Findings
The most promising aspects of mental health for digital measurement are sleep, physical activity, stress, and social behavior, which have the strongest scientific evidence. Core barriers to adoption include high cost and limited access, data privacy concerns, poor technological literacy, and a lack of technology adaptation for specific mental health needs. Essential technology characteristics for "fit-for-purpose" sDHTs include usability, reliable performance, strong data privacy and security, and long battery life.

Recommendations
Research and development should prioritize moving promising measures (sleep, activity, stress, social behavior) to large-scale clinical trials. Algorithms must be refined and clinically validated for mental health indications, and new sensor modalities should be explored. Infrastructure must be developed by creating standards and ontologies for mental health sensor data to ensure interoperability and scalability. To improve access and equity, financial support mechanisms and inclusive, culturally tailored design are critical.

Regulatory Considerations
The report does not provide a separate section for "Regulatory Considerations" but emphasizes that future development and funding should prioritize clinical validation across diverse populations. It notes the importance of a clear understanding of the intended measurement claims and the need for rigorous validation studies to move beyond pilot and feasibility stages to demonstrate real-world clinical utility.

Findings
Cybersecurity is an integral part of medical device safety and effectiveness, and manufacturers are responsible for addressing it throughout the entire device lifecycle. The FDA considers a device's cybersecurity as part of its benefit-risk assessment for both premarket and postmarket activities. A lack of robust cybersecurity controls can lead to patient harm, compromised device functionality, and breaches of data privacy. The dynamic nature of cybersecurity threats requires ongoing monitoring, risk management, and timely implementation of mitigation strategies.

Recommendations
Manufacturers should build cybersecurity into devices from the design phase ("secure by design") and conduct a thorough risk analysis to identify and mitigate potential vulnerabilities. Premarket submissions should include comprehensive documentation of the device's cybersecurity controls, a risk management plan, and a plan for postmarket surveillance and response. Manufacturers should establish a robust postmarket surveillance program to monitor for, identify, and address new cybersecurity threats in a timely manner. Clear and informative labeling is essential to help users understand and manage cybersecurity risks.

Regulatory Considerations
The FDA has the authority to take action against devices with inadequate cybersecurity that pose a risk to public health. The agency recommends that manufacturers use the Q-submission process to discuss specific cybersecurity questions related to their device submissions. Compliance with recognized standards and best practices for cybersecurity is strongly encouraged. Manufacturers must report certain cybersecurity incidents to the FDA as part of their postmarket reporting requirements. The FDA collaborates with other government agencies and stakeholders to promote a coordinated approach to medical device cybersecurity.

Findings
Sites must establish effective data privacy and security plans, especially considering regional and global regulations like GDPR.
Risk mitigation is critical, including plans to address unanticipated issues and potential patient disengagement due to technology challenges.
Budgeting and contracting often involve additional considerations, such as storage, training, and technical support requirements for connected devices.
Sites require adequate training to ensure staff and patients are prepared to use connected devices efficiently.
Companion applications or services often play an essential role in device functionality and data transmission.

Recommendations
Develop a clear plan for data pathways, including storage, security, and regulatory compliance.
Establish detailed risk mitigation and management strategies to handle unexpected challenges.
Ensure comprehensive training programs for site staff and patients to enhance device usability.
Incorporate device storage and resource allocation into budgeting and contracting processes.
Facilitate effective communication with sponsors and vendors to resolve operational and technical issues promptly.

Regulatory Considerations
Ensure connected devices comply with CFR 21, Part 11, and other relevant data collection and transmission regulations.
Understand and adhere to local and regional data privacy laws, such as GDPR, when managing patient data.
Verify that appropriate licenses and regulatory approvals are in place for device data transmission and storage.
Assess and address shipping and handling regulations for devices, ensuring safe and compliant transportation.

