Legal analysis – actual state and assumptions of functioning
Assumptions of functioning of MCR Clinic base systems: eSource Manager and eSource Viewer were tested in university teaching hospitals in cooperation with leading pharmaceutical companies.
The eSource Manager tool was intended for the center for comprehensive and effective management and contracting of clinical trials conducted by the center. On the other hand, eSource Viewer was designed for sponsors and CROs to monitor clinical trials by providing monitors with remote access to trial participants’ EDM.
These systems worked with:
- MCR Clinic’s proprietary database, consisting of data entered directly by eSource Manager users (personal information, positions, roles of site investigators, information on study contracts)
- data coming from the center’s electronic database (HIS),
- data from the medical records of patients whose personal information was anonymized and who gave written consent to participate in the clinical trial.
Anonymized patient data from the HIS database of the site that contracted with the eSource Manager and eSource Viewer were imported into their database using an intermediate integration layer installed at the HIS.
Agreements signed by MCR Clinic with HIS provider of a given facility
Contracts signed by MCR Clinic with HIS provider of a given center included:
- flow of data exported from HIS to eSource Manager and eSource Viewer database, including their proper anonymization before importing to database of both systems,
- sharing data from HIS and the agreement with the center,
- providing the center with access to eSource Manager and eSource Viewer,
- to grant access to the HIS database and create an intermediate integration layer at the HIS, as well as agreements signed between the HIS vendor and the center.
These agreements contained provisions securing the proper flow of data exported from HIS to the eSource Manager and eSource Viewer database, including their proper anonymization prior to import into the database of both systems.
Users of eSource Manager and eSource Viewer used the imported data without the possibility of direct access to HIS and only within the scope of access granted to them, e.g. the monitor of a given study had access only to the records of patients participating in this study.
Contracts for access to IT systems
Information systems agreements entered into by the CR Monitor with sites and sponsors included provisions authorising the CR Monitor to process personal data of persons involved in a study (research team, support staff, monitors) whose data were transferred to the eSource Manager and eSource Viewer databases.
Result of the legal analysis
The presented facts were subjected to legal analysis in terms of compliance with the applicable legal regulations, with particular emphasis on the regulations in the area of clinical trials, personal data protection and the healthcare information system.
As a result of the analysis, both eSource Manager and eSource Viewer and the assumptions of their functioning were found to be compliant with the applicable law, including:
- The eSource Manager and eSource Viewer systems did not violate applicable laws and standards for conducting clinical trials, as they were not intended to fully replace the traditional form of clinical trial monitoring, but were complementary to it.
- They improved standards (e.g. actual anonymization of patient’s personal data for the purposes of monitoring the study) and efficiency of the process of monitoring and study management by research institutions.
- It was found that the use of both systems guaranteed the basic principles of proper clinical trial monitoring and data management, i.e. protection of the rights and welfare of trial participants, collection and reporting of reliable, complete and verifiable data based on source data, and conduct of the trial in accordance with the current protocol, GCP rules and other legal regulations.
- The eSource Manager and eSource Viewer systems complied with the basic principles of EDM, which mandated, among other things, securing documentation against damage or loss, integrity of documentation content and metadata, consisting of protection against changes (except for changes made under established and documented procedures), permanent access to documentation for authorized persons and protection against unauthorized access, making documentation available while maintaining its integrity and protecting personal data.
The above requirements were met by the following functionalities:
- use of Monitor CR systems prevented interference with the hospital’s ICT system by third parties
- exporting patient data using an intermediate integration layer (instead of direct integration of eSource Manager and eSource Viewer databases with the HIS system)
- providing and maintaining only “one-way communication” from the HIS system to the eSource Manager and eSource Viewer system database
- providing anonymized patient data to the Monitor CR systems database and providing specific therapeutic data about the patient – not a full, comprehensive record – relative to the patient’s recruitment to the study or participation in the study
The eSource Manager and eSource Viewer were compliant with data protection regulations, as anonymization of patients’ personal information was ensured before it was entered into the database of both MCR Clinic systems.
Patients consented both to recruitment and participation in the study and to the processing of their personal information by those with access to it (e.g., the investigator).
The contracts with the center and the sponsor had appropriate provisions whereby the CR Monitor, as processor (contract processor), was entrusted with the processing of personal data of individuals involved in the conduct of the study.