| Please provide any feedback regarding this scenario in the comment form below or by clicking here. |
|---|
A federally qualified community health center (FQHC), a Covered Entity, and a research institution decide to participate in a longitudinal cohort study recruiting a representative sample of the U.S. population, including children and adolescents. Data transmission will be brokered by a Coordinating Center. This research poses minimal risk to the children, adolescents, and adult participants.
The IRB-approved research protocol includes specific provisions for children and adolescents who are initially consented into the study by their parent or legal guardian. The protocol requires assent of the minor and consent by at least one parent. The protocol will allow the patient’s parent or legal guardian to contact the researcher at any time during the study in order to withdraw the patient’s consent. When the patient reaches the legal age of consent, they will need to be re-consented or they may choose to withdraw their consent at that time.
The research protocol specifies a process for identifying and contacting patients once they reach the legal age of consent. The legal age of consent varies in each state, meaning state laws and regulations, in addition to federal laws, must tracked and applied throughout the study. The protocol specifies the roles and responsibilities of the Covered Entities and the researcher to identify patients that have reached the legal age of consent and the procedures to contact those patients. For example, either the Covered Entity or the researcher may be responsible for devising a method to track the age of their enrolled patients and flag a participant at least a month before they reach the legal age of consent in their state.
In addition, the protocol defines the responsibilities of the Covered Entities and the researcher in terms of the capabilities of their respective Information Systems for consent management. The Covered Entities’ Information System tracks enrollment and automatically triggers an alert that an enrolled child will reach the legal age of consent for release of health records, based on the birth data entered into the system. The Researchers’ Information System (alternatively, the Coordinating Center) produces a similar alert based on enrollment information.
If the minor participant chooses not to participate in the study or reaches the legal age of consent but cannot be successfully contacted for reconsent, the researcher must suspend data collection (alternative: they must remove a patient from the study and discontinue analysis of that patient).
The approved protocol specifies that a Coordinating Center will collect an enrolled patient’s healthcare records from the Covered Entity’s Information System on a quarterly basis until the participant withdraws from the study. The Covered Entity obtains authorization from the patient’s parent or legal guardian to release the patient’s data from the Covered Entity’s Information Systems to the CC. The researcher from the research institution obtains authorization from the patient’s parent or legal guardian to participate in the study, as specified in the research protocol approved by the IRB.
Questions:
- How often does the Covered Entity or the researcher need to obtain consent? Quarterly? Yearly? Is it legal and/or ethical to ask for perpetual consent?
- At what age should a child’s assent factor into the consent process, in addition to the parent or legal guardian’s consent? At what age is there a dual responsibility?
- What are the obligations of the Covered Entity and/or the researcher to end the data flow once consent has expired when a participant reaches the legal age of consent?
- What procedures should there be for the data itself and how it is preserved, protected or destroyed when reconsent is not obtained. Are there laws that address retention that we need to account for here?
- Are there additional state law restrictions beyond the legal age of consent that would preclude a researcher from tracking down a participant for reconsent?
- Acknowledging that information systems that the Covered Entity and the researcher have access to are imperfect and resources are limited, how should they parse out the shared responsibilities of managing consent for (a) data release and (b) data use for minors as their consent status changes with age?
- What technical specifications are necessary to carry out the provisions in the research protocol for the Covered Entity’s or the researcher’s Information Systems?
| |
Description | The Covered Entity must obtain authorization from the patient or the patient’s parent/legal guardian to release their records. The researcher must obtain consent from the patient or the patient’s parent or legal guardian to use their data for the study, in a manner consistent with the terms of consent included in the IRB approved research protocol. |
Primary actor/participant | Covered Entity, Researcher |
Support actor/participant | Information System(s), Coordinating Center |
Preconditions | - All parties obtain all legally required authorizations for health data linkage and transfer (consent only, no DUA/BAA).
- The IRB approved research protocol specifies terms of consent and data release.
- Data requests use unique identifiers to protect the identities of patients so they cannot be re-identified.
- A child/adolescent’s parent or legal guardian will provide proxy consent for enrollment in the Study.
- When the patient reaches the legal age of consent, the Covered Entity or the researcher contacts the patient to update their consent to release their records and use their data as outlined in the research protocol.
- The Covered Entity and the researcher transmit the updated consent documents to the CC.
- The Covered Entity or the researcher suspends data collection if a patient reaches the legal age of consent and does not update their consent.
|
Postconditions | - The CC receives the consent information.
- The Covered Entity continues to transmit the participant’s healthcare records to the CC in a standardized format consistent with policy and protocol.
- The Covered Entity or the researcher sends any data that was not pulled in the interim period between the patient’s shift in age and reconsent to the CC.
|
Alternative | - The patient who has come of age has sensitive information that was collected while they were a child in the Study Cohort. The patient would like this information removed from records once they reach the legal age of consent.
- In a Continuing Review conducted annually by the IRB, the research team reports information considered to be sensitive, and this changes the risk level of the study. Data management protocols are changed accordingly.
- The patient who is not yet of age disagrees with parent on terms of consented data use.
|
Considerations | - Both assent from the child and permission from a parent is required
- If a child does not assent, that takes precedence over a parent’s permission
|
Data Elements Considered | Healthcare records, Study Data |
Purpose of the Data Collection | Clinical care, administrative purposes, research |
Purpose of Data Use | Data registry |
Terms of Transfer to the Data Holders | Patient authorization |
Terms of Transfer to Researchers | IRB approval |