Findings
FDA considers electronic records and signatures to be equivalent to paper records and handwritten signatures when they meet the requirements of 21 CFR part 11. Advances in technology, including Digital Health Technologies (DHTs) and cloud computing, necessitate updated guidance on ensuring the authenticity, integrity, and confidentiality of electronic data in clinical investigations. Records submitted to the FDA under predicate rules (e.g., marketing applications) are subject to part 11. FDA does not intend to assess the compliance of external Real-World Data (RWD) sources like Electronic Health Record (EHR) systems with part 11, but the sponsor remains responsible for the quality and integrity of all submitted data.

Recommendations
Risk-Based Validation: Regulated entities should use a risk-based approach to validation for all electronic systems deployed, proportionate to the risks to participant safety and reliability of trial results. Validation must cover system functionality, trial-specific configurations, customizations, and interoperability.
Data Retention & Audit Trails: Electronic records must be retained for the applicable period in a secure and traceable manner. Audit trails must capture all changes (old/new value, user ID, date/time) and should be protected from modification.
Security & Access Controls: Logical and physical access controls (e.g., strong login credentials, multi-factor authentication) must limit system access to authorized users based on a documented risk assessment. Security safeguards (e.g., encryption, antivirus) must be in place to protect data at rest and in transit.
DHT Use: DHTs should be selected and validated to be fit for purpose. The data originator (person, system, or DHT itself) must be associated with every data element as part of the audit trail. The final location of source data for inspection is the durable electronic data repository, not the individual DHT.
Outsourcing: Regulated entities must have a written agreement with IT service providers (including for cloud computing) detailing roles, responsibilities, and the service provider's ability to provide data integrity and security safeguards. The sponsor must maintain oversight.

Regulatory Considerations
FDA does not certify electronic systems or signature methods; they are evaluated during inspection. Users of electronic signatures must submit a letter of non-repudiation to the FDA certifying that the electronic signature is the legally binding equivalent of a handwritten signature. Security breaches impacting participant safety or privacy should be reported to the IRB and FDA in a timely manner.

Findings
The FDA considers electronic records and signatures equivalent to their paper counterparts when they meet the requirements of 21 CFR Part 11. Due to technological advances, electronic systems and digital health technologies (DHTs) are now integral to clinical trials, requiring a modern, risk-based approach to ensure data integrity. Sponsors remain ultimately responsible for the quality and integrity of all data submitted, even when using third-party IT service providers or data from real-world sources like EHRs. The authenticity, integrity, and confidentiality of electronic data are paramount and must be maintained through robust system controls throughout the data lifecycle.

Recommendations
Regulated entities should use a justified and documented risk-based approach to validate all electronic systems before and during a clinical trial, with the level of validation depending on the system's potential to impact participant safety and trial result reliability. Secure, computer-generated, time-stamped audit trails must be implemented to track the creation, modification, and deletion of all electronic records without obscuring original data. Robust logical and physical access controls are necessary to limit system access to authorized individuals. Entities should have written agreements with IT service providers that clearly define roles, responsibilities, and procedures for ensuring data security and long-term retention.

Regulatory Considerations
The requirements of 21 CFR Part 11 apply to all electronic records created, modified, or submitted to the FDA under predicate rules for clinical investigations, including those from foreign sites under an IND or IDE. While the FDA does not intend to assess the Part 11 compliance of external source systems like EHRs, data becomes subject to these regulations once transferred into the sponsor's electronic system. During inspections, the FDA will focus on system validation, data handling procedures, security protocols, audit trails, and documentation of sponsor oversight. Users must certify to the FDA that their electronic signatures are the legally binding equivalent of handwritten signatures.

Findings
Misclassification of wakefulness during sleep periods and issues with tracking outside main sleep bouts.
Bias in performance evaluation studies due to limited representation of diverse populations.
Hidden complexities in consumer-grade devices related to data access, fees, privacy, and security.

Recommendations
Carefully interpret study results based on wearable sleep-tracking technology data.
Address biases in study populations by including diverse cohorts.
Ensure proper preprocessing of data from consumer-grade devices.
Avoid inserting personally identifiable information in device settings.
Evaluate issues related to specific populations like minors.

Regulatory Considerations
Complexity of privacy laws across different countries.
Need for strategies to protect personal information in device settings.
Consideration of specific population issues, such as minors, in regulatory frameworks.

