-
20th Nov 2018, 11:57 AM
#1
Moderator
Dear All
The MHRA GCP inspectorate queried the access to Trust electronic health record systems, which do not limit access to monitors with the Information Commissioner's Office (ICO). The ICO responded that the onus is on the Trust to demonstrate that the monitor has only accessed those records permitted (e.g. patients which have provided consent for the monitor(s) to access their source records). Therefore, there should be an agreement in place between the Trust and Monitor(s) to ensure only trial participant's records will be accessed for which consent has been obtained, the access should be read only and the system should have an audit trail. The audit trail should then be checked by the Trust to ensure that the monitor is only accessing those records which they have permission for, thereby verifying compliance with the terms of the access agreement.
I hope this clarifies the issue. However, if you have further specific questions you can send a query to the Clinical Trials Helpline: clintrialhelpline@mhra.gov.uk
Kind Regards,
MHRA Moderator
-
21st Nov 2018, 04:19 PM
#2
The important phrase is :- “onus is on the Trust to demonstrate that the monitor has only accessed those records permitted”.
To check all audit trails for all monitors/auditors/Inspectors access to all visits, by all subjects, would be resource intensive and not proportionate to the risk.
In keeping with ICH E6 (R2) and the EMA risk proportionate guidance, a risk based approach could be taken. For instance, the audit trail for say 80% (or more) of the first accesses by the monitors/auditors/ inspectors to subjects records, could have the audit trail checked. Then if all is fine, subsequently a “spot check” (pseudo- randomized) of say 10% of the audit trails of future accesses, could be checked. Obviously there needs to be a procedure (SOP) for this and a process for documenting this QC and an escalation process for reporting discrepancies/problems. This procedure would also document the system capabilities and how they work in conjunction with organisational security measures to maintain data integrity and confidentiality.
-
2nd Feb 2021, 10:39 AM
#3
We are just about to finalise the access of EMR by monitors, auditors and inspectors. Our process will only allow a monitor to look specific patient in their project. The monitor will need to notify the study team which patients and which study they are going to monitor. This process also enable them to access patient records within core hours of the day.
-
7th Feb 2021, 07:48 PM
#4
Brilliant news. Is this system part of a normal NHS system or something brought in?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules