Is it Safe to Use Email in Your Clinical Trial?

In a business niche as highly critical, closely scrutinised and heavily regulated as pharmacovigilance it remains a puzzle why clinical development organisations struggle so often with the “end of process task” of distributing Safety Reports*. These are commonly known as Suspected Unexpected Serious Adverse Reaction or SUSARs. Timely safety report distribution is important because of its part in improving patient safety but also due to the compelling regulatory obligation to distribute this material promptly.

A Pharmacovigilance Process Summary

  1. Site reports Serious Adverse Reaction (SAR) within 48 hours.
  2. Sponsor determines if SAR is unexpected or not.
  3. Sponsor reports SUSAR to relevant regulators within days (for EMA within 7 days and typically 15 days for the FDA).
  4. In parallel to step 3 the sponsor has a responsibility to promptly inform other sites once the matter is identified as a safety issue. While there is some scope for interpretation here, “promptly” is normally interpreted as meaning a number of days and not some longer period of time. Typically sponsors will aim to distribute safety reports within 15 days.

For reference here is how the FDA explain things – p16 of FDA Guidance Safety Reporting Requirements for INDs and BA/BE Studies.

The reality is that this end of process task sounds simple to define but it is in fact pretty complex and time critical. In addition – organisations are often so blindly addicted to using email that alternative, more dynamic and reliable means of information distribution are strangely alien and fantastical. But why not use distribution means that allow for active information distribution, with real-time dynamic readership information? In an age where audience behaviour is closely tracked, isn’t it time you knew who has read your latest Safety Report, and more crucially who has not?

A Post-email World Is Here

In early 2021 the TMF Reference Model working group reported back on “Guidance for the Management of e-Mail Communications in Clinical Studies”. The team eloquently explained their 15 months of diligent and valuable work - I say thank you to lead authors Jamie, Russell, Mark and the other contributors. In the context of day to day clinical trial management this work is a great place to start as you wrestle with how to manage email communications on your clinical study.

However, as I listened to the discussion section by section, issue by issue I was struck numerous times by how many of the issues do not apply in the TMF world of myClin. Thoughtful design has engineered out many of the pitfalls and traps that are intrinsic and unavoidable when you use email attachments to distribute documents or respond to questions about document content.

While the guidance does a good job of addressing the filing and indexing challenges of email within TMF archives, email itself has a number of core flaws that expose Sponsors to significant and ongoing compliance risk. Email is fundamentally insecure.

IT security advisors recommend sponsors assume their emails are being read by someone other than the recipient. Unlike the approach to oversight of the chain of custody for Investigational Medicinal Products there is no reliable chain of custody for sensitive clinical information when email is involved but somehow we fool ourselves that this is acceptable.

Applying the recommendations in the Guidance will not eliminate the possibility of catastrophic misuse of email - accidental even more likely than malicious. For example where entire study teams can be unblinded by the click of a send button. As the guidance notes, everyone must adopt good email practice if you are to mitigate the worst risks of using email - everyone includes all those study stakeholders from other organisations that you have limited supervision or influence over. A substantial part of the issue is that for all of us as daily email users, myself very much included, familiarity breeds complacency - we are unable to reliably evaluate the risk. Under constant pressure or to save time it’s all too easy to indulge in unsafe email practice.

5 Major Risk Factors of Email

See more in The Hidden Liabilities of Using Email for Clinical Trial Communications - a myClin webinar from Johnny Bilotta

Auditors of any eClinical system will demand validated audit trail capabilities - yet email offers nothing of the sort. It’s fascinating how as an industry we are attentive to issues of validation (e.g. EDC, IxRS, and even Excel) - yet when did we last invest any effort in validating our email systems? Practically, with so much of the global email infrastructure out of your control, validation wouldn't be feasible anyway. With all these issues it’s worth asking: is it ever possible to handle email “safely” in a clinical study setting?

At myClin we have built a post-email-attachment world for clinical trials. So many of the unsafe practices of email are engineered out in the "built for clinical" world of myClin. Controlled information distribution is one of the founding principles of the platform. myClin also provides fabulous engagement and compliance information from the readership data it collects on all content. Think of “super” read receipts that persist, repeat and stand-up to regulatory scrutiny - building a rich picture of engagement with your study information.

As the Email Guidance observed time and again email has proven itself a painful inspection and compliance liability for many sponsors and CROs. Is this any surprise given the core technology behind email is more than 50 years old? Given the guidance above runs to 21 pages and requires considerable and consistent adjustments of behaviour by all users of email - then the beast of email is unlikely to be tamed any time soon.

Is this a compliance risk you can continue to tolerate?

The good news - with myClin you no longer have to suffer a dependency on unsafe, insecure and unvalidated email.