities control and CRF data entry.
  • Optimize data management with dynamic CRF environment per protocol or patient data. In such EDC, different visits/pages or modules will appear/be hidden dynamically in a patient CRF. CRF will adjust automatically the number of pages or modules to the amount of information.
  • Gather from/share data with other systems, like eTMFs, CTMS, ePRO systems, patient wearable data management systems, PhV systems, BI tools and reporting systems, etc. This reduces the amount of effort during the data input and ensures data integrity.
  • Carry out training online through an e-Learning training module.

Don’t forget to ask about the technology layer behind the system. Trust a reliable and performant database, with a dynamic, quick page loading and rendering front end.

Finally, do not rush! Take your time to find the appropriate EDC. It will later save you time, money, and stress.

Good luck!

For further information about choosing the right EDC and our proprietary EDC solutions please contact us at or click here.

Pedro Lledo Data ManagementAbout Pedro M. Lledó

Pedro M. Lledó is a physician by training who has been participating in clinical research projects for more than 20 years either as IT specialist, database administrator or clinical research data manager. Prior to joining Arithmos he has held leadership positions within CROs and biotechnology companies as Head of Data Management and Biometrics.

Career Insights: Interview with Alessandro Longoni, Senior Business Analyst & Project Manager

Alessandro Longoni Business Analyst Senior Project Manager

Career Insights: Interview with Alessandro Longoni, Senior Business Analyst & Project Manager

This is the first blog in a new ‘Career Insights’ series and we talk to Alessandro Longoni, Arithmos Senior Business Analyst & Project Manager, to find out more on his job, career path, achievements, and his hobbies.

Career Insights: Business Analyst and Senior Project Manager

Hello Alessandro! Can you say a couple of words about your work in Arithmos? What do you do?

I manage implementation, optimisation and development of Life Science technology solutions and services. My specialist area is safety projects that revolve around Oracle Argus Safety – it means that I am responsible for defining the project direction, coordination, implementation, execution, control and completion. The important part is also ensuring that it is consistent with our client’s strategy, commitments and goals.

Have you always been passionate about technology and Life Sciences?

I have always been into tech and opted to study Computer Sciences at the University of Milan in Italy.

My career in Life Sciences started thanks to a pure chance. I took a course carried out by a consultancy company that had a dedicated Life Sciences unit. As I was a top performing student, I was offered a job opportunity. It was a chance to try something new, so I have jumped on it. Here I am 13 years later – I have never regretted my choice!

What has been your journey to your current role at Arithmos? I see it combines two elements – Project Management and Business Analysis, why so?

I knew Arithmos very well before starting to work here – it has a great reputation in the Italian Life Sciences market. A couple of years I met Arithmos team at Oracle Safety Focus Group Meeting in Berlin – back then I was already working closely with Oracle safety applications.

A year later, Arithmos safety business started growing exponentially, so they needed someone who could manage new projects. They contacted me and I couldn’t resist. I love the combination of Project Management and Business Analysis – it means that I do not only get to implement the project, I am also doing a lot of preliminary analytical work to ensure that we are offering the best service to our client.

Why do you think there is such a big demand growth for Argus?

Oracle Argus Safety is one of the biggest solutions on the safety market. Arithmos with its pre-validated and pre-configured BluePrint version allows small and medium companies get an enterprise software at affordable costs, which is an incredibly attractive option.

I understand you also have a mixed background – Communication and Computer Sciences, why such a combination?

Yes, I have Bachelor’s Degree in Information Technology. After it I wanted to learn how technology and people are interconnected. This is why for my Master’s Degree I have opted for a program that combines IT, psychology and communication sciences. It allowed me to learn how technology interacts with people. Turned out to be excellent choice for my future career!

What career achievements are you most proud of?

I was fortunate enough to be heavily involved in the creation of a new solution for the Arithmos portfolio. Our new unique technology solution for pharmacovigilance – Data Analytics and Reporting tool – is an exciting platform that allows Life Sciences companies to easily ensure reporting compliance as well as benefit from the advanced analysis of their safety data.

We are releasing it on the market soon, so keep your eyes peeled!

What most inspires you about working in Life Sciences?

I love the fact that I work in the field where I can make a difference. Of course, I am not a doctor, but the technology that we provide has a positive impact on patients’ lives.

What would be your top tips for early career specialists looking to develop in safety technology?

