Decentralised identities: Blockchain based informed consent

""

Industry experts explain how blockchain can fundamentally enhance clinical trials.

Obtaining consent from patients or healthy volunteers is a fundamental requirement for enrolling participants on to clinical trials. Methods for obtaining consent use paper-based Informed Consent Forms (ICFs) must be signed on site by the participant in the presence of the Principal Investigator, who has the authority and responsibility for overseeing the clinical trial at the coordinating centre where the trial will be conducted. This can be a lengthy and complex process which must ensure participants are fully informed of all aspects pertaining to the trial. It may involve multiple consent forms ranging from starting with main consent to participate, through multiple optional procedures or sampling consents. Along the study, patients are usually reconsented multiple times following a change in the trial protocol, eg. due to updated safety information or addition of new analysis. As such, the Informed Consent Process (ICP) is often quoted as being in the top ten cited regulatory deficiencies in the clinical operations landscape1. An investigation by Lentz and co-workers from the Clinical Trials Transformation Initiative (CTTI) identified four key topics as areas for improvement in Informed Consent: defining an effective ICP, training research staff, improving the informed consent document (ICF) and exploring the use of eConsent2.

To address the latter, digital solutions such as eConsent are replacing paper ICFs which streamline the process to a more patient-centric approach. eConsent allows sites to present participants with an entire multimedia experience to inform, communicate and consent them onto studies. Some of the main benefits of eConsent for participants is having the study information presented in a simple, consistent and clear manner and that increases their trial understanding and trial engagement. eConsent offers other benefits for sites and sponsors such as: ICF version control and a lower administrative burden for sites; improved efficiencies, improved oversight and potential for improved participant retention and compliance for sponsors; increased transparency and reduced regulatory risks with fewer inspection findings for health authorities3.

Despite the benefits described above, eConsent solutions are based on an isolated user identity model for participant identity management. This siloed model consists of a single service provider with its own identity provider and a number of users and is the simplest and most common identity management model4. Participants enrolled onto a trial are coded by assigning them a unique ID which is linked to their personal identifiable information (PII) such as their name, address, and is used to track them throughout the trial. Access to the participants PII and security is controlled and maintained by the coordinating centre5 through the associated eConsent solution third party vendor. There are several challenges associated with centralised data and ID management such as databases being at risk of single point of failure leading to data loss and higher risk of targeted data breaches leading to compromised data security. In addition – and due to the high variety of eConsent vendors and the lack of integration between these vendors and clinical systems – there is no efficient way for coordinating centres to manage access and to connect and use/reuse the data captured within these systems. To address some of these challenges the silo model has evolved into the federated model for ID management where single entities allow users to access multiple services using the same ID. This has positioned these single entities as ‘middlemen of trust’ and raises questions around privacy of user PII.

Recent progress in the development of decentralised digital technologies has created opportunities for users to establish a verifiable digital identity and have control over their PII. Users own their digital identities and are supported by a user-controlled data management infrastructure where the user controls which part of their digital identity is shared and with which third parties. These user digital identities are portable, private and secure and are enabled by so called Decentralised Identifiers (DIDs), Verifiable Credentials (VCs) and Distributed Ledger Technology (DLT)6. DIDs are a new type of digital identifier for verifiable, decentralised identities which can be used to digitally identify an enterprise, a human, an object, a machine or data. DIDs allow for the creation of unique, private and secure peer-to-peer connections between two or more parties and can be public, eg. for sponsors or sites, or private, eg. for clinical trial participants. VCs provide a digital counterpart for physical credentials, eg. a passport, and in combination with DLT can be used to verify the credentials’ data without the need to contact an issuing party. DLTs, such as blockchains7, create the ability for multiple parties in a decentralised network to agree on the authenticity and identification of data. Blockchains do this by storing transactions in blocks, which are verified through hashes and timestamps before being added sequentially to the chain. New blocks are only written and added after all parties agree that the data is accurate. With each party maintaining an identical copy of the new chain, any attempt to modify a specific block or series of blocks would result in a discrepancy with all other copies. These features ensure immutability and transparency of the information on the blockchain and leads to trust between parties in the network. Blockchain technology is starting to find its way into a number of healthcare settings from supply chain8 to management of electronic medical records (EMR)9. In recent years blockchain-enabled clinical informed consent management concepts have been proposed. In 2017, Benchoufi and colleagues designed a proof-of-concept (PoC) protocol for informed consent which time-stamped and recorded each step of the process on the Bitcoin blockchain10. Since then a number of blockchain-based solutions for consent management in clinical trials have been proposed11,12. These solutions use the blockchain to record transactions and this may lead to privacy concerns stemming from, eg. GDPR13 and “the right to be forgotten”14 due to the immutability of data once it has been recorded on the blockchain. New standards like DIDs and VCs, which provide additional privacy and the ability to verify and trust stakeholders participating in the ecosystem, are not enabled. 

