#consented - A semantic consent code to facilitate consistent documentation and implementation of consent in collaborative medical research.

INTRODUCTION: In German and international research networks different approaches concerning patient consent are applied. So far it is time-consuming to find out to what extent data from these networks can be used for a specific research project. To make the contents of the consents queryable, we aimed for a permission-based approach (Opt-In) that can map both the permission and the withdrawal of consent contents as well as make it queryable beyond project boundaries. MATERIALS AND METHODS: The current state of research was analysed in terms of approach and reusability. Selected process models for defining consent policies were abstracted in a next step. On this basis, a standardised semantic terminology for the description of consent policies was developed and initially agreed with experts. In a final step, the resulting code was evaluated with regards to different aspects of applicability. RESULTS: A first and extendable version for a Semantic Consent Code (SCC) based on 3-axis (CLASS, ACTION, PURPOSE) was developed, consolidated und published. The added value achieved by the SCC was illustrated using the example of real consents from large national research associations (Medical Informatics Initiative and NUM NAPKON/NUKLEUS). The applicability of the SCC was successfully evaluated in terms of the manual semantic mapping of consents by briefly trained personnel and the automated interpretability of consent policies according to the SCC (and vice versa). In addition, a concept for the use of the SCC to simplify consent queries in heterogeneous research scenarios was presented. CONCLUSIONS: The Semantic Consent Code has already successfully undergone initial evaluations. As the published 3-axis code SCC is an essential preliminary work to standardising initially diverse consent texts and contents and can iteratively be extended in multiple ways in terms of content and technical additions. It should be extended in cooperation with the potential user community.

Enhancing Data Protection in Dynamic Consent Management Systems: Formalizing Privacy and Security Definitions with Differential Privacy, Decentralization, and Zero-Knowledge Proofs.

Dynamic consent management allows a data subject to dynamically govern her consent to access her data. Clearly, security and privacy guarantees are vital for the adoption of dynamic consent management systems. In particular, specific data protection guarantees can be required to comply with rules and laws (e.g., the General Data Protection Regulation (GDPR)). Since the primary instantiation of the dynamic consent management systems in the existing literature is towards developing sustainable e-healthcare services, in this paper, we study data protection issues in dynamic consent management systems, identifying crucial security and privacy properties and discussing severe limitations of systems described in the state of the art. We have presented the precise definitions of security and privacy properties that are essential to confirm the robustness of the dynamic consent management systems against diverse adversaries. Finally, under those precise formal definitions of security and privacy, we have proposed the implications of state-of-the-art tools and technologies such as differential privacy, blockchain technologies, zero-knowledge proofs, and cryptographic procedures that can be used to build dynamic consent management systems that are secure and private by design.

A FHIR has been lit on gICS: facilitating the standardised exchange of informed consent in a large network of university medicine.

BACKGROUND: The Federal Ministry of Education and Research of Germany (BMBF) funds a network of university medicines (NUM) to support COVID-19 and pandemic research at national level. The "COVID-19 Data Exchange Platform" (CODEX) as part of NUM establishes a harmonised infrastructure that supports research use of COVID-19 datasets. The broad consent (BC) of the Medical Informatics Initiative (MII) is agreed by all German federal states and forms the legal base for data processing. All 34 participating university hospitals (NUM sites) work upon a harmonised infrastructural as well as legal basis for their data protection-compliant collection and transfer of their research dataset to the central CODEX platform. Each NUM site ensures that the exchanged consent information conforms to the already-balloted HL7 FHIR consent profiles and the interoperability concept of the MII Task Force "Consent Implementation" (TFCI). The Independent Trusted Third-Party (TTP) of the University Medicine Greifswald supports data protection-compliant data processing and provides the consent management solutions gICS. METHODS: Based on a stakeholder dialogue a required set of FHIR-functionalities was identified and technically specified supported by official FHIR experts. Next, a "TTP-FHIR Gateway" for the HL7 FHIR-compliant exchange of consent information using gICS was implemented. A last step included external integration tests and the development of a pre-configured consent template for the BC for the NUM sites. RESULTS: A FHIR-compliant gICS-release and a corresponding consent template for the BC were provided to all NUM sites in June 2021. All FHIR functionalities comply with the already-balloted FHIR consent profiles of the HL7 Working Group Consent Management. The consent template simplifies the technical BC rollout and the corresponding implementation of the TFCI interoperability concept at the NUM sites. CONCLUSIONS: This article shows that a HL7 FHIR-compliant and interoperable nationwide exchange of consent information could be built using of the consent management software gICS and the provided TTP-FHIR Gateway. The initial functional scope of the solution covers the requirements identified in the NUM-CODEX setting. The semantic correctness of these functionalities was validated by project-partners from the Ludwig-Maximilian University in Munich. The production rollout of the solution package to all NUM sites has started successfully.

