3 Major Regulatory Risks You Can Reduce with Electronic Informed Consent

March 14, 2018 Sandra "SAM" Sather

You may already know too well the challenges of a paper-based Informed Consent process, but did you know that Informed Consent is one of the most cited deficiencies by regulatory authorities? Paper-based informed consent increases your risk for delayed approvals, fines, litigation and even trial failure. 

Register for our webinar if you are interested in understanding why these risks occur and how you can leverage electronic informed consent technologies to significantly minimize them. We've invited special guest speaker Sandra "Sam" Sathers to join CRF Health's Mika Lindroos as they discuss: 

  • The status of regulatory risk in our industry
  • The 3 areas most at-risk in the current Informed Consent process
  • Solutions for reducing risk with eConsent
  • ...And more!

Full Transcript:



Hello and thank you for joining today’s CRF Health’s webinar. Today’s webinar is about regulatory risk, and 3 Major Regulatory Risks You Can Reduce with Electronic Informed Consent. We are very excited today to have special guest Sam Father. She is the VP of Clinical Pathways, with over 30 years of clinical experience. She’s a frequent speaker at industry conferences and has authored dozens of courses for clinical research training programs.

Joining Sam, we also have Mika Lindroos. He is the Director of Product Management at CRF Health. He’s been with our company for almost three years and feels most at home where technology meets humanity.

 So without further ado, Sam, I will pass the webinar over to you.


Good morning, good afternoon, good evening everybody and welcome to this presentation. And we’d like to start the webinar off with a polling. So on your screen, if you could answer the following question. What in your opinion of the three answers provided is your biggest regulatory challenge or risk with informed consent?

Interesting. So far we have Consent Development. You know, it’s pretty interesting that it’s outracing consent use, so use of the consent. And then we also have again the whole over oversight in Monitoring/Auditing. And I think throughout the presentation you’re going to see that these three categories, depending on what you do for your company or if you’re a site IRB, ethics committee, and/or sponsor, CRO, it probably shifts some of your opinion. But I think we’re really hitting on the three big areas.

We’re going to move into our learning objectives and agenda today. So for this presentation, we’d like to focus on three main areas. The first is defining informed consent, the regulatory risk categories. And we’re going to tackle this presentation, trying to actually go into these three categories, because there’s lots of regulatory risk for informed consent. So hopefully it’ll help you take away the information from this presentation and apply it in your projects. Then Mika is actually going to go into how we can actually look at eConsent and address some of these risks that we talk about from the first objective. And then I’ll come back and talk about, from these suggestions, how do you then start to look at your current systems, and where would you have to make some changes potentially to implement eConsent.

So to set the stage, US and outside the US, we know that informed consent is one of the most cited deficiencies by the regulatory authorities. And within the United States we see warning letters that cite informed consent. And these are the four major categories related to it. We’ve seen falsified ethics committee approvals. And we’ve seen where the use of a form has not been the approved form, it’s been the wrong version or not even approved yet. So then there’s also incomplete information, and not just falsified participant responses but incomplete. And then, failure to obtain consent at all, or prior to study procedures. It’s interesting, we think of an investigator being cited for lack of consenting somebody prior to study procedures. There’s a recent sponsor warning letter from the FDA that cites a sponsor for not preventing this from occurring. So quite interesting.


And then we have in the EMA, when we look at the European Medicines Agency, two really interesting reports that have been released. One is from a 12-year period for classifying and analysis of GCP worldwide inspection findings. And when we look at where informed consent falls, overall worldwide it falls #6. And this includes countries throughout Europe, Asia, Africa, Canada, US, and more. And in some countries, it’s really one or two, so it’s the first or second most common deficiency, for example in Asia. Then there is a specific report that was released in June of 2016 for the 2015 inspection report annually put out by the clinical GCP Inspector Working Group. And again, in the top ten, informed consent falls within those top ten findings. Now, interestingly enough, and it’s really important, and if you work with consent a lot you know it’s not just the form having the required elements, but it’s also supporting the process of consent, supporting the regulations for each of the stakeholders, no matter if it’s oversight again. And that’s where that first question came, you know, when we polled you. We really were looking at the different areas that we see regulatory citations.

So going into informed consent and regulatory risk categories, you can see from our polling question again, we really wanted to categorize this so we could actually present the information so you can take it within these categories, look at how we can actually apply eConsent and then how do you do it, how do you actually change your quality system and work with each other worldwide.

