Blog Article

Clinical Research
February 4, 2022

Researcher analyzing digital data

Digital Health Platforms: Considerations for Study Design and the IRB

The Rise of Digital Health Platforms

Digital research studies facilitated by mobile health platforms have taken the clinical research community by storm. According to PubMed (search terms: “digital health”, “digital clinical research”, and “wearable”), publications in the field rose by over 300% between 2016 and 2021. The prevalence of digital health was accelerated by the onset of the pandemic, with publications showing a 43% hike just within the first year (2020). Given the scientific merit of digitizing clinical research, the increased adoption of this model is expected, but the explicit guidelines to accompany the innovative approach to these studies remains largely uncharted regulatory territory. 

Recently, the FDA began to pave a path for a regulatory framework associated with digital clinical research. In September 2020, they launched the Digital Health Center for Excellence, whose stated goal is to “empower stakeholders to advance health care by fostering responsible high-quality digital health innovation”. Then, in December 2021, the FDA released draft guidance for industry, investigators, and stakeholders on the use of digital health technologies in clinical research. While these guidelines address questions pertaining to investigational new drug (IND) or investigational device exemption (IDE) applications resulting from clinical trials, the recommendations, explored below, can be extrapolated to institutional review board (IRB) submissions and grant proposals for digital clinical research studies, especially those migrating towards including digital endpoints and digitizing as many aspects of the study as possible (e.g., consent, survey data collection, ecological momentary assessment).

Considerations for Study Designs and the IRB

Digital health platforms, like CareEvolution’s MyDataHelps™, enable clinical researchers to coordinate almost every aspect of their study through the mobile application – from recruitment and consent, to active and passive data collection, to study management including genomic and COVID testing kit facilitation. Taking this innovative approach may impact components of study design, including, but not limited to:

  • Budget – consider the cost of storing data
  • Timeline – account for development and testing time before study launch; launch your project five times faster with MyDataHelps™
  • Communication materials and protocol – create more engaging materials that can be easily deployable in different languages; describe the platform (we recommend not including screenshots to allow for change as the product and approach develops over the course of the study design phase)
  • Personnel – study coordinator/ administrator, software “developer” (there is no coding expertise required to launch a study using MyDataHelps™), technical assistance
  • Initial scientific review – verify and validate the instruments being used; account for data interruptions in your statistical analysis plans; consider consistency in data gathered from different sources
  • Risk management plan – describe the privacy and security policies (read more below)

For traditional clinical research, study IRB submissions typically highlight the healthcare providers, identifying a site principal investigator (PI) and providing proof of the site’s IRB approval. Digital clinical research, however, is often “siteless”. It is important that the IRB understands that there is not the same burden on partners, so site PIs and site IRB approval may not be necessary. Siteless studies may still leverage partners, but not in a traditional way (e.g., as conduits for information)—understanding this dynamic is an area of evolution in IRB considerations with the transition to decentralized research.

Digital health platforms, like CareEvolution’s MyDataHelps™, enable clinical researchers to coordinate almost every aspect of their study through the application – from recruitment and consent, to active and passive data collection, to study management.

Check out how utilizing a customizable software like MyDataHelps™ can facilitate the process.

Risk Management Plan

The risk management plan may require a unique perspective when considering and describing for the purposes of a protocol submission to an IRB or for grant proposals regarding clinical digital studies. For summary purposes, digital clinical research risks are split broadly into two main categories here: outcome and security. Your risk management plan should be developed using an iterative process that first identifies the risks, mitigates them, and then reviews the risks, and it should address both outcome and security risks.

  • Outcome risks encompass anything that might have a physical impact on a participant– also known as adverse or severe adverse events. Important questions to consider when identifying outcome risks and potential mitigation strategies include:
  • If my study uses wearable technology, what are the potential side effects of using that wearable device? Is there an alternative, comparable method for collecting these data?
  • If I am basing a clinical intervention on a readout from a wearable device, what are the potential consequences if that readout is inaccurate? How severe are those consequences? Is there treatment readily available if they occur?
  • Is any survey content I’m delivering to participants emotionally triggering? Am I able to provide resources for any participant that may experience distress?
  • Is it possible that my wearable technology could identify a medical crisis? Am I monitoring wearable data for these events? Am I able to provide assistance if a crisis is identified?

Security risks encompass exactly what you might think—how do you keep participants’ data private and secure? Given the variety and volume of personal data that can be collected through a digital health platform, it is crucial to incorporate a data management plan in any IRB submission and may require establishing a data safety monitoring board for certain situations. Security risks come into play during data transfer and storage, so outlining authentication practices, enabling end-to-end encryption, and considering the security of devices to which you connect are all important components of data management.

CareEvolution’s MyDataHelps™ is the digital health platform the National Institutes of Health’s (NIH’s) All of Us Research Program, RECOVER, and the Framingham Heart Study rely on for data management. Data collected through MyDataHelps™ is securely stored in a HIPAA-compliant, Meaningful Use Certified HIEBus™ platform. The MyDataHelps™ platform also complies with security and privacy controls defined by NIST 800-53 Rev. 4 at the FISMA Moderate baseline, regularly undergoes external formal assessments by a FedRAMP-accredited Third Party Assessment Organization, and has been granted an Authorization to Operate by the NIH. In addition, many industry partners have specific security requirements, which CareEvolution’s platforms are also in compliance with. For example, the The Apple Asthma study is also run on MyDataHelps™, having gone through significant Apple- specific reviews.

Outside of commonly recognized security risks, you may also encounter perceived risks and bystander risks when interacting with different populations. Consider consulting your target populations through community outreach to fully understand their perception of the risks involved with participating in your digital study. Transparency and trust, enabled by your risk management plan, are crucial for your participants and therefore your IRB submission.


  1. Center for Devices and Radiological Health. (2022, February 4). Digital Health Center of Excellence. U.S. Food and Drug Administration. Retrieved February 1, 2022, from

  2. Center for Drug Evaluation and Research. (2021, December 22). Digital Health Technologies for Remote Data Acquisition in Clinical Investigations. U.S. Food and Drug Administration. Retrieved February 1, 2022, from

  3. Haglund, E. (2015, January 29). Risk Management in Clinical Research: Process and Application. MasterControl. Retrieved January 31, 2022, from

  4. Kim, L. (2021, January 13). Data Privacy and Telehealth: Protect the Data, Protect the Patient. HIMSS. Retrieved January 31, 2022, from

  5. The Neuroethics Program @ Emory. (2018, July 24). Exploring the Risks of Digital Health Research: Towards a Pragmatic Framework. The Neuroethics Blog. Retrieved February 3, 2022, from