Computer System Guidance: Digital Health Technologies

A good chunk of FDA’s newly-release draft guidance on Electronic Systems, Electronic Records, and Electronic Signatures deals with digital health technologies (DHTs), defined as systems that use “computing platforms, connectivity, software, and/or sensors for health care and related uses.”  This definition is a bit broad, but from context, it appears to be restricted to patient-facing data collection systems, such as electronic diaries, activity trackers, or devices with sensors that are used in clinical trials.

The guidance addresses the important question of how to identify the data originator.  Where data are entered manually by a clinical trial subject, such as in an electronic diary, the subject is considered the originator; if the clinical site enters the data, the site is the originator. If the technology transmits data without any human intervention, such as a Holter monitor that automatically uploads data to a central database, then the technology is considered the originator.  The guidance states that sponsors should maintain a list of authorized data originators for each clinical study. Where systems originate data, a data element identifier should clearly identify the system as the originator in the audit trail.

Wherever possible, access controls should be employed for digital health technologies to provide assurance that the data they generate are attributable to the originator, and additional controls should be in place to ensure that data cannot be altered between the time the data are captured and the time data are transmitted to the central database.  To safeguard data, they should be transmitted as soon as possible after capture, with the date and time of transfer included in the audit trail. Where controls cannot be implemented – for example, study subjects are asked to wear a sensor that cannot be password protected – site staff must instruct study subjects that they may not have other people wear the sensor, and the discussion must be documented.  Data should also be monitored during the study to detect deviations from this policy.

The data source is considered to be “the first durable electronic data repository…to which the data are transferred.”  For example, if a wearable sensor is used to capture clinical trial data, which is transferred to a central portal, the portal – NOT the sensor – is considered the location of the source.  The guidance goes on to say that “FDA does not intend to inspect individual DHTs for source data when the data captured by the DHT…are securely transferred…according to the sponsor’s pre-specified plan.”  “Pre-specified” is key; per the guidance, sponsors should describe electronic systems to be used for data capture in the protocol and create a diagram that depicts the flow of data from creation to final storage.

Interestingly, the guidance doesn’t address changes to data after transmission – for example, when the team discovered that a subject has recorded data incompatible with life, or a sensor has malfunctioned. In our experience, post-transmission changes impact data integrity more than any other issues.  Some systems lack functionality to attribute change authorizations to the subject or site.  Other systems lack a full audit trail for changes, or force “back-end” changes that are attributable to “system” in the audit trail when they are really carried out by individuals. Given the risks to data integrity, we recommend that processes and functionality for data changes be thoroughly discussed and tested by the study team prior to deployment.