EU Regulatory and Litigation

It has been almost a year since the European Commission published a final draft of a Code of Conduct on privacy for mHealth mobile applications (the “Code”). Our previous post summarizes the draft and its application to app developers. However, we noted that the Article 29 Working Party (the “WP29”), an independent advisory body comprised of representatives from all EU Data Protection Authorities, had to comment on the draft before it was formally adopted. In a letter dated 10 April 2017, the WP29 has finally set out its comments on the draft, and identified areas of improvement.

Comments on the draft

The letter begins by setting out the WP29’s expectations for the Code:

  • The Code needs to be compliant with the Data Protection Directive (Directive 95/46/EC, the “Directive”) and its national implementing legislation.
  • The Code must be of adequate quality.
  • The Code must provide sufficient added value to the Directive and other applicable data protection legislation.
  • The Code should continue to be relevant following the transition to the General Data Protection Regulation (Regulation (EU) 2016/679, the “GDPR”).

The WP29 is quite critical of the draft Code, and identifies a number of ways that the draft fails to add value to existing data protection legislation. The WP29’s general comments are that:

  • The Code does not elaborate sufficiently on the relationship between the Directive and national legislation implementing the Directive in individual EU Member States.
  • While the Code’s stated aim is to facilitate data protection compliance and not to address other compliance issues, it should nonetheless take into account other legislation that impacts on the prime objective of data compliance (e.g., provisions on cookies in the ePrivacy Directive (Directive 2002/58/EC)).
  • The Code needs to be clearer on the roles of the parties involved in the processing of personal data (i.e., whether the app developer is a data controller, data processor or both).
  • The Code should be re-evaluated in light of the relevant provisions of the GDPR to ensure that the content of the Code is consistent with the definitions given in both the Directive and the GDPR.

Specific comments

The WP29 also sets out more specific observations on areas in which the Code requires improvement. In summary:

  • Governance and monitoring model: It was not clear whether the model detailed in the Code would be compliant with some of the new requirements of the GDPR. In addition, further information was needed on: (1) the composition of the Assembly and how membership was to be managed; (2) how the monitoring body would be accredited; and (3) the financial contributions required from different members (the WP29 was specifically concerned with ensuring that fees did not preclude wide participation).
  • Practical guidelines for data controllers: The Code should make clear that consent to personal data processing should fulfil all requirements of the GDPR and the Directive, and guidance in relation to obtaining consent to the processing of children’s data should be more thorough. At the same time, the Code should acknowledge that there are other conditions that render data processing fair and lawful, and refer explicitly to them. It should also identify safeguards to raise awareness of the possible risks associated with the use of mHealth apps.
  • Data protection principles: Whilst the “practical guidelines for data controllers” referred to the necessity of safeguards for data subjects, it did not mention that these safeguards should be “appropriate”, in line with data protection principles. Further, the Code should refer to all of the data protection principles, or explain why they are not relevant.
  • Information, transparency and data subjects rights: The Code should require developers to make more information about the role of the data controller available to end users. It did not provide sufficient information on how data subjects could exert their rights, or how data controllers and data processors should meet their obligations. The Code should refer to the relevant provisions of the GDPR in relation to transfer of personal data to third countries. The legal basis and requirements for processing data for marketing purposes should also be referred to, such as the relevant sections of the GDPR.
  • Security: The Code should include more details and relevant examples on how app developers can integrate “privacy by design” and “privacy by default” into their development processes, as well as being attentive to legal restrictions relating to retention periods. Specific provisions in relation to data protection breaches should be included in line with the definitions of personal data contained in the Directive and the GDPR.

The draft will now need to be reconsidered by the drafting group to take these comments into account. The WP29 specifically states: “When revising the draft, please consider carefully what “added value” the code of conduct provides as a whole and, in particular, what specific examples, practical solutions or recommendations you could draw from discussions with stakeholders, ...” In the meantime, given the shortage of guidance in this area, developers may choose to follow the Code, and the recommendations from the WP29 in order to conform to best practice.

Connected health involving health technology, digital media and mobile devices opens up new opportunities to improve the quality and outcomes of both health and social care. Such transformational innovation, however, may also bring about significant regulatory compliance risks.

