In general, consent may be obtained electronically using DocuSign or REDCap. You may obtain HIPAA authorization electronically using DocuSign or REDCap for all studies, irrespective of risk level. In the event your participant population cannot access DocuSign or another secure and encrypted online platform (e.g., REDCap), you may consider having participants take photographs of their signed consents using their cell phones and emailing them to the study team. Make sure you document the consent process so that anyone examining your approach will be able to see how consent was obtained in good faith. For FDA regulated studies, REDCap may not be used to obtain consent or HIPAA authorization. USC has a Part 11 Complaint version of DocuSign that may be used for consent and HIPAA authorization. When conducting consent electronically, participant identity verification is required.
21 CFR Part 11 Compliance
REDCap – We have received updated guidance that REDCap is not Part 11 compliant for FDA regulated studies under any circumstance. Part 11 compliance requires many steps and validation on a per study basis that would not be feasible at this time.
On a going forward basis, the most appropriate way to handle eConsent is by using DocuSign.
- DocuSign–You may request a Part 11 Compliant version of DocuSign by going to the DocuSign wiki page and clicking on request additional roles. If the link is not accessible, please reach out to Jon Crumpler firstname.lastname@example.org requesting a DocuSign Part 11 compliant account and his team will create a ticket on your behalf.
Please view our Informed Consent policies for more information.