1. 1
PHT Insights ā Second Quarter 2009
Sponsors Deserve Trustworthy Patient Reported Outcomes
How PHT Safeguards Electronic Patient Reported Outcome (ePRO)
Data Collected from Global Clinical Trials
Sponsors and CROs must be assured that Since PHT collects and produces electronic records that become part of a submission to
clinical data collected for regulatory submis- global regulatory agencies, data on these electronic diaries (eDiaries) must be of high
sions comply with the regulations and guidance integrity and quality, and trustworthy sources of scientiļ¬c ļ¬ndings. The PHT Quality
around the world for data quality and integrity. Management System (QMS) has been designed with safeguards that reach beyond
government requirements for safe data, secure data, archived and easily retrievable
Regulatory agencies are placing more emphasis
data. PHT is the only ePRO handheld eDiary provider with ISO 9001:2000 certiļ¬cation
on the voice of the patient, and they are auditing of its Quality Management System ā one of the reasons why most of the worldās largest
patient reported data for validity and trust- pharmas choose PHT to collect ePRO data for their global studies.
worthiness. Intuitively, capturing patient data
electronically instead of on paper would seem T
To ensure that best practices are
capable of providing valid data more reliably Beneļ¬ts of ISO 9001:2000 Certiļ¬cation leveraged with each trial, PHT
and efļ¬ciently. PHT has demonstrated that provides scientiļ¬c and technical
ā¢ Superior Product Quality review throughout the sales and
this is true.
ā¢ More Reliable Technology project development stages to
All PHT products meet the requirements of the help clients specify ePRO data
United States Food and Drug Administration ā¢ Efļ¬cient Business Processes, Saving Time g
gathering requirements for
(FDA), the European Medicines Agency (EMEA), and Money e
each clinical trial. Once these
the European Union (EU), the International ā¢ Global and Repeatable Quality Standards d
data requirements have been
Conference on Harmonisation of Technical c
conļ¬rmed for a trial, PHT builds
Requirements for Registration of Pharmaceuti- ā¢ Continual Improvement of Processes a
and tests a prototype that is
s
shared with the client, and (1)
cals for Human Use (ICH), the Pharmaceuticals
makes changes to the ePRO
and Medical Devices Agency in Japan (PMDA), s
system based on review of the
and others. These regulations and guidelines prototype with th client, (2) translates diary screens with validated translation text,
t t ith the li t t l t di
are intended to ensure that the electronic systems (3) performs full validation and supports User Site Testing (UST) of the system with the
used in clinical research are safe and protected client, and (4) trains both sponsor and site personnel.
from tampering; that the electronic records such
as ePRO diaries are accurate, reliable, and PHT has four phases of internal processes and procedures that ensure that all eDiary
auditable; and that personal information of trial data are of the highest quality ā whether collected by a mobile PDA for home entries,
or a touch-screen tablet PC for ofļ¬ce entries.
subjects is protected.
This document describes how PHT provides data
security through its software applications, data
transmissions, physical data storage, database
1. PHT Electronic Mobile Devices are Conļ¬gured to Collect
and documentation backups, and audit trails. Clean Data.
To ensure that high quality data are captured on every eDiary, all PHT devices are
designed to verify date and time of data capture, and apply edit checks and logical
Contents branching. Once each eDiary is designed, PHT conducts extensive internal testing of
1. Conļ¬guration of each eDiary System p.1 each application, and documents conformance to the protocol requirements for data
capture. Internal tests of each device and ongoing calibrations during trial execution
2. Pre-Deployment Testing of Mobile Devices p.3 prevent discrepancies such as conļ¬icting time stamps per diary, incomplete diaries or
diaries that are out of sequence, or loss of data during transmissions regardless of line
3. Execution of Data Collection and Storage p.3
or signal quality. There are several product capabilities and PHT practices that enable
4. Real-Time Data Review and Archive p.4 all study conļ¬gurations to reach a high standard of data quality and integrity:
2. 2
PHT Insights ā Second Quarter 2009
Sponsors Deserve Trustworthy Patient Reported Outcomes
Data entered are time- When a PHT mobile
stamped accurately. 5 Steps to Submissible Data device battery has run
PHT synchronizes study 1. 2. 3. 4. 5. low, the internal logic
server clocks hourly with PHT Scientific & ePRO Data ePRO Data Sites & Sponsors Archive of ensures that the device
US National Institute of Technical Teams Collected Transmitted to Authorize Real-Time Complete and clock is synchronized
Standards and Technol- Configure Mobile at Home or StudyWorks Access to Data Untampered XML in advance so that any
Devices to Collect at Site and Redundant Record Available
ogy (NIST) time serv- Clean Data Servers for Audit new data are accurate-
ers, and monitors the ly time stamped.