  • It is fundamental to have both technical and pharmaceutical background. It can be challenging to get both at the university, so if you have a tech background, make sure you invest a lot of your free time in mastering the safety topic and vice versa.
  • Invest time and effort in order to understand both sides of your job.

What are your personal values?

Empathy and honesty. I work closely with clients’ and communicate to multiple stakeholders and I need to be on the same wavelength as them, ensuring I understand their challenges. Empathy is important for understanding their perspective and honesty allows me to build trust and collaborate efficiently, ensuring we deliver the best results.

What do you love to do for fun?

I play tennis. I have been playing it for 15 years, and I have a tournament on Sunday, so wish me luck! For me it is the best sport – it requires maximum concentration and refined technique. Besides, it is very competitive, and you can play it both indoors and outdoors!

Good luck and thank you for taking the time to talk to us!

Join our team

We recognize the value of our employees and are committed to their professional growth and development. We always look for talented and motivated professionals ready to join our successful team! Discover our current job openings here.

What are the top three cybersecurity threats in healthcare in 2019

Top three cybersecurity threats in healthcare in 2019

Top three cybersecurity threats in healthcare in 2019What are the top three cybersecurity threats in healthcare in 2019

Cybersecurity in Life Sciences organizations should not be neglected

It is no surprise that Life Sciences organizations, which often manage massive volumes of sensitive health data, can be a desired target for cybercriminals.

In this context, the generic term Life Sciences covers a whole range of entities: from medical research centers to sponsors of clinical trials like pharmaceutical or biotechnology companies.

To put things in perspective, selling electronic health records much more profitable for cybercriminals than credit card information. With every cyberattack, patients and their safety are put at stake, as well as an organization’s reputation. When it comes to the companies developing treatments, such pharmaceutical companies, they also risk integrity of these products in case of cyberattack.

With the cybersecurity threats that the sector faces every day, it is imperative for Life Sciences organizations to address these concerns and strengthen their cybersecurity framework. In this article Arithmos outlines the top three cyberthreats that became the biggest menace to Life Sciences in 2019:

  • Information security measures and awareness;
  • Unsecured and unmanaged devices used as part of BYOD approach;
  • Ransomware attacks.

Limited spending on cybersecurity

Trends in the industry show that a lot of Life Sciences companies are still not willing to make the investment in cybersecurity.

Limited spending may lead to risks that could have been avoided. For example, on average, healthcare organizations spend anywhere between four to seven percent of their budget on information security. The financial sector, on the other hand, budgets in around 15 percent.[1]These budgets are not proportionate considering that healthcare organizations have the highest costs associated per patient, per breach.

Not investing in company training and information security awareness means that employees are not informed on their contribution to security, current cyber threats and ways to identify possible attacks in time. Most of the time, employee training is equal to a couple PowerPoint presentations and videos, certainly not providing them with enough resources to tackle possible breaches. 27 percent of data breaches are associated with human error[2].

Properly training employees, investing and partnering with capable providers that comply with regulatory requirements and international standards (providers that are ISO/IEC 27001:2013 certified, for example), and training these employees regularly might allow for less room for errors.

Bring Your Own Device

As of 2018, 71 percent of hospitals allow for some form of “Bring Your Own Device”.[3] Previously, doctors and nurses relied on the use of hospital-owned devices to communicate and share patient data.

When it comes to clinical trials, the BYOD is also becoming a standard strategy for data collection with the introduction of wearables.

BYOD approach has number of advantages:

  1. In hospitals, it allows for greater efficiency amongst co-workers in different shifts;
  2. Facilitates medical staff in tracking patients even when out of office;
  3. Promotes cost savings as the organization does not finance the devices;
  4. For patients, it ensures user-friendliness, since they know the devices;
  5. It increases patient retentions in clinical trials.

Despite offering solutions to many challenges, the lack of regulations on the security and privacy of the information being shared is a growing concern of BYOD. There are a few guidelines that can be used to avoid cybersecurity threats. They should specify:

  1. Which devices are allowed and secured;
  2. Who has access to them;
  3. What type of information can be stored on them;
  4. How they are secured;

By strictly following these guidelines, healthcare organizations can at least be certain that they know their devices. This ensures they are better equipped to understand and assign appropriate technical support related to the devices if and when they encounter probable breaches and leaks of information that could be caused by any of these devices being lost, stolen, or misplaced.


In May of 2017, the WannaCry cyberattack, an incident involving the “WannaCry” ransomware cryptoworm, infected over 300,000 computers encrypting valuable data (including patient data from hospital computers) and demanding payment in bitcoins for the data to be returned safely.

Although WannaCry demanded $300 in bitcoins to every computer it infected, money is not always the only driver in ransomware infections. These malware infection can cause data exfiltration or alter patient data, possibly misdiagnosing individuals.

Although cyber-attacks are unpredictable, running the newest software and upgrading computers and programs continuously are some measures that should be taken to be to decrease an organizations likelihood of being affected. An information security risk assessment on the Company’s information done by qualified personnelis the first step towards decreasing the risks.


Cybersecurity is a major concern for all industries, but especially for the healthcare industry as they hold highly appealing information to cybercriminals.

Whether that means budgeting more money for IT maintenance and information security, providing training services for employees, partnering up with companies that offer protective services, updating computes and programs more frequently, or regulating unprotected devices more closely, it is necessary for healthcare organizations to prioritize the protection of their data and to start taking the right steps in the direction of prevention.

For its solutions, Arithmos provides hosting services ensuring compliance with international standards. The Information Security Management System (ISMS), certified according to the ISO/IEC 27001:2013 standard, assures desired level of information security.

Arithmos also offers data migration services for companies still using legacy systems, in order to move to up-to-date systems thus improving data security and granting the compliance with continuing evolving regulations.

Want to know more about how Arithmos ensures cybersecurity of its Life Sciences clients? Contact us at

Interested in more Arithmos content?


[1]Susan Morse, (2019).  “Healthcare’s number one financial issue is cybersecurity”;

[2] 2018 Cost of a Data Breach Stud: Global Overview, Ponemon Institute and IBM;

[3]10 Facts About BYOD: Healthcare Secure Text Messaging, Spōk;


Digital Transformation in Life Sciences: an Insider Look

Silvia Gabanti Interview_2

Silvia Gabanti Interview_2

Digital Transformation in Life Sciences: an Insider Look

As the word “digital transformation” appears more and more often on the Life Sciences event agenda and in industry article titles, Arithmos has decided to look at this trend through the eyes of an industry professional. We sat down with Silvia Gabanti, Managing Director of Arithmos, to talk about how technology transforms clinical research, patient centricity and healthcare and what are the biggest challenges for going digital.

Silvia Gabanti has an impressive 15-year track record in the Life Sciences industry which started in the CRO environment where she was working with applications for pharmacovigilance and clinical trials.

Hello Silvia, thank you for joining us today. Digital transformation is a big concept what can be defined in numerous ways, how would you personally describe it?

I would say that Digital Transformation is a transformation of all the activities, processes and competencies in a way that allows us to harness the advantages of new digital technologies.

In order to approach digital transformation, all companies should think and act as technology companies, regardless of the industry they belong to.

I know it is not easy – it is a complete change of mindset! That is why such companies as Arithmos exist – we can act as consultants to bring this cultural shift in a company.

When did the relationship between digital transformation and Life Sciences start?

I am convinced that the industry started to change already two decades ago. It was not a drastic change though, but rather a slow one. It all started when technology became available not only for tech people but also for regular users. The Digital Transformation was on track when personal computers appeared in every home.

This was when the Life Sciences industry took notice and jumped on the new trend and started looking closely at technology.

The next Digital Transformation benchmark was at the end of the 2000s when social networks evolved. What started as entertainment actually had a significant impact on the Life Sciences industry. Just look at how companies are using social media for signal detection in pharmacovigilance or for recruiting patients to trials!

Life Sciences, like any other industry, mirrors our lives – technology is changing our lives, and we bring these changes to more complex fields like clinical research.

Technology became an extension of our resources and capabilities.

It definitely did. What is the manifestation of these changes that technology brings in Life Sciences?

I would say the key manifestation is information. Take the same social media we have been talking about – it is not a complex technology. What is exceptional about it is the huge flow of information that we have never seen before.

The amount of information we deal with now in the pharmaceutical environment is staggering. However, this information is what feeds the industry – information is the basis of the clinical research and Pharmacovigilance, and all this data and information allows us to make better decisions that result in better outcomes for patients.

Another manifestation of digital transformation is advanced technology. We are now developing tools that help us deal with this huge flow of information: – IoT, Artificial Intelligence, etc. The next step is Machine Learning, an extension of Artificial Intelligence.

Digital Transformation can brighten the future of Life Sciences, but for sure, there are constraints when it comes to these new technologies. What are the two biggest challenges in your opinion?