E-Consent-a guide to maintain recruitment in clinical trials during the COVID-19 pandemic.

BACKGROUND: The COVID-19 pandemic has posed daunting challenges when conducting clinical research. Adopting new technologies such as remote electronic consent (e-Consent) can help overcome them. However, guidelines for e-Consent implementation in ongoing clinical trials are currently lacking. The NeuroSAFE PROOF trial is a randomized clinical trial evaluating the role of frozen section analysis during RARP for prostate cancer. In response to the COVID-19 crisis, recruitment was halted, and a remote e-Consent solution was designed. The aim of this paper is to describe the process of implementation, impact on recruitment rate, and patients' experience using e-Consent. METHODS: A substantial amendment of the protocol granted the creation of a remote e-Consent framework based on the REDCap environment, following the structure and content of the already approved paper consent form. Although e-Consent obviated the need for in-person meeting, there was nonetheless counselling sessions performed interactively online. This new pathway offered continuous support to patients through remote consultations. The whole process was judged to be compliant with regulatory requirements before implementation. RESULTS: Before the first recruitment suspension, NeuroSAFE PROOF was recruiting an average of 9 patients per month. After e-Consent implementation, 63 new patients (4/month) have been enrolled despite a second lockdown, none of whom would have been recruited using the old methods given restrictions on face-to-face consultations. Patients have given positive feedback on the use of the platform. Limited troubleshooting has been required after implementation. CONCLUSION: Remote e-Consent-based recruitment was critical for the continuation of the NeuroSAFE PROOF trial during the COVID-19 pandemic. The described pathway complies with ethical and regulatory guidelines for informed consent, while minimizing face-to-face interactions that increase the risk of COVID-19 transmission. This guide will help researchers integrate e-Consent to ongoing or planned clinical trials while uncertainty about the course of the pandemic continues. TRIAL REGISTRATION: NeuroSAFE PROOF trial NCT03317990 . Registered on 23 October 2017. Regional Ethics Committee reference 17/LO/1978.

CrowdMed-II: a blockchain-based framework for efficient consent management in health data sharing.

The healthcare industry faces serious problems with health data. Firstly, health data is fragmented and its quality needs to be improved. Data fragmentation means that it is difficult to integrate the patient data stored by multiple health service providers. The quality of these heterogeneous data also needs to be improved for better utilization. Secondly, data sharing among patients, healthcare service providers and medical researchers is inadequate. Thirdly, while sharing health data, patients' right to privacy must be protected, and patients should have authority over who can access their data. In traditional health data sharing system, because of centralized management, data can easily be stolen, manipulated. These systems also ignore patient's authority and privacy. Researchers have proposed some blockchain-based health data sharing solutions where blockchain is used for consensus management. Blockchain enables multiple parties who do not fully trust each other to exchange their data. However, the practice of smart contracts supporting these solutions has not been studied in detail. We propose CrowdMed-II, a health data management framework based on blockchain, which could address the above-mentioned problems of health data. We study the design of major smart contracts in our framework and propose two smart contract structures. We also introduce a novel search contract for searching patients in the framework. We evaluate their efficiency based on the execution costs on Ethereum. Our design improves on those previously proposed, lowering the computational costs of the framework. This allows the framework to operate at scale and is more feasible for widespread adoption.

A Smart Contract-Based Dynamic Consent Management System for Personal Data Usage under GDPR.

A massive amount of sensitive personal data is being collected and used by scientists, businesses, and governments. This has led to unprecedented threats to privacy rights and the security of personal data. There are few solutions that empower individuals to provide systematic consent agreements on distinct personal information and control who can collect, access, and use their data for specific purposes and periods. Individuals should be able to delegate consent rights, access consent-related information, and withdraw their given consent at any time. We propose a smart-contract-based dynamic consent management system, backed by blockchain technology, targeting personal data usage under the general data protection regulation. Our user-centric dynamic consent management system allows users to control their personal data collection and consent to its usage throughout the data lifecycle. Transaction history and logs are recorded in a blockchain that provides trusted tamper-proof data provenance, accountability, and traceability. A prototype of our system was designed and implemented to demonstrate its feasibility. The acceptability and reliability of the system were assessed by experimental testing and validation processes. We also analyzed the security and privacy of the system and evaluated its performance.

A Systematic Review of Blockchain for Consent Management.

Blockchain technology was introduced through Bitcoin in a 2008 whitepaper by the mysterious Satoshi Nakamoto. Since its inception, it has gathered great attention because of its unique properties-immutability and decentralized authority. This technology is now being implemented in various fields such as healthcare, IoT, data management, etc., apart from cryptocurrencies. As it is a newly emerging technology, researchers and organizations face many challenges in integrating this technology into other fields. Consent management is one of the essential processes in an organization because of the ever-evolving privacy laws, which are introduced to provide more control to users over their data. This paper is a systematic review of Blockchain's application in the field of consent and privacy data management. The review discusses the adaptation of Blockchain in healthcare, IoT, identity management, and data storage. This analysis is formed on the principles of the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) and a process of systematic mapping review. We provide analysis of the development, challenges, and limitations of blockchain technology for consent management.

The generic Informed Consent Service gICS®: implementation and benefits of a modular consent software tool to master the challenge of electronic consent management in research.

BACKGROUND: Defining and protecting participants' rights is the aim of several ethical codices and legal regulations. According to these regulations, the Informed Consent (IC) is an inevitable element of research with human subjects. In the era of "big data medicine", aspects of IC become even more relevant since research becomes more complex rendering compliance with legal and ethical regulations increasingly difficult. METHODS: Based on literature research and practical experiences gathered by the Institute for Community Medicine (ICM), University Medicine Greifswald, requirements for digital consent management systems were identified. RESULTS: To address the requirements, the free-of-charge, open-source software "generic Informed Consent Service" (gICS®) was developed by ICM to provide a tool to facilitate and enhance usage of digital ICs for the international research community covering various scenarios. gICS facilitates IC management based on IC modularisation and supports various workflows within research, including (1) electronic depiction of paper-based consents and (2) fully electronic consents. Numerous projects applied gICS and documented over 336,000 ICs and 2400 withdrawals since 2014. DISCUSSION: Since the consent's content is a prerequisite for securing participants' rights, application of gICS is no guarantee for legal compliance. However, gICS supports fine-granular consents and accommodation of differentiated consent states, which can be directly exchanged between systems, allowing automated data processing. CONCLUSION: gICS simplifies and supports sustained IC management as a major key to successfully conduct studies and build trust in research with human subjects. Therefore, interested researchers are invited to use gICS and provide feedback for further improvements.

Designing a Framework of Components to Support Patient Engagement in Research.

In the context of the German Medical Informatics Initiative (MII), where data reuse and data sharing are major goals, cross-site, long-term research on patient care data can only be conducted lawfully with informed patient consent. Thus, the MII consent working group developed a template form for patient information and broad consent based on work that has been done for a former biobank project. The broad consent enables the patient to consent to the use of a wide range of the documented data including research purposes. Therefore, a user-friendly tool is needed which not only supports the storage and maintenance of the patient's consents but also allows him to easily review or withdraw his consents. Furthermore, the tool should allow the patient to review the use of his data in research projects and possible publications. This is why we developed a concept of how such a tool could be integrated into the clinical and research system landscape and implemented a prototype as a proof of concept.