The evolution of identity models to self-sovereign identity that is public

As we reimagine healthcare and clinical trials to become more virtual, de-centralised and digital, there is an increasing need to manage digital identities across multiple services that a patient is involved with. Today patients and users have many fragmented identities and limited control over their identity data. This is because of the gradual evolution of identity models and their underpinning technologies. This is shown in light grey, where identity models have evolved from silo, to federated and what we see today as user-centric models. Today, Facebook, Google and others provide user-centric identity services based on the open trust model but users are still restricted by these providers managing their identity without full transparency. On the other hand, the dark grey shows public blockchain as an underpinning technology that enables the realisation of self-sovereign identity management where the user or patient has full control over their identity data because of its transparency, disintermediation, auditability and trust. This model can scale across multiple patient services as well. That you will see later. We will need to see how this area evolves over the coming years and if any industry specific solutions emerge. Because we still need to get the balance right between fully public blockchain which has high cost but is transparent and private industry-wide blockchain that has lower cost but is less transparent. Finally note, the role of the blockchain technology is a component of the solution rather than the solution, there are other parts described further.

We have developed the BlockSent Architecture, a concept for eConsent as a collaborative effort by AstraZeneca, Novartis, and Spherity through the Pistoia Alliance. In this architecture (figure 4), at the bottom is a blockchain layer that provides the anchoring layer for the identities of the participating parties. We are using the Quorum chain which is a private Ethereum blockchain. Above this are Identity Wallets where the actual documents, personal data or biological data are stored and shared between identity wallets. These Identity wallets expose a set of APIs enabling different participating parties to integrate and enabling peer to peer communications between them, where the blockchain acts as the Ledger. A detailed technical description is available in Appendix A. 

On this Architecture or Platform, we have built a concept to demonstrate three key activities in the Informed Consent Process:

  • Issuing an Inform consent form and obtaining consent.
  • A pharma requests re-consent of a patient.
  • Revocation of an inform consent form by a patent.

Within this Architecture, the Blockchain provides the Anchoring Layer for the Identities of the participating parties according to their roles and responsibilities. The actual documents, personal data or biological data are stored off-chain and shared between the Identity Wallets. The Identity Wallets expose a set of APIs into which interfaces and systems from the different participants can integrate. Peer to Peer communications occurs between wallets with BlockSent acting as the Ledger. The three activities are described in detail in Appendix B.

High-level self-sovereign IT reference architecture

Starting at the bottom, the anchoring blockchain can be built on many solutions such as Ethereum, Sovrin and Cardano as examples. We are using Ethereum. This holds the audit log or ledger of what is happening in the layer above. This platform The Cloud Edge Digital Identity Wallets has been built by Spherity but there are other options that are specific to industries such as finance, mobile and others. This is a growing and maturing space with a fragmentation of developing options by startups such as – Selfkey, Yoti, Coinbase, uPort, Dashlane to name a few. Finally on top of this platform of Blockchain and Identity Wallets we can develop multiple use-cases that require identities. In summary, we have developed a scalable and transferable architecture to move from the current concept covering Informed Consent to other future use-case possibilities, as shown in dark grey. We can have an ecosystem of different technology solutions or options, but interoperability will be important, and we need to see how this develops over the coming years.

Conclusions and future outlook 

BlockSent is a conceptual architecture for informed consent in clinical trials which has the potential to provide all the advantages of eConsent in addition to adding credible and secure identity verification and management of PII. The specific architecture and technology being implemented in BlockSent adds distinct value by: giving pharma companies and clinics greater control of the ICP and its documentation; increasing speed, quality and compliance in the ICP through ‘anytime’, real-time auditing; enabling anonymised (GDPR and HIPAA compliant) communication between the pharma company and participants during and post-trial; giving patients greater control over their consent and the freedom to withdraw their consent easily at any time during or after the clinical trial.

Further work needs to be conducted to test the architecture with all participants in real conditions. It will be important to ensure the needs of the various stakeholders involved in the ICP are met. Feedback from participants will be key to understanding whether BlockSent adds value to clinical trials in comparison to classical eConsent. In turn, this will inform how and where to expand and test the solution with additional features and use cases. An obvious opportunity could be to demonstrate the interoperability of BlockSent with EDC systems that are commonly used in clinical trials by pharma companies and to combine BlockSent with a blockchain network offering a smart contract15 capability. In such a case, we can imagine that as soon as an ICF is amended and approved by an ethics committee, access to the pharma company EDC by the clinic / principal investigator would be locked until the amended ICF version is signed by the participant and countersigned by the principal investigator. This feature would remove any potential issues with the common problem of incorrect versions of the ICF being used during clinical trials16.

The use of Internet-of-Things (IoT) devices for data capture during a clinical trial are becoming more common and through BlockSent technology we can explore the management of IoTs combined with ICFs. In case of consent withdrawal, a mechanism can be implemented which will automatically prevent any further data collection by a specific wearable device. One of primary aims of pharma companies is to improve the relationship with clinical trial participants and BlockSent allows for better engagement between the pharma company and the participant without compromising their identity. This will allow pharma companies to share results with participants during the trial and, also share the outcomes of the research after trial completion. As more and more countries implement electronic medical dossiers, BlockSent could be an enabler to share data already collected by researchers, no matter if it is for public or private use.

Decentralised Clinical Trials (DCTs)17,18 present an opportunity to reconsider how research trials are conducted by using new technology to help meet the needs of patients and conduct studies more efficiently. Despite the adoption of eConsent solutions, in some countries there is a need to conduct the signature process on site due to the requirement for the participants personal signature as proof of consent, ie. no electronic signatures are permitted, and a lack of confidence that the individual signing the ICF is truly the individual who will participate in the study. BlockSent technology can help address these issues by facilitating the recruitment of remote patients and reducing the burden of site visits. An open, interoperable, portable, decentralised identity framework is a key requirement for establishing trust, verifiability, and auditability among the informed consent stakeholders. A verifiable digital identity supports remote recruitment and consenting, and coupled with IoT devices for data capture, further support remote participation in clinical trials. Thus, BlockSent concept is increasingly becoming more fit for purpose to enable DCTs.

The nascency of this technology creates many questions around effective implementation, interoperability, standardisation, and scaling in real-world environments. With all these opportunities and challenges remaining it is not surprising that there are a number of projects and initiatives, e.g. PharmaLedger (pharmaledger.eu) and Equideum Health (equideum.health), working to develop similar solutions for the benefit of clinical trials. Thus, it is critical to align initiatives and join efforts to ensure that the undisputed value of decentralised identity management is realised for the benefit of clinical trial participants.

