7. Remote Monitoring

7.1 eConsent/Remote Consent 

This is possible, but subject to national laws.

The EMA “Recommendation paper on decentralized elements in clinical trials” includes an overview of national provisions for specific decentralized clinical trial elements to be used in clinical trials; requirements of eConsent at the Member State level are reflected within the appendix.

The EMA recommendations on remote consent are as follows (see also section 3 within the recommendation paper):

• "As part of the process of obtaining informed consent, it is considered essential that face-to-face communication takes place between the potential trial participant and the investigator, or a qualified person designated by the investigator. If this discussion is done in a digital/virtual meeting, it is recommended that this takes place in real-time where the parties can both see and communicate with each other via audio and video. The remote face-to-face contact should allow for asking questions and the investigator should make every effort to check the identity of the participant if they are not already known by them, conversely, the participant should have the right to ask for proof of the investigator’s identity if they have not been in contact before. Deviation from (remote) face-to-face communication should be justified in the clinical trial application, together with a description of how the verification of the identity of the investigator and the trial participant will be performed in such cases, and how it will be determined that the trial participant has understood the information. See also the appendix for the current national provisions. 
• The sponsor should ensure that trial participants and investigators are given the option to have the informed consent interview on-site if this is preferred by the trial participant or the investigator. However, in duly justified cases only the remote option may be offered.
• Individual participant-related factors affecting the use of decentralized elements of the clinical trial should be evaluated by the investigator during the informed consent interview. 
• The reliability and confidentiality of the method used should be ensured. As a general principle, the communication channel used for the informed consent interview should be encrypted to protect the confidential information that will be discussed." 

In March 2023, the EMA published the final Guideline on computerized systems and electronic data in clinical trials which covers electronic informed consent -Section A5.3. An extract of this section can be found below:

…” An electronic informed consent refers to the use of any digital media (e.g. text, graphics, audio, video, podcasts or websites) firstly to convey information related to the clinical trial to the trial participant and secondly to document informed consent via an electronic device (e.g. mobile phones, tablets or computers). The electronic informed consent process involves electronic provision of information, the procedure for providing the opportunity to inquire about details of the clinical trial including the answering of questions and/or electronic signing of informed consent. For example, it would be possible for the trial participant to sign informed consent on a paper form following provision of the information electronically or the information and informed consent could be entirely electronic. If using a ‘wet ink’ signature together with an electronic informed consent document (a hybrid approach), the patient information, the informed consent document and the signature should be indisputably linked. 

The method of obtaining an informed consent should ensure the broadest possible access to clinical trials. Alternative methods for provision of information and documentation of informed consent should be available for those unable or unwilling to use electronic methods. Any sole use of electronic informed consent should be justified and described in the protocol.”   

Appendix A5.3- Informed Consent, also covers the following aspects:

• A5.3.1- Provision of information about the clinical trial
• A5.3.2- Written Informed Consent
• A5.3.3- Trial Participant identify
• A5.3.4- Sponsor notification on the consent process
• A5.3.5- Trial Participant Confidentiality
• A5.3.6- Trial Participant Access
• A5.3.7- Investigator responsibilities
• A5.3.8- Version control and availability to sites
• A5.3.9- Availability in the investigator’s part of the trial master file.
• A5.3.10- Withdrawal from the trial

7.2 eSignature (including any requirement for a countersignature (e.g. PI, witness, etc.)

The EMA's “Recommendation paper on decentralized elements in clinical trials” includes an overview of national provisions for specific decentralized clinical trial elements to be used in clinical trials.

Section 3 of the DCT Recommendation paper provides the following with regard to signatures:

 "Informed consent signature 

• There are various ways of obtaining a signed informed consent form by remote means. This includes for example a paper consent form sent to the participant signed with a ‘wet ink signature’ and sent back by post, or a digital consent form signed with an electronic signature, i.e. completely digital. 

Regardless of the format of the informed consent, the method should allow reconstruction of the process, including the validity of the signatures. The sponsor should ensure that the systems used have proportionate security levels and that safeguards regarding confidentiality are in place. In general, the electronic signature functionality should be in accordance with the requirements described in the Guidelines on Computerized Systems and Electronic Data in Clinical Trials. 

In addition, the method used to record informed consent should follow national requirements with regards to acceptability of electronic signatures (see appendix for current national provisions). 

• When using electronic methods, the trial participants should be able to download an electronic copy of the signed and dated informed consent form, or to receive a print-out of the electronic copy. If an electronic copy, it should be protected against modification; any modification should invalidate the signatures. 