On 3 March 2017, four UK healthcare regulators, including the Care Quality Commission (“CQC”), made a joint statement reminding providers of online clinical and pharmaceutical services, and associated healthcare professionals, that they should follow professional guidelines to ensure such services are provided safely and effectively.

We have written an in-depth assessment on the ongoing regulatory activities in the UK, available here, which was published in Digital Health Legal on 20 April 2017.

As indicated in the joint statement, CQC inspections found that certain online services were found to be too ready to sell prescription-only medicines without undertaking proper checks or verifying the patient’s individual circumstance, raising significant concerns about patient safety. The view taken by the regulators is that the same safeguards should be put in place for patients whether they attend a physical consultation with their GP (primary care physician) or seek medical advice and treatment online.

UK domestic law already provides that online providers must assess the risks to people’s health and safety during any care or treatment and make sure that staff have the qualifications, competence, skills and experience to keep people safe. The CQC has the power to bring a criminal prosecution if a failure to meet this responsibility results in avoidable harm to a person using the service or if a person using the service is exposed to significant risk of harm. Unlike other enforcement regimes, the CQC does not have to serve a warning notice before prosecution. The CQC can also pursue criminal sanctions where there have been fundamental breaches of standards of quality and safety and can enforce the standards using civil powers to impose conditions, suspend or cancel a registration to provide the online services.

In March 2017, the CQC published guidance clarifying its existing primary care guidance by setting out how it proposes to regulate digital healthcare providers in primary care. The guidance provides that the CQC will evaluate the following key lines of inquiry (“KLOEs”): whether services are safe, effective, caring, responsive to people’s needs and well-led. Each KLOE is accompanied by a number of questions that inspectors will consider as part of the assessment, which are characterised by the CQC as ‘prompts’.

The European Commission has published a report on the cost-effectiveness of standards-driven eHealth interoperability; the exchange of data between IT systems. This is one of a number of parallel initiatives from the Commission to advance e-Health interoperability, such as the EURO-CAS project launched in January this year, and is an essential part of the EU Digital Agenda.

The ultimate goal of the Commission’s efforts on eStandards for eHealth interoperability is to join up with healthcare stakeholders in Europe, and globally, to build consensus on eHealth standards, accelerate knowledge-sharing and promote wider adoption of standards.

The eStandards project is working to finalize a roadmap and associated evidence base, a white paper on the need for formal standards, and two guidelines addressing how to work with: (a) clinical content in profiles, and (b) competing standards in large-scale eHealth deployments. An initial roadmap has already been prepared. The final roadmap aims to describe the actions to be taken by standards development and profiling organizations (SDOs), policymakers in eHealth, and national competence centers, to warrant high availability and use of general and personal health information at the point of care, as well as for biomedical, clinical, public health, and health policy research.

The objective of this discrete cost-effectiveness study is to support the preparation of the final roadmap. The study contacted 3 categories of stakeholders: i) Centers of Competence; ii) Vendors (mostly small and medium-sized companies) on the European market; and iii) Standards Organizations (mostly international). It has shown that stakeholders use the same tools in different projects across Europe, which should facilitate communication of best practices between them.

Its main findings are that:

  • All stakeholders consider that using standards and standards-driven tools contribute to better quality products.
  • Vendors and Centers of Competence share the same benefits as a result of the efficiency of the project (e.g. the continuous improvement of the specifications, and their effectiveness).
  • In terms of economic results, the study shows clearly that using and reusing existing tools and content saves effort and time, as well as money. It standardizes methods of working and increases professionalism of the project team. However due to the complexity of the eHealth domain, training is one of the major challenges for increasing the adoption of profiles and standards.
  • The study also indicates that standards are available, but the challenge is their adoption.

The study proposes a few practical recommendations for promoting the use of the standards-driven tools:

  1. Develop a strategy to communicate and disseminate the use of standards-driven tools, showing evidence of their positive impact in the development of projects and products;
  2. Develop simple indicators and/or refine the indicators used in this study in order to quantify the progress of adoption of standards-driven tools;
  3. Identify the weaknesses and limitations associated with deploying standards and tools;
  4. Develop conformity assessments and testing platforms for better adoption of the standards.

These initiatives complement the new guidance published on 23 March by the Commission for digital public services in its new European Interoperability Framework, which is meant to help European public administrations to coordinate their digitalization efforts when delivering public services.

We have previously published a post on the potential uses of mobile apps in clinical trials, and the accompanying advantages and limitations. Recent research published in The New England Journal of Medicine (NEJM) confirms the increasing number of innovative studies being conducted through the internet, and discusses the bioethical considerations and technical complexities arising from this use.

Apps used in clinical research

The vast majority of the population, including patients and healthcare professionals, have mobile phones. They are using them in a growing number of ways, and increasingly expect the organizations they interact with to do the same. Clinical research is no exception. As we discussed previously, smartphones are becoming increasingly important as a means of facilitating patient recruitment, reducing costs, disseminating and collecting a wide-range of health data, and improving the informed consent process.

A major development in relation to app-based studies occurred in early 2015 with the launch of Apple’s ResearchKit, an open-source software toolkit for the iOS platform that can be used to build apps for smartphone-based medical research. Since then, similar toolkits, such as ResearchStack, have been launched to facilitate app development on the Android operating system.

Several Institutional Review Board-approved study apps were launched shortly after the creation of ResearchKit, including MyHeart Counts (cardiovascular disease), mPower (Parkinson’s disease), Gluco-Success (type 2 diabetes), Asthma Health (asthma) and Share the Journey (breast cancer).

The NEJM publication refers to data from MyHeart Counts to emphasize particular features of app-based studies. The MyHeart Counts study enrolled more than 10,000 participants in the first 24 hours: a recruitment figure that many traditional study sponsors would regard with envy. While this figure appears, at least in part, to result from expanded access to would-be participants who are not within easy reach of a study site, it may carry with it a degree of selection bias. For example, the consenting study population in MyHeart Counts was predominantly young (median age, 36) and male (82 per cent), reflecting the uneven distribution of smartphone usage and familiarity across the population in the demographics of app-based study participants. The MyHeart Counts completer population (i.e. those who completed a 6-minute “walk test” at the end of seven days) represented only 10 per cent of participants who provided consent. The reasons for low completer rates in app-based studies are not mapped out, but may relate to participants’ commitment to partake in and contribute to the study in the absence of face-to-face interactions.

Regulatory and legal challenges for digital consent

Conduct of clinical trials is guided by good clinical practice (GCP) principles, which seek to ensure that:

  • trials are ethically conducted to protect the dignity, privacy and safety of trial subjects; and
  • there exists an adequate procedure to ensure the quality and integrity of the data generated from the trial.

Informed consent is one of the most important ethical principles, and an essential condition both for therapy and research. It is a voluntary agreement to participate in research, but is more than a form that is signed; it is a process during which the subject acquires an understanding of the research and its risks.

The challenges of conducting clinical research using digital technology are, to name a few:

  1. how to ensure that the language used in the informed consent is engaging and user-friendly to promote greater understanding of the nature of the study and the risks relating to participation in the trial;
  2. how to assess capacity and understanding of trial subjects remotely;
  3. how to assess voluntary choice without the benefit of body language and tone; and
  4. how to verify the identity of the person consenting (although this risk may be mitigated in the future through biometric or identity verification tools).

Moreover, there are practical challenges with using these technologies. For example, relating to the assessment of patient eligibility, and monitoring of trial subjects to ensure clinically meaningful data of an acceptable quality are collected and collated during the trial to comply with the GCP principles and support regulatory submissions.

Because of some of these challenges, the NEJM publication suggests that app-based research may be most suitable for low-risk studies. However, it is likely that these risks will be mitigated in the future as the technology develops and researchers and patients become more familiar with its use.

The National Institute for health and Care Excellence (NICE) provides guidance to the NHS in England on the clinical and cost effectiveness of selected new and established technologies through its healthcare technology assessment (HTA) program. Using the experience it has gained from this program, NICE intends to develop a system for evaluating digital apps. The pilot phase for this project was set in place in November 2016, and, from March 2017, NICE will publish non-guidance briefings on mobile technology health apps, to be known as “Health App Briefings”. These briefings will set out the evidence for an app, but will not provide a recommendation on its use; this will remain subject to the judgment of the treating physician.

The existing HTA program consists of an initial scoping process, during which NICE defines the specific questions that the HTA will address. NICE then conducts an assessment of the technology, in which an independent academic review group conducts a review of the quality, findings and implications of the available evidence for a technology, followed by an economic evaluation. Finally, an Appraisal Committee considers the report prepared by the academic review group and decides whether to recommend the technology for use in the NHS.

The new program builds on the current Paperless 2020 simplified app assessment process, which was recommended in the Accelerated Access Review Report discussed in a previous post. It has many parallels with the HTA program. In particular, it will be a four-stage process, comprising: (1) the app developer’s self-assessment against defined criteria; (2) a community evaluation involving crowd-sourced feedback from professionals, the public and local commissioners; (3) preparation of a benefit case; and (4) an independent impact evaluation, considering both efficacy and cost-effectiveness.

NICE is currently preparing five Health App Briefings, of which NICE’s Deputy Chief Executive and Director of Health and Social Care, Professor Gillian Leng, has confirmed one will relate to Sleepio, an app shown in placebo-controlled clinical trials to improve sleep through a virtual course of cognitive behavioral therapy.

We understand that future Health App Briefings will also focus on digital tools with applications in mental health and chronic conditions, consistent with NHS England’s plans to improve its mental healthcare provision and, in particular, access to tailored care.

For apps that have evidence to support their use and the claims made about them, the new Innovation and Technology Tariff, announced by the Chief Executive of NHS England in June 2016, could provide a reimbursement route for the app. This will provide a national route to market for a small number of technologies, and will incentivize providers to use digital products with proven health outcomes and economic benefits.

We previously described some of the ways in which life sciences companies are exploring the potential of IBM’s supercomputer, ‘Watson®’, to assist with product development and disease treatment.  Such uses raise important questions about how Watson and other software are treated under medical device regulations.  These questions are particularly important as tech companies find themselves wading into the healthcare arena and may be unaware of the heavily regulated industry they are entering.

The regulation of medical software has been controversial and subject to the vagaries of guidelines and subjective interpretations by the regulatory authorities. We consider below the regulatory minefield and the circumstances in which a software is regulated as a medical device in the EU and U.S.

EU

How is software regulated?

In the EU, a medical device means any instrument or other apparatus, including software, intended by the manufacturer to be used for human beings for the purpose of, among other things, diagnosis, prevention, monitoring, treatment or alleviation of disease. There is no general exclusion for software, and software may be regulated as a medical device if it has a medical purpose, meaning it is capable of appreciably restoring, correcting or modifying physiological functions in human beings. A case-by-case assessment is needed, taking account of the product characteristics, mode of use and claims made by the manufacturer. However, the assessment is by no means straightforward for software, which is particularly complex because, unlike classification of general medical devices, it is not immediately apparent how these parameters apply to software, given that software does not act on the human body to restore, correct or modify bodily functions.

As a result, software used in a healthcare setting is not necessarily a medical device. The issue is whether the software can be used as a tool for treatment, prevention or diagnosis of a disease or condition. For example, software that calculates anatomical sites of the body, and image enhancing software intended for diagnostic purposes, is generally viewed as a software medical device because it is used as a tool, over and above the healthcare professionals’ clinical judgment, in order to assist clinical diagnosis and treatment. For the same reason, software used for merely conveying or reviewing patient data is generally not a medical device.

What about Watson?

The main benefit of IBM’s cognitive computing software is its ability to analyse large amounts of data to develop knowledge about a disease or condition, rather than treatment options for an individual patient. Currently, its uses are largely limited to research and development. On the basis of these uses, the software may not be considered as having the medical purpose necessary for it to be classified as a medical device.

However, uses of the software that aim to enhance clinical diagnosis or treatment of a condition may potentially alter the regulatory status, especially if the function of the software goes beyond data capture and communication. Similarly, some of the new partnerships recently announced, described in our previous post, are aimed at developing personalised management solutions, or mobile coaching systems for patients. These may be viewed as having a medical purpose in view of the health-related information they acquire to provide informed feedback to the patient on self-help, or decision-making relating to the patient’s treatment plan. As the uses for Watson increase, and become more involved in treatment decisions, this change in regulatory status is likely to increase.

Will there be any change under the new Medical Device Regulations?

The EU legislative proposal for new medical device Regulations, which have reached broad agreement by the EU legislature but have not yet been adopted, contain additional provisions that specifically address software medical devices. Of particular relevance, software with a medical purpose of “prediction and prognosis” will be considered as coming within the scope of the Regulations. This means that software and apps that were previously excluded from being regulated, may in the future be “up-classified” and be susceptible to being regulated as medical devices. Along with a number of initiatives in the EU, the EU institutions recognize the importance of mHealth in the healthcare setting, and are seeking to ensure it is properly regulated as its use increases.

U.S.

How is software regulated?

In the United States, the Food and Drug Administration (FDA) has regulatory authority over medical devices. FDA considers a medical device to be an instrument or other apparatus, component, or accessory that is intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease in man or other animals, or that is intended to affect the structure or function of any man or other animal but which is not dependent on being metabolized (i.e., a drug) for achievement of that purpose.   FDA has issued a number of guidance documents to assist in identifying when software or mobile apps are considered to be medical devices.

One type of software FDA has not issued guidance on is Clinical Decision Support Software (CDSS). CDSS is software that utilizes patient information to assist providers in making diagnostic or treatment decisions. Until recently, CDSS was approached in a similar fashion to FDA’s framework for mobile apps. In other words, CDSS was viewed as existing on a continuum from being a Class II regulated medical device, to being subject to FDA’s enforcement discretion, to not being considered a medical device at all. On December 13, 2016, however, the 21st Century Cures Act was signed into law, clarifying the scope of FDA’s regulatory jurisdiction over stand-alone software products used in healthcare.

The 21st Century Cures Act contains a provision – Section 3060 – that explicitly exempts certain types of software from the definition of a medical device. As relevant for CDSS, the law excludes from the definition of a “device” software (unless the software is intended to “acquire, process, or analyze a medical image or a signal from an in vitro diagnostic device or a pattern or signal from a signal acquisition system”):

  1. Displaying, analyzing, or printing medical information about a patient or other medical information (such as peer-reviewed clinical studies and clinical practice guidelines);
  2. Supporting or providing recommendations to a health care professional about prevention, diagnosis, or treatment of a disease or condition; and
  3. Enabling health care professionals to independently review the basis for such recommendations so that the software is not primarily relied upon to make a clinical diagnosis or treatment decision regarding an individual patient.

Thus the Act generally excludes most CDSS from FDA jurisdiction. However, it is worth noting that FDA may bring CDSS back under its jurisdiction if it makes certain findings regarding: (1) the likelihood and severity of patient harm if the software does not perform as intended, (2) the extent to which the software is intended to support the clinical judgment of a health care professional, (3) whether there is a reasonable opportunity for a health care professional to review the basis of the information or treatment recommendation, and (4) the intended user and use environment.

What About Watson?

Based on this regulatory framework, IBM’s Watson would not generally be regulated as a medical device if simply used as a tool to assist physician review of medical data. In many uses, Watson is still dependent on human intervention and therefore does not make independent patient-specific diagnoses or treatment decisions. Importantly, statements about Watson also show that it is intended to be used simply as a tool by physicians and it is not intended that physicians rely primarily on Watson’s recommendations.

As such, in many applications, Watson is likely to be the kind of CDSS statutorily excluded from the definition of a medical device. However, as Watson and other forms of artificial intelligence advance and become capable of making or altering medical diagnoses or treatment decisions with little input or oversight from physicians, or transparency as to underlying assumptions and algorithms, these technologies will fall outside of the exclusion. As the use of such forms of artificial intelligence becomes more central to clinical decision-making, it will be interesting to see whether FDA attempts to take a more active role in its regulation, or if other agencies — such as the U.S. Federal Trade Commission — step up their scrutiny of such systems. Additionally, state laws may be implicated with regard to how such technology is licensed or regulated under state public health, consumer protection, and medical practice licensure requirements.

Interoperability has been identified as one of the greatest challenges in healthcare IT. It is defined as the ability of organizations to share information and knowledge, by means of the exchange of data between their respective IT systems, and is about bringing to life fruitful collaborations between different healthcare environments, with electronic means.

With this in mind, the eHealth Interoperability Conformity Assessment for Europe (EURO-CAS) project launched on 26 January 2017. With a budget of €1 million (approximately $1.1m), it is one of the projects being funded under the European Union’s (EU) Horizon 2020 research and innovation program.  The launch of this project shows the EU’s recognition that eHealth has become increasingly important within healthcare, and that the use of such technologies needs to be streamlined.

The aims of the project are two-fold:

  1. to develop models, tools and processes to enable an assessment of the conformity of eHealth products with international, regional and national standards.
  2. to provide a method for manufacturers of conforming technology to demonstrate that conformity to the public. As set out in previous posts, a key concern with the proliferation of apps and eHealth products is how to demonstrate to patients and payers that they are safe, effective, and protect patients’ privacy. The hope is that the project will address these concerns and promote the adoption and take-up of eHealth products, and the use of the various standards that are being developed.

These aims will be achieved through the development of the ‘CAS’ scheme by a consortium led by IHE-Europe, and consisting of EU member state representatives, experts and international associations. Six ‘work packages’ have been set up to deliver the project, each focusing on discrete aspects of the project:

work packages

Fig 1: https://www.euro-cas.eu/work-packages

The project’s key deliverables (and corresponding timelines) have also been outlined, with the final scheme to be presented to the public in November 2018.

The overarching plan behind EURO-CAS is to pave the way for more eHealth interoperability in the EU. The project will build on the findings of a series of EU-funded projects concerning eHealth interoperability over the past years. The scheme also aims for consistency with the ‘Refined eHealth European Interoperability Framework’, which identified the importance of interoperability for eHealth to be truly useful in healthcare, and was endorsed by representatives from all EU member states in 2015.

EURO-CAS states that it is “committed to transparency and openness”. Interested parties are invited to partake in project events, to engage through the project’s Twitter channel (@EURO_CAS), or LinkedIn group, or to provide feedback on the deliverables that will be submitted for public consultation in due course.

Updating our earlier blog post, ‘Next Up: European Consultation on the Safety of Apps’ that consultation has now closed and the Summary Report was published on November 14, 2016.

As previously explained, the consultation is one of a series of consultations and draft guidance through which the European Commission is seeking to develop appropriate guidance on the development of mHealth apps. The objectives of the consultation were to gather input from the public, industry and public authorities on their experience relating to the safety of apps and other non-embedded software, with a view to better understanding the risks they may pose to users and how those risks can be addressed.

The consultation returned 78 responses from stakeholders both inside and outside the EU. The majority of respondents were members of the public (37) and the remainder comprised trade associations (12), businesses (10), public authorities (6), professional associations (5), academia (5) and civil society (3).

Nearly half of the respondents (33) identified health and wellbeing apps as the main category of apps that could pose risks to users’ safety. In line with previous comments from the public, the most common concern raised by respondents related to data protection (including the risk that apps could access or collect users’ sensitive data without their consent, see: Attention App Developers… Final Draft of Code of Conduct on Privacy for mHealth Apps  (17), followed by cyber-attacks (including for the purposes of data collection, financial operations or controlling another device) (12). The types of risks most frequently cited by respondents included economic damage (60) and non-material damage (pain and suffering) (55).

The Commission is analyzing the replies to the consultation, and a full report will be published in due course. The Commission has stated that while the results do not point to the need for a new Commission initiative, it will consider the responses in its ongoing review of the regulatory frameworks governing apps, medical devices, and product safety and liability.

Improvements in the efficiency of clinical development is the highest priority for the innovative industry. And yet, costs associated with clinical trials, and delays in patient recruitment and retention, persist. Companies are continually on the look-out for ways of addressing these issues, and mHealth may be the answer. Digital technologies, and the integration of wearable health monitors with smartphones and apps, offer new opportunities for expediting product development. However, there are challenges with the widespread use of such technologies, which we discuss below.

How is mHealth used in clinical trials?

  • Patient recruitment and retention: It has been reported that 27% of the cost of development of a medicinal product is associated with patient recruitment, and only 1 in 20 patients recruited provide results that can be included in a regulatory dossier. This highlights the extent of the challenge companies face. Certain apps claim to provide an effective means of tracking potentially eligible patients through capturing valuable data and improving patient recruitment. For example, Clinical Trial Seek, My Clinical Study Buddy, and Study Scavenger provide patients and physicians with the ability to search trial information. Similarly, apps such as Lilly’s Oncology Resource enables healthcare professionals to search clinical trials in the oncology field to aid referrals.
  • Patient engagement: Patients are increasingly recognized as equal partners in clinical trials and drug development. Further, some say that better patient engagement leads to better outcomes and greater retention rates. A real-life example of this comes from the comparative Mobile Diabetes Intervention Study of 163 patients, which found that adding a mobile patient coaching app to treatment, together with personalized feedback on blood glucose data and lifestyle behaviors via smartphones, substantially lowered glycated haemoglobin levels for more than a year.  Wearable technology and patient-centric apps provide a great opportunity for pharmaceutical companies to seek this engagement during clinical trials. For example, Clinical Trials Mobile provides patient-specific information about participating in trials, how to prepare for visits and instructions on the study product. Momentum 3 provides similar information for investigators.
  • Real-time patient monitoring: The age-old process of having clinical staff and investigators recording patient information from various inputs on paper-based case report forms, then manually entering this information into a database, is fading into history. Electronic data capture (EDC) is rapidly becoming the new standard, yielding impressive productivity gains and helping to improve data accuracy. Continuous monitoring can also help researchers record treatment adherence. As a result, study sponsors can more accurately determine efficacy, and non-adhering patients can be filtered out. Continuous remote patient monitoring through apps also enables trial sponsors to more readily and accurately identify potential side effects. Such technologies are being integrated into trial designs. For example, Pfizer has developed a sensor-enabled remote patient monitoring system ahead of its planned use in a Phase III Parkinson’s disease trial in 2019. Wearables technologies can also be used to more easily integrate and collect quality of life data as part of the trial, and so support reimbursement decisions without conducting further studies.

Is it an app or a device?

As with any software used in the healthcare setting, it will be important to consider whether any such technology is a medical device under the relevant legislation and guidance.  In the EU, the new Medical Devices Regulations, when finalized, may change the classification of software used in the healthcare environment, which will mean more apps are classified as devices according to their intended medical purpose. The European Commission is also consulting on guidance to define the threshold for classification of a software medical device. Similarly, in the US, the FDA has recently published draft guidance on the evaluation of software as a medical device, and has issued final guidance on Medical Device Data Systems, Medical Image Storage Devices, and Medical Image Communications Devices.

While some companies shy away from such regulation, others are actively developing apps that will be classified as medical devices, presumably with the aim of ensuring confidence in the product. For example, Google has developed a health-tracking wristband, which it plans to position as a medical device for use by patients and clinical researchers.

Can this really make a difference?

The true value of the use of apps and digital technologies in clinical trials will depend on ease of use, relevance and accuracy, all of which may raise important legal issues. In particular, it should be recognized that data monitoring through remote digitalized technologies, moves clinical trials from an internally-contained to an external-uncontrolled clinical environment. There are, therefore, concerns about their use:

  • System integration: the technological capabilities are not yet fully integrated between the hardware (wearables) and software (apps and servers), and there is a lack of support for the analysis of massive data collection within clinical trials.
  • Standardization of regulatory requirements: appropriate standards should be established to facilitate inter-operability. However, this is hampered by the fact that regulatory rules and policies for mHealth have not kept pace with the technological advancement. It is unclear how and against what regulatory standards data collected from such devices and apps should be validated to support regulatory review. In the EU, whilst there has been a flurry of activity in relation to the assessment of apps, their application in a clinical trial setting has not been addressed. Moreover, mobile technologies and digital health are not referred to in the Clinical Trials Regulation, which is expected to come into operation in 2018. In contrast, in the US, the FDA consulted on guidance on the use of mobile technologies in clinical trials at the end of 2015, and on the use of electronic health records in clinical trials earlier this year.
  • Data security: most importantly, patients need to have confidence in the technology, and in particular, the security of their personal data and the accuracy of the data collected.

Despite these limitation, proof on concept has been shown: a recent report by the US Department of Health and Human Services found that the key impact of the use of mobile technologies so far recorded is on study duration and total costs. The report noted up to a 30% decline in study duration, and costs savings of as much as $6.1 million (up to 12 percent of cost per study) in a phase III study. It seems, therefore, that the future will be digital.

Last month, three life sciences giants announced new or deepening partnerships with IBM, to capitalize on IBM’s supercomputer, ‘Watson’, an artificially intelligent computer system. There has been a lot of buzz recently about how big data can be meaningfully applied in the healthcare setting to assist with product development and disease treatment.  The European Medicines Agency has recognized the potential of exciting opportunity of exploiting big data with the capability of significantly contributing to the way the benefit-risk of medicines is assessed over a product’s lifecycle. The flurry of recent announcements indicate that we are entering into the new era of cognitive computing that is capable of re-engineering product development and improving assessment of performance of medicines or healthcare products on the market.

Watson

IBM’s supercomputer, nicknamed ‘Watson’, made headlines in 2011 for beating two of the gameshow Jeopardy’s greatest human champions. It did so by making use of cognitive computing technology, which involves teaching computers to process large amounts of information in a way similar to how humans think, with the capability to analyse and interpret data in various formats including those that are unstructured.

Since its days of gameshow glory, Watson has advanced its offerings to include applications that are specific to healthcare. Following the launch of Watson Health in 2015, IBM has lined up several large pharmaceutical companies to partner with in using and developing the new technology.

  • Medtronic and Johnson & Johnson were quick off the mark to enter into Watson Health partnerships with IBM, announcing in April 2015 that the technology would be used to personalise diabetes management solutions using data collected from Medtronic’s devices and to set up mobile-based coaching systems for pre- and post- operative patient care for Johnson.
  • In September 2015, Teva Pharmaceuticals became the first pharmaceutical company to deploy the IBM Watson Health Cloud as a mechanism for building global eHealth solutions designed to address complex and chronic conditions such as asthma, pain, migraine and neurodegenerative diseases. In addition, the partnership envisages making use of big data and machine learning technology to create disease models and advanced therapeutic solutions. An expansion of the partnership was announced on 26 October 2016 and will focus on the discovery of new treatment options and on improving chronic disease management. In particular, the expanded partnership seeks to enable the delivery of novel therapies by repurposing existing drugs as new treatment options.
  • Novo Nordisk signed up to an IBM Watson Health Cloud partnership in December 2015, in a bid to launch a digital platform to help manage patients’ diabetes by way of a real-time analysis of data-uploads concerning patients’ blood sugar levels, food intake and medicine usage.
  • On 1 November 2016, Celgene and IBM announced a partnership aimed at facilitating and improving pharmacovigilance through the creation of a cloud-based drug evaluation platform, to be run on Watson Health Cloud.
  • GlaxoSmithKline (GSK) announced a collaboration with IBM Watson in June 2016, which aims to allow GSK consumers to ask questions via voice or text directly through GSK’s online ads. Watson will then generate a personalized response for delivery to the consumer. On 6 October 2016, GSK announced that the use of Watson’s interactive functionality had been launched in respect of the company’s Theraflu brand.

Although Watson has featured prominently among the recently announced cognitive computing applications, it is not the only player. Notably, both GSK and Sanofi have recently announced joint ventures with Verily Life Sciences, to develop bioelectronic medicines and comprehensive diabetes management platforms.

What is abundantly clear, is that the recent flurry of announcements on partnership and joint venture between life sciences companies and technology companies is an indication of the industries’ voracious appetite for big data analytics to improve efficiency and reduce costs in research and development as well as timely access to new products.