Good Clinical Practice Guide
Results 1 to 2 of 2

Thread: Consent Form advice please

  1. #1
    Forum Member
    Join Date
    Nov 2017
    Posts
    1

    Consent Form advice please

    Hi, I'd be very grateful for thoughts/advice on the following Consent Form questions please:

    • Should the Consent Form include the trial number/Patient ID? This is usually not known until after patient registration and after the Consent Forms have been signed; copied and distributed; including a copy to the patient. It also relies on the site going back to the original and adding the trial number. Is this an issue as the original does now not match any copies. Some of our trials don’t include it for the reason of not wanting to amend post signing and it has often been a finding at monitoring visits that site staff have forgotten to go back and add it; but other trials say it is useful for example to reconcile against samples which are sent to a biobank along with a copy of the Consent Form; as the samples are identified by trial number only?
    • Is it good practice to document time of consent in the source (and therefore capture it on the Consent Form)? Unless there are very time specific screening activities and we are collecting time of procedures on the CRF; I’m not clear if this is necessary.
    • We are also reviewing our Consent Forms to ensure we are appropriately consenting for long term data retention/sharing and future storage of samples which are gifted by the patients; i.e. either in a biobank or for possible future use in other research beyond the REC approval. Is there any guidance on wording for such sections of the Consent Form available?
    • As long as there is an agreed process in place; including transfer; checking and storage (if required) of the Consent Form; are there any issues/considerations for asking sites to provide copies of the Consent Form to the trials office?

  2. #2
    Forum Member
    Join Date
    Nov 2011
    Posts
    152
    You ask a lot of questions which would take a great deal of time to respond to.
    With regard to one question:- “As long as there is an agreed process in place; including transfer; checking and storage (if required) of the Consent Form; are there any issues/considerations for asking sites to provide copies of the Consent Form to the trials office?”

    There are lots of answers about consent on the MHRA GCP forum under Monitoring an Investigator.

    My Question to you:-
    The big question is why are copies of consent forms being sent to a trials office?
    What is the trials office doing with all this Personally Identifiable Information (PII)? How is the information used? If it is only used for project management logistics, is this a suitable use of sensitive personal information and all the attendant risks involved?
    Should alternatives be considered? For instance encrypted E-Mailing a recruitment/enrolment form that details that subject XYZ (subject code number only), gave consent on date X, time X (time is very useful to show subjects have ample time and that they have had a prior interview) and whether they then qualified to be enrolled after subsequent screening, etc. In this way no PII is transmitted, but project management information is available to the trials office. In fact eCRFs or IVRS or IWRS are good systems to use to collect data on subjects status.
    Faxing documents that contain Personally Identifiable Information (PII) is a risky process. The fax may go to a wrong number and also not all fax machines are password protected such that only the authorised recipient has access to the output. If using fax technology it is always advisable to get verification of the safe receipt by the authorised recipient of all faxes.

    How are the consent forms stored by the sponsor or sponsors agent (CRO)? Handling PII (outside of the research centre) always includes a high risk that there may be a violation of subject confidentiality. Suitable measures must be taken to ensure that PII is securely and confidentially maintained. How will they be archived in the long term or will these copies be confidentially destroyed (& verified destruction documented)? Long term storage of PII also includes long term risks that confidentiality could be violated at a later date (15 or 25 years!).
    As copies are transmitted it must be true that the originals are safely stored by the PI at the investigator site.
    If the site redacts or pseudonymised, the consent forms before sending to the trials office, then what use would they be, as they do not identify the subject. In that case a recruitment form that only identifies the subject by trial number (as above) would be more useful and less risky.

    There is a divergence of opinion between the EMA & MHRA.
    The final EMA TMF guidance is very strongly worded that consent forms should be should maintained under the sole control of the investigator/ institution. Previous MHRA guidance (2012) allows for a different approach.

    EMA Final TMF guidance 2018:- Essential to segregate some documents,… Those that are generated and/or held by the investigator/institution only eg. subject identification code list filed in
    investigator TMF only.
    Investigator TMF includes … personal data that enable the data subjects to be directly identified (i.e. direct identifiers of trial subjects); for example, subject identification code list, subject-related source documents and signed consent forms, which should remain under the sole control of the investigator/ institution due to data privacy requirements. Documents containing direct identifiers of trial subjects, such as the subject medical files, the identification code list and informed consent forms, should be maintained separately by and under the control of the investigator/institution.

    In contrast UK MHRA GCP Guide (2012) 7.5.3.2 “When using central monitoring ...when collecting signed consent forms, laboratory results with subject identifiers or contact details for follow-up telephone calls/questionnaires, a formal system should be in place that complies with the Data Protection Act 1998 to ensure access to the confidential information is restricted and that the subjects of the clinical trial are aware that a sponsor or third party may have access to their data. This may be explicitly detailed in the subject information sheet or consent form approved by the REC”.
    Elsewhere in the MHRA Guide it states that (10.2.1):- "it is essential to segregate those documents that are generated or held by the sponsor ... from those of the investigator, as some documentation held by the investigator should not be provided to the sponsor. .. For example, the sponsor must2,3not have documents such as consent forms and subject identification lists..” .. “ under certain circumstances subjects can specifically consent to this information being sent outside the investigator site, for example if required by the protocol or central monitoring procedures.”
    Elsewhere in the GCP guide it also states that diaries must5,6 be checked to remove personal identifiers before they are supplied to sponsors (8.2.7) and it quotes 2 UK regulations.
    The MHRA has previously been very sensitive about confidentiality; “... release of patient sensitive information outside of the research team is considered a critical issue” (06Jul2007). In fact the MHRA has often presented in their frequent inspection findings list, the finding of "subject details sent outside investor site". These frequent inspection findings may change in light of the MHRA GCP Guide proposal where it will only be a finding if details are sent to a sponsor organisation without explicit consent of the subject, data protection processes in place and REC application information.

    EMA IWG website Q & A:- To protect the privacy of research subjects, data collected in clinical trials and reported to sponsors should always be pseudonymised (coded, as referred in ICH E6 (R2) point 1.58). In this context "coding", is the process of assigning to a name or other direct identifier a unique code. The process of assigning a subject identification code meets the definition of pseudonymisation described in Article 4(5) of the GDPR: "Article 4(5) GDPR - pseudonymisation' means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person." Recital 26 of the GDPR also clarifies that the personal data which have undergone pseudonymisation are information on an identifiable natural person and as such, they are considered personal data and hence fall under the scope of the GDPR… Thus, as long as there is a link between the subject identification code and the subjects' identity at the clinic level, such data should be regarded as "pseudonymised" and thus should be handled as personal data.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •