Might the Remote Monitoring of Clinical Trials in Europe Continue after Covid-19 Despite Data Privacy Concerns?

Olivier Goarnisson in Geneva and Francesca Blythe in London look at the benefits that were seen when some European countries temporarily permitted remote monitoring during the pandemic, and consider whether remote monitoring might have a long-term future if data privacy concerns are addressed.

The pressures of COVID-19 led some countries to pass temporary measures allowing clinical trial monitors to check patient records remotely. This, of course, made sense during the pandemic, as monitors faced travel restrictions and in some circumstances were barred from hospitals where access was strictly limited to patients.

But the countries that did permit remote monitoring during the height of COVID-19 have been clear in saying that pharma companies should not expect such a change. They have said that, post pandemic, monitors will once again be restricted to viewing patient records on site only.

However, many pharma companies saw benefits to remote monitoring of clinical trials during the pandemic. These included a reduced workload and the facilitation of more efficient working practices. It was also the practical experience of many that remote monitoring makes it easier for pharma companies to ensure that they are compliant. For these reasons, there are many in the life sciences industry who are hoping that after COVID-19, this practice might be allowed to continue in the long term in the countries where it had been temporarily permitted. It is also arguable that some countries that continued to prohibit remote monitoring of clinical trials during the pandemic did so chiefly because of uncertainty in the absence of any guidance.

After the pandemic, the European pharmaceutical industry lobbied for guidance on whether remotely-monitored clinical trials might be permitted to continue in some limited circumstances. In the absence of guidance, they were reluctant to launch remotely-monitored trials because of fears of not adequately complying with the requirements of data protection legislation. However, the EU medicinal product agencies are now working towards producing guidance on this issue. As we await the publication of the guidance, remote access to and review of patients’ medical dossiers and charts remains an issue for many agencies in the EU.

Data protection concerns on the part of the regulators are, arguably, excessive. The pressures of the pandemic led us to develop, much faster than would otherwise have happened, safe ways to remotely monitor without being either duly restrictive or violating patients’ rights. Good remote-monitoring practices that we saw during the pandemic included a monitor receiving a password to access electronic patient records, which was valid for only 24 hours, to a read-only version of a file which they had no ability to save.

Such practices were completely in line with European data protection rules which – in the case of the EU’s GDPR – says that if you have a legitimate purpose you can be given access to data, provided that these data are strictly limited to what is necessary for that purpose. Remote monitoring of clinical trials certainly has a legitimate purpose, i.e. that of scientific research in order to develop medicines, and also verifying that no fraud has occurred and that the study is conducted in accordance with scientific standards.

Even in the absence of regulatory guidance, it ought to be possible right now to launch a remotely-monitored clinical trial which takes proper account of EU data protection regulation. To do so, you would need (amongst other things) to be very clear to study subjects about what data from medical records the pharma company is being granted access to.

You would also need to consider how remote access could be granted whilst complying with the security requirements of the GDPR including, for example, implementing restrictions on access to certain individuals. Access to medical records should be monitored and logs developed/maintained. Consideration would also need to be given to cross-border transfers of data, i.e. by virtue of the remote access, and how such transfers could be carried out lawfully.

It’s likely that remotely monitored clinical trials will continue and that they will become much more commonplace. Ultimately, guidance and regulation will be needed, not only to address data protection issues but also to cover a host of regulatory matters, including methodological issues around potential biases.

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.