1PHT Insights — Second Quarter 2009                                              Sponsors Deserve Trustworthy Patient Repo...
2PHT Insights – Second Quarter 2009Sponsors Deserve Trustworthy Patient Reported OutcomesData entered are time-           ...
3PHT Insights – Second Quarter 2009Sponsors Deserve Trustworthy Patient Reported Outcomesautomatically made of            ...
4PHT Insights – Second Quarter 2009Sponsors Deserve Trustworthy Patient Reported OutcomesPHT strictly enforces its policie...
5  PHT Insights – Second Quarter 2009  Sponsors Deserve Trustworthy Patient Reported Outcomesnames and identifying codes f...
Upcoming SlideShare
Loading in …5

How to Safeguard ePRO


Published on

Sponsors and CROs must be assured that clinical data collected for regulatory submissions comply with the regulations and guidance around the world for data quality and integrity. Regulatory agencies are placing more emphasis on the voice of the patient, and they are auditing patient reported data for validity and trustworthiness. Intuitively, capturing patient data electronically instead of on paper would seem capable of providing valid data more reliably and efficiently. PHT has demonstrated that this is true.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

How to Safeguard ePRO

  1. 1. 1PHT Insights — Second Quarter 2009 Sponsors Deserve Trustworthy Patient Reported OutcomesHow PHT Safeguards Electronic Patient Reported Outcome (ePRO)Data Collected from Global Clinical TrialsSponsors and CROs must be assured that Since PHT collects and produces electronic records that become part of a submission toclinical data collected for regulatory submis- global regulatory agencies, data on these electronic diaries (eDiaries) must be of highsions comply with the regulations and guidance integrity and quality, and trustworthy sources of scienti c ndings. The PHT Qualityaround the world for data quality and integrity. Management System (QMS) has been designed with safeguards that reach beyond government requirements for safe data, secure data, archived and easily retrievableRegulatory agencies are placing more emphasis data. PHT is the only ePRO handheld eDiary provider with ISO 9001:2000 certi cationon the voice of the patient, and they are auditing of its Quality Management System – one of the reasons why most of the world’s largestpatient reported data for validity and trust- pharmas choose PHT to collect ePRO data for their global studies.worthiness. Intuitively, capturing patient dataelectronically instead of on paper would seem T ensure that best practices are Tocapable of providing valid data more reliably Bene ts of ISO 9001:2000 Certi cation leveraged with each trial, PHTand ef ciently. PHT has demonstrated that provides scienti c and technical • Superior Product Quality review throughout the sales andthis is true. • More Reliable Technology project development stages toAll PHT products meet the requirements of the help clients specify ePRO dataUnited States Food and Drug Administration • Ef cient Business Processes, Saving Time g gathering requirements for(FDA), the European Medicines Agency (EMEA), and Money e clinical trial. Once these eachthe European Union (EU), the International • Global and Repeatable Quality Standards d requirements have been dataConference on Harmonisation of Technical c rmed for a trial, PHT builds conRequirements for Registration of Pharmaceuti- • Continual Improvement of Processes a tests a prototype that is and s shared with the client, and (1)cals for Human Use (ICH), the Pharmaceuticals makes changes to the ePROand Medical Devices Agency in Japan (PMDA), s system based on review of theand others. These regulations and guidelines prototype with th client, (2) translates diary screens with validated translation text, t t ith the li t t l t diare intended to ensure that the electronic systems (3) performs full validation and supports User Site Testing (UST) of the system with theused in clinical research are safe and protected client, and (4) trains both sponsor and site personnel.from tampering; that the electronic records suchas ePRO diaries are accurate, reliable, and PHT has four phases of internal processes and procedures that ensure that all eDiaryauditable; and that personal information of trial data are of the highest quality – whether collected by a mobile PDA for home entries, or a touch-screen tablet PC for of ce entries.subjects is protected.This document describes how PHT provides datasecurity through its software applications, datatransmissions, physical data storage, database 1. PHT Electronic Mobile Devices are Con gured to Collectand documentation backups, and audit trails. Clean Data. To ensure that high quality data are captured on every eDiary, all PHT devices are designed to verify date and time of data capture, and apply edit checks and logical Contents branching. Once each eDiary is designed, PHT conducts extensive internal testing of1. Con guration of each eDiary System p.1 each application, and documents conformance to the protocol requirements for data capture. Internal tests of each device and ongoing calibrations during trial execution2. Pre-Deployment Testing of Mobile Devices p.3 prevent discrepancies such as con icting time stamps per diary, incomplete diaries or diaries that are out of sequence, or loss of data during transmissions regardless of line3. Execution of Data Collection and Storage p.3 or signal quality. There are several product capabilities and PHT practices that enable4. Real-Time Data Review and Archive p.4 all study con gurations to reach a high standard of data quality and integrity:
