Reminder: Do not include any PHI or PII in Confluence. If you require 508 accessibility assistance or any other support for this system, then please send an email to onc-jira-questions@healthit.gov
Please provide any feedback regarding this scenario in the comment form below or by clicking here. |
---|
A federally qualified community health center (FQHC), a Covered Entity, and a research institution decide to participate in a longitudinal cohort study recruiting a representative sample of the U.S. population, including children and adolescents. Data transmission will be brokered by a Coordinating Center. This research poses minimal risk to the children, adolescents, and adult participants.
The IRB-approved research protocol includes specific provisions for children and adolescents who are initially consented into the study by their parent or legal guardian. The protocol requires assent of the minor and consent by at least one parent. The protocol will allow the patient’s parent or legal guardian to contact the researcher at any time during the study in order to withdraw the patient’s consent. When the patient reaches the legal age of consent, they will need to be re-consented or they may choose to withdraw their consent at that time.
The research protocol specifies a process for identifying and contacting patients once they reach the legal age of consent. The legal age of consent varies in each state, meaning state laws and regulations, in addition to federal laws, must tracked and applied throughout the study. The protocol specifies the roles and responsibilities of the Covered Entities and the researcher to identify patients that have reached the legal age of consent and the procedures to contact those patients. For example, either the Covered Entity or the researcher may be responsible for devising a method to track the age of their enrolled patients and flag a participant at least a month before they reach the legal age of consent in their state.
In addition, the protocol defines the responsibilities of the Covered Entities and the researcher in terms of the capabilities of their respective Information Systems for consent management. The Covered Entities’ Information System tracks enrollment and automatically triggers an alert that an enrolled child will reach the legal age of consent for release of health records, based on the birth data entered into the system. The Researchers’ Information System (alternatively, the Coordinating Center) produces a similar alert based on enrollment information.
If the minor participant chooses not to participate in the study or reaches the legal age of consent but cannot be successfully contacted for reconsent, the researcher must suspend data collection (alternative: they must remove a patient from the study and discontinue analysis of that patient).
The approved protocol specifies that a Coordinating Center will collect an enrolled patient’s healthcare records from the Covered Entity’s Information System on a quarterly basis until the participant withdraws from the study. The Covered Entity obtains authorization from the patient’s parent or legal guardian to release the patient’s data from the Covered Entity’s Information Systems to the CC. The researcher from the research institution obtains authorization from the patient’s parent or legal guardian to participate in the study, as specified in the research protocol approved by the IRB.
Questions:
- How often does the Covered Entity or the researcher need to obtain consent? Quarterly? Yearly? Is it legal and/or ethical to ask for perpetual consent?
- At what age should a child’s assent factor into the consent process, in addition to the parent or legal guardian’s consent? At what age is there a dual responsibility?
- What are the obligations of the Covered Entity and/or the researcher to end the data flow once consent has expired when a participant reaches the legal age of consent?
- What procedures should there be for the data itself and how it is preserved, protected or destroyed when reconsent is not obtained. Are there laws that address retention that we need to account for here?
- Are there additional state law restrictions beyond the legal age of consent that would preclude a researcher from tracking down a participant for reconsent?
- Acknowledging that information systems that the Covered Entity and the researcher have access to are imperfect and resources are limited, how should they parse out the shared responsibilities of managing consent for (a) data release and (b) data use for minors as their consent status changes with age?
- What technical specifications are necessary to carry out the provisions in the research protocol for the Covered Entity’s or the researcher’s Information Systems?
Title | Response |
Description | The Covered Entity must obtain authorization from the patient or the patient’s parent/legal guardian to release their records. The researcher must obtain consent from the patient or the patient’s parent or legal guardian to use their data for the study, in a manner consistent with the terms of consent included in the IRB approved research protocol. |
Primary actor/participant | Covered Entity, Researcher |
Support actor/participant | Information System(s), Coordinating Center |
Preconditions |
|
Postconditions |
|
Alternative |
|
Considerations |
|
Data Elements Considered | Healthcare records, Study Data |
Purpose of the Data Collection | Clinical care, administrative purposes, research |
Purpose of Data Use | Data registry |
Terms of Transfer to the Data Holders | Patient authorization
|
Terms of Transfer to Researchers | IRB approval |