- Open Access
- Open Peer Review
Implementation of clinical research trials using web-based and mobile devices: challenges and solutions
BMC Medical Research Methodology volume 17, Article number: 43 (2017)
With the increasing implementation of web-based, mobile health interventions in clinical trials, it is crucial for researchers to address the security and privacy concerns of patient information according to high ethical standards. The full process of meeting these standards is often made more complicated due to the use of internet-based technology and smartphones for treatment, telecommunication, and data collection; however, this process is not well-documented in the literature.
The Smart Heart Trial is a single-arm feasibility study that is currently assessing the effects of a web-based, mobile lifestyle intervention for overweight and obese children and youth with congenital heart disease in Southwestern Ontario. Participants receive telephone counseling regarding nutrition and fitness; and complete goal-setting activities on a web-based application. This paper provides a detailed overview of the challenges the study faced in meeting the high standards of our Research Ethics Board, specifically regarding patient privacy.
We outline our solutions, successes, limitations, and lessons learned to inform future similar studies; and model much needed transparency in ensuring high quality security and protection of patient privacy when using web-based and mobile devices for telecommunication and data collection in clinical research.
The use of web-based applications and smartphones is becoming more prevalent in healthcare and clinical research settings. The various uses of internet and mobile technology include: health information systems in hospitals; outpatient monitoring, such as wearable telemetry systems (Body Scan Networks) that measure physiological changes in patients with chronic illnesses [1, 2]; telecommunication between patients and healthcare professionals, such as tele-counselling and text reminders for mental health patients [3–5]; and data management systems for clinical research studies . There are many benefits of web-based and mobile technologies, including continuous monitoring for chronically ill patients, better quality care and feedback, reduced hospitalization time, increased medical capacity, and reduced medical cost [1, 2, 7]. However, amidst the rapid spread and progression of technology in healthcare, we must uphold high ethical standards for protecting patient privacy. Kotz et al. cautions that designers and developers of healthcare information technologies must address security challenges; otherwise, the benefits for healthcare information technology (IT) will be elusive . The very nature of the internet introduces security and privacy issues, including potential privacy breaches through hacking and data corruption during transfer . A review by Seko et al. revealed that ensuring confidentiality and privacy was the most commonly stated concern in published studies regarding mobile mental health interventions for adolescents .
Despite the ever-present security concerns, the process of addressing these concerns, especially in the development and implementation of web-based, mobile health interventions, is not well-documented and fragmented in literature. Literature is fragmented in terms of techniques and schemes that are used, such as data encryption, anonymization, and pseudonymization techniques. Also, few studies report the entire process of gaining ethics approval regarding patient privacy or how different frameworks and techniques are used specifically in clinical research to develop and implement a web-based mobile intervention. Clinical research studies implementing web-based mobile health interventions do not often discuss data security in detail. Those that do report security measures for collected data most commonly report having secure servers/institution firewalls, username/password authentication, 128-bit data encryption, and de-identification of personal information. Each intervention is unique, with different methods for interacting with participants and requiring tailored safeguards for protecting patient privacy. Without a standardized procedure for implementing web-based and mobile systems in clinical research, it is important to demonstrate transparency regarding security and protection of patient privacy when conducting such studies. This is not only to inform other researchers, but to demonstrate ethical duty to privacy.
The “Smart Heart” Trial
The Smart Heart Trial is an ongoing single arm feasibility study to examine how a 12-month lifestyle intervention will impact health and well-being measures, such as body weight and body composition, in overweight and obese children and adolescents with congenital heart disease (CHD) in Southwestern Ontario. All participants are provided with a complimentary smartphone and 1-year mobile plan. The intervention consists of nutrition and fitness counseling provided over the phone by health coaches (dieticians and fitness specialists). There is also a web-based component, which provides participants with optional e-mails for communicating with their health coaches and a goal-setting application introduced 6 months into the program for recording daily activity and nutrition behaviours. Health coaches have administrative access to the web application in order to follow and comment on each participant’s progress. The data collected is used to inform health coaches in their practice and to evaluate the web-application (patterns of use) and define participant engagement in the program. There was an unexpected delay in gaining ethics approval for this study, for there were concerns regarding the web-based component and potential risks for patient privacy. In addressing the privacy issues raised by our research ethics board, we strengthened our security measures and recognized the importance of protecting patient privacy when implementing web-based applications for clinical research.