I would say that the biggest constraints are data security, privacy, and data integrity. It is of paramount importance to safeguard the privacy of data and to ensure that the data is reliable and accurate. And let’s not forget about compliance! Otherwise, there can be negative consequences for all the stakeholders involved: from the physician to the drug development companies, and most importantly the patient.

Over 50 percent of pharma companies reported data security breaches last year. If we are going to treat data as our most valuable asset, as it should be, we also need to protect it.

How can we ensure security and privacy?

Every entity that processes personal and/or sensitive data should think of security and privacy in a broader sense since privacy is not limited to only their system. They should see the whole picture.  Even if the patient data in the Clinical and/or Safety system is pseudo-anonymized, the risk of multiple breaches in different systems (even if indirect and remote) has to be taken into account and mitigated. Here is where we see continuously evolving technology adding to the complexity of security and privacy risk management. By evolving technology, I mean IoT, usage of personal devices in Clinical Trials, and so on.

Again, this requires a change in mindset and understanding the importance of investing in this area. Digital Transformation is not simply the implementation of new technology, it’s a structural change.

What about GDPR?

GDPR is something quite new in terms of regulations, but it has followed the privacy trend that has always existed in Life Sciences. Nevertheless, the new regulation lays the foundation for a more structured and coherent approach to data privacy and security.

What about data integrity?

Data integrity means the data must be reliable. Sounds simple, but in reality, it is a complex task. Here technology is essential: vendors should have technology solutions that allow for complete, consistent and accurate data outputs.

This means that companies must implement meaningful and effective strategies to manage their data integrity risks based on their process understanding and knowledge management of technologies and business models. What does Arithmos do to stay on the forefront of Digital Transformation in Life Sciences?

We leverage. For Arithmos, Digital Transformation is not a result, it is a process. We accompany our clients on this path: we help them to identify the need and then work together on transforming the processes and finding the right technology to satisfy this need.

Of course, we should not forget about change management. Digital Transformation is not possible without changing mentality and the business culture in general, and Arithmos can support with this. Our digital transformation starts internally, and we perform training and explain new approaches to all employees from upper management to operational, business and administrative resources. We also define a sustainable roadmap.

We believe in Digital Transformation and the innovative changes it brings to Life Sciences environment.

Digital Transformation with Arithmos

Do you want to integrate new technologies and processes? Is your company evaluating a digital health strategy? Arithmos works with companies to define a Digital Transformation journey that includes:

  • Disruptive Technologies – Digital Health and eClinical selection and consultancy: IoT/Wearables, eClinical (EDC, ePRO);
  • Process Management – Review and improvement of procedures and SOPs;
  • Oversight & Visual Analytics – Oversight platform, Business Intelligence tools, Visual Analytics, Statistical/Data Interpretation and Data Management;
  • Data Integrity & Security – Gap analysis for data security and GDPR compliance, Computer System Validation in GxP environment, necessary ISO certifications;
  • Industry Compliance – Regulatory guidance and compliance;
  • Data Science – Biostatistics, Statistical Programing, and Data Management;

Send us an RFI via our website to understand how Digital Transformation can be applied to your company!

Interested in more materials on Digital Transformation?

Risk management requirements for post-market surveillance for medical devices

Risk management requirements for post-market surveillance for medical devices

Risk management requirements for post-market surveillance for medical devices

 Risk management requirements for post-market surveillance for medical devices

Medical Device Regulation: what is it about?

The EU’s Medical Device Regulation (MDR) is a hot topic in healthcare and a major concern for companies since 2017. It was officially published on 5th May 2017 and came into effect on 25 May 2017. The MDR is supposed to replace the current EU documents, Medical Device Directive (93/42/EEC) and Directive on active implantable medical devices (90/385/EEC).

Manufacturers of currently approved medical devices are given a transitional period of 3 years, till the 26th of May 2020, during which they have to reorganize the operations to meet the requirements of the MDR. However, certain devices that meet special requirements can be granted permission to extend the transition period till the 26th of May 2024.

Post-market surveillance: what’s new

Articles 82 through 86 and Annex III of the EU MDR describe the requirements for a post-market surveillance system (PMS), making PMS mandatory, and those manufacturers who want to remain in compliance with new MDR are obliged to re-organize the PMS system and Vigilance System following the new requirement.