Findings
Decentralized Clinical Trials (DCTs), which shift activities away from sites, rely heavily on technology to reduce participant burden and improve access to trials. Digital platforms are essential for this shift, providing centralized data capture, remote monitoring, and streamlined workflows. Benefits include allowing participants to be monitored remotely, which can improve self-management and clinical outcomes, and giving researchers better insight into the real-world variability of disease activity. Currently, commercial platforms are often limited in functionality and face major challenges due to a lack of interoperability and specific data standardization protocols for clinical trial platforms, making it difficult to integrate third-party modules.

Recommendations
The paper strongly recommends the adoption of unified, integrated, and DCT-specific digital platforms to fully realize the benefits of decentralization. Platform developers should adopt international standards for health data exchange, such as HL7 FHIR and CDISC standards (PRM, CDASH, ADaM), to address the lack of data standardization and improve interoperability and modularity. Platforms should incorporate features that enhance participant engagement and adherence, such as customization options, simple user interfaces (UIs), push notifications, gamification, and allowing access to participant data . Security and governance teams are paramount to manage risks associated with malware, lost devices, and ensuring compliance with local legislation and data security protocols.

Regulatory Considerations
Digital platform design must maintain digital security and compliance with local legislation and data standards. The paper notes that a fully integrated, unified digital platform in a best-case scenario would use pre-existing standards (like CDISC and HL7) to guarantee interoperability. Adopting these standards and recommendations for data sharing, privacy, and security, as recommended by organizations like the Healthcare Information and Management Systems Society, is critical for future digital components used in DCTs. Improved data integrity and accountability in platforms could be further explored using technologies like blockchain to create an immutable ledger.

Findings
The US regulatory landscape is more suitable for promoting innovation in digital health compared to Europe.
Traditional regulatory approaches are not keeping pace with technological advancements.
There is a lack of specific guidance on the use of wearables and software in clinical drug trials.
The US has a more advanced regulatory framework for drug development tools than Europe.

Recommendations
Use approved solutions or consider early qualification of drug development tools.
Engage early with FDA and EMA to define evidentiary standards and regulatory pathways.
Ensure correct regulatory classification of digital tools.
Engage early with regulatory authorities to navigate the regulatory landscape.

Regulatory Considerations
Digital tools must be fit-for-purpose for their intended use.
Sponsors must ensure conformity with GxP and local data privacy and cybersecurity laws.
Data from digital tools must deliver reliable data with tangible clinical benefits.
The context of use drives the benefit-risk assessment and evidentiary criteria for regulatory acceptability.

Findings
Limited use of BYOD in clinical trials and evolving regulatory guidance.
Potential biases due to participant preselection based on technology access and literacy.
Challenges in technology availability for generating study endpoints.

Recommendations
Ensure appropriate technology selection to meet study objectives.
Address potential biases in study population and data variability.
Implement mitigation strategies like provisioned technologies to avoid digital divide.
Develop a comprehensive statistical analysis plan for BYOD data.
Engage stakeholders early in the study design process.

Regulatory Considerations
Manage interactions with regulatory authorities on trial design and approval.
Prepare evidence dossiers for novel assessments via digital health technology.
Ensure compliance with guidelines like those from the Agency for Health Research and Quality.

Findings
Nocturnal scratch is a clinically relevant behavior that impacts sleep quality, skin integrity, and overall disease burden in conditions like AD.
Traditional clinical outcome assessments (COAs) often fail to adequately measure scratching behavior, making digital measurement an important complement.
Digital health technologies, including wearables and sensor-based monitoring, enable passive and objective measurement of scratch behavior without relying on patient recall.
Regulatory agencies emphasize the importance of validation, ensuring digital measures are fit-for-purpose and aligned with patient needs.
Privacy, security, and compliance considerations must be prioritized, particularly in decentralized clinical trials using real-world data collection methods.