• Existing procedures related to re-consent should be adapted to the use of electronically signed consent forms. 

• Procedures should be in place to handle follow-up steps after the consent has been withdrawn electronically, including partial withdrawal and complete withdrawal, due to the impact on patient participation and data collection. These procedures should include timely notification to the investigator and a communication plan with all other stakeholders. By any means, withdrawals should also be possible outside of the system, and this should be recorded by the investigator. 

In either case, all relevant records should be archived in the investigator's site master file. A correctly signed and dated informed consent form should be obtained from the trial participant later, as soon as possible.”  

7.3 Remote Assessment

The EMA “Recommendation paper on decentralized elements in clinical trials” makes some remarks with regard to remote assessments. Please see below:

"In clinical trials with decentralized elements, parts of the clinical trial may be conducted outside the traditional patient care centers, with the involvement of service providers. General medical rules to protect patient’s/trial participant’s safety should be upheld in trials with decentralized elements especially when patients/trial participants are separated from traditional patient care centers. Among those is the assessment of individual patient’s risk profile, including appropriate anamnestic information, physical examination and laboratory or imaging data by a responsible investigator with the required trial population-specific medical background. Exceptions should be justified in the clinical trial application to ensure appropriate case-by-case review. 

When parts of the clinical trial are conducted off-site, and when additional service providers such as home nurses or providers of technology become involved, it is essential that the specific roles and responsibilities of the sponsor, investigator, and any additional parties are clearly defined and understood prior to the start of the trial. In addition, when trial participants are visiting the clinical trial site less frequently, alternate methods of clinical monitoring of the trial participants’ current health status and related data collection may need to be utilized. Data may be received from different routes, for example, collected at home by the participants themselves, by visiting (external) healthcare professionals, or by digital tools. This poses a challenge to the oversight on the rights, safety, dignity and well-being of the trial participants as well as the reliability of trial results. As a general concept, introducing decentralized elements should be considered as an extension of the clinical trial site with the inclusion of the trial participants’ homes, resulting in an additional obligation of oversight for investigators and sponsors. It is therefore important that, when decentralized elements are implemented, it is ensured that the investigator and sponsor still can fulfill their legal obligations as laid down in the CTR or the CTD and ICH E6. In addition, with a potential increase in the number of parties involved in the clinical trial, adherence to the GDPR needs to be safeguarded."

7.4 Electronic Patient Reported Outcome (ePro) 

The EMA “Recommendation paper on decentralized elements in clinical trials” makes some remarks with regard to ePROs. Please see below:

"The trial participant should be fully informed in advance on how the information transmitted via digital tools, for example, electronic Patient Reported Outcomes (ePROs), will be acted upon. It should be made clear to the trial participant that the investigator may not review such data in real-time, and that if the trial participant experiences any specific safety concern they need to directly contact the investigator to report such an issue."

ePROs considerations are also reflected within the EMA guidance on “Computerized Systems and electronic data in clinical trials”:

5.3. Training:

… “There should be training on the relevant aspects of the legislation and guidelines for those involved in developing, coding, building, and managing trial-specific computerized systems, for example, those employed at a service provider supplying eCRF, IRT, ePRO, trial-specific configuration, customization, and management of the system during the conduct of the clinical trial.”

6.2.1. Audit Trail

… “For certain types of systems (e.g. ePRO) the data entered may not be uploaded immediately but may be temporarily stored in local memory. Such data should not be edited or changed without the knowledge of the data originator prior to saving. Any changes or edits should be acknowledged by the data originator, should be documented in an audit trail and should be part of validation procedures. The timestamp of data entry in the capture tool (e.g. eCRF) and timestamp of data saved to a hard drive should be recorded as part of the metadata. The duration between initial capture in local memory and upload to a central server should be short and traceable (i.e. transaction time), especially in case of direct data entry.”

 6.6. Control Data

…”Data generated at the clinical trial site relating to the trial participants should be available to the investigator at all times during and after the trial to enable investigators to make decisions related to eligibility, treatment, care for the participants, etc., and to ensure that the investigator can fulfill their legal responsibility to retain an independent copy of the data for the required retention period. This includes data from external sources, such as central laboratory data, centrally read imaging data, and ePRO data.”

A5.1.1 Electronic patient-reported outcome 

A5.1.1.1 System design

“Electronic patient-reported outcome (ePRO) should be designed to meet the specific needs of the end users. It is recommended to involve representatives of intended site staff and of the intended trial participant population, where relevant, in the development and testing. 

