Informing the patient about the processing of their personal data, which is mandatory in the InformConsent Form, has even become a prerequisite, essential for obtaining the patient’s participation agreement in the clinical trial as well as for the latter’s authorization by the competent data protection authorities. Conducting a successful clinical study therefore now requires perfect control of the patient’s consent process and related legal provisions.
The Inform Consent Form and the cornerstone of patient consent
In clinical research, the Inform Consent Form (ICF) is intended to ensure that the participation of any person in a research project is free and informed. This consent is part of a definition that has become formal, designating “any free, specific, informed and unequivocal expression of will, by which the person concerned agrees, by a statement or a clear positive act, to participate in a clinical trial”. This consent must be informed, which requires clear and precise information allowing the person to understand how their personal data is collected and processed, in order to make an informed decision whether or not to give their consent to participate in the clinical trial
It is therefore essential to set out in the framework of the ICF all the constituent elements of informed consent. This document must include in detail the objectives pursued, the method (study description, visits, product information), the legal aspects, the financial aspects as well as the patient’s data protection and privacy.
How to meet the requirements of patient data protection in the ICF?
The mention in the ICF of the processing of personal information applicable in the context of a clinical trial is necessary for more than one reason. It is not only a question of guaranteeing the protection of patient’s rights and freedoms, by issuing the now mandatory GDPR information, but also of addressing the need for reliable and quality personal data collected, and of ensuring the integrity of this data subsequently.
The requirement set by the regulations on highly sensitive data, such as health data aims to ensure compliance with the personal data protection. As such, the dedicated section in the ICF makes it possible to avoid any confusion between consent to participation in a clinical trial and explicit consent to the processing of personal data.
Consent forms local regulatory tones
The Guide to Good Clinical Practice developed by the International Council on Harmonisation (ICH) section 4.8 10, lists a total of 20 specific points that are embodied as subjects of vigilance in the drafting of the ICF.
Generically, these elements cover many fields regarding data protection requirements:
- the purpose of the data processing – i.e the reason why the data is processed by differentiating between research, care and pharmacovigilance,
- the categories of data concerned,
- the duration of data detention,
- the basic basis as well as the legal basis for processing personal data,
- the exercise of patients’ rights.
The protection of sensitive personal data is exposed to local data protection regulation related to the country in which the study takes place. In addition to following the ICH guidelines, which help enforce the provisions of the GDPR, clinical trial sponsors must comply with these legal obligations.
In Europe, health data processing activities are strictly regulated by the General Data Protection Regulation that defines the protection of EU-member citizens’ data since 2018.
Patient data processed in the context of a clinical trial, even pseudonymized, are subject to this data regulation, knowing that some EU member states prefer the legal basis of consent (Article 6. A of the GDPR) while others opt for the legitimate interest of the sponsor (Article 6. F of the GDPR).
As such, the ICF must be drafted in a specific way.
Compliance anticipation: a key for the trial sponsor
The description of the sponsor’s practices in terms of health data protection must be complete from the policy on managing the exercise of patient’s rights, to the data retention policy. It must, prior to the drafting of the ICF, have a clear idea of how it intends to protect the patient data included in its clinical trial, especially since the GDPR extends to subcontractors’ obligations previously imposed only on data controllers.
Finally, the sponsor’s dialogue with the Ethics Committee is based on the formalism of the ICF since the Committee gives its opinion on the conditions of validity of the research, in particular about the compliance with data protection of trial participants. Understanding one’s expectations and uses therefore makes it possible not to delay the phase of patient inclusion.
A key document of a clinical trial, the ICF is therefore part of a GDPR compliance framework that requires in-depth knowledge and a perfect mastery of European data protection regulations. It is precisely the expertise of Iliomad, which accompanies you in the process of writing this document, implementing the appropriate language, and taking into account the regional and national data protection prerequisites.
Sign up for our newsletter
We like to keep our readers up to date on complex regulatory issues, the latest industry trends and updated guidelines to help you to solve a problem or make an informed decision.
UK's NHS says hackers have published data stolen in ransomware attack
The UK's National Health Service (NHS) has confirmed that data stolen in a ransomware attack on Synnovis, a medical diagnostics service, has been published online, and the extent of the breach and its impact on patients is under investigation.
FTC Completes Updates to Health Breach Notification Rule for Health Apps
The Federal Trade Commission announced it has finalized changes to the Health Breach Notification Rule (HBNR) that will strengthen and modernize the rule by clarifying its applicability to health apps and other similar technologies and expanding the information that covered entities must provide to consumers when notifying them of a breach of their health data.
