x
Advarra

Community

Advarra Clinical Research Network

Onsemble Community

Diversity, Equity, & Inclusion

Participants & Advocacy

Advarra Partner Network

Community Advocacy

Sign up for the Site-Sponsor Consortium Newsletter

Reviews

Institutional Review Board (IRB)

Institutional Biosafety Committee (IBC)

Data Monitoring Committee (DMC)

Endpoint Adjudication (EAC)

Consulting

GxP Services

Research Compliance & Site Operations

Professional Services

Coverage Analysis​

Budget Negotiation​

Calendar Build 

Technology Staffing

Training

Clinical Research Site Training

Research-Ready Training

Virtual Investigator Meetings

Custom eLearning

Services for

Sponsors & CROs

Sites & Institutions

BioPharma & Medical Tech

Oncology Research

Decentralized Clinical Trials

Early Phase Research

Research Staffing

Cell and Gene Therapy

Ready to Increase Your Research Productivity?
Get a Quote
View All Services

Solutions for Need

Clinical Trial Management

Clinical Data Management

Research Administration

Study Startup

Site Support and Engagement

Secure Document Exchange

Decentralized Clinical Trials

Oncology Research

Early Phase Research

Research Site Cloud

Solutions for Sites

Enterprise Institution CTMS

Health System/Network/Site CTMS

Electronic Consenting System

eSource and Electronic Data Capture

eRegulatory Management System

Research ROI Reporting

Automated Participant Payments

Life Sciences Cloud

Solutions for Sponsors/CROs

Clinical Research Experience Technology

Center for IRB Intelligence

Insights for Feasibility

IRB Document Sharing
Not Sure Where To Start?
Start Here
View All Solutions

Resource Library

Podcast

Blog

White Papers

View All Resources

Webinars

eBooks

Case Studies

Events

Ask the Experts

Frequently Asked Questions

COVID-19 Support

News

Check out the latest episodes of Advarra in Conversations with..

About Advarra

Careers

Consulting Opportunities

Leadership Team

Our Experts

Accreditation & Compliance

Join Advarra

Learn more about our company team, careers, and values. Join Advarra’s Talented team to take on engaging work in a dynamic environment.

See Jobs

Blog
Resource Library

Privacy Regulations Impact on Global Clinical Trial Endpoint Adjudication

By
January 13, 2023

New privacy regulations seem to form every few months, especially with individual U.S. states adopting their own privacy regulations (e.g., the California Consumer Privacy Act or CCPA). Endpoint adjudication committees (EACs), also called clinical event committees (CECs), receive potentially identifiable research data from all over the world. Because of this, they need to stay abreast of these rapidly developing requirements and have systems in place to ensure data compliance and protection. This blog explores what it takes for an EAC/CEC to adequately support worldwide clinical trials.

The Global Reach of EACs and CECs

Pivotal research typically happens globally, from North America to Asia to Europe, and everywhere in between. While sponsors may have country- or region-specific regulatory support, there is typically just one EAC/CEC covering all worldwide data. Having one set of adjudicators across the entire trial aids consistency of determinations and allows for a central decision-making framework.

For the independent EAC/CEC administrators, this means information about events happening worldwide need to be adjudicated. And those pieces of medical records data, scans, electrocardiogram (EKG) results, digital imaging and communication in medicine (DICOM) materials, and other source materials typically have some form of privacy regulation attached to them from the source country.

Even if the materials are sufficiently redacted by the site or sponsor, most pieces of information in the adjudication dossier are coded with a participant number; in the world of international privacy regulations, the code number can mean the data or images for all intents and purposes might as well have the participant’s name on it. This means even if you code the data, the international privacy regulations apply – even if the Health Insurance Portability and Accountability Act (HIPAA) does not.

A Global Patchwork of Regulatory and Privacy Standards

The list of privacy regulations is as unique as the countries who make them:

A recent report from the United Nations Conference on Trade and Development (UNCTAD) indicated nearly 80% of the world’s countries either have or are developing privacy regulations. Almost all regulations impact the type of data for the EAC/CEC to complete its evaluation of individual clinical events occurring in a clinical trial.