The PMS process is the collection and analysis of the data that comes from the various sources according to Annex III and is carried out according to a PMS plan for each product. There are various purposes for which this data can be used, such as:

  • Update of the benefit-risk determination and improvement of the risk management;
  • Update of the design and manufacturing information, the instructions for use and the labeling;
  • Update of the clinical evaluation;
  • Update of the summary of safety and clinical performance;
  • Identification of needs for preventive, corrective or field safety corrective action;
  • Identification of options to improve the usability, performance and safety of the device;
  • Contribution to the post-market surveillance of other devices (when relevant);
  • Detection and reporting of trends.

Risk management requirements for post-market surveillance for medical devices

With PMS becoming a duty for medical device manufacturers, the effective risk management system becomes a priority as well as one of the three basic elements that ensure compliance and safety, alongside with PMS and clinical evaluation (see Image 1).

According to the MDR, manufacturers are expected to provide evidence of a risk management plan created for the whole lifecycle of products. Such plans should be used for tracking and reducing any potential hazards and ensuring the safety of the devices.

The MDR references to the following risk-related key notions:

  • Risk is defined in Article 2 as “the combination of the probability of occurrence of harm and the severity of that harm”;
  • Benefit-Risk Determination is defined in Article 2 as “the analysis of all assessments of benefit and risk of possible relevance for the use of the device for the intended purpose, when used in accordance with the intended purpose given by the manufacturer”;
  • General obligations are defined in Article 10 in the following way: “Manufacturers shall establish, document, implement and maintain a system for risk management as described in Section 3 of Annex I”;
  • The Quality Management Systems shall address the following matter – “risk management as set out in in Section 3 of Annex I”[1]

Risk Management for Medical Devices

The following requirements by the MDR should be addressed in order to ensure compliance and correct benefit/risk management:

  • establish and document a risk management plan for each device;
  • identify and analyse the known and foreseeable hazards associated with each device;
  • estimate and evaluate the risks associated with, and occurring during, the intended use and during
  • reasonably foreseeable misuse;
  • eliminate or control the risks referred to in point (c) in accordance with the requirements of Section 4;
  • evaluate the impact of information from the production phase and, in particular, from the post-market
  • surveillance system, on hazards and the frequency of occurrence thereof, on estimates of their associated risks, as well as on the overall risk, benefit-risk ratio and risk acceptability;
  • Amend control measures if necessary.

What else is there to keep in mind?

In 2019, a new ISO 14155:2018 draft will be published and will contain changes on pre- and post-market clinical investigations for medical devices. It is expected that the new, third revision will contain more explicit and thorough indications on risk management. Additionally, it will be closely tied to the risk management requirements outlined in ISO 14971.

Other significant changes in the new ISO 14155:2018 draft include:

  • Guidance on clinical quality management, clinical investigation audits and ethics committees
  • Risk-based monitoring requirements
  • Registration of clinical investigations in publicly accessible databases
  • Clarifications on how ISO 14155 requirements apply to each stage of clinical development
  • Annexes relating ISO 14155 to the European Medical Devices Regulation, and to the Medical Devices Directive (MDD) and Active Implantable Medical Devices Directive (AIMDD).

Useful Medical Device Regulation terminology

  • MDR – Medical Device Regulation
  • PMS – Post Market Surveillance
  • PIP- Poly Implant Prosthesis
  • MDD – Medical Device Directive
  • FDA – Food and Drug Administration
  • PMCF- Post Market Clinical Follow-up
  • CER – Clinical Evaluation Report
  • RM – Risk Management
  • PSUR- Periodic Safety Updated Report
  • PMSR – Post Market Surveillance Report
  • SSCP – Summary on Safety and Clinical Performances
  • SAE – Serious Adverse Event
  • IFU – Instruction For Users

Are you looking for technological solutions to facilitate clinical trials and adverse events management for your Medical Device products? Arithmos offers such solutions as Symphony, flexible and easy to set up EDC system, and Argus BluePrint, pre-validated and pre-configured version of Oracle Safety, that ensure compliance and security of the processes for Medical Device companies. Arithmos, alongside its sister company seQure Life Sciences, can also support companies in a consultative way by making sense of the MDR and analyzing a company’s needs in terms of quality assurance and regulatory compliance. We can support with an initial gap analysis and risk assessment regarding the MDR.

Contact us to learn more about our Medical Device solutions.

[1] BSI: MDR – Risk and Clinical Requirements

Page 1 of 212

Follow us on Twitter