Authorized Queries
performance of its clocks
Time of data entry
to ensure that time server
can be scheduled.
disparities from the
Subjects using paper
NIST atomic clock never
diaries have long been
exceed 1 second. All
known to record data
PHT ePRO mobile device
in advance, or hours
clocks, which keep UTC,
or days after the time
are monitored for accu- Complete Complete Backup Confirmed
Transmissions required in the study
racy and resynchronized Confirmed
protocol schedule.
at each transmission
Retrospective reporting
when they connect to the
of symptom severity is
server. Daylight savings
of questionable value. Subjects may report past symptoms based on
rules and time zone offsets are updated when governments change
their current symptom experience. Using PHT ePRO provides certainty
them. PHT tracks such changes world wide and updates the tables in
that the report was done according to schedule. Such timely data have
our devices so that they consistently show correct local time computed
been reported to reveal efļ¬cacy of medications with smaller sample
from an accurate UTC clock.
sizes than comparable data using paper methods where completion
Data are edit-checked. PHT can design ePRO questions to ensure that time was not enforced.
subjects cannot leave any required question unanswered, or enter
According to the FDA, āIf a patient diary or some other
data that violate logic. Examples of edit-checking include only allowing
form of unsupervised data entry is used, the FDA plans to
digits (and not text) in responses that must be numerical, preventing
review the protocol to determine what measures are taken
entry of inappropriate dates in the future, and only allowing entry of
to ensure that patients make entries according to the study
blood pressure readings within the range that the measuring instru-
design and not, for example, just before a clinic visit when
ment can read.
their reports will be collected.ā 1
Screens follow a logical branching sequence. In each eDiary,
subjects are automatically directed to the next logical question in order Devices and data can drive required activities. PHT devices sup-
to preclude entering inconsistent or conļ¬icting data. Subject comments port pre-programmed or conditional alarms to remind the subject
can be supported, but, unlike paper data methods where marginalia that it is time for data reporting or time to take medications or
can be abundant, comments such as āmy hair hurtsā can be limited treatments. All entries made on PHT devices include a date and
to particular screens for appropriate levels of review or simply time stamp to validate the timeliness of all captured data down to
prevented. the minute. Additionally, the PHT system can be set up to generate
automatic email alerts to sites and sponsors when subjects fail to
Data entry is restricted to authorized users. Each PHT mobile device
comply with the protocol, or when they report clinical conditions that
features logical protection with a unique encrypted and hidden pass-
merit site support.
word for sharing information with the PHT database via StudyWorks . In Ā®
addition, each device can support several levels of access controls cho- Data remain unchanged and protected from premature loss or
sen and/or entered by the subject (or other authorized person) to whom destruction. Government regulations require that sites prepare and
the particular device has been assigned. Access controls help ensure maintain source data. PHT enables site investigators to fulļ¬ll these
that captured data are fully attributable. For maximum data security, all requirements by protecting all original eDiary data in StudyWorks
exchanges of data during transmissions are encrypted and are compre- where authorized site personnel can access them at will, review
hensively logged on both StudyWorks and the mobile device to preserve them or cause them to be corrected. Full audit trail records are
the contextual information pertaining to each transmission.
1 Lines 334-337, āGuidance for Industry. Patient-Reported Outcome Measures: Use
Data are protected during battery removal, low voltage and
in Medical Product Development to Support Labeling Claims. DRAFT GUIDANCE.ā U.S.
device resets. Device monitoring logic ensures that devices operate
Department of Health and Human Services, Food and Drug Administration, Center for Drug
properly throughout the trial and prevents the possible corruption of
Evaluation and Research (CDER), Center for Biologics Evaluation and Research (CBER),
results if batteries get too low or users trigger inappropriate resets.
Center for Devices and Radiological Health (CDRH). February 2006.
