Clarity of Purpose Can Help Transcend Regional Data Compliance Variation

Clinical Researcher—February 2023 (Volume 37, Issue 1)


Chris Prantl


Despite the huge advances we have witnessed in recent years, one of the biggest barriers to technology-driven decentralized clinical trial (DCT) adoption remains a lack of agreed standards for compliance and ethics.

Without definitive guidance, sponsors can find it challenging to be sure all the providers they enlist to conduct a study are collecting, managing, and sharing data ethically. However, a laser focus on joined-up, patient-centric, highest-standard processes could help organizations navigate the complex landscape and unlock the transformative power of digital data collection.

A Burgeoning Sector

DCTs, in which site visits are either replaced or augmented with remote data collection, are fast becoming the new normal. In 2022, an estimated 1,300 trials had a virtual component, representing a 28% increase from the previous year.{1}

It is a model that is streamlining research and making it more efficient, more patient-centered, and more inclusive. Furthermore, it is all being made possible by advances in digital health technologies, from remote data collection to patient support platforms.

Yet while the medical community is embracing this new way of working, barriers to adoption remain. One of the most pressing is a lack of a standardized regulatory framework.

DCTs widen access to studies by tearing down geographical barriers. When data collection happens remotely, participants do not need to live within travelling distance of a site. Yet just as DCTs are making research ever more international, cross-border variations in compliance guidelines are threatening to cancel this advantage out.

Evolving Regulatory Landscape

Until relatively recently, regulatory change had not kept pace with the rapid digital transformation of clinical research. The two sectors, after all, move at vastly different speeds. However, regulators are pushing forward.

In the United States, for example, the Food and Drug Administration (FDA) has published a suite of guidelines on the use of digital health technologies in clinical trials over the last few years.{2} In Europe, the Accelerating Clinical Trials in the EU (ACT EU) initiative, part of the wider “modernization” of the region’s clinical trial regulation, places a clear focus on the effective remote collection of data during DCTs.{3} Furthermore, the European Medicines Agency set out recommendations for the use of DCTs, with the intent to aid the use of DCT elements in clinical trials in Europe.{4} Meanwhile in the United Kingdom, the Digital Technology Assessment Criteria (DTAC) sets minimum clinical safety, data protection, technical security, interoperability, and usability and accessibility standards for solutions to be used within the country’s National Health Service.{5}

Such progress has been widely praised. Yet the region-by-region development of standards and guidelines creates a complex landscape for drug and technology developers to navigate. There is, for example, still much ambiguity around data capture, sharing, storing, and monitoring guidelines.

Transcending Regional Differences

During a DCT, data on everything from bank details to home addresses, regular blood pressure readings, and adverse events will be collected, stored, and monitored. It may even be shared between various third parties involved in delivering that trial, whether they be mobile health providers, travel systems, or expense reimbursement platforms. People need to feel confident that their most private personal data are being looked after.

The European Union General Data Protection Regulation (EU GDPR) is among the strictest set of data protection rules in the world.{6} That makes it a good benchmark for any digital platform or solution, no matter where it operates.

As well as providing prescriptive data security guidelines, GDPR sets out the principles of processing with a call for careful consideration on what kinds of personal data are collected, how they are used, and how they are stored and maintained.

When digital health technologies are built around this clarity of purpose from the outset, it demonstrates a solid understanding of the value of following gold-standard data processes. It also acts as a “badge of honor” that gives trial participants and investigators confidence in how their information is used.

Mind the Data Gap

Sponsors setting out on the DCT journey, though, often find themselves in the position of selecting multiple partners and vendors, all providing their own individual technology and data protection policies.

Many of these providers may need to share data in order to fulfil their function. Mobile health teams need home addresses and access to clinical data, for example, whereas reimbursement platforms will need bank details and appointment dates, while travel systems require passport information.

With so many moving parts, it can be challenging to maintain appropriate oversight to ensure that each provider has access only to what they need and has the relevant protections in place—but failure is not an option. As we have already seen in the evolution of digital health technologies to date, trust is hard won, but very easily lost.

Successive high-profile scandals, such as London Royal Free’s failure to comply with the Data Protection Act when granting Google’s DeepMind access to 1.6 million patients’ data in 2016,{7} dented public faith in the approach.

That tide, however, is turning. More than 4.7 million people, for example, registered with the ZOE COVID app for regularly submitting their own health data and watching the research it facilitated change the course of the pandemic.{8}

Maintaining this level of trust is mandatory if DCTs are to fulfil their potential, and sponsors are acutely aware that any breach of security could send the quest for more efficient clinical research back to square one.

One possible solution involves seeking out partners who provide seamless, integrated DCT services, all built to the highest possible standards of data protection. Consolidating siloed services reduces the likelihood of data protections “falling through the cracks” between disparate providers and eliminates the risk of sharing data with multiple separate businesses.

The Road Ahead

While regulatory bodies are making progress on digital health technologies and DCT guidelines, there is still much work to be done. Due in part to the unease around data security, many areas are still not keeping pace with change.

Specific considerations, such as the compliance of sharing data to enable investigational products to be sent directly from a warehouse to a patient’s home, rather than via a pharmacy, for example, remain unanswered. Getting to the bottom of questions such as these will greatly help make research more efficient for sponsors and more convenient for patients.

In the meantime, it is up to the research community to build the best possible protections for the invaluable data we collect, by focusing on trust and transparency, and setting ourselves the highest possible standards.


  1. 2022 forecast: Decentralised trials to reach new heights with 28% jump. 2021. Clinical Trials Arena.
  2. Clinical Trials Guidance Documents. 2022.
  3. Accelerating Clinical Trials in the EU (ACT EU): Delivering an EU clinical trials transformation initiative. 2022.
  4. Recommendation Paper on Decentralised Elements in Clinical Trials. 2022.
  5. Digital Technology Assessment Criteria (DTAC). 2021.
  6. The General Data Protection Regulation. 2022.,application%20on%2025%20May%202018
  7. Royal Free breached UK data law in 1.6m patient deal with Google’s DeepMind. 2017. The Guardian.
  8. About the ZOE Health Study.

Chris Prantl
Chris Prantl
is Global Privacy Officer for mdgroup, providing data privacy advisory services to the company’s global operations. With operational oversight of the Corporate Services Division, he has responsibility for the internal operations of all independent lines including Quality, Legal, and Privacy functions.