Decentralized Trials Resource Guide

Remote Data Monitoring

Traditionally, the sponsor has assessed site performance, data quality and addressed risk using on-site monitoring at regular intervals. This activity includes a combination of Source Data Verification (SDV) for accuracy as well as Source Data Review (SDR) for quality. Due to COVID, access to the site is restricted and many sites have started to adopt remote methods for data monitoring. However, many of these strategies were implemented quickly as a stopgap to get research started again. Further, many institutions adopted different strategies, some of which pose challenges for the sponsor depending on relative risk tolerance (e.g., access to EMR that cannot be restricted to specific patients). The ideal solution to remote monitoring is well controlled, direct access to electronic medical records (EMR) by the sponsor that is restricted to only the participants that need to be monitored. Sites may be constrained by the capabilities of their current technology. Ideally, establishing interoperability of EDC systems, EMRs, and digital data collection tools can reduce the amount of SDV required by study monitors. Sustainable solutions may be achieved through technology adoption and a cultural shift toward new processes and procedures.

Ethics & Regulatory

  • ICF should inform the participant that their medical records and study information will be reviewed remotely by the sponsor while maintaining patient’s privacy and confidentiality.
  • The REB may want the ICF to be explicit on the mediums for record access.
  • In the absence of regulations or guidance from Health Canada, defer to ICH-GCP.

Privacy & IT

  • Privacy requirements: what are the essential elements of a privacy assessment of systems?
  • Validation of systems (21CFR compliant) with documented procedures and training process (ICH E6, 5.5.3) is necessary.
  • IT Support include training, process, policy, and confidentiality agreements.
  • EMR systems should be a validated robust system (audit trail, internal security safeguards, controls, etc).
  • CRAs must sign a confidentiality agreement with any sites offering remote EMR access. In some cases, remote EMR access is limited to the specific patients in the study (i.e., controlled access). This is a preferred scenario.
  • Licensing agreements may limit access in some sites.
  • Solutions must be CFR21, Annex II compliant and ICH E6, 5.5.3 compliant.
  • Solutions must have a robust, compliant record retention policy.
  • Transfer of redacted documents to the sponsor increases risk of privacy breach.

Stakeholder (sites/sponsors/CROs/other)

  • Opportunity to move away from SDV in the context of automated data collection.
  • SOPs for remote monitoring must be in place both at site and sponsor and detailed in monitoring plans.
  • For complete remote access option, study sites must move to full electronic documents (source documents, Investigator Site File (ISF), pharmacy records, training records and logs).
  • Some sites have limitations to remote access of their EMR such as IT capability, privacy concerns and limited number of accounts.
  • Some sponsors can not accept uncontrolled access to EMR data due to organizational risk/privacy concerns, so the ideal platform could control access to specific records.
  • CTA should cover the access and privacy obligations of sponsor.
  • Sponsor review of legal agreements (including confidentiality agreement) may be required.
  • Record retention must be enabled for the entire required period.
  • Site self-governance strategies may reduce the need for sponsor on-site visits
  • Strategies adopted should be in compliance with ALCOA+ principles, specifically the “enduring” and “availability” components.
  • Create an instructional sheet for CRAs to clearly instruct on proper procedures and access to data.

Patient / Caregiver

  • ICF should inform the participant that their medical records and study information will be reviewed remotely by the sponsor while maintaining participant’s privacy and confidentiality.

Current Strategies

  • Current strategies for remote data monitoring fall in three buckets: 1- allow for direct EMR access, either segmented, supervised, or full, 2-use of screen share programs to facilitate CRA access to source documents or 3- use of document repositories like Veeva Site Vault .
  • Direct EMR access: Direct EMR access modalities include: Citrix Meditech, Mosaic, EPIC or through a remote desktop. Sponsors will provide a list of patients they want to monitor, and study lead in some cases will segregate patient data from the records of consented participants in the EMR. If the patient data is not limited the site will audit retrospectively what data was viewed.
  • Review of Source copies: Per GCP, monitoring is to be performed from source data or certified copies of source. Sharing copies of source (not true source) and performing SDR/SDV with copies of source may not meet these requirements.
  • In the case of SDV through video conferencing, paper documents must be scanned and shared through a secure program, (e.g., Sharepoint, MS Teams, Zoom). No recording or screenshots are allowed. An authorized member of the research team and the sponsor must both be in a private location when video conferencing, screen sharing or reviewing confidential documents.
  • In some cases, the researcher will provide de-identified redacted copies of the source and need a 2nd member of the study team to verify. Redacted source is not true source and sponsors will have the obligation to re-monitor when on-site visits resume. In all cases, the study team must log each transfer.
  • Document management systems (e.g. Site Vault): site will create an account in the system and provide access to source documents to perform SDR and SDV. Site can provide access to regulatory documents to perform site document collection and ISF/TMF reconciliation.

Opportunity to improve access to/uptake of decentralized approaches

  • Move toward site self-governance and risk-based approaches that may reduce SDV requirements and other on-site visit requirements.



  • Veeva: Veeva vault (eTMF for sponsor); Veeva SDE (site document exchange) for exchanging documents electronically between sponsor and sites; Veeva SRD (safety report distribution) for sending safety reports to sites and capturing site acknowledgement. Sites can use it like an electronic portal in which they upload source documents and grant access to the CRA who can monitor remotely. Source can be uploaded unredacted or redacted as per the site’s policy.  The system notifies the CRA when a document is ready to be monitored.

Realtime CTMS: e-source; e-consent; regulatory documents