Ethical standards and legislation regarding patient privacy in Canada
In Ontario, Canada, all healthcare practices must adhere to the Personal Health Information Protection Act (PHIPA), a provincial law based on 10 privacy principles: 1) Accountability for personal health information (PHI); 2) Identifying purposes for the collection of PHI; 3) Consent for the collection, use, and disclosure of personal information (PI); 4) Limiting collection of PHI; 5) Limiting use, disclosure, and retention of personal information (PI); 6) Ensuring accuracy for PHI; 7) Ensuring safeguards for PI; 8) Openness about PI policies and practices; 9) Individual access to own PI; and 10) Challenging compliance with the hospital’s privacy policies and practices . All research involving human subjects in Canada must adhere to the Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans (TCPS2), a joint, federal policy of the Canadian Institutes of Health Research (CIHR), the Natural Sciences and Engineering Research Council of Canada (NSERC), and the Social Sciences and Humanities Research Council of Canada (SSHRC) . The policy’s section on Privacy and Confidentiality states that researchers have an ethical duty of confidentiality, safeguarding information entrusted to them without misusing or wrongfully disclosing it . The Smart Heart Trial underwent ethics review by two organizations, London Health Sciences Centre (LHSC) and Western University, ensuring the study met PHIPA, TCPS2, as well as hospital policies and ethical standards.
The objective of this paper is to provide a detailed overview of the challenges the Smart Heart Trial faced in meeting the high standards of the research ethics board (REB), specifically regarding patient privacy. We outline our solutions, and describe their successes and limitations, in order to inform future similar studies and model much needed transparency in ensuring high quality security and protection of patient privacy when using web-based and mobile devices for telecommunication and data collection in clinical research.
Addressing privacy issues for smart heart trial
Disclosure of information regarding Web application security measures
The first REB request was a full description of the web application and how it protected patient privacy. Thus, we provided information on: 1) data type and delivery, including study population, data storage locations, logging, and data retention; 2) privacy, including information security, access to information, disclosure, and consent; and 3) security, including hosting environment and authentication. This information is summarized in Table 1.
Despite these safeguards (Table 1), the REB required further information which caused a delay in the initiation of the study, due to a number of special issues associated with the use of web-based services to gather the anonymized data. We recognized the severity of the following issues raised by the committee, and accordingly, we prepared the following response to the specific items raised by the REB. As such, this information may prove valuable in assisting other researchers with navigating policies of their own REB.
Ontario’s “PHIPA” privacy laws are based on 10 privacy principles. Of these principles 1 to 4 pertain to the “Accountability, Collection, Consent, and Constraints and Limits” on data collection. These are addressed through non-technical means, through the protocols of the study and the interactions with participants, as governed by the Research and Ethics Protocol of our study; these are general administrative principles. Similarly, principles 5, 6, 8 and 10 regard policies that limit the use and restrict disclosure of records, as well as ensuring accuracy and openness of these policies. Principle 9 deals with “individual access” to records. Since our patients enter their own data, and no other information is stored, they have first-hand knowledge of this information. No mechanism is provided to enable participants to directly access the recorded information once it is entered. However, participants are able to access to their own data in order to review their progress, as part of the experimental protocol, by contacting the Study Consultant. What remains to be addressed is principle 7, which deals with “Ensuring Safeguards” for participants PI, and is the focus of the remainder of our report.
