Many stakeholders, while convinced of the benefits to the patient by using electronic informed consent, are nonetheless hesitant about the legal and regulatory validity of this digital solution.
The acquisition of consent to participate in a clinical trial requires, that the potential participant be provided with all the information necessary to understand the possible risks and benefits related to the study treatments and, in its essential elements, a description of the procedures occurring during the trial. Voluntary and conscious patient participation is a key factor in optimizing the time and cost of a clinical trial.
The advantages of the electronic informed consent
In the last 10-15 years of research practice, the informed consent has evolved from a simple to a rather long document (more than 20-30 pages), with a large amount of complicated information describing many procedures difficult to understand.
An additional challenge of this process is the fact that a great number of less instructed or middle age/elderly patients really find the reading of this document exhausting and complicated to understand and ultimately , in many cases, they easily consent to participate in the trial because the doctor has told them that they can.
For this reason, the industry is moving towards the use of electronic solutions that, enriched with multimedia, video, graphics, audio help to describe the relevant characteristics of a clinical trial and thus greatly increase understanding of the content of the consent.
The procedure of the electronic consent consists of two stages. The first step is the discussion between doctor and patient about the content of the consent and supporting materials and, if the patient decides to participate in the proposed study, the second step is the signature, which can be done manually on the paper document or carried out electronically
Regulatory requirements for the informed consent and the electronic signature
Informed consent is governed by clear regulatory rules and guidelines, starting with the Declaration of Helsinki – Ethical Principles for Medical Research involving Human Subjects, adopted by the World Medical Association as amended in 2013 and more fully developed through international standards such as Ich GCP E6 (R2), CFR 21 , CFR 45, HIPPAA, GDPR, and the European Clinical Trial Directive.
In Europe electronic signatures are currently regulated by Regulation (EU) no. 910/2014 (e-IDAS Regulation). The common requirements for electronic signatures identified by European regulatory authorities fall into five main categories:
- Protection of patient data
This is the responsibility of the investigator who must ensure that the patient’s personal data is not accessible to the study promoter.
- Sharing of electronic consent data
Only anonymized patient identification data can be shared with the clinical trial promoter.
- Respect for privacy
The hosting of the electronic signature by third parties must comply with European data privacy requirements (GDPR).
- Verification of the identity of the trial participants
The procedure must allow the identification of the individual who actually signed the consent
- Responsibility of the investigator as owner of the consent process
The consent procedure should be activated and conducted by the investigator.
While all stakeholders, be they regulatory authorities, clinical trial promoters, and researchers agree that the use of media facilitates an overall understanding of the content of the consent, opinions are still divided with regard to regulatory and legal compliance of the electronic signature.
Genius Engage 2.0 and the European e-signature regulation e-IDAS
The type of electronic signature used in the Genius ENGAGE, the electronic consent application developed by Exom Group, falls into the category of the “advanced electronic signature”.
According to the e-IDAS regulation, an advanced electronic signature is a signature that has certain technical and security requirements, such as the following:
- uniquely linked to the signatory;
- able to identify the signatory;
- created using data that the signatory can, with a high level of security, use under his sole control;
- linked to the data signed with it in such a way that any subsequent changes to the data can be detected.
The electronic signature solution used in Genius ENGAGE, fully meets all these requirements. It allows to link each signatory to the corresponding signature through multi-factor authentication methods, such as the One-Time-Password (OTP), sent as text message to the signatory’s smartphone and the implementation of a control test.
The identification of the signatory is possible through the multi-factor authentication methods described above.
The use of electronically created data is under the sole control of the signatory through the levels of security required by law. The method used to capture and store the signature ensures that the acquired signature cannot be altered, copied or reused in any way within the application. The signature is uniquely associated only with that specific consent form.
Any change to the signed data can be detected by the application on the signed document, a certificate protecting it from subsequent changes. In addition, an audit trail system records all activities and any changes to the signed document.
The application allows the signatory to obtain proof of what he or she has signed by automatically sending a certified copy of the electronically signed document at the end of the process.
Finally, the Adobe Sign data centers, that manage the Genius Engage electronic signature procedure, are located in Europe, near Frankfurt and the three backup (passive) data centers are in Dublin and are fully compliant with the GDPR rules.
As discussed above, we can state that the advanced electronic signature used in Genius ENGAGE, the electronic consent application by Exom Group, meets the criteria of legal validity at European level.
In addition, the provider of the advanced electronic signature of Genius ENGAGE, among many others, holds the ISO27100:2013 certification for the management of information security systems and meets the requirements of the FDA 21 CFR Part 11 guidance, related to the characteristics of electronic systems used in clinical research.
However, pending the alignment of national and international competent bodies on a common position, valid and shared by each country, it is recommended to clarify at operational and contractual level, with promoters, competent authorities and ethics committees, the definition and sharing of obligations and responsibilities related to the valid collection of the informed consent through the advanced electronic signature solution.