  2. 2. 2PHT Insights – Second Quarter 2009Sponsors Deserve Trustworthy Patient Reported OutcomesData entered are time- When a PHT mobilestamped accurately. 5 Steps to Submissible Data device battery has runPHT synchronizes study 1. 2. 3. 4. 5. low, the internal logicserver clocks hourly with PHT Scientific & ePRO Data ePRO Data Sites & Sponsors Archive of ensures that the deviceUS National Institute of Technical Teams Collected Transmitted to Authorize Real-Time Complete and clock is synchronizedStandards and Technol- Configure Mobile at Home or StudyWorks Access to Data Untampered XML in advance so that any Devices to Collect at Site and Redundant Record Availableogy (NIST) time serv- Clean Data Servers for Audit new data are accurate-ers, and monitors the ly time stamped. Authorized Queriesperformance of its clocks Time of data entryto ensure that time server can be scheduled.disparities from the Subjects using paperNIST atomic clock never diaries have long beenexceed 1 second. All known to record dataPHT ePRO mobile device in advance, or hoursclocks, which keep UTC, or days after the timeare monitored for accu- Complete Complete Backup Confirmed Transmissions required in the studyracy and resynchronized Confirmed protocol schedule.at each transmission Retrospective reportingwhen they connect to the of symptom severity isserver. Daylight savings of questionable value. Subjects may report past symptoms based onrules and time zone offsets are updated when governments change their current symptom experience. Using PHT ePRO provides certaintythem. PHT tracks such changes world wide and updates the tables in that the report was done according to schedule. Such timely data haveour devices so that they consistently show correct local time computed been reported to reveal ef cacy of medications with smaller samplefrom an accurate UTC clock. sizes than comparable data using paper methods where completionData are edit-checked. PHT can design ePRO questions to ensure that time was not enforced.subjects cannot leave any required question unanswered, or enter According to the FDA, “If a patient diary or some otherdata that violate logic. Examples of edit-checking include only allowing form of unsupervised data entry is used, the FDA plans todigits (and not text) in responses that must be numerical, preventing review the protocol to determine what measures are takenentry of inappropriate dates in the future, and only allowing entry of to ensure that patients make entries according to the studyblood pressure readings within the range that the measuring instru- design and not, for example, just before a clinic visit whenment can read. their reports will be collected.” 1Screens follow a logical branching sequence. In each eDiary,subjects are automatically directed to the next logical question in order Devices and data can drive required activities. PHT devices sup-to preclude entering inconsistent or con icting data. Subject comments port pre-programmed or conditional alarms to remind the subjectcan be supported, but, unlike paper data methods where marginalia that it is time for data reporting or time to take medications orcan be abundant, comments such as “my hair hurts” can be limited treatments. All entries made on PHT devices include a date andto particular screens for appropriate levels of review or simply time stamp to validate the timeliness of all captured data down toprevented. the minute. Additionally, the PHT system can be set up to generate automatic email alerts to sites and sponsors when subjects fail toData entry is restricted to authorized users. Each PHT mobile device comply with the protocol, or when they report clinical conditions thatfeatures logical protection with a unique encrypted and hidden pass- merit site support.word for sharing information with the PHT database via StudyWorks . In ®addition, each device can support several levels of access controls cho- Data remain unchanged and protected from premature loss orsen and/or entered by the subject (or other authorized person) to whom destruction. Government regulations require that sites prepare andthe particular device has been assigned. Access controls help ensure maintain source data. PHT enables site investigators to ful ll thesethat captured data are fully attributable. For maximum data security, all requirements by protecting all original eDiary data in StudyWorksexchanges of data during transmissions are encrypted and are compre- where authorized site personnel can access them at will, reviewhensively logged on both StudyWorks and the mobile device to preserve them or cause them to be corrected. Full audit trail records arethe contextual information pertaining to each transmission. 1 Lines 334-337, ‘Guidance for Industry. Patient-Reported Outcome Measures: UseData are protected during battery removal, low voltage and in Medical Product Development to Support Labeling Claims. DRAFT GUIDANCE.’ U.S.device resets. Device monitoring logic ensures that devices operate Department of Health and Human Services, Food and Drug Administration, Center for Drugproperly throughout the trial and prevents the possible corruption of Evaluation and Research (CDER), Center for Biologics Evaluation and Research (CBER),results if batteries get too low or users trigger inappropriate resets. Center for Devices and Radiological Health (CDRH). February 2006.
  3. 3. 3PHT Insights – Second Quarter 2009Sponsors Deserve Trustworthy Patient Reported Outcomesautomatically made of documents by the USany changes to the data Federal Drug Administra-after entry, including the tion on subject informedretention of the original consent and subjectvalue, date/time stamp protection, Institutionalof the change, the iden- Review Boards (IRBs),tity of the person who Investigational Newmade the change, and Drug (IND) devices, andthe dated digital signa- adverse event reporting.ture for attribution. PHT has consideredData remain privacy protection acon dential. Personal design imperative for itsData Protection is a system. The mandatesuniversal Human Right, of worldwide regulationsas af rmed in the PHT presence are met and will continueUniversal Declaration We’ll be to be met or exceededof Human Rights – there soon by PHT’s Product Suite.Article 12, and the Unlike paper diaryConvention for the collections, electronicProtection of Human PHT and ePro Around the World data capture increasesRights and Fundamental • 60% of all PHT trials are international subject safety with real-Freedoms – Article 8. • Language choices for subject and site – up to 16 on the same device time alerts for rescueMultiple global agencies • In-house production understands shipping and customs timelines medications and adverseand regulations events, and can do soprotect the security without compromisingand con dentiality privacy.of electronic health information, with the authority to enforcecompliance with nes for breach, refusal to allow use of the data 2. PHT Electronic Mobile Devices Pass Strictcollected, and/or legal consequences. PHT is in full compliance withregulations and guidelines for privacy of personal information for Internal Quality Testing Assurance Prior tostudy staff and subjects. Trial Deployment.The EU has created the broadest set of rules for protecting personal PHT conducts extensive internal validation testing of each device anddata, based on OECD guidelines. The EU Directive requires that study design, to ensure conformance to the protocol requirements fordata be (1) fairly and lawfully processed, (2) processed for limited data capture. To that end, the PHT study delivery function employspurposes, (3) adequate, relevant and not excessive, (4) accurate more testers than developers (currently a 3:1 ratio).and up-to-date, (5) not kept for longer than necessary, (6) processed As trial design engineers clarify protocol speci cations for a speci cin line with the rights of data subjects, (7) secure, and (8) not trial and begin writing code, the PHT Software Quality Engineeringtransferred to other countries without adequate protection. Many group develops appropriate test scripts. When completed, the testcountries follow the lead of the EU Directive for personal health data scripts are reviewed against the client requirements to ensure allprivacy. The United States seeks to protect data con dentiality at the required functionality is covered. Then they are used to test the studyNational level with speci c data privacy rules in the US Health Insur- code and system operations to document that the system functions as intended.ance Portability and Accountability Act [HIPAA]; Japan’s Act of theProtection of Personal Information is based on the 8 OECD criteria. In addition to internal Quality Control (QC ) testing, user site testingThe Asia-Paci c Economic Cooperation (APEC) 2005 framework is and database testing are undertaken for each trial. PHT project man-also based on the OECD guidelines, and is being further developed. agers work with clients to assure adequate time for user site testing.Turkey, Mexico, Israel, Dubai, China, India and Russia are preparing Sponsors who select vendors who do not conduct trial-speci c internaldata privacy laws. QC testing would be vulnerable under audit if asked to document that an ePRO system was known to function as intended.Subject or patient data are protected under The Declaration of Hel-sinki, as developed by the World Medical Association (WMA), the ICH 3. Standard Procedures Ensure Reliable DataGuidelines for Good Clinical Practice, the International Organization Collection, Transmission and Storage Duringfor Standardization (ISO) Clinical Investigation of Medical Devices for a Trial.Human Subjects, the EU Good Clinical Practice Directive, and various
  4. 4. 4PHT Insights – Second Quarter 2009Sponsors Deserve Trustworthy Patient Reported OutcomesPHT strictly enforces its policies and procedures for sion break. If interrupted, data are secured on thesecure data collection, communication and device and re-sent during a subsequent transmis-data storage. All mobile devices are tested sion. Further, all wireless and analog devicesto ensure conformance to the protocol support automated retries and untended, scheduledrequirements for data capture. transmissions.Collection of eDiary Data is Protected with The Physical Security of PHT Servers Ensures SafeElectronic Safeguards. Data Storage. PHT acknowledges that any technol-Sponsors must collect data that can be ogy leveraging mobile communications and theauthenticated and attributable. For this Internet is subject to potential attacks andreason, each data entry response captured data tampering. As a result, PHT requireson a PHT device is linked by documented physical security provisions as part of itsattribution steps to the particular subject security policy for the central electronicassigned the device and, if required, also to systems and servers used in all clinicalthe person who actually entered the report (a studies.proxy or an observer). PHT supports linkingtraditional handwritten signatures to ePRO All study servers are secured in a co-records and still preserves con dentiality. location facility as well as at a facility near or within the PHT of ces. PHT CorporationTransmission of the eDiary Data to the selects its co-location facility based onPHT Server is Reliable and Redundant.Processes and methods ensure that data are documented physical security require-securely, accurately and dependably transmitted ments, and audits providers against thosefrom the PHT mobile device to PHT StudyWorks. requirements. PHT also requires all key server functions to be redundant.Data are centralized and protectedagainst tampering. Transmissions from PHT Corporation selects its Physical security measures: Servers are locatedthe PHT mobile device to StudyWorks are co-location facility based on physical in locked facilities with environmental controlsencrypted and contain session logs that and emergency power, and contained in lockedare generated and monitored for all trans- security requirements, and ensures that cabinets within a caged area in the facilities. Sur-missions. All centralized data remains all key server functions are redundant. veillance cameras record activity throughout theboth physically and logically secure. XML facility 24x7. Main access points have redundantsource data are kept in encrypted packetsso that any change (e.g. tampering via back-end access) will break security measures, with security personnel onsite 24x7 365 days athe encryption seal. PHT conducts regular tamper checks on all study year. Access to the servers is allowed for PHT authorized personneldata. It also performs back end checks for duplicate records or only, with each such access logged (name and time) in records keptinconsistent timestamps. for PHT to examine.Data storage is redundant. PHT executes “full” database backups After archiving, all retired data are destroyed. All PHT devices are de-daily, and keeps such backups securely offsite. Backups receive commissioned before they leave PHT, and contain no data. All hardthe same logical security measures as the live databases on serv- disks are destroyed or wiped to ensure that no identi able data areers. Backup media are “tamper evident”, with encrypted backups retained. Certi cation of destruction is provided for all devices, ac-optionally supported. cording to the US Environmental Protection Agency (EPA) regulations,Data are monitored. All captured data are reviewable only by the and all known other local and national mandates.authorized StudyWorks users responsible for maintaining that data.Typical roles include site coordinators, study monitors, data manage- 4. Security Measures for Real-Time Datament personnel and sponsor personnel, and each role has speci c Access and Archiving.and different privileges for viewing or correcting data. During the webbrowser login to StudyWorks, users must present a login ID that PHT Only authorized personnel can access StudyWorks to view reports orvalidates to be different from all other users on all trials, and a hid- archival records. In addition, the StudyWorks server is dedicated ex-den “strong” password (not known to PHT) of at least 8 characters. clusively for acting on data captured by the PHT mobile device, andSessions are encrypted under Secure Socket Layer (SSL) with 128 bit not used for any other purpose. Since StudyWorks is a web-basedencryption. Each server has a public key for its SSL encryption that is solution, web authorization and control of passwords are critical.certi ed by a public company such as Verisign or Comodo. The PHTservers are certi ed and are capable of issuing client certi cates Access to StudyWorks is protected by an administration modulefor SSL sessions. Accurate data summaries and/or electronic Case with authorizations and passwords. Only users having securityReport Forms (eCRFs) for each captured report are viewable on Study- access to the Administrative Module for a study on the StudyWorksWorks for investigators with valid accounts who properly execute the Server can set up access privileges to that study for other users.login procedure. Access to the Administrative Module is managed by authorizedData transmission interruptions are managed. Data transmission specialists at PHT whose performance is regularly reviewed by theprocedures guard against data loss, even in the event of transmis- PHT Security of cer. These PHT specialists obtain from sponsors the
  5. 5. 5 PHT Insights – Second Quarter 2009 Sponsors Deserve Trustworthy Patient Reported Outcomesnames and identifying codes for each site investigator and other indi-viduals authorized to use the system for particular purposes (privileges) Sponsors Requirein a deployed study. The StudyWorks application maintains an ongo- Trustworthy Patienting log of all users and documents the history of authorization for allpersonnel, roles and privileges. Any signing of electronic records during Reported Outcomesthe execution of a study is automatically included in the audit trail. AnElectronic Signature Agreement (ESA) or other documented authoriza- PHT Safeguards ePRO Datation traceable to the sponsor must be completed by all sponsor, site Collected from Clinical Trialsand PHT personnel who will be accessing a PHT study using StudyWorks.ESAs are required for identity certi cation even for users who will simply PHT continues to lead the industryreview data and who will not have editing privileges or the capacity to with data security measures forapprove records. PHT LogPad® – The mobile PDA safeguarding electronic patientPersonnel must be authorized. All individuals who have access to an reported outcomes. Data collectedadministrator account must have authorization that is documented and with PHT mobile devices are fairly and lawfully processed forrecorded. These individuals agree in writing that they will not share their limited and de ned purposes, with adequate, relevant, accurate,administrator password with any other person. Authorization is system- secure and validated capture. Data are not retained longer thanatically and promptly revoked if an authorized person leaves PHT. A re- necessary.cord of each password account change, along with the time and purposeof the change, is kept in the System Administration Log. To date, PHT has collected data for more than 400 trials in 85Password controls are required. To prevent any unauthorized access languages within 64 countries. NDA submissions based on PROto StudyWorks, all user accounts for PHT computers must comply with data captured with the PHT system have resulted in many sitethe group security policy that is reviewed by the PHT Security Commit- inspections where PHT archival records have been relied upontee. The PHT Information Technology (IT) Services group implements the and where sites and sponsors have thanked us for the detail,security policy provisions on the server at the direction of the Security unimpeachable quality, and ease of access to all the necessaryOf cer. Security con gurations require system account passwords for records needed by regulatory authorities.server applications, differentiated active system account passwords,auditing for all logon events and actions, and a screen saver logon with PHT has exclusive worldwide rights to 8 patents related to itspassword protection. All consoles are physically locked and logically ePRO system.protected when not in use.The StudyWorks archive of all study source data is veri ed and stored PHT ePRO Data Integrity Delivers:by PHT. For each trial, a complete archive of all study source data for • Attributable, legible, contemporaneous, original and accurate (ALCOA)each participating site is checked for quality, integrity, con rmation of patient data that is complete and time-stamped through the use ofdelivery, and storage. At the trial’s conclusion, PHT delivers the Study alarms, branching logic and edit checks;Archive and all supporting documents to the sponsor and sites, per the • Reduced data variance for improved quality of study resultscontract with the sponsor and subject to FDA, ICH, EMEA, and other in- and reduced number of patients to show ef cacy;ternational regulations and guidance. A nal set of Trial Success Program • Real time access to diary data between visits for enhanced safety(TSP) criteria is reviewed and evaluated to close any outstanding issues. and compliance monitoring;Comprehensive data collection by PHT supports regulatory agencies • Expert support for adaptive trial designs that take advantage of thein auditing the electronic records for trustworthiness and quality after reliability and currency of interim data; andstudy closeout. The entire PHT ePRO trial data package includes eSource • Libraries of experience and metrics regarding data including compliancedata stored in XML on durable CD- and DVD-ROM media as well as ALL and data variance/standard deviations for speci c indications.trial documentation needed to interpret or establish the conditions inplace during the trial. PHT prepares and retains a complete study archiveto support reconstruction of a trial, including the records for sites thatmight lose their archive of the trial records for that site. PHT SitePad TabletArchived records enable reconstruction of studies. HIPAA suggests The mobilethat audit trails record every access (including read-only access) to touch-screenpatient information, and not be limited to those actions that change the PC tablet for ePRO collecteddata. As with data security adherence, PHT is compliant with all archival at sitesrequirements of Regulations and Guidance in the US, Japan and the Eu-ropean Union. This will be the topic of next quarter’s Insights Newsletter. PHT Corporation 500 Rutherford Avenue info@phtcorp.com Boston, MA 02129 USA www.phtcorp.com Toll-Free: 877-360-2901 Copyright © 2009 PHT Corporation Rev 7.09.2