One of the advantages of using an ePRO system is that the timestamps of data entry are recorded. The timestamp should record the time of the data entry and not only the time of the data submission/transmission. 

Trial participants should be able to view their own previously entered data, unless justified and unless it is against the purpose of the clinical trial design or the protocol. Therefore, the period that data are viewable by the participant should be considered when designing/configuring the ePRO. Decisions about the 'view-period' should be based on considerations regarding risk for bias on data to be entered. If viewing of recently entered data is not possible by the participant, then there is a risk that the participant could forget if relevant data have been collected. This is especially the case if the planned entry is event-driven. In addition, this prevents an unnecessary burden to site staff, as they will be contacted by trial participants in case of doubt less often. 

Logical checks should be in place to prevent unreasonable data changes such as 'time travel' e.g. going back (months, years in time) or forward into the future based on the protocol design.”

A5.1.1.2 Data collection and data transfer 

“The same ICH E6 standards apply to data collected via ePRO as to any other method of data collection, i.e. that there are processes in place to ensure the quality of the data, and that all clinical information is recorded, handled and stored in such a way as to be accurately reported, interpreted and verified. 

An ePRO system typically requires an entry device. Data saved on the device is the original record created by the trial participant. Since the data stored in a temporary memory are at higher risk of physical loss, it is necessary to transfer the data to a durable server at an early stage, by a validated procedure and with appropriate security methods during data transmission. Data should be transferred to the server according to a pre-defined procedure and at pre-defined times. The data saved on the device are considered source data. After the data are transferred to the server via a validated procedure, the original data can be removed from the device as the data on the server are considered certified copies. The sponsor should identify the source data in the protocol and protocol-related documents and should document the time and locations of source data storage. 

In addition to the general requirements on audit trails (please refer to section 6.2.), if an ePRO system is designed to allow data correction, the data corrections should be documented, and an audit trail should record if the data saved on the device are changed before the data are submitted. 

Data loss on devices should be avoided. Procedures should be in place to prevent data loss if web access to the trial participant-reported data is interrupted, (e.g. server outage, device battery drained, loss of or unstable internet connection). There should be a procedure in place to handle failed or interrupted data transmission. 

It should be ensured/monitored that the transmission of data from ePRO devices is successfully completed. 

Important actions should be time-stamped in an unambiguous way, e.g. data entries, transfer times, and volume (bytes).”

A5.1.1.3 Investigator access 

“Unlike data collected in the electronic case report form (eCRF), ePRO data are not managed (although available for review) by the investigator and are often hosted by a service provider. The investigator is overall responsible for the trial participants’ data (including metadata). Those should consequently be made available to the investigator in a timely manner. This will allow the investigator to fulfill their responsibilities for oversight of safety and compliance and thereby minimize the risk of missed adverse events or missing data.” 

A5.1.1.4 Data changes 

“As stated in section 6.2.1. on audit trails, a procedure should be in place to address and document if a data originator (e.g. investigator or trial participant) realizes that they have submitted incorrect data by mistake and want to correct the recorded data. 

Data changes for ePRO typically differ from those of other data acquisition tools because trial participants typically do not have the possibility to correct the data in the application. Hence, procedures need to be in place in order to implement changes when needed. This depends on the design of tools and processes and could be in the form of data clarification processes initiated by trial participants on their own reported data or initiated by investigators.

Data reported should always be reliable. Data clarification procedures introduced by the sponsor or service provider, whether or not described in the protocol should not prohibit changes in trial participant data when justified e.g. if the trial participant realizes that the data have not been entered correctly.

It is expected that the possibility for changes is implemented based on a justified and trial-specific risk-assessment and that any changes are initiated in a timely manner by the participant or site staff and in case of the latter is based on a solid source at investigator sites e.g. phone notes or emails from trial participants documenting the communication between sites and trial participants immediately after the error was made/discovered. 

One of the advantages of direct data entry by the trial participant is that recall bias is minimized as the data are entered contemporaneously. Consequently, corrections should not be done at a much later stage without good reason and justification. Whether collected on paper or by electronic means, the regulatory requirements are that all clinical data should be accurately reported and should be verifiable in relation to clinical trials. 

It is expected that the number of changes to ePRO data are limited; however, this requires both designs of ePROs that are appropriate to ensure proper understanding by trial participants and appropriate training of trial participants, thereby avoiding entry errors.”

