sponsors deserve trustworth electronic patient reported outcomes (epros)

PHT Insights — Second Quarter 2009 Sponsors Deserve Trustworthy Patient Reported Outcomes

How PHT Safeguards Electronic Patient Reported Outcome (ePRO) Data Collected from Global Clinical Trials

Sponsors and CROs must be assured that clinical data collected for regulatory submis-sions comply with the regulations and guidance around the world for data quality and integrity. Regulatory agencies are placing more emphasis on the voice of the patient, and they are auditing patient reported data for validity and trust-worthiness. Intuitively, capturing patient data electronically instead of on paper would seem capable of providing valid data more reliably and effi ciently. PHT has demonstrated that this is true.

All PHT products meet the requirements of the United States Food and Drug Administration (FDA), the European Medicines Agency (EMEA), the European Union (EU), the International Conference on Harmonisation of Technical Requirements for Registration of Pharmaceuti-cals for Human Use (ICH), the Pharmaceuticals and Medical Devices Agency in Japan (PMDA), and others. These regulations and guidelines are intended to ensure that the electronic systems used in clinical research are safe and protected from tampering; that the electronic records such as ePRO diaries are accurate, reliable, and auditable; and that personal information of trial subjects is protected.

This document describes how PHT provides data security through its software applications, data transmissions, physical data storage, database and documentation backups, and audit trails.

Since PHT collects and produces electronic records that become part of a submission to global regulatory agencies, data on these electronic diaries (eDiaries) must be of high integrity and quality, and trustworthy sources of scientifi c fi ndings. The PHT Quality Management System (QMS) has been designed with safeguards that reach beyond government requirements for safe data, secure data, archived and easily retrievable data. PHT is the only ePRO handheld eDiary provider with ISO 9001:2000 certifi cation of its Quality Management System – one of the reasons why most of the world’s largest pharmas choose PHT to collect ePRO data for their global studies.

To ensure that best practices are leveraged with each trial, PHT provides scientifi c and technical review throughout the sales and project development stages to help clients specify ePRO data gathering requirements for each clinical trial. Once these data requirements have been confi rmed for a trial, PHT builds and tests a prototype that is shared with the client, and (1) makes changes to the ePRO system based on review of the

prototype with the client, (2) translates diary screens with validated translation text, (3) performs full validation and supports User Site Testing (UST) of the system with the client, and (4) trains both sponsor and site personnel.

PHT has four phases of internal processes and procedures that ensure that all eDiary data are of the highest quality – whether collected by a mobile PDA for home entries, or a touch-screen tablet PC for offi ce entries.

1. PHT Electronic Mobile Devices are Confi gured to Collect Clean Data.To ensure that high quality data are captured on every eDiary, all PHT devices are designed to verify date and time of data capture, and apply edit checks and logical branching. Once each eDiary is designed, PHT conducts extensive internal testing of each application, and documents conformance to the protocol requirements for data capture. Internal tests of each device and ongoing calibrations during trial execution prevent discrepancies such as confl icting time stamps per diary, incomplete diaries or diaries that are out of sequence, or loss of data during transmissions regardless of line or signal quality. There are several product capabilities and PHT practices that enable all study confi gurations to reach a high standard of data quality and integrity:

T

gedcas

st t ith th li t (2) t l t di

Benefi ts of ISO 9001:2000 Certifi cation

• Superior Product Quality

• More Reliable Technology

• Effi cient Business Processes, Saving Time and Money

• Global and Repeatable Quality Standards

• Continual Improvement of Processes

Contents

1. Confi guration of each eDiary System p.1

2. Pre-Deployment Testing of Mobile Devices p.3

3. Execution of Data Collection and Storage p.3

4. Real-Time Data Review and Archive p.4

1

PHT Scientific &Technical TeamsConfigure MobileDevices to Collect

Clean Data

5 Steps to Submissible Data

ePRO DataCollectedat Home orat Site

ePRO DataTransmitted toStudyWorks

and RedundantServers

Sites & SponsorsAuthorize Real-Time

Access to Data

Archive ofComplete and

Untampered XMLRecord Available

for Audit

1. 2. 3. 4. 5.