So first of all development. So developing the informed consent, it carries with it lots of risks and issues that lead to these deficiencies for inspections potentially. And within each category of risk we have to look and see for which stakeholder do these risks apply, and which group would be the one to take action to either prevent or mitigate or pass on the risk, etc. when you’re doing the risk management. The sponsor/CRO, ethics committee, and research sites.

So first let’s look at the sponsor/CRO, issues associated with the development of the consent itself. And one thing that you’re going to see as a general theme for any stakeholder is the first one, so inefficient content development process. And you can see in the polling we did, it is a very big pain point. The development of the consent process can be quite risky if we don’t have the right stakeholders involved, the right information to be within the consent, the right timing of approval, etc. So another area of issues is, what if it doesn’t meet your standard operating procedure requirements or local law or local institutional requirements. The other thing is, what if we design something that is not comprehendible or doesn’t support different types of populations worldwide that are going to be taking—so not patient-centric—from languages and also just literacy, that kind of thing. And then, what if what we developed that’s released to the ethics committee is not really what was agreed upon between the site and the sponsor. So this leads again to audit risk, data integrity risk, project delays, recruitment risk, and subject retention risk.

When we think about the ethics committees, notice that same issue of inefficient 

content development process. It’s an age-old problem. And then again the same kind of thing, it’s highly risky when an IRB doesn’t follow the SOPs they put in place to follow their requirements and to protect human subjects. It’s the same thing with local requirements. And then the other thing again, the IRBs protecting human subjects, and not having the ability to support that comprehension of those that are going to be consented. So the risks, again, really are many and they really mainly fall into these things like human subject protection, risk failure, falsified approvals, and audit risk.

And then, last but not least of course is the investigators and sites or institutions that conduct our trials. And again this inefficient content development process. What if the institutions not following their SOPs, not just on consent but also privacy, local regulatory requirements, protecting the subject again, meeting their needs, and also what if the content isn’t supporting what we legally need in our consent as well.


So the development, lots and lots of different risks for each stakeholder. The second category though we want to talk about today, related to informed consent regulatory risk is the use. And a lot of times we think of the use as really getting the signature, but we know from many messages from regulatory authorities, it’s really the process of consent, it’s not just a moment in time. And when we think again about the regulatory risk, let’s look at the stakeholder, the investigator, and the site, the group that’s actually going to use this consent form.

And when we think about the research site and the issues associated with the use of consent, just look at the number that we could just brainstorm and come up with. But if you were to really look at these and try to bucket them into different categories, it falls into three main areas. One is not supporting the elements that are required to be in the consent. So we can see an investigator being cited for that. The other thing is not supporting the process of consent. You can’t prove when you did something, who did it, did the individuals who are using the consent—either the participant, the patient, and/or the site—were they delegated to do it, was it the right people that should sign for the patient, all those kinds of things. So the documentation of the process. And a third piece which overlaps everything is, does the informed consent use support ALCOA, so the acronym for quality data. Do we have the attributableness of the subject and the person who is actually obtaining consent, do we have the legibility, actually make sure they document the accuracy, do we have the original and the contemporaneousness of the document. So all these things that we have a challenge currently in our current paper world.

The resulting risk of the use of consent have many risk categories. So those of you that are risk managers and do your risk assessments at the beginning of a project, you probably have a definite category for informed consent. But if you’re finding that your risk assessment’s not effective or sensitive enough, think of the categories that we’re talking about today, but also breaking it down into the different types of risks that can lead from consent itself. So from retention to study delays, etc. Usability, these all are things that really we’ve seen from inspection findings and also just the practicality of operations of our studies and the inefficiencies.

Finally, the third risk category for informed consent regulatory risks is the oversight, the monitoring, the auditing of it. And it involves all of our stakeholders. So when we think about the monitoring and oversight of it, we really don’t want to find out about deficiencies about informed consent down the road. As soon as possible. The ideal would be to prevent them. And we’re going to talk in the next section about many of these risk categories with eConsent could be preventing these types of challenges and not so much trying to find and manage them as fast as possible. With risk-based monitoring when it comes to remote monitoring, one challenge we’ve had is, how can we actually remote monitor that someone's been consented, and what can we actually remote monitor about the consent process. Not just the signature, but did we actually support the requirements of consent, that the adequate timing, adequate questions were answered, that the patient indicated understanding, that there was an evaluation process from those that are consenting someone, that they actually had data to look at to see if the patient actually understood key aspects. So when we think about, again, issues related to monitoring and auditing, big data integrity risks, cost risks, inspections, and potential project delays.

