Blockchain protocols in clinical trials: Transparency and traceability of consent

Introduction

Patient participation is the sine qua non condition for clinical trials to happen and for medical research to improve^1,2 (http://www.mc.vanderbilt.edu/crc/workshop_files/2011-09-09.pptx). However, in practice, the informed consent process is hard to handle in a rigorous and satisfactory way. The US Food and Drug Administration (FDA) reports some metrics that are related to the frequency of clinical investigator-related deficiencies, which show that almost 10% of trials they monitored suffer from consent collection issues, such as failure to re-consent when new information becomes available, use of expired forms or non-validated, unapproved forms, consent document not signed or not dated, missing pages in consent document provided to participants, failure to obtain written informed consent, parental permission obtained after child assent, changes made to the consent documents by hand and without IRB approval^3,4 (http://www.fda.gov/downloads/AboutFDA/CentersOffices/CDER/UCM256376.pdf; http://www.yale.edu/hrpp/education/documents/CommonProblemsinInformedConsent_2013_vF.pptx). The study by Seife⁵ analysed hundreds of clinical trial FDA inspection documents, covering the 1998–2013 period, and showed that a substantial number of them presented evidence of research misconduct, among which 53% were related to failure to protect the safety of patients and/or issues with oversight or informed consent.

This can lead to dramatic events, as in France in January 2016: a trial testing the “BIA 10-2474” as an analgesic molecule caused the death of a participant. The French health agency IGAS appeared to prove that re-consent was not sought after major neurological side effects occurred in some patients, leading to participants being included in the clinical trial without being informed of this issue and still receiving doses of the analgesic molecule, (http://www.liberation.fr/france/2016/02/04/drame-de-l-essai-clinique-a-rennes-le-deces-reste-inexplique_1431074; https://fr.wikipedia.org/wiki/BIA_10-2474, version of 2016.09.05). Another example in the UK occurred when a general practitioner was struck off after testing drugs on patients who did not give their consent⁶. A recent, popular case of serious scientific misconduct was the DECREASE studies performed by Don Poldermans. The results of these studies were invalidated and some related publications retracted as, amongst many other frauds including data invention, informed consent was not proved to have been obtained before the randomised controlled trials (https://en.wikipedia.org/wiki/Don_Poldermans, version of 2016.09.05; http://retractionwatch.com/category/by-author/don-poldermans/).

Obtaining an individual’s consent is strictly tied to the Helsinki declaration^7,8 (http://www.wma.net/en/30publications/10policies/b3/index.html), which provides the good practices that should follow any stakeholder conducting a clinical trial. Point 26 of the Declaration states that each participant should be informed of the aim, methods, sources of funding, conflict of interests, affiliations of the researchers, anticipated benefits and risks and post-study provisions, and these conditions must be met to obtain freely-given informed consent. In practice, regulation agencies, such as the FDA, provide recommendations and mandatory commitments for consent to be collected in the right conditions⁹ (http://www.fda.gov/downloads/RegulatoryInformation/Guidances/UCM405006.pdf). Among those and of major importance, informed consent should be documented by a signed and dated written consent, which is particularly meaningful with Blockchain technology.

In addition, consent collection is a dynamic process; it is not a one-shot process ending when consent is sought before a clinical trial begins. As explained by Gupta¹, there are circumstances under which consent has to be sought again from a participant, corresponding to any time the trial protocol is majorly revised. This is a fundamental fact when ensuring to patients’ rights and transparency of a clinical trial^10,11. Indeed, as detailed in these Institutional review board (IRB) guidelines (http://www.irb.pitt.edu/sites/default/files/reconsent guidance.pdf; http://www.mayo.edu/research/documents/29-re-consent-or-notification-of-significant-new-findingspdf/doc-10027714; http://www.yale.edu/hrpp/policies/documents/Reconsentingguidance.pdf), there are many situations where patients re-consent has to be sought or where they should be notified of minor trial issues, such as novel risks, significant changes in the research procedures, and worsening of the medical condition. Documents that are to be sent to patients can be consent form addendums, an information letter or a fully revised consent form. Of course, the revised consent form has to be approved by an IRB. It must be stressed that the FDA has highlighted the necessity to conceive a mechanism that ensures that the most recent revised consent form is in use in a clinical trial, and stipulates that timestamping is such an approved mechanism⁹ (http://www.fda.gov/downloads/RegulatoryInformation/Guidances/UCM405006.pdf).

As indicated in Figure 1, consent is a dynamic process that involves a complex circuit of data and interacting actors, which should all retain information of this on-going process. For example: what participants were notified; when the notifications were delivered; whom of the participants consented or re-consented; when did participants consent or re-consent. This information should circulate between the clinical trial stakeholders in real time.

Figure 1. Consent collection Blockchain workflow.

Blockchain is a dawn-aged technology, a giant public datastore, stored in a secure and decentralised way (see Sotoshi Nakamoto seminal paper, https://bitcoin.org/bitcoin.pdf). It is widely announced to be a backbone of the circulation of digital assets, powering any kind of services by transparency, traceability. In this context, Blockchain’s emerging and promising technology (https://en.wikipedia.org/wiki/Blockchain_(database)) can bring solid basis in the enrolment phase transparently to all stakeholders of a clinical trial, especially in the context of obtaining participant’s consent. Three core functional principles of this technology can play a fundamental role, as follows:

Let’s note in a broader clinical trial setting that it follows directly from the secure timestamping functionality that Blockchain can help prevent from a posteriori reconstruction of endpoints or outcomes in clinical trials, (http://www.bgcarlisle.com/blog/2014/08/25/proof-of-prespecified-endpoints-in-medical-research-with-the-bitcoin-blockchain/).

Methods

In this proof-of-concept (POC) study, we targeted 27 volunteers for enrolment, which was achieved at the Clinical Epidemiology Department at Hospital Hôtel Dieu (Paris, France). There were no exclusion or inclusion criteria; the volunteers that were recruited were staff members of the Epidemiology Department (Hospital Hôtel Dieu). However, we ensured each of the users had email access.

A fake experimental clinical trial protocol was designed whose purpose was to compare the effect of “cisplatin vs. ledgerlin”, the last substance being a neologism, which was derived from the critical public datastore shared by all Blockchain users called “ledger". The protocol was accompanied by a consent form, which mimicked a design used routinely.

Each of the to-be-enrolled users were assigned a private key in order to sign data and documents, and in practice this would be used to publish their signed consent, which was to be anchored to the Blockchain.

Blockchain networks

There are several Blockchain networks, for example Ethereum (https://www.ethereum.org), Bitcoin (https://en.wikipedia.org/wiki/Bitcoin_network) and Hyperledger (https://www.hyperledger.org). For our purpose, transactions and their validations were run on the Bitcoin network. Our choice was motivated by stability and immutability of the Bitcoin Blockchain, due to its large mining network, and the API it provides facilitates development. Moreover, it is the more widely used Blockchain network; therefore, there is a relatively dense community of developers to enable an efficient support (https://bitcoin.stackexchange.com). The front-end and back-end technologies that are detailed hereafter were implemented by a Blockchain solutions provider, Stratumn SAS (https://stratumn.com/).

A website was developed with a simple one-page interface (Figure 2). On the front-end, it displayed the consent document, a checkbox attesting that the protocol was read and understood, and a push button that triggered the consent process.

In practice, the on-line signed document contained a piece of code called “Chainscript”, (http://chainscript.io), which contained all the critical information about the user, and the version of the protocol attached to the signature. Each proof of signature had a manifest that takes the form of a hash that is the digital proof of signature.

Figure 2. Patients web-interface for blockchained consent collection website.

On the back-end, pressing the “consent button” triggers Blockchain transactions: the proof of signature is timestamped and stored in the Blockchain. It should be emphasised that these signatures were shared in real-time through a restricted group of individuals, namely the present authors, who stand, in a real-life implementation, for investigators, IRBs or sponsors. This group obtains access to a dashboard (Figure 3) with the following: an admin panel displaying the consent status of each user; the protocol that transparently stores the public keys of each consenting user (through Chainscript); and the history of each released version of the protocol and the consent and re-consent of the user attached to each of these versions.

Figure 3. Investigator dashboard for blockchained consent collection website.

