Protection of medical data in Remote Monitoring of Clinical Trials: regulations and best practices

Why can remote monitoring be key to the growth of clinical trials conducted in Spain? What are the regulatory barriers to implementing it?

Remote monitoring allows monitors to review source data without physically traveling to the site, optimizing time and resources. However, this advancement poses a fundamental challenge: ensuring the protection of clinical data, considered highly sensitive information under European and Spanish regulations.

Data protection in remote monitoring is primarily governed by the General Data Protection Regulation (GDPR) and the Spanish Organic Law on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD). Both establish that health data is a special category requiring reinforced security measures and legitimate processing based on informed consent.

In the context of clinical trials, Regulation (EU) 536/2014 and the AEMPS Guide on Decentralized Clinical Trials (2024) include specific recommendations for remote monitoring. AEMPS states that any remote access must be authorized by the Ethics Committee (CEIm), documented in the protocol, and accompanied by procedures that ensure confidentiality and traceability.

Risks associated with Remote Monitoring

The transmission of sensitive data through digital platforms involves risks such as unauthorized access, security breaches, or cyberattacks. These incidents can compromise patient privacy and the scientific validity of the trial. Therefore, regulations require the implementation of technical and organizational safeguards to minimize these threats.

To comply with regulations and protect clinical information, it is essential to apply measures such as robust authentication and end-to-end encryption in all communications. Access must be restricted exclusively to authorized personnel, and detailed records of all actions performed must be maintained. Informed consent should include clear information about remote data access, and before implementing remote monitoring, it is recommended to conduct a Data Protection Impact Assessment (DPIA) to identify risks and define preventive measures. Furthermore, it is crucial to follow the guidelines of AEMPS and AEPD, including security protocols, confidentiality agreements, and procedures validated by CEIm.

Sermes CRO’s commitment

At Sermes CRO, they integrate these regulations and best practices into their remote monitoring processes. They use secure technology, reinforced authentication, and periodic audits to guarantee the protection of medical data. Their team works closely with ethics committees and sponsors to ensure that each project meets the highest standards of privacy and security.

Remote monitoring not only optimizes the management of clinical trials but also demands a strong commitment to data protection. At Sermes CRO, this commitment is part of their identity: ensuring scientific integrity and patient trust in every study.