I know my section, the first section of the presentation, can be quite glum or gray. But now for the good news. So Mika’s going to take on the next section, related to preventing these regulatory risks with eConsent.



Excellent. Thank you, Sam. And also welcome everybody on my behalf as well. So yeah, now I guess we’re painfully aware that there are risks with informed consent. And like you said there are good news, so with the proper use of eConsent technology and deployment of eConsent technology, then a lot of these risks actually can be mitigated. And basically, in this part of the presentation we will go through the same risk areas of development, use, and monitoring/auditing and see how actually the risk prevention can take place by using eConsent.

So we start with the development part. And quite often when we talk about eConsent, we very much focus on the patient experience, on actually how easy it is for the patient to study the consent document and how easily they learn and how much more comfortable it is for them. And that’s very important, but what we often neglect is the development part, and we really need to rethink about the development paradigm because the risks of the development don’t go away with the nice user experience. And if you’ll allow me to make an analogy to the movie making industry, when the first movies were made, they took the camera to the theatre and they filmed the theatre play basically, putting the camera there and just watching the actors play and then recorded. And that was how first movies were made. And suddenly then they realized that okay, they can maybe do close-ups and they can do camera ramps and they can take the camera outside. And then a whole new world of movie making appeared. And the same thing applies to eConsent as well, so that quite often today, the development of eConsent is that we take the paper version and then we turn that into eConsent. And at its worst, it’s just the document, the same document, but in electronic format and nothing else. And that’s why we must really rethink the whole eConsent development paradigm, and we must start the development with the eConsent in mind, not the paper in mind. And with the proper use of technology that helps you to really increase the development speed of the consent, to support the whole development process of different stakeholders, and make the consent development really a collaborative effort where all the regulatory requirements are taken into account, and that’s the way you actually achieve good eConsent development.

And some of the items you can see here on the screen. So using a technology that provides proper support for access control and user rights for everybody working with the document, which keeps an audit trail of all the editing and then also supports the process so that the approval can be confirmed to happen in a correct fashion, and then also supporting messaging between the stakeholders and really driving the development through notifications and calendars and using templates and standard operating procedure language to meet the regional and local requirements.

So when tools are taken into use to support the consent development, so then also many of the risk areas can be mitigated. For example, when something has been edited and locked down it cannot be changed anymore, not even by accident. And this way there are no changes to the consent documents of the last stages of the deployment. We can use pre-approved language. And of course then we come to the patient experience of using a multi-media and interactive content to improve their comprehension. Also taking into account already in the design phase that we use proper identification, authentication mechanisms during the use and that we tier the information delivery. So when we take these things into account in the development of the consent, then many of the problems with the version control and using wrong document versions and unapproved document versions, then those go away with the use of the eConsent technology.


During the use phase, again, the patient experience is important, but there are a lot of steps, regulatory requirements, that you must support also in the eConsent process, of the informed consent process. And again, the nice experience doesn’t guarantee that, but with the proper technology then the process can be enforced so that the regulatory requirements are taken into account. So for example, making sure that already when we design the consent document and if it requires parents, for example, to sign or other signing requirements, they can be hard-coded into the consent document so that the content can’t be completed without all of the signatures in place. Also, when the site personnel signs, we can authenticate them and make sure that the right people are actually signing, not for example allowing the study coordinators to sign on behalf of the investigator or vice versa. And also making sure that the signing happens when it should happen and that it happens in the right order, so that the patient signs first and then the study personnel after them. All of this can be enforced by using eConsent. Also making sure that if the patient has questions, all the questions are answered, or that they themselves really confirm their participation properly before they sign. All of which, in the paper world, you can just skip forward and leave to it, but here in the eConsent world, we can enforce the process. And of course then taking a full audit trail of the consent use and the date and time stamps, so that we can really see how the consenting happened, what was discussed, what was highlighted, if there were knowledge checks or quizzes, how did those go. All of that can be recorded and provided as evidence of the consent session.

Already talked about the version control. So with the use of eConsent technology we can make sure that when a new version of the consent document is available then automatically the old version is deactivated, and then by definition you never can use an old version or outdated version or unapproved version of the consent document and sign it. Also making it much easier for the site because we can identify the people who need to be re-consented and track that and notify site personnel to it, to take action if needed. Also documenting the Q&A process properly, so that afterward it’s easy to say who authored the questions and which questions were raised and how they were answered. And then of course there are other benefits of using the eConsent. So for example, patient portals allowing the patient to log in and see the consent document, also between visits. Or then do the whole consent remotely without visiting the site, or maybe studying the consent before coming to the site. So all of these things are making the consent experience much more smoother and also reducing the regulatory risk.