3. 3
PHT Insights ā Second Quarter 2009
Sponsors Deserve Trustworthy Patient Reported Outcomes
automatically made of documents by the US
any changes to the data Federal Drug Administra-
after entry, including the tion on subject informed
retention of the original consent and subject
value, date/time stamp protection, Institutional
of the change, the iden- Review Boards (IRBs),
tity of the person who Investigational New
made the change, and Drug (IND) devices, and
the dated digital signa- adverse event reporting.
ture for attribution.
PHT has considered
Data remain
privacy protection a
conļ¬dential. Personal
design imperative for its
Data Protection is a
system. The mandates
universal Human Right,
of worldwide regulations
as afļ¬rmed in the PHT presence
are met and will continue
Universal Declaration
Weāll be to be met or exceeded
of Human Rights ā
there soon by PHTās Product Suite.
Article 12, and the
Unlike paper diary
Convention for the
collections, electronic
Protection of Human PHT and ePro Around the World
data capture increases
Rights and Fundamental ā¢ 60% of all PHT trials are international subject safety with real-
Freedoms ā Article 8. ā¢ Language choices for subject and site ā up to 16 on the same device time alerts for rescue
Multiple global agencies
ā¢ In-house production understands shipping and customs timelines medications and adverse
and regulations
events, and can do so
protect the security
without compromising
and conļ¬dentiality
privacy.
of electronic health information, with the authority to enforce
compliance with ļ¬nes for breach, refusal to allow use of the data 2. PHT Electronic Mobile Devices Pass Strict
collected, and/or legal consequences. PHT is in full compliance with
regulations and guidelines for privacy of personal information for Internal Quality Testing Assurance Prior to
study staff and subjects. Trial Deployment.
The EU has created the broadest set of rules for protecting personal PHT conducts extensive internal validation testing of each device and
data, based on OECD guidelines. The EU Directive requires that study design, to ensure conformance to the protocol requirements for
data be (1) fairly and lawfully processed, (2) processed for limited data capture. To that end, the PHT study delivery function employs
purposes, (3) adequate, relevant and not excessive, (4) accurate more testers than developers (currently a 3:1 ratio).
and up-to-date, (5) not kept for longer than necessary, (6) processed As trial design engineers clarify protocol speciļ¬cations for a speciļ¬c
in line with the rights of data subjects, (7) secure, and (8) not trial and begin writing code, the PHT Software Quality Engineering
transferred to other countries without adequate protection. Many group develops appropriate test scripts. When completed, the test
countries follow the lead of the EU Directive for personal health data scripts are reviewed against the client requirements to ensure all
privacy. The United States seeks to protect data conļ¬dentiality at the required functionality is covered. Then they are used to test the study
National level with speciļ¬c data privacy rules in the US Health Insur- code and system operations to document that the system functions as
intended.
ance Portability and Accountability Act [HIPAA]; Japanās Act of the
Protection of Personal Information is based on the 8 OECD criteria. In addition to internal Quality Control (QC ) testing, user site testing
The Asia-Paciļ¬c Economic Cooperation (APEC) 2005 framework is and database testing are undertaken for each trial. PHT project man-
also based on the OECD guidelines, and is being further developed. agers work with clients to assure adequate time for user site testing.
Turkey, Mexico, Israel, Dubai, China, India and Russia are preparing Sponsors who select vendors who do not conduct trial-speciļ¬c internal
data privacy laws. QC testing would be vulnerable under audit if asked to document that
an ePRO system was known to function as intended.
Subject or patient data are protected under The Declaration of Hel-
sinki, as developed by the World Medical Association (WMA), the ICH 3. Standard Procedures Ensure Reliable Data
Guidelines for Good Clinical Practice, the International Organization Collection, Transmission and Storage During
for Standardization (ISO) Clinical Investigation of Medical Devices for a Trial.
Human Subjects, the EU Good Clinical Practice Directive, and various
4. 4
PHT Insights ā Second Quarter 2009
Sponsors Deserve Trustworthy Patient Reported Outcomes
PHT strictly enforces its policies and procedures for sion break. If interrupted, data are secured on the
secure data collection, communication and device and re-sent during a subsequent transmis-
data storage. All mobile devices are tested sion. Further, all wireless and analog devices
to ensure conformance to the protocol support automated retries and untended, scheduled
requirements for data capture. transmissions.
