RWE has become increasingly important following the implementation of the Medical Device Regulation MDR 2017/745, fully implemented from May 2021.
Medical device manufacturers are required to develop and implement a Clinical Evidence Generation system that generates real-world data on device safety and performance while remaining in compliance with all relevant legislation.
Real World Evidence (RWE) is the clinical evidence regarding the usage, and potential benefits or risks, of a medical product derived from analysis of RWD.
Examples of RWD:
data derived from electronic health records (EHRs)
insurance claims and billing data,
data from product and disease registries,
patient-generated data including in home- use settings
data gathered from other sources that can inform on health status, such as mobile devices.
“Traditional clinical data” is generated through traditional clinical trial (clinical investigation) that are defined as a research study in which one or more human subjects are prospectively assigned.
At the end of a clinical trial, there is usually limited knowledge of the medium and long-term safety and performance of the device. Estimates on longer-term data can be made on the basis of premarket trial durations, still these are generally inadequate to validate extrapolation hypothesis in real life, particularly implant longevity hypotheses (Hannan EL 2008).
In contrast to RWE data collection activity, a traditional clinical trial is more likely to have restrictive eligibility criteria designed to ensure that the participants have the disease of interest or have specific patient characteristics.
The aims of collecting RWE data as part of PMCF activities are:
With ECLEVAR MEDTECH, before engaging in RWE clinical study, a feasibility study is conducted to ensure the quality and the quantity of data. it is important to demonstrate that the data source is of sufficient quality and quantity for the intended use. The advantages of using RWD as a valid PMCF activity are of no relevance if the data source is of poor quality, as reliable decisions cannot be made based upon an unreliable data source.
Data quality is the completeness, consistency and accuracy of the data across the investigational centre involved in the study.
Real World Evidence generation systems, as a component of PMCF, will need to be documented in accordance with requirements for technical documentation as specified in the MDR. Annex II and III specify a range of documents that must be produced in support of every medical device, including a PMCF Plan, PMCF Report and a Clinical Evaluation Report (CER).
|1 - STUDY DESIGN||• Study synopsis • Clinical Study Plan (CSP)|
|2 - HOSPITAL MANAGEMENT||• Data check • Hospital Agreement • Regulatory requirements and documents|
|3 - DATA COLLECTION||• Data collection files • Data audit reports • Final database|
|4 - ANALYSES||• Statistical Analysis Plan (SAP) • Statistical report|
|5 - RESULTS RESTITUTIONS||• Clinical Study Report (CSR)|
|6 - PROJECT MANAGEMENT||• Project management|
The medical device:
vascular prostheses made of knitted polyester fabrics, in straight tubular shapes, impregnated with ultra-purified collagen of bovine origin, and are indicated for replacement or bypass of arteries damaged by an aneurysm or arterial occlusive disease.
As shown by the Clinical Evaluation Report, intended claims on clinical safety and performance are not sufficiently supported by existing clinical evidence. To maintain a “Vascular patch “in the European market, the sponsor has to conduct a PMCF study to generate sufficient clinical data in accordance with “Chapter VI – Clinical Evaluation and Clinical Investigations, specifically sections 62 – 82”. As well as ISO 14155:2020.
A Sponsor conducted RWE multicentre study to collect clinical data for Vascular patch. The objective was to examine short and long-term outcomes of using the device when exposed to a larger and more varied population.
All data were retrieved from medical charts for each patient from the time of surgery (considered as the baseline of study) until a maximum of 3 years after surgery.
A minimum of 250 up to a maximum of 300 subjects were evaluated from 3 to 8 different sites. At least 100 subjects were evaluated in carotid location and at least 100 in femoral location.
Applicable regulation and guideline:
Depending on the country you conduct your PMCF activity, whether you are putting in place a registry or conducting an observational study or simply a survey, the activity must comply with ISO 14155 and GDPR.
The PMCF study will be conducted in compliance with GDPR, and depending on the country, it follows a specific methodology (examples in France and Germany are provided below).
The advantage of using RWE as a valid PMCF activity, it requires light regulatory burden as the competent authority and the ethical committee approval are not required as long as the methodology of the PMCF activity will not deviate from the routine clinical practice.
By using a reference methodology called « MR004 » to conduct studies, research and evaluations on retrospective and prospective health data that do not include the human person
Each hospital would be following the MR004 as data controller, this includes:
By way of derogation from Article 9 of the GDPR, health data treatment shall be allowed if necessary for reasons of public interest in the field of public health, to ensure high standards of quality in medical devices (Art. 22 German Data Protection Code)
Processing: appropriate and specific measures shall be taken to safeguard the interests of the data subject and considering the state of art, scale, nature, and severity of the risks to the rights and freedom of natural persons.
Measures to ensure data protection:
In the UK, the Information Commissioner’s Office (ICO) is the independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individualsi.
Processing: Research organisations must meet all legal requirements relevant and a legal basis under the UK GDPR must be identified. An Article 9 derogation will likely be required as sensitive personal data is being processed.
Relevant legal frameworks such as the common law duty of confidentialityii through consent must also be met. Though, the interpretation of consent as a legal basis is considered impractical for processing data for health and social care research.
The sponsor, who determines the data to be collected through the protocol, acts as the controller in relation to the research data. If the data is routine data, also collected for other means, such as primary care records then there will be joint controllers of that data. Joint controllers add complexity to the collection and processing of data and must be taken into consideration.
Exemptions for research
A researcher can restrict these rights as set out within the exceptions on the basis that fulfilling these obligations would prevent or significantly hinder the research protocol and planned aims. There must be clear safeguards in place to minimise the risk of removing these rights. The decision to remove these rights should be evidence-based, and the context of that right within the research at that time. For example, removing one participant at the earliest stages of a project would likely have no impact, and therefore the right to erasure may be granted, yet removing 30% of participants at a more developed stage could significantly impact the research and its findings, therefore there would be more justification to utilise this exemption.
Due to the impact of leaving the EU, the UK regulatory framework requires a little more consideration.
For Northern Ireland, the EU MDR applies, and therefore the new requirement around PMCF should be followed.
For Great Britain – England, Scotland and Wales, the requirements of PMCF/PMS remain in line with the directives and relevant MEDDEVs mentioned earlier.
As for all countries, data protection is key when using RWD. In May 2018, the UK government put in place the Data Protection Act 2018 (DPA 2018); this Act applied all the clauses from the GDPR. Following the UK’s exit from the EU, the EU-GDPR no longer protected UK citizens. To prevent the loss of data protection, the UK government published an update to the DPA 2018 called the ‘Data Protection, Privacy and Electronic Communication (amendments etc) (EU exit) regulations 2019’. The GDPR is retained in domestic law as UK GDPR and sits alongside the amended DPA 2018.
The key principles, rights and obligations remain the same. The introduction of the GDPR has the aim of harmonising the differing national implementations of data protection, although the risk of diverging interpretations in case law now exists.