According to the federal regulations that protect human subjects, “informed consent shall be documented by the use of a written informed consent form approved by the IRB and signed (including in an electronic format) by the subject or the subject's legally authorized representative. A written copy shall be given to the person signing the informed consent form.” (45 CFR 46.117)
While we are accustomed to thinking that documentation of consent is an in-person inked signature, there are many alternatives that satisfy these requirements.
The regulations that govern human subjects research and other state, local, and institutional laws, policies, and guidance do not directly outline what is considered acceptable documentation of an informed consent form, however they do provide guidelines to ensure that the documentation is valid:
The default “mark” made by a study subject is their signature however as noted by the federal regulations, “A person who speaks and understands English, but does not read and write, can be enrolled in a study by "making their mark" on the consent document, when consistent with applicable state law.” In this case, the mark may be a “X”, thumbprint, or other mark. If the study will be using an electronic signature capture method, know that there may be other requirements (see below).
If a consent process occurs in-person, verification of the identity of the person is straight-forward but what if the consent process is taking place remotely? Here are some ideas:
A virtual meeting or teleconference where the Study Team witnesses the signing of the informed consent form by the study subject. Some study teams have found that conducting the consent process virtually or by teleconference is an effective way to not only ensure study subject understanding but also a way to verify the identity of the person signing the form.
Using technology that supports an electronic signature. The use of an electronic signature is where things get a bit more complicated. Some regulations require a strict adherence to certain requirements such as with FDA regulated research (see 21 CFR 11.100(b)). Other laws suggest using a password or other security device to make sure the individuals signing electronically are indeed the individuals named in the document. Under the Massachusetts Uniform Electronic Transactions Act (“UETA”; see M.G.L. c. 110G § 9), the “efficacy of any security procedure” used in the e-signing process can be used to show that a record was attributable to the person who signed it.”
Examples of various methods that could be used include verification of state-issued identification or other identifying documents, or use of personal questions, biometric methods, or visual methods.
Our most applied set of regulations realizes that it may not always be possible to verify that the person signing the informed consent is the study subject and therefore encourages a risk-based approach to the consideration of subject identity. For example, for some research if the consent form was mailed (either by postal mail, email, fax, etc.) directly to the individual it may be sufficient verification if the signed informed consent form is sent back to the study team via the same method.
In these instances, it is recommended that the study team seek advice from the IRB.
According to the federal regulations, “…the person signing the informed consent (i.e., the subject or the subject’s LAR or the parents or guardians of subjects who are children) be given a copy of the written informed consent form (45 CFR 46.117(a) and 21 CFR 50.27(a))…”
The various federal, state, local, and institutional laws, policies, and guidance do not specify the required medium of the form and indicate that the copy provided to the subject can be paper or electronic and may be provided on an electronic storage device or via email.
The federal regulations go on to state that, “If the copy provided includes one or more hyperlinks to information on the Internet, the hyperlinks should be maintained and information should be accessible until study completion.”
And, Massachusetts Law states that, “You must not use software or security settings that would prevent the recipient from printing or saving a document that the recipient has been asked to sign electronically.” (see M.G.L. c. 110G § 8(a)).
While the federal regulations at 45 CFR 46 (again, the “Common Rule”) do not specify a research records retention period, other federal regulations such as FDA and HIPAA do. Moreover, Massachusetts state law and Harvard policy require a retention period for said documents.
Harvard University policy states that, “Researchers have certain obligations to record, maintain and retain research records, and to make those records available for grant monitoring and auditing purposes, as well as to enable investigators and the institution to respond to questions of research integrity and stewardship. See, e.g., 2 CFR 200, 42 CFR 93.106(b).” Moreover, according to the Harvard University General Records Schedule, all records associated with funded/sponsored projects must be retained for seven years after final project account closing unless a longer period is specified by the granting agency. For non-sponsored projects, records must be retained three years after final project account closing.
As the above guidelines demonstrate the flexibility in what is considered valid documented consent, there are certain regulations that require strict security requirements. As an IRB, we have determined that because of this, there are certain types of studies that require an in-person, inked signature as the only allowable method of documentation. These include studies that are regulated by the FDA and fall under 21 CFR 312 (drugs and biologics) and 21 CFR 812 (devices) and therefore require Part 11 compliance, as well as those studies regulated under HIPAA that require an individual authorization for research use/disclosure (45 CFR 164).