Some of the current ‘hot topics’ discussed at the 46th European Medical Writers Association (EMWA) conference in Barcelona included the impact of the new EU regulations on medical devices (MDR) and in vitro diagnostic devices (IVDR), how the General Data Protection Regulation (GDPR) ties in with EMA’s Policy 0070, and anonymisation of clinical trial documents in the disclosure era. Below we explain what this means for clinical development and highlight how VCLS can help you navigate through these issues.
MDR & IVDR
Medical devices include a broad range of items from prosthetic limbs to contact lenses, and are classified according to increasing risk (Class I, IIa, IIb, III). In vitro diagnostic devices (classified A, B, C, or D) are used to perform tests on biological samples and include HIV test kits and blood glucose meters. Innovation and progression in technology means this market will continue to expand.
In May 2017, two new EU Regulations on medical devices were adopted. The EU Regulation 2017/745 on medical devices and EU Regulation 2017/746 on in vitro diagnostic medical devices will replace the existing Directives. These regulations will apply in EU Member States from 26 May 2020 and 2022, respectively. Manufacturers must update their technical documentation and processes to meet the new requirements during the transition period in order to gain CE marking on their device.
The MDR and IVDR are intended to harmonise and improve the clarity of the regulatory requirements across the EU. In addition, greater scrutiny during conformity assessments and more clinical and regulatory documentation throughout the medical device lifecycle are expected to improve quality, safety, and reliability. Even when on the market, the clinical evaluation of the device needs to be continually reviewed, post market surveillance carried out, and technical documentation updated accordingly. VCLS can provide expert advice to help ensure regulatory compliance with MDR and IVDR and get your device to market efficiently.
GDPR & EMA Policy 0070
The new EU General Data Protection Regulation 2016/679, effective from 25 May 2018, aims to harmonise the data protection laws across all member states and to safeguard EU citizens against privacy and data breaches in our evolving electronic world. Individuals, organisations, or companies that are either “controllers” or “processors” of personal data from the EU have obligations under the GDPR, and non-compliance will incur significant financial penalties.
EMA Policy 0070 enables academics and researchers to access clinical trial data that could enhance scientific knowledge and quality of research within the pharmaceutical industry. Whilst the GDPR endeavours to protect by design (i.e. built-in systems or technology designed to ensure compliance) and by default (i.e. minimisation of data collection and processing), Policy 0070 requires clinical reports that are to be disclosed in a public portal (https://clinicaldata.ema.europa.eu) to be compliant with data protection legislations. The use of proactive pseudo- and anonymisation techniques by medical writers can help prevent re-identification of subjects and retain the utility of clinical data. The consequences of re-identification may mean litigation, loss of credibility, loss of trust, and non-compliance with GDPR.
With this important legislation in mind, finding the right balance between data protection, transparency, and scientific utility is paramount to gaining public trust.
Anonymisation Techniques
As discussed above, selected clinical reports from a marketing authorization application, submitted under the centralized procedure, will be publically disclosed according to EMA Policy 0070. Composed of two phases, phase 1 of Policy 0070 concerns only the publication of the CTD Clinical Overview, Module 2.7 summaries, clinical study reports including narratives, and some appendices [including protocols, sample case report forms, and statistical analysis plans]). Phase 2, which will be implemented at a later stage, concerns the publication of individual patient data (i.e. Listings).
Reactive anonymisation i.e. removal or masking/redaction methods has mainly been used on reports written before the policy came into force. It can be used to mask both direct identifiers (e.g. subject ID, address, etc) and quasi identifiers (e.g. date of birth, sex and ethnicity, medical history, etc). Although reactive anonymisation will reduce the risk of subject re-identification, it will also compromise the scientific utility of the document, can flag the existence of sensitive data, and be costly.
Medical writers are progressively replacing reactive anonymisation with proactive anonymisation. Whilst writing the document, unnecessary information can be removed (e.g. patient initials, geography), banding can be used (e.g. age replaced by age range), calendar dates replaced by relative dates, rare medical conditions or adverse events can be generalized, and outliers can be aggregated. This pseudonymisation approach will minimise the requirement for redaction in the publicly disclosed document.
Finally, in order to explain how the document was anonymised, an anonymisation report is required by the EMA with the initial redaction submission. This report describes the anonymisation process followed, the methods used, the rationale for redactions, and the impact on data utility. As this report is also publicly disclosed, the information presented in the report should not increase the risk of subject re-identification.
Published: 25th May, 2018