MHRA Sets Data Security Requirements for Remote Monitoring
Concerns about the security of remotely accessed data has led the UK’s Medicines and Healthcare products Regulatory Agency (MHRA) to list five features electronic health records (EHR) systems should have if sponsors want to remotely monitor a trial.
Sites providing remote access to their EHR systems should have the same amount of control over their systems as they would in an onsite monitoring visit, the guidance says, use a read-only login to block monitors from making any changes to the data, require two-factor authentication to access the read-only account, restrict printing, copying and downloading, and include an automatic timeout setting. MHRA further says that sponsors should only conduct remote monitoring with a site’s agreement.
In a second guidance update, MHRA has expanded its recommendations for conducting clinical trials during the pandemic to include short-term solutions for remote monitoring of systems that do not have all of the desired security functions, such as confirming monitors’ identity and access permissions via video contact, creating password locks with short timeouts on monitors’ devices and revoking monitors’ access as soon as they complete their work.
Read the EHR guidance at https://bit.ly/3njL4PF.
Read the guidance on managing clinical trials at https://bit.ly/3nlwNSl.