Importance of Secure eConsent Implementation

Owned by Mandavi Kashyap
Last updated: May 15, 2023
5 min read

eConsent forms must be implemented in a way that meets applicable regulatory requirements for the study. This page focuses on the requirements outlined in the Personal Information Protection and Electronic Documents Act (PIPEDA).

Privacy Regulations and REDCap eConsent

Meeting the requirements of a secure electronic signature

Essential components for eConsent include:

Essential components for eConsent include:

An eConsent form must meet the following requirements:

  1. Unique Signature: The form should include a signature that is specific to the individual and can consist of letters, characters, numbers, or other symbols.

  2. Sole Control: The person should have sole control over attaching their signature to the form, ensuring that they have full authority over its inclusion.

  3. Person Identification: The form should clearly identify the person providing the consent, ensuring their identity is accurately recorded.

  4. Modification Detection: There should be a mechanism in place to determine if any modifications were made to the form after the signature was obtained, ensuring the integrity of the consent process.

What strategies can be implemented in REDCap to meet these requirements?

What strategies can be implemented in REDCap to meet these requirements?

To meet these requirements in REDCap, the following strategies can be implemented:

  1. Signature Field: Utilize a signature field or a text box field to capture the necessary information, such as name or initials, to serve as the unique signature.

  2. Read-Only Form: Mark the signature field with the @READONLY-FORM action tag, preventing it from being completed directly in REDCap. Instead, participants can complete the form in a separate survey.

  3. Linking the eConsent Form: Establish a connection between the eConsent form and the participant's record. This can be done by either including the form as part of the participant's record or using a study ID or other means of linking the two together.

  4. Enable the "e-Consent Framework + Auto-Archiver": Activate the "e-Consent Framework + Auto-Archiver" feature, which automatically captures a static copy of the form upon submission. This ensures that the consent form remains intact and unaltered for future reference.

By implementing these strategies in REDCap, you can meet the requirements for an eConsent process that includes a unique signature, maintains participant control over the signature attachment, accurately identifies the person, and allows for detection of any modifications made to the form after obtaining the signature.

Sending completed eConsent forms to participants

Email is not considered a secure means of communication and should not be used when sending identifying information.

If your eConsent form has a blank copy available for download (a good practice for allowing the use of accessibility or other tools), include a reminder that the participant should not email the form.

To send a participant a copy of their completed form, use one of the following methods:

To send a participant a copy of their completed form, use one of the following methods:

Checklist: Does my eConsent form meet the requirements?

 

Surveys are enabled in my project. The eConsent form is enabled as a survey

 

 

This means that the contents are displayed as images of the ‘paper copy’, or the contents of the form have been carefully copied over into the instrument as text.

 

To help ensure that only the participant is using the signature (or other) fields, they can be marked with the action tag @READONLY-FORM. This will make the field ‘greyed-out’ in REDCap while still being accessible in the survey view.

 

REDCap’s Auto-Archiver creates a PDF copy of the eConsent form when it us submitted. This is important for versioning purposes, as the consent form instrument may be modified in REDCap after the participant submits the form. This is also important in case the form is edited by a member of the study team after it is submitted.

When a consent form asks for information on behalf of the person obtaining consent, their information and signature is often secondary to that of the participant. Unless all individuals are filling out the form together in the same place, it can be tempting to allow the eConsent form to be editable so that the study team can countersign the form after the participant submits it.

 

To help protect the form from modification after submission by the participant, under the e-Consent Framework options ensure that ‘Allow e-Consent responses to be edited by users?’ is unchecked.

This helps prevent the eConsent form from being edited in the record, but does not preserve which version of the eConsent form the participant filled out if the instrument is modified in the Online Designer.

Learn more about how your study team can countersign a submitted eConsent form here.

 

REDCap’s Auto-Archiver only captures the form when it is submitted as a survey. Thus, eConsent forms must be completed as surveys. Using the @READONLY-FORM action tag helps enforce this by making it impossible to complete an eConsent form in REDCap.

 

As it is possible for the version of the consent form to change after the participant submits it (using the Online Designer), or for the information within in the form to be changed (if survey responses are allowed to be edited by users), it is critical that the static copy captured by the Auto-Archiver is used. This ensures that the form is accurate in version and information to what the participant signed.

 

 

Email is not considered a secure means of communication and should not be used when sending identifying information.

Â