Unlocking the Potential of eConsent: Demystifying Electronic Signatures
First, let’s clarify what we mean by eConsent. eConsent is just an electronic version of the existing informed consent process, a process that in itself is often mistakenly viewed as the same as getting a participant’s signature on the consent form. In reality, the signature is only part of the process.
The consent process itself comprises two elements:
- Presentation of the Informed Consent Form (ICF): This involves providing participants with the ICF electronically, allowing them to review it and seek clarification by asking questions.
- Participant's Acknowledgment of Understanding: This is signified by the participant's signature, either in wet ink or electronically, based on regional regulations.
Both of these elements can be done electronically: the ICF can be presented to participants in electronic form, and a version of the approved consent document can be shown to the participant as a PDF, ready for signing. Signing itself can follow a wet ink or electronic process, depending on regional regulations. The electronic presentation of the ICF to participants has not been the barrier to adoption of eConsent; the main barrier has been around the signature component of the process. There is confusion around the eSignature process, and this is leading the industry down a potential ‘rabbit hole’ due to a further misinterpretation of the relevant regulations. As mentioned in our previous blog, where misinterpretations persist, it creates complexities in the operational deployment of services, which ultimately impacts the end user, aka the patient.
When we look at eSignatures and the applicable regulations, let’s first remember what we are talking about: Consent. Consent is not a contract; it is to ‘give assent or approval for something to happen'. Unlike a contract, consent can be withdrawn at any time without penalty. There is a clear distinction between the two, and we should remember that when applying the rules around signatures, especially e-signatures.
European Regulations and Recommendations
From a European perspective, the December 2022 release of the Recommendation Paper on Decentralized Elements in Clinical Trials (1) by the joint Heads of Medicines Agency, European Commission, and European Medicines Agency was intended to provide clarity to the industry around what is expected when adopting decentralized elements in trials within the European Union (EU) in the post-pandemic world (the recommendations have been previously reviewed and commented on by THREAD). As you would expect, the recommendations addressed eConsent and, more importantly, the use of electronic signatures (eSignatures) as part of the consenting process.
The recommendations state:
“In general, the electronic signature functionality should be in accordance with the requirements described in the Guideline on computerised systems and electronic data in clinical trials(3). In addition, the method used to record informed consent should follow national requirements with regards to acceptability of electronic signatures (see appendix for current national provisions).”
At first pass, this could be confusing, so let’s review these two points:
Firstly, the revised March 2023 guideline on computerised systems and electronic data in clinical trialsx(2) states:
Electronic signatures can further be divided into two groups depending on whether the identity of the signatory is known in advance, i.e. signatures executed in 'closed' and in 'open' systems.
For 'closed' systems, which constitute the majority of systems used in clinical trials and which are typically provided by the responsible party or by their respective service provider, the system owner knows the identity of all users and signatories and grants and controls their access rights to the system. Regulation (EU) No 910/2014 ('eIDAS') on electronic identification and trust services for electronic transactions is not applicable for 'closed' systems ('eIDAS' article 2.2). The electronic signature functionality in these systems should be proven during system validation to meet the expectations mentioned above.
For 'open' systems, the signatories (and users) are not known in advance. For sites located in the EU, electronic signatures should meet the requirements defined in the 'eIDAS' regulation. Sites located in third countries should use electronic or digital signature solutions compliant with local regulations and proven to meet the expectations mentioned above.”
For clarity, let us now look at the definitions of Closed and Open systems (which are comparable between the FDA and EU).
- 'Closed' systems, the system owner knows the identity of all users and signatories and grants and controls their access rights to the system.
- 'Open' systems, the signatories (and users) are not known in advance.
Secondly, when you look at the appendix of the Recommendation Paper on Decentralized Elements in Clinical Trials -- which details the national requirements, most member states refer to eSignatures that conform to eIDAS5 standards, which could be seen as a contradiction to the definition above.
However, as highlighted in the Guideline on computerised systems above, when you read the eIDAS regulation (emphasis added), within Article 2.2 we see:
“Article 2 Scope
1. This Regulation applies to electronic identification schemes that have been notified by a Member State, and to trust service providers that are established in the Union.
2. This Regulation does not apply to the provision of trust services that are used exclusively within closed systems resulting from national law or from agreements between a defined set of participants.”
So why does this reliance on eIDAS still persist? Is it because member states see eConsent as an ‘Open’ system under the eIDAS regulation and the guidelines on computerised systems?
The Context of eConsent
To put all this into context for you, to be an ‘Open’ system, eConsent must be a standalone system with no other controls in place. While some eConsent systems can be seen as standalone systems that are not linked to other clinical systems and single identities are not maintained across the systems, true platform providers ensure that the decentralised elements are part of the same unified platform, where no one part is controlled by another system, so that an identity is managed across the platform, adhering to a ‘Closed’ definition.
In a ‘Closed’ system, participant identity is verified outside of the signature itself when participants are enrolled in a study and the site must independently verify their identity. This is done outside of the 'Closed' system, but access to the ‘Closed’ system is provided upon confirmation of identity, and there is an unbroken link between the identity documents held at the site and the access to the ‘Closed’ system, the unique participant ID or subject ID.
So, the question you need to ask is, “Do you treat your eConsent system as an 'Open' or 'Closed' System?” At THREAD, we define our platform services provided as a 'Closed' system and as a result, additional controls around the use of eSignatures are not required. For more information, visit www.threadresearch.com/econsent.