CRF Health’s technology collects electronic patient data and electronic patient diary data that qualify as ICH-GCP Source Data & Documents. Consequently, CRF Health complies with US and EU regulatory rules and guidelines. CRF Health’s systems meet these requirements, including but not limited to 21 CFR § 11, 21 CFR § 312, 21 CFR § 314, 45 CFR § 160/164 HIPAA, Directive 95/46/EC, Directive 2001/20/EC, and FDA CSUCT guidance.
CRF Health’s quality systems follow the tenets of ISO 9001 Quality System, ISO 12207 Software Lifecycle, and ISO 27002 Information Security. CRF Health’s adherence to these, globally sanctioned, consensus standards aids in CRF Health’s ongoing endeavors to ensure that all CRF Health products and services meet regulatory expectations and scrutiny.
CRF Health utilizes key ICH-GCP principles in order to manage data accuracy, (§2,10). The purpose of identifying data as “source”, is to always be able to authenticate any copy via source document (data) verification (“SDV”) activities.
CRF Health considers all of its end-user devices (PDA’s, Smart Phones, Tablets, Mobile Interface Devices – MID) as transient (“Transient Devices”). These Transient Devices either display data that is pushed from CRF Health’s servers or acquire data from users and temporarily stores such data inside such Transient Devices. However, as part of a normal workflow these Transient Devices pass data onto CRF Health’s centralized databases before the process tasks are completed.
Additionally, CRF Health defines its clinical data collection devices as transient data collectors (“Transient Data Collectors”). CRF Health does not consider, or provide for, permanent “source data” storage in these Transient Data Collectors since by the nature of such Transient Data Collectors the permanent “source data” storage classification is impractical to archive. However, it should be noted that, some of the Transient Data Collectors do have removable memory cards – these memory cards are used only for disaster recovery purposes. The data these Transient Data Collectors collect is migrated to CRF Health’s database, (wired and wirelessly), in a secure and validated manner.
Data collected via the Transient Devices and Transient Data Collectors resides in CRF Health’s databases (with controlled access) until final data transformation and data migration to the applicable sponsor’s databases and investigator copies are needed. This is facilitated in a validated manner consistent with IEEE validation principles. It is important to note, that regulatory agencies have not taken definitive opinions or published guidance documents on electronic source in electronic patient diary trials. Our interpretation and principles are in keeping with US FDA’s Good Clinical Practices GCP’s section 2 by incorporating new technology, in a realistic manner, using sound engineering judgment.
CRF Health’s personnel are an active part of the DIA, ISPOR, and eCF groups, which allow CRF Health to:
European Union Data Protection Directive
In accordance with Commission Decision 2002/16/EC of 27 December 2001 on standard contractual clauses for the transfer of personal data to third countries, under Directive 95/46/EC, the Annex titled “Standard Contractual Clauses” is hereby incorporated by reference in its entirety. With respect to such Annex the “data exporter” shall be defined as “You” and the “data importer” shall be defined as “CRF Health”. You may find a complete version of the text by clicking on this link – [Commission Decision 2002/16/EC]. CRF Health subscribed to the US – EU Save Harbor framework as a complement to the EU directives on personal data. Our registration can be found on the Safe Harbor website: http://www.export.gov/safeharbor/. We are now monitoring the adopting of the Privacy Shield framework as a replacement to Safe Harbor. In the interim, CRF Health will complete EU Model clauses to ensure a compliant approach to data protection.
Government End-User Notice
CRF Health’s Software is a “Commercial Item,” as that term is defined at 48 C.F.R. § 12,101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation,” as such terms are used in 48 C.F.R. § 12,212 and 48 C.F.R. § 227,7202, as applicable. Consistent with 48 C.F.R. §§ 12,212, 227,7202-1 through 227,7202-4, the Commercial Computer Software and Commercial Computer Software Documentation are being licensed to U.S. Government end-users (a) only as Commercial Items and (b) with only those rights as are granted to all other end-users pursuant to the terms and conditions herein.Anti-Bribery and FCPA
It is the policy of CRF Health to conform to the highest ethical standards and to comply with the U.S. Foreign Corrupt Practices Act (the “FCPA”), the U.K. Bribery Act 2010 (the “Bribery Act”), and local anti-bribery (or anti-corruption) laws wherever CRF Health and its subsidiaries and joint ventures conduct business.
The FCPA prohibits companies, as well as any officer, director, employee or agent from offering, paying, promising to pay or authorizing another to pay any money, making any gift or providing anything of value to a foreign official (or foreign political party, official or candidate of a foreign political party) for the purpose of influencing any official act or inducing the official to use his or her influence to assist a company or individual to obtain or retain business or secure any improper business advantage.
To prevent violations of the FCPA, the Bribery Act and other anti-bribery laws, CRF Health has a policy (QMS-0-0-9 Anti-Bribery), which must be adhered to by all officers, directors, employees, agents, representatives, consultants and partners.
Company officers, directors, employees, agents, representatives, consultants and partners may not, with the intent to obtain or retain business or any commercial advantage, offer, pay, promise to pay or authorize another to pay any money, make any gift or provide anything of value on behalf of the Company to: