Remote monitoring of cardiac implanted electronic devices: legal requirements and ethical principles - ESC Regulatory Affairs Committee/EHRA joint task force report

Jens Cosedis Nielsen, Josef Kautzner, Ruben Casado-arroyo, Haran Burri, Stefaan Callens, Martin R Cowie, Kenneth Dickstein, Inga Drossart, Ginger Geneste, Zekeriya Erkin, Fabien Hyafil, Alexander Kraus, Valentina Kutyifa, Eduard Marin, Christian Schulze, David Slotwiner, Kenneth Stein, Stefano Zanero, Hein Heidbuchel, Alan G Fraser

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)


The European Union (EU) General Data Protection Regulation (GDPR) imposes legal responsibilities concerning the collection and processing of personal information from individuals who live in the EU. It has particular implications for the remote monitoring of cardiac implantable electronic devices (CIEDs). This report from a joint Task Force of the European Heart Rhythm Association and the Regulatory Affairs Committee of the European Society of Cardiology (ESC) recommends a common legal interpretation of the GDPR. Manufacturers and hospitals should be designated as joint controllers of the data collected by remote monitoring (depending upon the system architecture) and they should have a mutual contract in place that defines their respective roles; a generic template is proposed. Alternatively, they may be two independent controllers. Self-employed cardiologists also are data controllers. Third-party providers of monitoring platforms may act as data processors. Manufacturers should always collect and process the minimum amount of identifiable data necessary, and wherever feasible have access only to pseudonymized data. Cybersecurity vulnerabilities have been reported concerning the security of transmission of data between a patient’s device and the transceiver, so manufacturers should use secure communication protocols. Patients need to be informed how their remotely monitored data will be handled and used, and their informed consent should be sought before their device is implanted. Review of consent forms in current use revealed great variability in length and content, and sometimes very technical language; therefore, a standard information sheet and generic consent form are proposed. Cardiologists who care for patients with CIEDs that are remotely monitored should be aware of these issues.
Original languageEnglish
Pages (from-to)1742-1758
Number of pages17
JournalEP Europace
Issue number11
Early online date29 Jul 2020
Publication statusE-pub ahead of print - 29 Jul 2020


  • Cardiac implantable electronic device
  • Cybersecurity
  • Data controller
  • Data processor
  • EHRA
  • ESC Regulatory Affairs Committee
  • General Data Protection Regulation
  • Informed Consent
  • Informed consent form
  • Joint data controller
  • Remote monitoring


Dive into the research topics of 'Remote monitoring of cardiac implanted electronic devices: legal requirements and ethical principles - ESC Regulatory Affairs Committee/EHRA joint task force report'. Together they form a unique fingerprint.

Cite this