Raymond concedes that an FDA inspector concerned about fabricated data in an electronic patient diary system would not have the coffee stains and handwritten notes that might be present in paper documents. But other tools would detect any fraud, he says. Audit trails, time stamps and access control, he says, help to make electronic systems more secure than paper ones. Indeed, just populating the devices with fake data for demonstrations is seriously, wretchedly cumbersome.
"I've been thinking about this since I started Phase Forward in 1997," says Paul Bleicher, the company's founder and chairman. "I am still thinking and working on this. In March of 1998, when we met with the FDA, this is one of the issues we discussed."
Bleicher anticipates that any new guidances that may be forthcoming for the diary industry will also affect non-diary companies like his: "There should be no difference between the application of electronic data capture (EDC) and electronic patient-reported outcome (ePRO)."
Bleicher's company does not currently offer a handheld device for patient-reported outcomes. But he says the company has developed an e-source version of its InForm EDC application. "We built it," says Bleicher. "We put a lot of effort into it. A lot of people asked for it."
[Editor's note: Phase Forward could not identify a customer that has used its e-source solution, but that probably says more about the shy users of its technology than the merits of its software. According to on-the-record interviews with their customers, New York City's Medidata and Philadelphia's Phoenix Data Systems have successfully deployed e-source solutions.]
Under existing regulations, Bleicher says, e-source data does not face any special hurdles: "The FDA has also been very comfortable with primary electronic collection of data. What they have always said with primary e-source data is that the system had to be especially well-validated. The FDA has been clear about that." But the internet, Bleicher says, may present regulatory complexities because vendors (with no clearly defined role in the regulations) are assuming some of the duties of investigators.
"I had studied this issue and had borrowed something from the financial community," says Bleicher. "I called it a trusted third party." Such an entity would be allowed to hold data on an investigator's behalf. Unlike sponsors of clinical trials, which can split their responsibilities with contract research organizations, physician investigators cannot delegate their authority. "The problem is, under the current regulations, the investigator doesn't have the ability to share their responsibility," Bleicher explains.
Like Raymond, Bleicher welcomes a statutory change to the law to allow the FDA to regulate vendors. "My belief is that the sponsors themselves should not manage the data," says Bleicher. "We write our SOPs to not have direct access to the data. We manage the trial in that way. All EDC vendors should do that. The FDA needs the ability to inspect the vendors."
That view is shared at CRF, a diary company. "I've stated all along that I would love to be under GCP [good clinical practice]. It would give us more credibility with customers," says CRF's VP for quality management and regulatory affairs Greg Gogates.
Gogates says investigators have access to the system. Like Raymond and Bleicher, he finesses questions about whether sponsors are ever permitted to "tidy up" their own data.
"If it smells like clinical data, it is clinical data, and we always get the investigator signature," says Gogates. "Not the signature of the sponsor. It belongs to the investigator, not the sponsor. You can see if a data point is changed. You can see who changed it. We feel we have a solid system."
Gogates does concede that technology providers lack a clear role. "You have a party in a gray area from a GCP perspective. We're not the sponsor. We're not the investigator. We're something else."
Behind the scenes, Gogates says, unnamed competitors in the diary space are maneuvering for their own approaches to be written into the regulations.
"We have another competitor insisting that the patient sign the diary," says Gogates. "The problem is, they have a box on the screen where the patient is actually signing their name. They're saying that that is an electronic signature. It's not. A picture of your signature with no authentication is nothing. You could sign 'Mickey Mouse' in the box and nobody would know better. It's just a picture of a signature."
Gogates notes after years of discussion, little of the new FDA document is expected to actually concern electronic patient diaries at all, but rather the general rules surrounding all patient diaries. Naming two pivotal FDA officials on the diary and e-source issues, Gogates said: "They have promised this patient-reported outcome (PRO) guidance document for a long time, and we haven't seen it. It's going to be one paragraph about the electronic part and the rest about patient-reported outcomes in general. We're all disappointed."
Gogates says that the company archives all data for investigators on an auto-run CD with XML code. Will that disc run on a Dell in 2015? Gogates says that there's a consensus in the data-archiving community that XML is the preferred format.
There is much less agreement on the proper physical media for such records, he notes. "Ten years from now, CDs will no longer be viable," Gogates predicts. "Pretty soon it will all be solid state memory. DVDs are going to go away. If we put it on a USB stick, how do we know it will be around?"
Gogates notes that European regulators have few concerns about diaries-in their case, the most pressing matter is the largely unregulated world of electronic medical records (EMR).
Gogates suspects many physicians in community practice have little experience with 21 CFR Part 11. "Part 11 is a foreign concept to them," says Gogates. "You have a server sitting under the doctor's desk. The admin is the doctor or his kid. And this is where we're going to put all the records? The EMR systems are not compliant. It's a big mess."