A5.1.1.5 Accountability of devices 

“There should be an accountability log of devices handed out to trial participants and this should include the device identification number in order to be reconciled to a particular trial participant.”

A5.1.1.6 Contingency processes 

“Contingency processes should be in place to prevent loss of data critical for participant safety or trial results. In case of device malfunction or loss of devices, there should be a procedure in place to replace the device and to merge data from several devices of a trial participant without losing traceability.” 

A5.1.1.7 Username and password 

 “The trial participant’s passwords should only be known to the trial participant. 

 The username and password should not be used in a manner that would breach a trial participant’s confidentiality. 

 In relation to BYOD, sponsors should ensure that basic user access controls are implemented. 

 When mobile applications are used for data entry, access controls need to be in place to ensure attributability. See section A5.1.3 for further guidance on BYOD.”

 A5.1.1.8 Training 

“Training should be customized to meet the specific needs of the end users.” 

 A5.1.1.9 User support 

 “Support to the trial participant and the trial site staff should be readily available (e.g. support via phone or email) in order to ensure reliable data and minimize the risk of data loss. Trial participant confidentiality should be ensured at all times, including in the communication process. 

Procedures for service desk, user authentication and access restoration should be implemented.”

7.5 HHC – Home Nursing 

The EMA provides considerations of trial-related procedures that can be conducted at home, within section 5 of the “Recommendation paper on decentralized elements in clinical trials”.

Summary of those recommendations:

• Investigator to ascertain suitability for trial procedures to be conducted at the participant’s home.
• Inclusion/exclusion criteria should include provisions related to the adequacy of the participant’s home.
• Participant should be informed during the consent process about planned trial procedures conducted at their home.
• Trial-related procedures at home should only be done if the procedures do not cause additional risk to trial participants or the reliability of the data and the person performing the task is qualified and/or trained to perform the task. 
• The sponsor and/or investigator should ensure that appropriate guidance and training are provided to the delegated person(s) to conduct the tasks at home correctly. 
• The insurance or indemnity or a guarantee or a similar arrangement foreseen by CTR or the CTD should be in place to cover any damage resulting from trial-related procedures performed at home. 
• The investigator should monitor the compliance of the trial participant considering the lack of/decrease in the number of face-to-face visits/meetings between the trial participant and the investigator and/or delegated staff. 
• Trial participants should be given the opportunity to visit the investigator in person if needed/preferred and they should be able to have a direct contact line if further support to perform a trial-related task/collect data is needed. 
• There should be procedures in place for reporting and management of adverse events noticed by the trial participant or by any delegated person during home visits.
• The sponsor should provide alternatives if a trial participant is unable or not willing to use her/his/their own private device (mobile phone, tablet, etc.) to capture trial data. 

7.6 HHC – Home Lab Collection

Collection of biological samples at home is permitted, as long as the procedures involved do not cause any additional risk to the trial participants or reliability of the date and the person performing the task is qualified and/or trained to perform the task.

If biological samples are collected at home, it should be considered whether persons taking the sample are qualified and allowed by their local legislation to take the sample. In addition, adequate handling and storage conditions for the samples throughout the entire process should be assured.

There may be at the country level additional requirements, such as IATA training for handling infections and biological material.

7.7 Remote Monitoring

The EMA “Recommendation paper on decentralized elements in clinical trials” includes an overview of national provisions for specific decentralized clinical trial elements to be used in clinical trials. 

Section 7 of the DCT Recommendation paper provides the following with regard to trial monitoring:

•  “As detailed in ICH E6, the monitoring strategy should be based on the specifics of a clinical trial. These specifics may include, as applicable, decentralized processes and tools described in the previous sections. For example, if according to the trial protocol, safety and/or efficacy data are collected via ePRO or wearables, or if key processes (e.g. those related to primary endpoints) are performed outside the investigator site (e.g. at central reading facilities, central laboratories), the specific risks associated with these decentralized processes, tools, locations, and individuals involved should be taken into account in the monitoring strategy.”
• “Monitoring procedures can be divided into centralized and site monitoring, and generally a combination of them both is appropriate. Site monitoring is usually performed on-site. Depending on its purpose and suitability it may be performed off-site (remotely).”
• “When establishing remote access for the purpose of monitoring, the principles of necessity and proportionality should always be adhered to. The monitoring strategy chosen should not unduly burden the site.” 
• “If remote access to source data and documents is foreseen, additional measures with respect to the confidentiality of data access and security of the systems should be in place. Further guidance on this is being drafted by the GCP IWG. See appendix with current national provision overview per MS whether remote access to medical records by the monitor or auditor is allowed.”