DDW Volume 25 – Issue 1, Winter 2023/2024

References

  1. Rogers CA, Ahearn JD and Bartlett MG. Data Integrity in the Pharmaceutical Industry: Analysis of Inspections and Warning Letters Issued by the Bioresearch Monitoring Program Between Fiscal Years 2007–2018. Ther Innov Regul Sci. 2020; 54: 1123-1133.
  2. Lentz J, Kennett M, Perlmutter J, et al. Paving the way to a more effective informed consent process: Recommendations from the Clinical Trials Transformation Initiative. Contemporary Clinical Trials 2016; 49: 65-69.
  3. TransCelerate BioPharma Inc. eConsent: implementation guidance, Version 1.0, 2017.
  4. Ferdous MS, Chowdhury F and Alassafi MO. In Search of Self-Sovereign Identity Leveraging Blockchain Technology. IEEE Access 2019; 7: 103059-103079.
  5. Choudhury O, Fairoza N, Sylla I, et al. A Blockchain Framework for Managing and Monitoring Data in Multi-Site Clinical Trials. arXiv:1902.03975 [cs.DB] 2019; DOI: 10.48550/arXiv.1902.03975.
  6. Mazières D and Shasha D. Building secure file systems out of byzantine storage. In: PODC ’02: Proceedings of the twenty-first annual symposium on Principles of distributed computing 2002; 108-117.
  7. Nakamoto S. Bitcoin: a peer-to-peer electronic cash system, http://bitcoin.org/bitcoin.pdf (2009, accessed 25 May 2022).
  8. Mediledger. FDA DSCSA Pilot Project, http://mediledger.com/dscsa-fda-pilot-project (2021, accessed 25 May 2022).
  9. Chen HS, Jarrell JT, Carpenter KA et al. Blockchain in Healthcare: A Patient-Centered Model. Biomed J Sci Tech Res. 2019; 20: 15017–15022.
  10. Benchoufi M, Porcher R and Ravaud P. Blockchain protocols in clinical trials: Transparency and traceability of consent [version 1; peer review: 1 approved, 1 not approved]. F1000Research 2017; 6: 66.
  11. Maslove DM, Klein J, Brohman K, et al. Using Blockchain Technology to Manage Clinical Trials Data: A Proof-of-Concept Study. JMIR Med. Inform. 2018; 6: e11949.
  12. 1Jung HH and Pfister FMJ. Blockchain-enabled Clinical Study Consent Management. Technology Innovation Management Review 2020; 10: 14-24.
  13. EUR-Lex – 02016R0679-20160504 – EN. Consolidated text: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance), https://eur-lex.europa.eu/eli/reg/2016/679/2016-05-04 (2016, accessed 25 May 2022)
  14. Kelion L. Google wins landmark right to be forgotten case. BBC News, https://www.bbc.com/news/technology-49808208 (2019, accessed 25 May 2022)
  15. Alharby M and van Moorsel A. Blockchain-based Smart Contracts: A Systematic Mapping Study. Computer Science & Information Technology 2017: 125-140. arXiv:1710.06372.
  16. Resnik DB. Re-consenting human subjects: ethical, legal and practical issues. J Med Ethics 2009; 35: 656-657.
  17. McAlindon T, Formica M, Kabbara K, et al. Conducting clinical trials over the internet: feasibility study. BMJ 2003; 327: 484-487.
  18. Eilenberg KL, Hoover AM, Rutherford ML, et al. From Informed Consent through Database Lock: An Interactive Clinical Trial Conducted Using the Internet. Drug Information Journal 2014; 38: 239-251.

Authors:

Xavier Briand, Associate Director, Novartis; Jason Swift, Senior Director & Digital Technology Lead, AstraZeneca; Michael Rüther, Founder, Spherity; Ricky Thiermann, Product Owner, Spherity, Scientific Delivery Expert Novartis, Hassan Abba, Head of Strategy & Enterprise Architecture at AstraZeneca, Edwin Cohen, Director Digital Health and R&D AstraZeneca, Jacek LUKAWY, Innovation Program Director Novartis, Michael Pica, Director, Portfolio and Capacity Management at AstraZeneca, Richard A Norman, Pistoia Alliance Associate. 

Related Articles

Join FREE today and become a member
of Drug Discovery World

Membership includes:

  • Full access to the website including free and gated premium content in news, articles, business, regulatory, cancer research, intelligence and more.
  • Unlimited App access: current and archived digital issues of DDW magazine with search functionality, special in App only content and links to the latest industry news and information.
  • Weekly e-newsletter, a round-up of the most interesting and pertinent industry news and developments.
  • Whitepapers, eBooks and information from trusted third parties.
Join For Free