CompleteTransmissionsConfirmed

Authorized Queries

Complete Backup Confirmed

Data entered are time-stamped accurately. PHT synchronizes study server clocks hourly with US National Institute of Standards and Technol-ogy (NIST) time serv-ers, and monitors the performance of its clocks to ensure that time server disparities from the NIST atomic clock never exceed 1 second. All PHT ePRO mobile device clocks, which keep UTC, are monitored for accu-racy and resynchronized at each transmission when they connect to the server. Daylight savings rules and time zone offsets are updated when governments change them. PHT tracks such changes world wide and updates the tables in our devices so that they consistently show correct local time computed from an accurate UTC clock.

Data are edit-checked. PHT can design ePRO questions to ensure that subjects cannot leave any required question unanswered, or enter data that violate logic. Examples of edit-checking include only allowing digits (and not text) in responses that must be numerical, preventing entry of inappropriate dates in the future, and only allowing entry of blood pressure readings within the range that the measuring instru-ment can read.

Screens follow a logical branching sequence. In each eDiary, subjects are automatically directed to the next logical question in order to preclude entering inconsistent or confl icting data. Subject comments can be supported, but, unlike paper data methods where marginalia can be abundant, comments such as “my hair hurts” can be limited to particular screens for appropriate levels of review or simply prevented.

Data entry is restricted to authorized users. Each PHT mobile device features logical protection with a unique encrypted and hidden pass-word for sharing information with the PHT database via StudyWorks®. In addition, each device can support several levels of access controls cho-sen and/or entered by the subject (or other authorized person) to whom the particular device has been assigned. Access controls help ensure that captured data are fully attributable. For maximum data security, all exchanges of data during transmissions are encrypted and are compre-hensively logged on both StudyWorks and the mobile device to preserve the contextual information pertaining to each transmission.

Data are protected during battery removal, low voltage and device resets. Device monitoring logic ensures that devices operate properly throughout the trial and prevents the possible corruption of results if batteries get too low or users trigger inappropriate resets.

When a PHT mobile device battery has run low, the internal logic ensures that the device clock is synchronized in advance so that any new data are accurate-ly time stamped.

Time of data entry can be scheduled. Subjects using paper diaries have long been known to record data in advance, or hours or days after the time required in the study protocol schedule. Retrospective reporting of symptom severity is

of questionable value. Subjects may report past symptoms based on their current symptom experience. Using PHT ePRO provides certainty that the report was done according to schedule. Such timely data have been reported to reveal effi cacy of medications with smaller sample sizes than comparable data using paper methods where completion time was not enforced.

According to the FDA, “If a patient diary or some other form of unsupervised data entry is used, the FDA plans to review the protocol to determine what measures are taken to ensure that patients make entries according to the study design and not, for example, just before a clinic visit when their reports will be collected.” 1

Devices and data can drive required activities. PHT devices sup-port pre-programmed or conditional alarms to remind the subject that it is time for data reporting or time to take medications or treatments. All entries made on PHT devices include a date and time stamp to validate the timeliness of all captured data down to the minute. Additionally, the PHT system can be set up to generate automatic email alerts to sites and sponsors when subjects fail to comply with the protocol, or when they report clinical conditions that merit site support.

Data remain unchanged and protected from premature loss or destruction. Government regulations require that sites prepare and maintain source data. PHT enables site investigators to fulfi ll these requirements by protecting all original eDiary data in StudyWorks where authorized site personnel can access them at will, review them or cause them to be corrected. Full audit trail records are

1 Lines 334-337, ‘Guidance for Industry. Patient-Reported Outcome Measures: Use

in Medical Product Development to Support Labeling Claims. DRAFT GUIDANCE.’ U.S.

Department of Health and Human Services, Food and Drug Administration, Center for Drug

Evaluation and Research (CDER), Center for Biologics Evaluation and Research (CBER),

Center for Devices and Radiological Health (CDRH). February 2006.

PHT Insights – Second Quarter 2009Sponsors Deserve Trustworthy Patient Reported Outcomes

2

• 60% of all PHT trials are international• Language choices for subject and site – up to 16 on the same device • In-house production understands shipping and customs timelines

PHT and ePro Around the World

PHT presence

We’ll bethere soon

automatically made of any changes to the data after entry, including the retention of the original value, date/time stamp of the change, the iden-tity of the person who made the change, and the dated digital signa-ture for attribution.

Data remain confi dential. Personal Data Protection is a universal Human Right, as affi rmed in the Universal Declaration of Human Rights – Article 12, and the Convention for the Protection of Human Rights and Fundamental Freedoms – Article 8. Multiple global agencies and regulations protect the security and confi dentiality of electronic health information, with the authority to enforce compliance with fi nes for breach, refusal to allow use of the data collected, and/or legal consequences. PHT is in full compliance with regulations and guidelines for privacy of personal information for study staff and subjects.

The EU has created the broadest set of rules for protecting personal data, based on OECD guidelines. The EU Directive requires that data be (1) fairly and lawfully processed, (2) processed for limited purposes, (3) adequate, relevant and not excessive, (4) accurate and up-to-date, (5) not kept for longer than necessary, (6) processed in line with the rights of data subjects, (7) secure, and (8) not transferred to other countries without adequate protection. Many countries follow the lead of the EU Directive for personal health data privacy. The United States seeks to protect data confi dentiality at the National level with specifi c data privacy rules in the US Health Insur-ance Portability and Accountability Act [HIPAA]; Japan’s Act of the Protection of Personal Information is based on the 8 OECD criteria. The Asia-Pacifi c Economic Cooperation (APEC) 2005 framework is also based on the OECD guidelines, and is being further developed. Turkey, Mexico, Israel, Dubai, China, India and Russia are preparing data privacy laws.

Subject or patient data are protected under The Declaration of Hel-sinki, as developed by the World Medical Association (WMA), the ICH Guidelines for Good Clinical Practice, the International Organization for Standardization (ISO) Clinical Investigation of Medical Devices for Human Subjects, the EU Good Clinical Practice Directive, and various

documents by the US Federal Drug Administra-tion on subject informed consent and subject protection, Institutional Review Boards (IRBs), Investigational New Drug (IND) devices, and adverse event reporting.

PHT has considered privacy protection a design imperative for its system. The mandates of worldwide regulations are met and will continue to be met or exceeded by PHT’s Product Suite. Unlike paper diary collections, electronic data capture increases subject safety with real-time alerts for rescue medications and adverse events, and can do so without compromising privacy.

2. PHT Electronic Mobile Devices Pass Strict Internal Quality Testing Assurance Prior to Trial Deployment.PHT conducts extensive internal validation testing of each device and study design, to ensure conformance to the protocol requirements for data capture. To that end, the PHT study delivery function employs more testers than developers (currently a 3:1 ratio).

As trial design engineers clarify protocol specifi cations for a specifi c trial and begin writing code, the PHT Software Quality Engineering group develops appropriate test scripts. When completed, the test scripts are reviewed against the client requirements to ensure all required functionality is covered. Then they are used to test the study code and system operations to document that the system functions as intended.

In addition to internal Quality Control (QC ) testing, user site testing and database testing are undertaken for each trial. PHT project man-agers work with clients to assure adequate time for user site testing. Sponsors who select vendors who do not conduct trial-specifi c internal QC testing would be vulnerable under audit if asked to document that an ePRO system was known to function as intended.

3. Standard Procedures Ensure Reliable Data Collection, Transmission and Storage During a Trial.


3

PHT strictly enforces its policies and procedures for secure data collection, communication and data storage. All mobile devices are tested to ensure conformance to the protocol requirements for data capture.

Collection of eDiary Data is Protected with Electronic Safeguards. Sponsors must collect data that can be authenticated and attributable. For this reason, each data entry response captured on a PHT device is linked by documented attribution steps to the particular subject assigned the device and, if required, also to the person who actually entered the report (a proxy or an observer). PHT supports linking traditional handwritten signatures to ePRO records and still preserves confi dentiality.

Transmission of the eDiary Data to the PHT Server is Reliable and Redundant. Processes and methods ensure that data are securely, accurately and dependably transmitted from the PHT mobile device to PHT StudyWorks.

Data are centralized and protected against tampering. Transmissions from the PHT mobile device to StudyWorks are encrypted and contain session logs that are generated and monitored for all trans-missions. All centralized data remains both physically and logically secure. XML source data are kept in encrypted packets so that any change (e.g. tampering via back-end access) will break the encryption seal. PHT conducts regular tamper checks on all study data. It also performs back end checks for duplicate records or inconsistent timestamps.

Data storage is redundant. PHT executes “full” database backups daily, and keeps such backups securely offsite. Backups receive the same logical security measures as the live databases on serv-ers. Backup media are “tamper evident”, with encrypted backups optionally supported.

Data are monitored. All captured data are reviewable only by the authorized StudyWorks users responsible for maintaining that data. Typical roles include site coordinators, study monitors, data manage-ment personnel and sponsor personnel, and each role has specifi c and different privileges for viewing or correcting data. During the web browser login to StudyWorks, users must present a login ID that PHT validates to be different from all other users on all trials, and a hid-den “strong” password (not known to PHT) of at least 8 characters. Sessions are encrypted under Secure Socket Layer (SSL) with 128 bit encryption. Each server has a public key for its SSL encryption that is certifi ed by a public company such as Verisign or Comodo. The PHT servers are certifi ed and are capable of issuing client certifi cates for SSL sessions. Accurate data summaries and/or electronic Case Report Forms (eCRFs) for each captured report are viewable on Study-Works for investigators with valid accounts who properly execute the login procedure.

Data transmission interruptions are managed. Data transmission procedures guard against data loss, even in the event of transmis-

sion break. If interrupted, data are secured on the device and re-sent during a subsequent transmis-sion. Further, all wireless and analog devices support automated retries and untended, scheduled transmissions.

The Physical Security of PHT Servers Ensures Safe Data Storage. PHT acknowledges that any technol-

ogy leveraging mobile communications and the Internet is subject to potential attacks and data tampering. As a result, PHT requires physical security provisions as part of its security policy for the central electronic systems and servers used in all clinical studies.

All study servers are secured in a co-location facility as well as at a facility near or within the PHT offi ces. PHT Corporation selects its co-location facility based on documented physical security require-

ments, and audits providers against those requirements. PHT also requires all key server

functions to be redundant.

Physical security measures: Servers are located in locked facilities with environmental controls and emergency power, and contained in locked cabinets within a caged area in the facilities. Sur-veillance cameras record activity throughout the facility 24x7. Main access points have redundant

security measures, with security personnel onsite 24x7 365 days a year. Access to the servers is allowed for PHT authorized personnel only, with each such access logged (name and time) in records kept for PHT to examine.

After archiving, all retired data are destroyed. All PHT devices are de-commissioned before they leave PHT, and contain no data. All hard disks are destroyed or wiped to ensure that no identifi able data are retained. Certifi cation of destruction is provided for all devices, ac-cording to the US Environmental Protection Agency (EPA) regulations, and all known other local and national mandates.

4. Security Measures for Real-Time Data Access and Archiving.Only authorized personnel can access StudyWorks to view reports or archival records. In addition, the StudyWorks server is dedicated ex-clusively for acting on data captured by the PHT mobile device, and not used for any other purpose. Since StudyWorks is a web-based solution, web authorization and control of passwords are critical.

Access to StudyWorks is protected by an administration module with authorizations and passwords. Only users having security access to the Administrative Module for a study on the StudyWorks Server can set up access privileges to that study for other users. Access to the Administrative Module is managed by authorized specialists at PHT whose performance is regularly reviewed by the PHT Security offi cer. These PHT specialists obtain from sponsors the


4

PHT Corporation selects its co-location facility based on physical

security requirements, and ensures that all key server functions are redundant.

PHT Corporation

500 Rutherford Avenue

Boston, MA 02129 USA

Toll-Free: 877-360-2901

[email protected]

www.phtcorp.com

Copyright © 2009 PHT Corporation Rev 7.09.2

names and identifying codes for each site investigator and other indi-viduals authorized to use the system for particular purposes (privileges) in a deployed study. The StudyWorks application maintains an ongo-ing log of all users and documents the history of authorization for all personnel, roles and privileges. Any signing of electronic records during the execution of a study is automatically included in the audit trail. An Electronic Signature Agreement (ESA) or other documented authoriza-tion traceable to the sponsor must be completed by all sponsor, site and PHT personnel who will be accessing a PHT study using StudyWorks. ESAs are required for identity certifi cation even for users who will simply review data and who will not have editing privileges or the capacity to approve records.

Personnel must be authorized. All individuals who have access to an administrator account must have authorization that is documented and recorded. These individuals agree in writing that they will not share their administrator password with any other person. Authorization is system-atically and promptly revoked if an authorized person leaves PHT. A re-cord of each password account change, along with the time and purpose of the change, is kept in the System Administration Log.

Password controls are required. To prevent any unauthorized access to StudyWorks, all user accounts for PHT computers must comply with the group security policy that is reviewed by the PHT Security Commit-tee. The PHT Information Technology (IT) Services group implements the security policy provisions on the server at the direction of the Security Offi cer. Security confi gurations require system account passwords for server applications, differentiated active system account passwords, auditing for all logon events and actions, and a screen saver logon with password protection. All consoles are physically locked and logically protected when not in use.

The StudyWorks archive of all study source data is verifi ed and stored by PHT. For each trial, a complete archive of all study source data for each participating site is checked for quality, integrity, confi rmation of delivery, and storage. At the trial’s conclusion, PHT delivers the Study Archive and all supporting documents to the sponsor and sites, per the contract with the sponsor and subject to FDA, ICH, EMEA, and other in-ternational regulations and guidance. A fi nal set of Trial Success Program (TSP) criteria is reviewed and evaluated to close any outstanding issues.

Comprehensive data collection by PHT supports regulatory agencies in auditing the electronic records for trustworthiness and quality after study closeout. The entire PHT ePRO trial data package includes eSource data stored in XML on durable CD- and DVD-ROM media as well as ALL trial documentation needed to interpret or establish the conditions in place during the trial. PHT prepares and retains a complete study archive to support reconstruction of a trial, including the records for sites that might lose their archive of the trial records for that site.

Archived records enable reconstruction of studies. HIPAA suggests that audit trails record every access (including read-only access) to patient information, and not be limited to those actions that change the data. As with data security adherence, PHT is compliant with all archival requirements of Regulations and Guidance in the US, Japan and the Eu-ropean Union. This will be the topic of next quarter’s Insights Newsletter.

Sponsors Require Trustworthy Patient Reported Outcomes

PHT Safeguards ePRO Data Collected from Clinical Trials

PHT continues to lead the industry with data security measures for safeguarding electronic patient reported outcomes. Data collected with PHT mobile devices are fairly and lawfully processed for limited and defi ned purposes, with adequate, relevant, accurate, secure and validated capture. Data are not retained longer than

necessary.

To date, PHT has collected data for more than 400 trials in 85 languages within 64 countries. NDA submissions based on PRO data captured with the PHT system have resulted in many site inspections where PHT archival records have been relied upon and where sites and sponsors have thanked us for the detail, unimpeachable quality, and ease of access to all the necessary records needed by regulatory authorities.

PHT has exclusive worldwide rights to 8 patents related to its ePRO system.

PHT ePRO Data Integrity Delivers:

• Attributable, legible, contemporaneous, original and accurate (ALCOA) patient data that is complete and time-stamped through the use of alarms, branching logic and edit checks;

• Reduced data variance for improved quality of study results and reduced number of patients to show effi cacy;

• Real time access to diary data between visits for enhanced safety and compliance monitoring;

• Expert support for adaptive trial designs that take advantage of the reliability and currency of interim data; and

• Libraries of experience and metrics regarding data including compliance and data variance/standard deviations for specifi c indications.

PHT LogPad® – The mobile PDA

PHT SitePad Tablet The mobile touch-screen PC tablet for ePRO collected at sites


5

sponsors deserve trustworth electronic patient reported outcomes (epros)

Health & Medicine