Addressing the general vulnerability of Web-based services
We were asked by the REB to address a number of generic concerns regarding the general security of web services. This is not an unreasonable request; yet many of the REB’s concerns were couched in technical terms such as ‘minimization of attack surface’ and other web security idioms. The techniques we utilized for re-deploying our web application prototype intrinsically allowed for a rich layer of security. To be sure, most IT teams, even the ones who actively engage in threat modeling, do not understand their web application’s attack surface. From an architectural standpoint, it is typical for such teams to brainstorm with a whiteboard, and create a high-level diagram of all the major components and how they interact. From the source code perspective, you can examine the dependencies between files and what database permissions are needed. One can even point to the encryption scheme used by our internet services provider. For complex systems, this exercise can provide a complete picture of the processes, data flows, protocols, privilege boundaries, external entities, and so on, which would provide you with an understanding all of the potential attack vectors. However, in our particular case, the interactions were not complex and quite straightforward, without interactions between service-oriented modules.
To address these security concerns we employed a defence strategy using coordinated protective layers in combination with arranging the defence components in ways that are complementary and co-supportive. This is exactly the sense in which it is used for security and safety precautions -- to concede that no single defence can be perfectly reliable. Typically, this involves using multiple passwords, anti-virus software, secure server technology and internet firewalls. We employ these and make use of Logging and Sandboxing -- the recording of all interactions, and ensuring that no general “shell script” functions are enabled along with the data records, respectively. From that top-level perspective, we describe our approach to defence and security.
Minimization of the attack surface
It used to be that web application security considerations were restricted to concerns over the number of ports that would be open on a server. Modern operating systems have fully specified firewall rules implemented. In the creation of our SQL database, we do not allow other web services to access this database. We make use of the secure Entity Framework to display data from the single table on a page when requested by the authorized administrator of the project; and this is handled by the Microsoft secure framework and the Model, View, Controller (MVC) software pattern (Fig. 1).
Use of defense in depth
Web Service developers typically make use of pre-existing service libraries; following the installation instructions to define and map two servlets into the web.xml file, and then to integrate with the web app. After a bit of educated trial and error, it may become functional. This is where most developers stop. Unseasoned developers might need to make use of a web “action” parameter which can be function-typed as either “view”, “edit”, or “delete”; and what if their application only uses “view”? They would still be exposing the other actions for probing by anybody who knows the URL syntax for that API. In our development, we have considered the critical question: “How much functionality do we actually need?”. Our application makes straightforward use of HTTP get and post with validation methods. We have provided full implementations of the API methods for forms posting and database queries, thus eliminating these attack modes. We make use of input validation when the forms are posted, and we have full access to our website files at all times, addressing the final question on fixing code directly (Fig. 2).
“Defence in Depth” is the old military strategy of arranging protective layers in a coordinated fashion -- the goal is to slow the advance of the enemy, rather than to suppose that one fail-safe line can ever be established as an absolute wall to the attack. Secure systems need to be developed according to the principle that each application layer and sub-system is responsible for its own security. Each level should function as its own gatekeeper and act as if it is always interacting directly with the outside world, authenticating and authorizing users before allowing them to perform any actions. Our design employs this methodology through the use of web authentication, which utilizes anti-forgery tokens for each transaction between client and server.
Use of least privileges
Our Web Application handles input requests from the users by executing them with the least amount of privilege. We have designed our application not to require elevated rights and avoid scenarios that require them. When required, they would be temporary and restricted by granting them for only the minimum time required to complete the task followed by immediate removal. There is also no disk access, and consequently, files cannot be deleted, uploaded or executed.
Employment of secure defaults
Starting with version 1.1, ASP.NET has built-in input filtering for implementation of secure defaults. Any attempt to submit a request containing bracketed tags (“<“or”>”) in any of its form data, query string parameters, or cookies, results in an error page indicating that malicious input has been detected. This, in addition to our server-side validation, prevents malicious attack through the HTTP request. We also make use of SQL Membership, which is a “secure default” implementation for the Database Access side.
