I too would be extremely interested in hearing about the type of solution that Trusts have put in place. I concur with the MHRA position on this topic; if non-Trust personnel are being granted access to EHRs, it is absolutely essential that they only have the ability to access the EHR of the specific patients in the clinical trial. Ideally, the security permissions in the EHR system should limit access to specific components of the EHS, though I appreciate that this is an even more difficult ask. Apart from the issues of breaking patient confidentiality by providing a level of access that is not limited to specific patients, there are GDPR issues too. The monitor has no legal basis for being given access to other patients' records, even if he/she doesn't actually access them. It is not appropriate to provide a level of access that theoretically gives that visibility to EHRs. The 2015 guidance was published to avoid these situations arising; in the intervening 3 years, the technology should have been brought in line with regulatory requirements I think.