The use of AI Platforms in Clinical Research
Clinical Research Steering Committee
Meeting Date: 10 September 2025
Attendees
Role
Suzanne Plezier
CRSC Chair
Jennifer Goldman
CRSC member
Ross Petit
CRSC member
Jennifer Burg
CRSC member
Attendees
Role
Kristina Johnson
CRSC member
Dan Larson
CRSC member
Katerina Adragna
Guest
Lisa Mulder
Admin
Agenda/ Questions:
- Any recommendations of potential AI platforms?
- What processes should we have in place in order to use AI?
- When should we use / stay away from social media?
- Any experience with a community letter? (A layman's version of a company press release) -if sent to patient advocacy groups, does this require IRB/ IEC approval?
- Any recommendations for GDPR vendors?
Clarify the process when patients request full deletion of their data (vs ICF withdraw and not collecting any new data)
Summary
Recommendations of potential AI platforms:
- Members shared experiences using generative AI (ChatGPT, Gemini, Claude) for tasks such as:
- Writing job descriptions, confirmation letters, and study documents.
- Medical writing support (e.g., drafting CSRs and protocols).
- Competitive intelligence (summarizing publicly available data).
- Some companies are piloting specialized AI vendors for medical writing and clinical documentation.
- Committee members stressed the importance of knowing what data models were trained on, to avoid unreliable outputs.
- For site selection, tools like and Sightline (https://www.sightline.com) were mentioned.
- Vi (https://vi.co/) was mentioned for recruitment (US only for now).
Overall, it seems AI is mostly used for Medical Writing however not so much implemented for other process improvements or efficiencies.
Processes for using AI:
- Discussion highlighted the need for practical policies rather than bans, since employees will use AI regardless.
- Examples of company-level approaches:
- Policies restricting proprietary data input.
- Employee acknowledgment forms confirming responsible use.
- Training on effective prompting and proper use cases: there is a huge array of prompt training platforms and tools, but it really depends on the depth of knowledge people are looking for and probably more importantly how they are planning to use generational AI (like Chat GPT). The CRSC recommended the following:
-Google Prompting essentials (can access through coursera.org)
-Generative AI for Everyone (DeepLearning.AI) – www.coursera.org
-LearnPrompting.org
- Consensus: AI can save time and costs but should not be used with sensitive or proprietary study data unless in a closed system.
- Suggested company guidance: differentiate between proprietary vs. non-proprietary use cases
When to use / stay away from social media
- Not discussed due to time limitations after other topics were prioritized.
Community letter (lay press release to advocacy groups, IRB/IEC approval requirement)
- Not discussed due to time limitations after other topics were prioritized.
General Data Protection Regulation (GDPR) vendor recommendations and patient data deletion
- Priority agenda item; in-depth discussion held.
- Vendors mentioned:
- MyData Trust (https://www.mydata-trust.com) seen as conservative, sometimes over-complicates.
- RSM Global (https://www.rsm.global/) good IT/legal coverage, more costly.
- DPO Center (https://www.dpocentre.com/) life sciences focus, positive feedback, but services considered expensive by some.
- KPMG, McKinsey, CROs, or DIY platforms (less tailored).
- Consensus:
- Small biotech’s might not need to be fully compliant immediately but must show a roadmap to compliance.
- Essential elements:
- Appoint Data Protection Representatives (DPR) in EU and UK (approx. $1k/month).
- Data flow mapping (collection, storage, transfer, deletion).
- Updated consent language with GDPR requirements.
- Clear SOPs for data storage, deletion, and breach response.
- PMN: Contract and clinical trial agreement review (apply standard contractual clauses [SSC])
- Deliverables are usually assessments and compliance roadmaps, not certificates.
- It was flagged that even email addresses as part of company website inquiries fall under GDPR if person is in/from EU/UK.
- Clarifications:
- Sponsors (data controllers) remain accountable, even if vendors act as processors.
- Clinical trial data from EU patients remains subject to GDPR, regardless of where analysis is done.
- Similar privacy standards are emerging in the UK and California.
- Additional notes:
- Options to either create your own platform including in house data protection officer (DPO) or outsource through vendor or consulting.
- Make sure you allocate $$ in your budget for GDPR compliance set up and maintenance or accept the risk for (high) fines.