Assumption that the external systems are insecure
Successes, limitations, and lessons learned
The Smart Heart Trial was approved in June 2012 by delegated review of the Clinical Research Impact Committee of the LHSC and Western University (REB #18843).
A limitation of the Smart Heart Trial’s web application is that a user has unlimited tries to log in to the web application. However, the user is not informed whether their error is in the username or password, rendering automatic username/password generators ineffective. Furthermore, there were “trade-offs” between web application functionality and security—the more complex the application, the greater the security risks. Initially, we wanted to implement a complex feedback system between participants and health coaches where participants can view their progress to date. However, allowing patients to view their previous data entries may mean increased potential for unauthorized outsiders to also access this data. Time constraints also influenced the nature and quality of the security system. For example, we chose a third-party web server provider, for it would have taken approximately 8 months to implement the application on the hospital server. Additionally, the web application received approval much later than other components of the study intervention. Thus, we began our study without the web-based application and decided all participants should enroll in it in the second half of the intervention timeline. This approach has two advantages: 1) all participants will receive the same intervention and 2) we will be able to evaluate if adding the web-based application enhances the compliance of participants and study outcomes. Future studies should consider these factors (time and “trade-offs”) when designing web-based applications, being prepared to make sacrifices on application functionality or adapt to changes in timelines during implementation.
Advances in information technology open up a new realm of possibilities for health services and clinical research using web-based applications and mobile devices. Healthcare practitioners and researchers must not neglect their ethical duty to protect patient privacy in their pursuit of developing and implementing the next innovative health technology. This paper discusses, and offers some solutions to, the challenges of protecting patient privacy by outlining the security solutions to a web-based, mobile lifestyle intervention for obese children and adolescents with CHD, and their strengths and weaknesses against threats such as misuse of patient identities and unauthorized access to PI.
In reporting our process, we demonstrate dedication to our ethical duty to protect patient privacy. This transparency and reporting of data security in clinical research can help keep researchers accountable, while also sharing strategies on how to address security and privacy issues. For example, Stopczynski et al. recommends openness amongst researchers collecting data using sensor networks so that new security platforms do not have to be created for every new study . Even in the private sector, Albrecht et al. calls for a standard reporting mechanisms for medical smartphone applications, especially those regarding security, to foster transparency and help users make informed choices . Similarly, we call upon clinical researchers to report on data security when publishing research on web-based and mobile health technology.
Each health intervention is unique as they differ in their purpose, target population, and methods for patient engagement. Thus, the security challenges will be unique. For example, in the Smart Heart Trial, there is no text message component, and consequently, no additional security risks. In contrast, Branson et al. sent text message reminders for appointments to adolescent outpatients, and employed an abbreviation technique (e.g., “C u Wed at 8”) to protect patient confidentiality. As solutions to unique security challenges are shared and reported, perhaps security and privacy developments will adapt in parallel to the proliferation of web-based, mobile technology in healthcare, capturing both ethical merit and innovation in the future of health technology.
Of course, it is still an open controversy as to what extent the PHI is placed at risk using electronic records. The interested reader can read more about the objective measures of risk in (Weston ) and more recent reports by the Ontario Director of Health Policy for a Canadian perspective (Grant and Di Re ). There will always be some level of risk associated with electronic record keeping, but properly implementing currently available technologies and defence strategies will minimize this risk to an acceptable level.
Congenital heart disease
Canadian institutes of health research
London health sciences centre
Model, view, controller
Natural sciences and engineering research council of Canada
Personal health information
Personal health information protection act
Research ethics board
Social sciences and humanities research council of Canada
Tri-council policy statement
Virtual private network
Chakravorty R. A programmable service architecture for mobile medical care. In: Fourth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PERCOMW’06): 2006. Pisa: IEEE; 2006. pp. 532–36. doi:10.1109/PERCOMW.2006.11.
Sahoo PK. Efficient security mechanisms for mHealth applications using wireless body sensor networks. Sensors. 2012;12(9):12606–33.
