Skip to main content
    All Episodes
    Episode 066 · April 10, 2026 · 41m listen

    Who Owns Patient Data Security in Trials with Rob Bedford, CEO of Franklyn Health | Ep. 65

    Rob Bedford
    CEO
    Franklyn Health

    Episode Summary

    This episode of The Med Device Cyber Podcast features Rob Bedford, CEO of Franklyn Health, discussing the critical role of Contract Research Organizations (CROs) in medical device development. The conversation highlights the unique challenges faced by small MedTech startups, especially concerning budget constraints, speed to market, and the need for specialized expertise in clinical research. Rob explains how Franklyn Health caters specifically to these smaller entities, offering cost-effective and agile solutions for navigating clinical trials. The discussion delves into the phased approach of clinical studies, from preclinical animal studies to first-in-human and pivotal trials, emphasizing the distinct pathways for medical devices compared to pharmaceuticals. A significant portion of the episode is dedicated to the integration of cybersecurity in the product development lifecycle. The speakers stress the importance of "security by design," advocating for early consideration of cybersecurity to avoid costly and time-consuming retrofits. They explore the implications of design changes on clinical data validation and the potential for a "quicksand" effect if cybersecurity is not baked in from the outset. Further, the episode addresses the allocation of responsibility and accountability in data protection during clinical trials, clarifying the roles of manufacturers, CROs, and principal investigators. The FDA's Q-submission process is lauded as an underutilized resource for early feedback, and the challenges of patient enrollment and ensuring diversity in clinical trials are also explored. The episode concludes with a strong emphasis on early planning and a reverse-engineering approach to regulatory and commercialization strategies, particularly when aiming for global markets given varying cybersecurity and clinical trial requirements.

    Key Takeaways

    • 01Small MedTech startups face unique challenges in clinical trials, including budget limitations and the need for rapid development, making specialized CROs essential.
    • 02Integrating cybersecurity into medical devices from the initial design phase is crucial to prevent "quicksand" scenarios, where retrofitting security later can invalidate clinical data and significantly delay market entry.
    • 03Accountability for patient data security in clinical trials ultimately rests with the device manufacturer (sponsor), regardless of delegated responsibilities to CROs or clinical sites.
    • 04The FDA's Q-submission process is a valuable, and often underutilized, tool for gaining early feedback on regulatory and clinical strategies, significantly de-risking product development.
    • 05Planning ahead by understanding target markets and their respective regulatory and cybersecurity requirements (e.g., FDA requirements for US patient data in clinical trials) is vital for successful global commercialization.
    • 06Enrollment is the greatest challenge in clinical trials, especially for rare conditions, often requiring more sites and can lead to study failures if not addressed effectively.

    Frequently Asked Questions

    Quick answers drawn from this episode.

    • This episode of The Med Device Cyber Podcast features Rob Bedford, CEO of Franklyn Health, discussing the critical role of Contract Research Organizations (CROs) in medical device development.

    • Small MedTech startups face unique challenges in clinical trials, including budget limitations and the need for rapid development, making specialized CROs essential. Integrating cybersecurity into medical devices from the initial design phase is crucial to prevent "quicksand" scenarios, where retrofitting security later can invalidate clinical data and...

    • Rob explains how Franklyn Health caters specifically to these smaller entities, offering cost-effective and agile solutions for navigating clinical trials. It's most useful for medical device manufacturers, cybersecurity engineers, regulatory affairs professionals, and MedTech founders preparing for FDA review.

    • Small MedTech startups face unique challenges in clinical trials, including budget limitations and the need for rapid development, making specialized CROs essential.

    Listeners also asked

    Quick answers pulled from related episodes.

    Share this episode

    Pre-fills with: "Small MedTech startups face unique challenges in clinical trials, including budget limitations and the need for rapid development, making specialized CROs essential."

    The CRO will do your MedTech study, but it's not their priority. What must it be like for the small MedTech companies? You've got a very limited budget. Responsible is who's doing it, and accountable is essentially who takes the fall if something goes wrong. I did a bit of market research together with a few co-founders. We spoke to CEOs of MedTech companies, and they all said the same thing: we are just completely unheard. CROs don't care about us. You are accountable if things go well. You're accountable if things go wrong. From a cybersecurity perspective, if a manufacturer delegates somebody else to create their software and there's a problem with the software, the manufacturer is the one accountable as well. Welcome back to The Med Device Cyber Podcast. Today, we're going to talk about CROs, which are a very important part of the ecosystem for medical device manufacturers and an often misunderstood part of the ecosystem. There's a little bit of confusion if it's a contract research organization or a clinical research organization. We're going to get to the clarity on that. We have a guest here, Rob, with a CRO, a relatively new CRO. He started London, well, I guess Brighton, a little bit south of London. We have Trevor, our co-host here, coming from San Francisco as usual. You can tell by his background. I'm coming from Tempe, Arizona. I just got back from Korea and traveled for I don't know how many hours yesterday. I got up at 3:00 this morning and was a little bit jet-lagged. So welcome to the show, Rob. Maybe you could introduce yourself and tell us a little bit about what you do and what your motivation was for starting your organization. Yeah, thank you, Christian. It's a pleasure to be here. For those listening, Christian and I have met a couple of times. Most recently, we met in Dubai at WHX Dubai, and he invited me to be a guest on his podcast. I'm thrilled to be here. I'm the chief executive of Franklin Health. We are a contract research organization, sometimes called a clinical research organization, though I think it's a contract research organization. Is that the more common term? Because I've heard people use it both ways. Yeah, I mean, it's an all-encompassing term, because when you think about a CRO, I always think about organizations that do clinical trials, perhaps regulatory affairs, but it also encompasses other specialist organizations that maybe do testing or manufacturing support. So CRO is kind of a broad term in the space that we're in. You're cybersecurity, I'm in clinical research, contract research organization. CRO typically means supporting the clinical regulatory part of a medical device manufacturer's journey. Awesome. And I know you specialize in smaller startups, is that right? Yeah, that's right. From a CRO perspective, I can speculate, but I'd like to hear you say like what are the differences? What would a small startup need versus a large startup, and why are you specializing in the small ones? Yeah, it's a great question, and it gets to the heart of our mission and the foundations of our company. I started my career in academia. I was a neuroscientist, working on treatments for inherited forms of blindness, and that was my first journey into translational research. I loved it, the idea of helping patients, helping fellow man. I then took a job in the NHS as a clinical trials coordinator, so I was working with patients to explain what phase three trials were, what a placebo was, and what a randomized control trial was. It was probably the best job I ever had. You could see the hope in patients' eyes and what it really meant to be in a clinical trial, because often if you're in a clinical trial, you've not got many options available to you, and that's where I've dedicated my career ever since. To answer your question, I know I'm taking a long way to answer your question. I've always worked for large manufacturers, large Fortune 500 medical device manufacturers and diagnostics manufacturers, and I've outsourced lots of clinical studies to big CROs, to medium-sized CROs. It's clear, and everyone will agree in the MedTech industry, that the focus is on pharma because the budgets are much higher. A phase three oncology trial is orders of magnitude more expensive than medical device trials. The experience I had was okay, the CRO will do your MedTech study, but it's not their priority. I just always had this wonder in my mind: what must it be like for the small MedTech companies? You've got a very limited budget. You've got investors breathing down your neck. You've got a limited runway. So I did a bit of market research together with a few co-founders. We spoke to CEOs of MedTech companies, and they all said the same thing: we are just completely unheard. CROs don't care about us. And when we do work with a CRO, we're just not a priority because the priority is Medtronic Boston Scientific. So we started our organization to only work with this segment of the market. Now I'm going to finally answer your question. What is the difference? First is budget. Typically, small MedTech companies don't have the budget of Boston Scientific, so you need to be very flexible and careful with your regulatory strategy or your clinical strategy. If you're a huge MedTech company, you can target 10 regions at once and have commercial success globally. If you're a small MedTech company, you might think,

    Hosted by

    More from your hosts

    Other episodes diving into Christian and Trevor's areas of focus.

    Episodes covering similar ground.

    Why this matches covers similar themes around planning, commercialization, requirements.

    Why this matches covers similar themes around commercialization, small, startups.

    Listen to this episode