Recommendations
Digital measurement of nocturnal scratch should be integrated as an endpoint in clinical trials to capture patient-relevant outcomes objectively.
Sensor-based tools must undergo validation processes, including analytical and clinical validation, to ensure accuracy and reliability in different populations.
Stakeholders should align terminology and measurement definitions to support consistency across studies and regulatory submissions.
Usability testing with patients is critical to ensuring that wearable devices are practical and minimally burdensome.
Clinical trials should incorporate data privacy protections and clear informed consent processes to safeguard patient information.

Regulatory Considerations
FDA encourages early engagement to discuss digital endpoints, particularly through the Critical Path Innovation Meeting (CPIM) process.
Digital tools used for clinical investigations should align with 21 CFR Part 11 compliance for electronic records and data integrity.
Sponsors should ensure that digital health technologies used in trials meet validation criteria, including fit-for-purpose assessment and clinical relevance.
Privacy regulations, including GDPR and HIPAA, must be considered when handling patient data collected via wearable sensors.
Post-market monitoring and long-term validation studies are recommended to ensure continued accuracy and reliability of nocturnal scratch measurements.

Open source: Core Digital Measures of Nocturnal Scratch

Findings
The DTRA Best Practice Evaluation Rubric uses five dimensions to determine if a DCT practice should be considered a "best practice":
Evidence of Success: Requires measurable and demonstrable success using KPIs and tangible outcomes.
Improving Patient Experience: Must address the needs of patients, caregivers, and therapeutic experts, demonstrating improved experience and engagement.
Site Impact: Must consider the implications of adoption and the practical impact on site burden and working practices.
Operational and Technical Feasibility: Ensures operational and technical aspects (including ongoing support, security, integrity, scaling, and reuse) have been fully considered when deploying new technologies.
Regulatory & Ethical Compliance: Requires appropriate consideration of global and local regulations and guidance (e.g., ICH E6/E8, GDPR, HIPAA), including adherence to privacy, consent, and ethical safeguards.

Recommendations
A practice should demonstrate several key factors across the dimensions:
Patient-Centricity: Reduce patient burden by offering the option to reduce physical visits and enable greater patient empowerment and access to information. It should strive to increase the diversity of recruited patients while mitigating bias toward technologically literate patients.
Site Support: Achieve a net reduction in burden for sites, utilizing simple, intuitive technology with minimal, on-demand training. It must provide clarity of fiduciary responsibility and use technology to increase risk-based monitoring without sacrificing data integrity.
Technical Rigor: Have a clear problem statement and a thoroughly defined strategy to mitigate operational and technical risks. It should take a holistic approach and ensure the solution is fit for use for the specific patient population, aligning with data privacy and security standards.

Regulatory Considerations
Practices must ensure compliance with both global and local regulations and Health Authority guidance. Explicit attention must be given to aligning with ICH E6 (Good Clinical Practice) and privacy laws like GDPR and HIPAA. The design must protect stakeholders providing sensitive or personal data with safeguards to ensure ethical safety.

Findings
There is a need for rapid development of solutions for monitoring Long COVID symptoms due to their variability and lack of treatment options.
Barriers include patient acceptability and the healthcare system's readiness for new technologies like vocal biomarkers.
The health status of patients, particularly those with severe symptoms, may limit their ability to participate in regular voice recordings, affecting adherence.

Recommendations
Involve end users in the co-design of digital health solutions to ensure they meet needs and expectations.
Develop telemonitoring solutions that allow for accurate follow-up and complement on-site evaluations.
Implement feedback loops to improve both the solution and the algorithm through lessons learned in population studies.
Ensure that voice data collection is diverse enough to represent the target population and decrease systemic biases.
Obtain explicit consent prior to voice data collection to comply with data protection regulations.

Regulatory Considerations
Voice data is considered identifying and sensitive, requiring compliance with various data protection laws.
Explicit consent is necessary for voice data collection to minimize future risks.
Validation through clinical trials is required to prove clinical benefit, effectiveness, and security.
CE marking or FDA certification will be mandatory to bring the solution to market.
Requests for reimbursement can be made after proving the clinical and economic interest of the digital system.