Seko Y, Kidd S, Wiljer D, McKenzie K. Youth mental health interventions via mobile phones: a scoping review. Cyberpsychol Behav Soc Netw. 2014;17(9):591–602.
Matthews M, Doherty G, Coyle D, Sharry J. Designing mobile applications to support mental health interventions. Handbook of research on user interface design and evaluation for mobile technology. 2008;635-656.
Branson C, Clemmey P, Mukherjee P. Text message reminders to improve outpatient therapy attendance among adolescents: a pilot study. Psychol Serv. 2013;10(3):298–303.
Pozamantir A, Lee H, Chapman J, Prohovnik I. Web-based multi-center data management system for clinical neuroscience research. J Med Syst. 2010;34(1):25–33.
Avancha S, Baxi A, Kotz D. Privacy in mobile technology for personal healthcare. ACM Computing Surveys (CSUR). 2012;45(1):3.
Kotz D, Fu K, Gunter C, Rubin A. Security for mobile and cloud frontiers in healthcare. Commun ACM. 2015;58(8):21–3.
Benfield JA, Szlemko WJ. Internet-based data collection: Promises and realities. J Res Pract. 2006;2(2):1.
Cavoukian, A. A Guide to the Personal Health Information Act. Information and Privacy Commissioner of Ontario. December 2004. From https://www.ipc.on.ca/wp-content/uploads/Resources/hguide-e.pdf. Accessed 13 Nov 2015.
Canadian Institutes of Health Research, Natural Science and Engineering Council of Canada, and Social Sciences and Humanities Research Council of Canada. Tri-Council Policy Statement: Ethical Conduct for Research Involving Humans. 2010. From http://www.pre.ethics.gc.ca/pdf/eng/tcps2/TCPS_2_FINAL_Web.pdf. Accessed 13 Nov 2015.
Stopczynski A, Pietri R, Pentland A, Lazer D, Lehmann S. Privacy in sensor-driven human data collection: A guide for practitioners. arXiv preprint arXiv:1403.5299. 2014.
Albrecht U, Von Jan U, Pramann O. Standard reporting for medical apps. Stud Health Technol Inform. 2012;190:201–3.
Peel D. U.S. Public Sharply Divided on Privacy Risks of Electronic Medical Records. From https://patientprivacyrights.org/?p=2577. Accessed 3 Jan 2017.
Grant D, Di Re M. Protecting Health Information in an Electronic Environment. Ontario Privacy Commissioner of Ontario Meeting Reaching Out to Ontario. May 6, 2015. From https://www.ipc.on.ca/wp-content/uploads/2016/09/health-powerpoint-roto-london.pdf. Accessed 3 Jan 2017.
We would also like to thank Adam A. Dempsey for his contributions to editing the manuscript.
This study was supported by research grants from Innovation Fund of the Alternative Funding Plan of the Academic Health Sciences Centres of Ontario (AMOSO, #INN 12-003) and a grant from Children’s Health Foundation, London, Ontario to Dr. K. Norozi.
Availability of data and materials
Data sharing not applicable to this article as no datasets were generated or analysed during the current study.
KN initiated the study and was supported by EW and LA-D. The first draft of manuscript was prepared by RE. KN, MR, SDJ, EW, LA-D, HP, AM and JS were involved in the development of the program as well as preparing the manuscript. TP was given honorarium for part of her time editing the manuscript. All authors read and approved the final manuscript.
The authors declare that they have no competing interests.
Consent for publication
Ethics approval and consent to participate
The Smart Heart Trial was approved in June 2012 by delegated review of the Clinical Research Impact Committee of the LHSC and Western University (REB #18843). No study participants were involved.
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Eagleson, R., Altamirano-Diaz, L., McInnis, A. et al. Implementation of clinical research trials using web-based and mobile devices: challenges and solutions. BMC Med Res Methodol 17, 43 (2017) doi:10.1186/s12874-017-0324-6
- Web-based technology
- Paediatric cardiology