In February 2018, the Integrated Research Application System (IRAS) issued revised versions of the template model Clinical Trial Agreement (mCTA) and Clinical Research Organisation model Clinical Trial Agreement (CRO-mCTA, used where clinical research organisations undertake site management responsibilities on behalf of the sponsor). The new mCTAs are designed to be used without modification for industry-sponsored trials in the national health service (NHS), and have been updated to reflect current practice and regulations. The new mCTAs should be used from 1 March 2018.
Legal clarity on the meaning of ‘commercially confidential information’ within sight
Demand for greater transparency and disclosure of pre-clinical and clinical data by industry continues to attract significant debate. Recent academic studies, published in Current Medical Research and Opinion and the British Medical Journal, have systematically assessed the disclosure policies of trial data arising from studies sponsored by pharmaceutical companies. In the EU, the European Medicines Agency (EMA) has adopted policies and guidance setting out its approach to data disclosure. Certain aspects of the adopted policies are currently being considered by European Courts, to address the nature of the balance to be struck between the public interest in transparency and the interest (both public and private) in protecting innovative research from unfair commercial use. In a broader context, the prevailing legal framework is based on a need for coherence and equilibrium between the general regulation governing public access or freedom of information and the sector-specific legislation regarding authorisation and supervision of medicines. In this blog post, we provide a summary of these cases, as heard in the European Courts to date.
The new General Data Protection Regulation 2016/679/EU (GDPR), which will apply throughout the EU from 25 May 2018, has strengthened the protection of individuals’ personal data. Data subjects have new rights to help ensure their data are processed securely and with adequate protections (such as the right to erasure of personal data—the “right to be forgotten”—and to data portability), and there are clearer responsibilities and obligations placed on companies using such data (such as the need to appoint a data protection officer and to carry out a data protection impact assessment). Penalties are also substantial: national regulators will have the power to impose fines of up to €20 million or four percent annual global turnover, whichever is the higher.
How these strengthened rights fit with other sector-specific legislation where large quantities of data are collected and processed, such as clinical trials, is currently unclear. Added to this, there are no transitional rules governing how data currently held and being collected will be dealt with once the GDPR becomes applicable. Our recent article discusses some of the implications for clinical trials, focusing on the changes that affect the collection of data from data subjects, and their rights under the GDPR. It is clear that all organisations should consider their processes in light of the GDPR, and understand the remit of their compliance responsibilities, particularly for trials and data processing that have already started.
On 20 July 2017, the EMA published the updated guideline on first-in-man (also known as phase I) clinical trials. First-in-man trials often carry the greatest risks, and have been the ones that generate the biggest headlines when they have gone wrong, for example the Phase I trial in France by Bial-Portela & CA SA in 2016. The new guideline, which applies not only to first-in-man trials, but also to all ‘early phase clinical trials’ that generate initial knowledge on tolerability, safety, pharmacokinetics and pharmacodynamics, aims to ensure such trials are conducted as safely as possible, and assists sponsors in the transition from non-clinical to early clinical development.
Under the new Clinical Trials Regulation 536/2014/EU, it is now a requirement for the sponsor of a clinical trial to report to the regulatory authorities a serious breach of the Regulation or to the clinical trial protocol (Article 52). A serious breach, in this context, is defined as “a breach likely to affect to a significant degree the safety and rights of a subject or the reliability and robustness of the data generated in the clinical trial“. This requirement is currently contained in the legislation of some Member States, such as in the UK (Regulation 29A Medicines for Human Use (Clinical Trials) Regulations 2004/1031), but was not previously included in Directive 2001/20/EC or in ICH GCP (although a sponsor should list all significant protocol non-compliances in the clinical study report). This is, therefore, the first time that there is such a requirement in all EU countries.