FDA and OHRP Issue Collaborative Guidance on Electronic Informed Consent
On December 15, 2016, the Food and Drug Administration (FDA) and Department of Health and Human Services (HHS) Office for Human Research Protections (OHRP) jointly published guidance on the use of electronic systems to obtain informed consent. The guidance, developed in collaboration between the two agencies, finalizes a previous draft question-and-answer (Q&A) document published by the FDA.
In issuing the joint guidance, the federal agencies recognize that the use of electronic informed consent (eIC) is becoming a common and accepted research practice that may facilitate subject comprehension, provide rapid notification to subjects of new information, and promote timely entry of consent data into the study database. OHRP and FDA make it clear, however, that the use of eIC must continue to comply with the HHS and FDA regulations for informed consent and IRB review and the FDA regulations for electronic records and electronic signatures. But, in a nod to the constantly evolving eIC technology, the agencies acknowledge that a variety of approaches may be used to fulfill these requirements.
The joint guidance document therefore provides recommendations to Institutional Review Boards (IRBs), investigators, and sponsors on procedures that may be followed when using eIC to:
- help ensure protection of the rights, safety, and welfare of human subjects,
- facilitate the subject’s comprehension,
- ensure that appropriate documentation of consent is obtained, and
- ensure the quality and integrity of eIC data in FDA applications and made available to FDA during inspections.
Below is a discussion of the four main differences between the draft guidance and final guidance (Guidance).
The Process for Obtaining eIC
The Guidance emphasizes that, while eIC can generally be leveraged to improve subject comprehension and engagement, the process should still be appropriate for the individual subject. Therefore, the Guidance makes it clear that the responsibility for obtaining informed consent from each subject remains with the investigator and cannot be delegated to the electronic system. For example, depending on circumstances such as a subject’s lack of familiarity with electronic systems or impaired motor skills, the eIC process may not be appropriate or the subject may require help from study personnel while using the eIC technology. Thus, the Guidance states that, before beginning the eIC process, subjects should be told how long the eIC process will take and what information will be presented to them.
The eIC process should also be appropriate for the given subject population. In the context of pediatric studies involving an eIC assent process, the Guidance indicates that IRBs should consider whether the method used to obtain electronic assent promotes or impedes the child’s capability to provide assent.
Where applicable, the Guidance draws distinctions between the HHS and FDA regulations. One of the more striking differences relates to the requirements for obtaining a legally valid electronic signature. OHRP permits electronic signatures if they are legally valid within the jurisdiction where the research is to be conducted. The FDA continues to enforce an arguably higher standard, requiring compliance with the 21 CFR part 11 (Part 11) requirements for electronic records and electronic signatures. The Guidance emphasizes, however, that Part 11 permits a wide variety of methods to create electronic signatures, including the use of biometrics.
Similarly, in a new Q&A, the FDA clarifies that, while identity verification is a Part 11 requirement (to prevent fraud), the agency does not specify any particular method for verifying the identity of an individual. In contrast, OHRP states that it may not always be possible or necessary to verify identify for certain research (e.g. social behavioral minimal risk research).
Importantly, the FDA states that IRBs, investigators, and sponsors may rely on a statement from the vendor of the electronic system used for obtaining the electronic signature that describes how the signature is created and that the system meets the relevant requirements contained in Part 11. The Guidance does not indicate, however, whether reliance on a vendor’s internal assessment of compliance is sufficient or whether the vendor statement must attest to impartial vetting such as an external audit.
In a new Q&A, the Guidance describes the eIC materials that should be submitted to the IRB. This includes copies of all forms (electronic and paper) and informational materials, including any videos and web-based presentations, which the subject will receive and view during the eIC process. Any subsequent modifications to such material must also be submitted for IRB review and approval. The Guidance further clarifies that IRBs should review not only the text of the informed consent document, but any additional content that is part of the eIC, including comprehension questions and content referenced via hyperlink. The IRB’s responsibilities also include reviewing the usability of the eIC materials to ensure that they are easy to navigate and maintaining the version of the website information that contains the study-related information.