So then lastly, about the monitoring and auditing part of the eConsent, and I think this was the area where most of the votes for pain points were voted in the beginning. And I think the key thing about eConsent from the monitoring point of view is that it’s real time and it’s remote, so basically meaning that once a consent has been done, then it’s immediately available for the monitor. And I think that’s a great benefit, first of all. If the monitor should have any questions about the site’s notes on how the consent session went. So you can think about if the consent happened, you know, before lunch and the monitor calls the site in the afternoon and asks about something, how the consent session went, versus if they go on site a month later and ask the same question. So it’s much easier to address any issues or clarify any questions right there. Also, with the consent technology, we can introduce different kinds of expiration dates and notifications, for example, when the documents are overdue or they need to be renewed, or anything like that. Also, of course, making sure that a site is performing the re-consent in a proper manner so the monitor can see how that is progressing and can if needed contact the site and ask them to speed up if needed. And of course the archives are available, so basically five, ten, twenty, fifty years later you can go back to the single consent document, see how it looks, you can see the whole audit trail, you can see all of the questions. You can basically reconstruct all experience, even fifty years later and make sure that everything happened as it was supposed to. So basically with these benefits, also the monitoring of informed consent when using eConsent is becoming a much much more easy and again reducing the regulatory risk.


So if I summarize, mostly where eConsent helps is preventing errors, it’s during the development phase, during the use phase, preventing errors, it makes sure that the right people are there, the right people are signing in the right order at the right time. That the content approval goes according to the process and only the right versions are available at the right time. And of course, it is more patient-centric. It’s much more convenient for the patient when they can study the information in smaller pieces, when there is tiered content in the consent, when there is multi-media available, when there is knowledge checks to help them focus on the important pieces of the information. So those things contribute to reducing the regulatory risk by using eConsent.

And next I hand it back over to Sam. And Sam will talk about actually how eConsent can be indicated to quality systems.


Great, thanks Mika. It’s nice to hear the good news side. And then, what’s really interesting about the collaborative process that you talked a lot about related to development. We have complexities in our studies where we have more than one kind of consent that needs to be signed, and some are optional, some are not. So as Mika said these systems can help support collaboratively making sure we have the right content, the right people required. You can anticipate what kind of vulnerable population you have, and are you likely to need impartial witnesses. And the system can set it up, really, at a study level but the also when the coordinator and/or the investigator goes to consent someone, they really have the ability to set up the system to meet the needs of the patient.

So when it comes to, how do we then put this into our quality systems. The quality systems being how you actually implement the DCP as the stakeholder. And again, when we look at what are the quality systems that we need to consider when integrating a new technology—and especially consent because it is really before we start collecting the case report form data, we’re having to really do this initial process and really goes at the time of draft protocol time. So when I went back to the EMA's reflection paper related to quality risk management, and they do a really great job of listing the six things that we should have in our clinical quality system. So it’s a great place to start to do a GAP analysis of how we currently do things versus if we’re going to do things like eConsent. So depending on the stakeholder, you would need to look at your SOPs and your computer systems, your documentation systems, QC, QA, and your training are the top six things. And depending on, again, your role, you need to look at each of these items in those different periods of time that we talked about, those categories of risk: when you’re developing a consent, when your consent is being used, and then also your oversight piece. So the oversight piece is interesting because it can actually fall within your vendor management as well. So say that you’re utilizing a central IRB or you’re utilizing a CRO that’s going to be part of the facilitation process if you’re the sponsor. And so when you think about where this touches on really looking at this from a sponsor perspective and your SOPs and the development, where it might go into cross functional groups as well. And then as well as what are the individuals that would be able to work on your team and how you would delegate those paths for them. So same thing with documentation systems, so trial master files. So how would this integrate in with your making movement to electronic trial master files, what gets filed at site versus at the sponsor.