Collection of eDiary Data is Protected with The Physical Security of PHT Servers Ensures Safe
Electronic Safeguards. Data Storage. PHT acknowledges that any technol-
Sponsors must collect data that can be ogy leveraging mobile communications and the
authenticated and attributable. For this Internet is subject to potential attacks and
reason, each data entry response captured data tampering. As a result, PHT requires
on a PHT device is linked by documented physical security provisions as part of its
attribution steps to the particular subject security policy for the central electronic
assigned the device and, if required, also to systems and servers used in all clinical
the person who actually entered the report (a studies.
proxy or an observer). PHT supports linking
traditional handwritten signatures to ePRO All study servers are secured in a co-
records and still preserves conļ¬dentiality. location facility as well as at a facility near
or within the PHT ofļ¬ces. PHT Corporation
Transmission of the eDiary Data to the selects its co-location facility based on
PHT Server is Reliable and Redundant.
Processes and methods ensure that data are documented physical security require-
securely, accurately and dependably transmitted ments, and audits providers against those
from the PHT mobile device to PHT StudyWorks. requirements. PHT also requires all key server
functions to be redundant.
Data are centralized and protected
against tampering. Transmissions from PHT Corporation selects its Physical security measures: Servers are located
the PHT mobile device to StudyWorks are co-location facility based on physical in locked facilities with environmental controls
encrypted and contain session logs that and emergency power, and contained in locked
are generated and monitored for all trans- security requirements, and ensures that
cabinets within a caged area in the facilities. Sur-
missions. All centralized data remains all key server functions are redundant. veillance cameras record activity throughout the
both physically and logically secure. XML facility 24x7. Main access points have redundant
source data are kept in encrypted packets
so that any change (e.g. tampering via back-end access) will break security measures, with security personnel onsite 24x7 365 days a
the encryption seal. PHT conducts regular tamper checks on all study year. Access to the servers is allowed for PHT authorized personnel
data. It also performs back end checks for duplicate records or only, with each such access logged (name and time) in records kept
inconsistent timestamps. for PHT to examine.
Data storage is redundant. PHT executes āfullā database backups After archiving, all retired data are destroyed. All PHT devices are de-
daily, and keeps such backups securely offsite. Backups receive commissioned before they leave PHT, and contain no data. All hard
the same logical security measures as the live databases on serv- disks are destroyed or wiped to ensure that no identiļ¬able data are
ers. Backup media are ātamper evidentā, with encrypted backups retained. Certiļ¬cation of destruction is provided for all devices, ac-
optionally supported. cording to the US Environmental Protection Agency (EPA) regulations,
Data are monitored. All captured data are reviewable only by the and all known other local and national mandates.
authorized StudyWorks users responsible for maintaining that data.
Typical roles include site coordinators, study monitors, data manage- 4. Security Measures for Real-Time Data
ment personnel and sponsor personnel, and each role has speciļ¬c Access and Archiving.
and different privileges for viewing or correcting data. During the web
browser login to StudyWorks, users must present a login ID that PHT Only authorized personnel can access StudyWorks to view reports or
validates to be different from all other users on all trials, and a hid- archival records. In addition, the StudyWorks server is dedicated ex-
den āstrongā password (not known to PHT) of at least 8 characters. clusively for acting on data captured by the PHT mobile device, and
Sessions are encrypted under Secure Socket Layer (SSL) with 128 bit not used for any other purpose. Since StudyWorks is a web-based
encryption. Each server has a public key for its SSL encryption that is solution, web authorization and control of passwords are critical.
certiļ¬ed by a public company such as Verisign or Comodo. The PHT
servers are certiļ¬ed and are capable of issuing client certiļ¬cates Access to StudyWorks is protected by an administration module
for SSL sessions. Accurate data summaries and/or electronic Case with authorizations and passwords. Only users having security
Report Forms (eCRFs) for each captured report are viewable on Study- access to the Administrative Module for a study on the StudyWorks
Works for investigators with valid accounts who properly execute the Server can set up access privileges to that study for other users.
login procedure. Access to the Administrative Module is managed by authorized
Data transmission interruptions are managed. Data transmission specialists at PHT whose performance is regularly reviewed by the
procedures guard against data loss, even in the event of transmis- PHT Security ofļ¬cer. These PHT specialists obtain from sponsors the