Mobile phone apps and wearable devices have a lot of potential to improve clinical studies. However, the rules governing them are complex, varied, and not fully developed. It is important to be vigilant and remember best practices before rushing out to jump on the latest and greatest. Failure to do so could result in significant issues for your trial when it comes time to submit for approval.
Mobile apps and wearables are convenient and accurate
Apps and wearables present exciting, new ways to improve clinical trials. Some apps are designed specifically to help people search for trials and to alert registered users of new studies. This means that a huge number of people are notified of trials instantly, reducing a lot of legwork for study recruiters. Other apps can be used during a study to collect survey data from participants in real-time rather than by recall hours or days after the fact. Notifications about appointments and activities can easily be distributed, and since most people have their phones with them at any given time, this can be superior to receiving emails during a busy day.
Wearable devices, or wearables, can also obtain accurate, real-time measures of physical activity or biometrics such as blood pressure, heart rate, and temperature. Newer devices can even capture biochemical data, such as continuous blood glucose readings for patients with diabetes. A huge benefit of these devices is that certain data can be collected without the participant making trips to the study site, which can be a big deal-maker for participants who don’t have means of transportation. However, to ensure accuracy, the devices must first be validated according to 21 CFR and must also be calibrated correctly and maintained in good working order.
Both apps and wearables can be designed to transmit data directly to a centralized data repository. With the data automatically input into an electronic data capture, or EDC, system, there is less of a need to travel to study sites to verify source documents. This allows for more efficient monitoring of the trial.
Cyber security – penalties are harsh, so know the rules
While the FDA doesn’t seem to have an issue with these devices used for research due to their low risk to public health, many other regulatory agencies scrutinize the measures taken to securely store and transfer data generated by apps and wearables. Because this data is often protected health information (PHI), it is subject to strict HIPAA regulations in the US. Health and Human Services (HHS) and institutional review boards (IRBs) are just two agencies that oversee compliance with HIPAA, and there are many other similar organizations. In Europe, enforcement of the EU’s General Data Protection Regulation (GDPR) began in May of this year. The GDPR governs any personally identifiable data, including data acquired through research activities. This means that international studies can be subject to regulations from multiple countries.
Some of the general rules of cyber security include encrypting data, using secure servers to transmit data, and keeping firewalls and malware up to date. And if you thought that SMS text messages weren’t anything to worry about, think again; mobile provider networks are not secure by default, and text messages are also subject to regulation. If you don’t have a dedicated IT department, it may be time to seek expert guidance.
When investigators and sponsors mess this up, it can be the ruin of a trial and even of an entire research program. The maximum fine for security and privacy violations from HHS is $1.5 million, and this has been enforced before. GDPR violations can result in fines of up to 4% of an organization’s yearly global earnings or 20 million euro, depending on the violation. Additionally, if an IRB discovers that data collection methods do not meet these security measures, they can shut down a study, or at the very least, delay the start of a study until the requirements are met. Delays cost money.
These rules can be difficult to navigate, but CROs have experience
The biggest obstacle is that these rules from different regulatory agencies don’t always agree with each other. Without a clear framework for using these new technologies, risks of accruing hefty fines and missing important study milestones are high.
Biorasi ensures that all data collection is secure and follows applicable laws and guidance. CROs with experience overseas often specialize in keeping up with the constantly changing rules and regulations so that there are fewer things to worry about while running your trial.