One other thing that I wanted to make sure we’re not just referring mainly to the sponsor and investigators. There's also the ethics committees, to have the ability to have access to more oversight. Being charged with being responsible to make sure there’s adequate consenting of an individual, and you’re, most of the time, not there at the consenting process. So how do you do this oversight, and by really seeing that audit trail that Mika was talking about, about the interaction between the stakeholders when someone is being consented and how much time they spent in certain sections as well. So these areas. And one area that, if you think about your quality control, commonly it might be your monitoring section, either at the sponsor site or ethics committee, doesn’t matter. And how would that impact your on-site visit versus your remote, being able to review. Where would somebody be remote reviewing. So we have many different clients and types of clients with different thresholds of risk taking that have implemented some quality risk management systems and how they're going to monitor, how they currently monitor their study, and how would you monitor consent, and having the great ability to look at many different kinds of things, and deciding, from what the eConsent system can provide you, what do you need to put into place to then implement that. Some clients might allow the monitor to actually review and sign the consent remotely, some might—that might be where it's more so the audit trail of the timing that the patient spent and the date/time stamping and the logging that entry and maybe not seeing the actual signatures. So there are really different ways to approach this depending on your interpretation of the regulatory requirements and also where you are in the world. So a system needs to be flexible enough on the technology side, but then how you integrate it is how you then control it. Same thing with what you require in validation of processes on user rights and access, how can you actually control the system and support the delegation and the team listings that you have for your studies.

So it’s these sections. So what I would suggest is you do a GAP analysis of what you currently do versus what you wish to do with eConsent, and then you really then put processes into place and then decide where, maybe what would be your wish list has to be modified for some of the things I mentioned as well.

So that’s really the quality system piece of it. So what we talked about today is, what are the three main categories of risk in consent. Then we talked about how eConsent can address those risks, and then how to implement, how to start, where to go from there. So in your production of your project, when you choose to do eConsent, it really changes your project checklist, so things you need to actually answer and get from each other, from vendor to sponsor to CRO to the ethics committee and also your sites. It just really shifts some of the questions you’ll ask and your vendor management types of checklists, your evaluation of site checklists. Really, deciding to use eConsent as early as possible is really important, because you need to start talking to the different stakeholders and getting them involved as early as possible. So there’s been lots of great successes. So we hope that this presentation very much helped today in answering some of those questions.



Yeah, thanks Sam. So before we move on to the Q&A, a short word about how CRF Health approaches the eConsent. Basically, we take the risk part of informed consent very seriously. And we believe that we are deploying a technology that, when it’s properly used, the risk categories that we identified can be mitigated and basically we start really from the design part, providing electronic tools to design eConsent and then also eCOA, but in this context eConsent in a collaborative fashion and making sure it meets the regulatory requirements, and all the approval processes and version management happens through the tools. And then of course there is the actual patient or participant experience, a multi-media experience which takes into account the requirements of signing times, audit trails, and all of that. And then, as part of our single platform, we have of course the eCOA part for collecting data as well. But then managing and auditing, monitoring the trials, the consent process, and the eCOA process, using our tools. So this is our platform that we are providing for eConsent and eCOA. And when you do that GAP analysis of your quality systems and when you think about how you could actually deploy eConsent, if you would like to talk about those pain points and how a solution could potentially help there, please be in touch either directly to me or go to the CRF Health website and contact through there. Happy to discuss these things further with you.


 Great. Thank you Mika, and thank you Sam. We will move on to the Q&A portion of our webinar.

 [Q&A  starts at 36:45]

About the Author

Sandra "SAM" Sather

Sandra “SAM” Sather, MS, BSN, CCRA, CCRC, has over 30 years of clinical experience, a Bachelor of Science degree in Nursing and a Master of Science degree in Education with a Specialization in Training and Performance Improvement. She has served many roles in clinical research, including site study coordinator and manager, sponsor and CRO monitor, quality assurance auditor, risk manager, trainer, and performance management consultant. SAM has held clinical research industry certifications for over 15 years by the Association for Clinical Research Professionals (ACRP). She is a current member of the ACRP Academy Board of Trustees, and Regulatory Affairs Committee (RAC). SAM is a frequent subject matter expert for GCP regulation and speaker at industry conferences. Sam has authored many competency-based curriculums for various clinical research stakeholders.

Follow on Linkedin
Previous Video
Innovations in e-Consent: Reducing Regulatory Risk While Improving Participant Comprehension
Innovations in e-Consent: Reducing Regulatory Risk While Improving Participant Comprehension

As regulatory agencies push for more effective informed consent processes in clinical trials, eConsent can ...

Next Video
Visibility and Oversight: What Paper Informed Consent Isn't Offering You
Visibility and Oversight: What Paper Informed Consent Isn't Offering You

Speakers from Chesapeake IRB and CRF Health discuss informed consent oversight and visibility. See how elec...