Source: United Nations Conference on Trade and Development

EAC and CEC administrators also need to consider each of the 50 U.S. states and individual EU zone countries may also have privacy regulations which go beyond HIPAA or GDPR (e.g., California’s CCPA and Virginia’s Consumer Data Protection Act or VCPDA).

With this global patchwork comes the responsibility of the EAC/CEC administrator to address and adapt to each.

How do These Frameworks Apply to Information Sent to the EAC or CEC?

The core role of an EAC/CEC is to have medical experts independently evaluate a clinical event to determine if a defined endpoint or clinical threshold has been met, or if the event should be categorized in some way (e.g., was it caused by the study drug or an underlying condition). Such an activity certainly requires medical judgement and access to a lot of associated medical information to make the determination on the event.

Sponsor- or site-provided information is compiled by the EAC/CEC administrator into a dossier, which the adjudicators use to make their event assessments. Sites or sponsors almost always redact this information to remove and replace overtly identifiable information. It would be very rare an EAC/CEC would need to see identifiable information in order to make their adjudication determinations. Under the U.S. HIPAA privacy framework, this redacted and coded information would likely be considered a de-identified data set, thus not covered under HIPAA at all.

In contrast, for coded information coming from EU zone GDPR countries, or from other international privacy regulation regimes modeling GDPR’s framework, the coded information received by the EAC/CEC would likely be considered pseudo-anonymized data. Therefore, it would still be protected under the source country’s applicable privacy protections.

For coded information coming from EU zone GDPR countries, or from other international privacy regulation regimes modeling GDPR’s framework, the coded information received by the EAC/CEC would likely be considered pseudo-anonymized data.

Therefore, it would still be protected under the source country’s applicable privacy protections.

What do You Need to Keep in Mind?

An organization that understands the implications of worldwide privacy regulations and their impact on research will be more successful and reduce regulatory risk. The CEC/EAC administrator’s adjudication platform and associated company policies and procedures need to conform to all applicable privacy standards. Sponsors, contract research organizations (CROs), and sites need to work with a reputable partner for independent EAC/CEC administration.

Depending on the privacy regulation, the sponsor will typically consider the EAC/CEC administrator to be a data controller. Therefore, the sponsor organization would need to have appropriate policies and procedures in place, as the controller organization, to verify their associated data processors (e.g., the EAC/CEC administrator) conform with applicable regulatory standards.

With this in mind, it’s important to work with an EAC or CEC administrator who understands the diverse global data regulation landscape. A partner experienced in navigating this space likely has at least consulted with experienced international privacy experts to help ensure the EAC or CEC and associated enabling technology are properly set up to meet the necessary regulatory requirements.

What Else Should Sponsors Think About?

Sponsors need to think about more than just privacy regulations when considering who to work with for independent EAC/CEC administration. They also need to consider technical regulations applicable to the adjudication platform used by the administrator.

For worldwide clinical trials, the adjudication platform likely needs to comply at a minimum with U.S. FDA Part 11 and EU Annex 11, be operated in a SOC 2 compliant data center, and be developed following a GAMP 5 validation methodology.

An EAC/CEC administrator’s adjudication platform should conform with these basic international validation standards in order to compliantly provide adjudication services on a worldwide clinical trial.

Conclusion

Bottom line: Running a worldwide clinical trial is not easy. It takes discipline and a deep understanding of the rules. The independent EAC/CEC supporting the trial needs to be just as well versed in those rules, so working with an experienced partner who has a dedicated focus on these issues is key to the smooth operation of the trial and protection of the participant’s data.

Metrics and AnalyticsResearch ComplianceResearch Operations

Tagged in: , , ,

Author


  • SVP, Global Review Services, Advarra

    With 25+ years’ experience providing support to the clinical research community, James helps sponsors, CROs, and research sites advance clinical research with a mission to improve human health.

    View all posts

Back to Resources

Find out why independence is critical to endpoint and clinical event adjudication in our white paper.

Download the White Paper

Subscribe to our monthly email

Receive updates monthly about webinars for CEUs, white papers, podcasts, and more.

Subscribe

Advancing Clinical Research: Safer, Smarter, Faster

Copyright © 2024 Advarra. All Rights Reserved.