Interestingly, the Guidance parameters for IRB review are related to material that the subject “will receive and view” during the eIC process. This statement does not address what nonparticipant-facing aspects of the eIC platform might require review. (See below discussion regarding IRB review of eIC security features.)
Another important aspect to the Guidance is the recommendation that the investigator discuss plans for using eIC with the IRB before finalizing development. In many multi-site trials, however, it is the study sponsor, not the investigator, who develops the eIC or selects the eIC vendor. And, given the National Institutes of Health (NIH) Policy on the Use of a Single Institutional Review Board for Multi-Site Research and the proposed changes to the Common Rule, it will be important for study sponsors and clinical research organizations (CROs) to work with the central IRB and determine how to develop and review the eIC in a manner that allows for efficiency and consistency across sites.
Privacy, Security, and Confidentiality
Similar to the draft version, the Guidance states that the eIC system supporting an FDA-regulated clinical investigation must meet Part 11 requirements for restricted access and should include methods in line with the Health Insurance Portability and Accountability Act (HIPAA) Security Rule to ensure confidentiality regarding the subject’s identity, study participation, and personal information.
It is curious that there is no discussion regarding the privacy, security, and confidentiality measures required for HHS-regulated research. Presumably, in order to meet the IRB approval criterion that there are adequate provisions to protect the privacy of subjects and to maintain the confidentiality of data, any eIC system supporting HHS-regulated research should also comply with accepted standards for privacy, security, and confidentiality. Thus, IRB review of any eIC system should require an understanding of the security features of the software or application and any applicable devices.
Despite some lingering questions, the publication of this final document—and particularly the collaboration between FDA and OHRP—demonstrates governmental recognition of eIC as a legitimate and powerful tool that has the potential to benefit everyone in the research community.
Since the original publication of this article, Bloomberg BNA has published an article in their Medical Research Law & Policy Report, which features Kinetiq Vice President of Legal Affairs, Mitchell Parrish, on the topic of electronic informed consent. Excerpts of the article are provided below. To read the full article, visit the Bloomberg BNA website. (Requires subscription.)
“The joint FDA/OHRP guidance validates the concept that electronic informed consent (eIC) ‘is the way of the future and headed for large-scale adoption,’ Mitchell E. Parrish told Bloomberg BNA in a Dec. 15 e-mail. Parrish is the vice president of legal and regulatory affairs of Kinetiq, which is the consulting and technology division of the commercial institutional review board Quorum Review IRB.
“Parrish said the guidance identifies the potential benefits of eIC, including rapid notification of consent form amendments, timely entry of consent data into the study database and subject comprehension. ‘The key thing to note at this point, however, is there is not really an eIC tool out there that is capitalizing on the potential eIC benefits,’ Parrish said. ‘Technology is constantly evolving though and I predict a couple big years ahead for emerging eIC tools and their adoption.’
“The guidance is set up as a series of questions, and Parrish pointed to the question on ensuring privacy, security and confidentiality as ‘an important reminder’ regarding the Health Insurance Portability and Accountability Act privacy, security and breach notification rules. He said, ‘eIC vendors must be aware of the requirements in these Rules, especially considering the bar for compliance in many instances is beyond that of Part 11.’
“‘…The sponsor or CRO should be working with the IRB to determine how the eIC review will work in a manner that will produce one consistent IRB decision and not create redundant IRB reviews of the eIC at the investigator level,’ he said. ‘This switch in thinking is critical considering the important push towards efficiency in clinical trials, the National Institutes of Health (NIH) recent Policy on the Use of a Single IRB for Multi-Site Research, and proposed revisions to the Common Rule.'”
Reproduced with permission from Medical Research Law & Policy Report, 15 MRLR 722, 12/21/16.
Copyright 2016 by The Bureau of National Affairs, Inc. (800-372-1033)