7.8 Telemedicine

While the EMA “Recommendation paper on decentralized elements in clinical trials” does not provide specific details on “telemedicine”, it provides recommendations that would apply to any telemedicine activities. See also Section 7.3 - Remote Assessment - above.

7.9 Wearables

The EMA “Recommendation paper on decentralized elements in clinical trials” makes some remarks regarding wearables as part of handling data.

References to "Wearables" as well as "Bring Your Own Device (BYOD)" can also be found within the EMA guidance on “Computerized Systems and Electronic Data in Clinical Trials”:

“6.1.3. Direct Capture

… Direct data capture can also be done by automated devices such as wearables or laboratory or other technical equipment (e.g. medical imaging, electrocardiography equipment) that are directly linked to a data acquisition tool. Such data should be accompanied by metadata concerning the device used (e.g. device version, device identifiers, firmware version, last calibration, data originator, timestamp of events).”

“A5.1.3 Bring your own device (BYOD) 

Both ePRO data and clinician-reported outcome data may be captured by privately owned devices such as mobile phones, tablets, computers and wearables, i.e. BYOD. This can either be achieved via a web application with pre-installed browser applications or by installing an application on the device. Solutions can be either a combination of web and application (hybrid) or coded to the device operating system (native).   It is necessary to provide alternative ways of data collection e.g. devices provided by the sponsor as the trial participants should not be excluded from a trial if not capable or willing to use BYOD.” 

“A5.1.3.1 Technical and operational considerations 

When using BYOD, a variety of devices, operating systems and where applicable web browsers commonly used, should be considered for the application. It should be ensured that it is not exclusive to one model or operating system. 

The sponsor should describe the minimum technical specifications for participants’ devices (e.g. operating system, web browser, and storage capacity). These should take into account which operating systems are still supported by the manufacturer and if bug fixes and security patches have been released, when relevant. 

The sponsor should ensure the quality and integrity of the data across all accepted models and versions. 

The sponsor has no control over the implementation of updates to the operating system or over the applications on the trial participant’s device. These aspects should be taken into consideration in their risk evaluation and subsequent validation activities. 

The application should use an external source for date and time and should not rely on information from the user's device. 

Procedures and processes should be in place for when the trial participant discontinues the clinical trial or the clinical trial ends and access to applications and data collection should be terminated.” 

“A5.1.3.2 Considerations on security and trial participant confidentiality 

The confidentiality of data that could identify trial participants should be protected, respecting the privacy and confidentiality rules in accordance with the applicable regulatory requirements. 

A number of challenges for BYOD are related to security, and security should be ensured at all levels (mobile device security, data breach security, mobile application security, etc.). As mobile devices may be lost or stolen and it cannot be ensured that the trial participants use any authentication methods to secure their device, access control should be at the application level. Section A.4.14 on the use of password managers also applies. 

Risks linked to known application and operating system vulnerabilities should be minimized.

The hardware, operating system and applications are all factors that affect the total security status of the device, and there should be procedures in place regarding e.g., when trial participants/clinicians use less secure devices. 

Data capture by BYOD may require the device to be identified to ensure data attributability. Only information that is needed for proper identification of and service to the user should be obtained. Trial participant confidentiality should be ensured if device identification information is stored. Access to the application and trial participant data may be protected with multiple barriers (e.g. unlock mobile phone, open application, access data). 

If the device’s built-in capabilities for auto-fill formula data and/or using photo, video, and global positioning system (GPS) data, etc. are used, this should be described and justified in the protocol. Procedures and processes should ensure that only protocol mandated data are collected, and that the confidentiality of data is maintained. In accordance with the principle of 'data minimisation' mobile applications should only collect data that are necessary for the purposes of the data processing and not access any other information on the person’s device. 

For example, location data should only be collected if it is necessary for the clinical trial activities and the trial participant must be informed about it in the patient information and agree to it in the consent form. 

Providers may have end-user licensing agreements or terms of service that allow the sharing of data. This may be in conflict with ICH E6 and (local) legal requirements or require information to be provided to the participant and may require specific informed consent. In some cases, the application may not be suitable for use. If an application is to be installed on a BYOD, the privacy labels/practices (e.g. regarding tracking data, linked and not linked data) should be clearly communicated to the trial participant upfront. 

The sponsor should be aware that explicit consent may be required related to the above. The informed consent should describe the type of information that will be collected via ePRO and how that information will be used.”