As sponsors seek additional ways to increase patient numbers and patient diversity, multinational clinical trials may be an important part of that puzzle.
Of course, when patients agree to participate in a clinical trial, they do so with the knowledge and consent that their data will be shared among the parties for that purpose. However, there are laws in place to protect each patient’s data.
The sponsor or biotechnology company is responsible for ensuring compliance with data protection laws in the region in which the trial is conducted. If a sponsor is planning a trial in multiple countries, they will want to collect the same data for all enrolled patients, but this may not be possible. As a result, conducting global clinical trials can be difficult, especially for biotech startups that do not fully understand global laws.
Individual country laws may override broader laws
While the EU has a General Data Protection Regulation (GDPR), this can be superseded by national legislation, making it even more of a minefield as to what rules regulatory sponsors should comply with. I am.
Dr. Tim Schwartz, a digital health lawyer at Taylor Wessing in Germany, says this is where the challenge arises.
“This is difficult. The GDPR has general rules, but you also need to look at national laws. Approaches across Europe vary widely in how they are interpreted and applied. It relies on research privileges,” he explains.
Access the most comprehensive company profiles on the market with GlobalData. Save research time. Increase competitiveness.
Company Profile – Free Sample
You will receive a download email shortly
We are confident in the unique quality of our company profile. However, we want you to make the decision that is most beneficial for your business, so we are offering free samples that you can download by submitting the form below.
by global data
“In Germany, for example, it is required by law to obtain informed consent when personal health data is processed as part of a clinical trial. Different patients also have different requirements for informed consent forms. .”
Even within the United States, different states have passed different data privacy laws, with a total of 13 states passing comprehensive data privacy laws by the end of last year. These states are California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Texas, Florida, Montana, Oregon, and Delaware.
Katherine Greger, chief clinical trials officer at Florence Healthcare, said a lack of consistency even within the United States makes it difficult for sponsors to scale up trials. Gregor said Florence Healthcare is advising sponsors and biotech companies on what can and cannot be done on a country-by-country and state-by-state basis because it can be very confusing. .
“Without a federal position, we are conducting investigations state by state, making it difficult to conduct and scale trials across multiple states within the United States. It will be similar,” says Gregor. “It’s not always consistent, so you have to look at each location to see what you can and cannot do.”
Kyle Faggett, co-chair of Foley & Lardner LLP’s Medical Devices and Devices Group, said that for U.S. biotech startups, understanding the U.S. legal framework can be very difficult, much less in the EU. He says it is difficult to understand how they differ.
“The question is whether these biotech companies want to conduct clinical trials in these jurisdictions because the risks are high and the penalties are high,” Faggett said. “It’s a huge undertaking for companies to grapple with all these additional laws, especially when they’re more aggressive than the United States.”
planning is key
Patient data is anonymized before being provided to sponsors, but sponsors may not always be able to collect the data they want, especially for patients in the EU, where laws are generally stricter.
Heather Delgado, a partner in the healthcare practice at US law firm Burns & Thornburg, said EU sponsors are less likely to comply with global clinical trials than US sponsors because GDPR laws are so strict. He said that it is potentially easier to secure.
“Most of those forms are pretty uniform. If you’re based in the US and you’re conducting an exam in the UK, which has its own laws, or France, which has GDPR, you’re probably more likely to do it there than vice versa. There will be a lot of problems,” Delgado explains.
Delgado said the U.S. site is bound by HIPAA privacy protections, which include personal health information (PHI) that can be disclosed even in the setting of a clinical trial, to plan the trial, and to It added that sponsors should consider this information when drafting consent forms.
“If the patient consents, the sponsor needs to understand that there must be language authorizing disclosure of their PHI to the sponsor for research purposes and language that says the PHI will be protected,” Delgado said. To tell.
Rohit Nambisan, CEO of Lokavant, a clinical trial intelligence platform that supports data collection, says that laws governing what data can be collected vary and should be considered early in the planning process to ensure a smooth study launch. states that it is necessary to do so.
“Pseudo-anonymization of patient data has been in place for quite some time, so it’s more about planning than execution,” Nambisan said. “Targeting and identifying sites with eligible patients can be very difficult and therefore impact the timeline for starting a trial, especially the start of a trial.”
While it may be easier to consider the strictest laws during the planning process, Faggett said, that’s not always the best plan. “Scalability needs to be considered, so when you’re trying to build and scale a clinical trial, the easiest way is to adopt the most conservative standards and adhere to them across the board. It gets easier, but it can also get harder.”
“So we have to take the simplest approach and analyze whether it complies with the most stringent standards across the board, but then in some jurisdictions they cut off noses to disfigure their faces. You have to ask – what are the outputs you are looking for? And how best to get them?”
However, Gregor said taking a one-size-fits-all approach may not be acceptable to some sites that are not under such strict laws.
“When GDPR was first announced, the regulations were much stricter than in the US, and I was there at the time,” Greger recalls. “The sponsor was trying to make us in the US comply with GDPR requirements, but our position was that we did not have to comply with these requirements.”
Issues with remote monitoring and distributed global testing
Clinical trials have widespread decentralization, which increases the number of parties involved and adds to the complexity.
Nambisan said decentralization does not always allow doctors to fully review and monitor the data being transmitted about their patients.
“Challenges arise when physicians become researchers in research and are asked to collaborate with multiple different remote companies and specialists, such as remote phlebotomists, remote nursing services, and home care,” Nambisan commented. do. “Physicians are now using a variety of new data sources that cannot be easily reviewed or monitored at all times.”
Faget explains that because the data doesn’t come from one source like in traditional testing models, there’s more risk. “The decentralized clinical trial model is asking us to rethink privacy and security, because data entry is now coming from everywhere, and PHI is coming in from everywhere,” he said at Faget. says Mr.
Another relatively new development in the clinical trial landscape is remote monitoring, which adds the possibility that data held by a facility in the EU could be monitored by someone in the United States.
“One of the biggest issues is less about data privacy and more about data localization: where the data is collected and who can review it. When we’re talking about surveillance, especially remote surveillance, , that becomes a problem,” says Greger.
“If the monitor is based somewhere other than the country where the site is located, you have cross-border data, which becomes even more complicated.”
Consistency may emerge in the future
With time and experience, it will become easier for sponsors and biotech companies to know what data laws they must comply with. Nambisan says consistency will emerge as more data laws are introduced in the United States.
In the US, Nambisan said: “I think similarities with California’s privacy law are taking shape and will become even more similar over time.”
Schwartz says the EU needs to lobby for consistency. “The aim is to make data more accessible for research and therapeutic purposes across Europe. In Germany in particular, the law has fundamentally changed and is subject to interpretation by data protection authorities.”
“We feel that now is the right time to lobby for a streamlining of data protection laws across Europe that actually allow data to be processed in a harmonized way, which is the intention of the GDPR. However, that is not the case today,” concludes Schwartz.
While data laws will likely never be the same around the world, the easiest way for sponsors to ensure that patients in all jurisdictions know exactly where their data is going and empowers them to make informed decisions. It’s just about being able to do it, Faget said.
“There needs to be some meaningful consent, and patients need to be informed about where their information is going, whether it’s to the CRO, the facility, the sponsor, or the local laboratory. We need to agree that,” Faggett concluded.