Results

"segment": {

  "link": {

    "state": {

      fileName: "protocole.pdf";

      uploadedBy: "investigateur";

    },

    "meta": {

      "title" : "Protocole",

      "tags" :["POC", "Essai clinique", "Hôpital Hôtel-Dieu"],

      "priority": "0"

      "updatedAt": 1455532426303,

      "mapId": "56c11d0ea55773bc6e681fde",

    }

  },

  [{ "Document_ID": "NOTE D INFORMATION DESTINEE AU PATIENT.pdf"",

   "Doctor_Name": "***",

   "Doctor_Email": "***@aphp.fr",

   "PDF_Title": "",

   "Conditions": "",

   "ExpiresIn": "XX",

   "Max_Patients": "XXX",

   Invites:

   [{

   "Email": "***@aphp.fr",

   "Name": "***",

   "Address": {

     "hash": "2568ce846c1391d94065df6cc4a42720369bcec9",

     "type": "pubkeyhash",

     "network": "livenet"

     }

  },],

  },[

        "signature",

    "***",

    "***@aphp.fr",

    0,

    "H6qy9U3S+BNqreKwMgEnDAHij3wNMcq4T2+X9axzx65Zd+HDy16tr03YPT4oKkGtW820so0D+0Pk2UTrwnXiLKs=",

    {

        hash: "6786ce716b2ac8e14b20e0a2fd8b88a7994d4a10",

        type: "pubkeyhash",

        network: "livenet"

    },

    "2016-07-08T13:11:15.824Z",

    "method__saveSignature"

],[{

    "DateSigned": "2016-07-08T13:11:15.824Z",

    "Signature":         "H6qy9U3S+BNqreKwMgEnDAHij3wNMcq4T2+X9axzx65Zd+HDy16tr03YPT4oKkGtW820so0D+0Pk2UTrwnXiLKs=",

    Consent: 0

    }]

Technical details of the POC

We sent two versions of the protocol (Supplementary File 1 and Supplementary File 2) during the study, through which we sought the users consent; each consent was attached to a specific version of the protocol.

Users were given a digital signature and secured key, each of which consisted of a hash. Amongst the users of this experimental study, 14 gave their consent to the two versions of the protocol, 9 gave their consent to only one version of the protocol and 2 didn’t give their consents at all and 2 did not respond to any consent form.

The interaction of the user with the online interface, namely accepting or refusing to give consent, led to a transaction validated in Blockchain. Each version of the protocol had a unique identifier, called a hash. The hash is uniquely attached to the content of the protocol document. The correspondence between the consent document and the hash is one-to-one, namely if one single letter is changed then the hash is broken.

Figure 4 shows where the identifier of the protocol document is highlighted in the Chainscript master document. Figure 5 displays the investigator identifiers, and Figure 6 reveals the consent status bound to the protocol revision version.

Figure 4. Consent collection master document: unique identifier protocol.

Figure 5. Consent collection master document: investigator identifiers.

Figure 6. Consent collection master document: consents status bound to protocol revision versions.

Discussion

Blockchain is an emerging, fast-evolving technology. The boiling atmosphere around development and use of Blockchain is similar to tech development during the early stages of the web: It took several years before formatting as html or css became web standards. Blockchain technologies are gaining more and more attention, and Blockchain networks are proliferating, for example Ethereum, Bitcoin, Hyperledger or private Blockchain networks. It is not clear which of these will impose itself as a blockchain network standard, or even if there will be unique standard one. Public networks are interesting due to the idea of a community driven approach and scalability, but private ones can offer a certain level of customization.

Alongside this fast-developing tech, there are still some infrastructure obstructions that are not yet circumvented, namely delays in transaction validation. On the Bitcoin network, the validation process (via the so-called mining) takes around 10 minutes (https://www.quandl.com/data/BCHAIN/ATRCT-Bitcoin-Average-Transaction-Confirmation-Time). In the present study’s context, we are not tied by real-time requirements measured in seconds, and so it is not a major obstruction. Moreover, the ChainScript logic we implemented in our POC allows grouped network request validation, which preserves the Blockchain network from computation overload, and allows to scale our method to a large patient cohort. More generally, to tackle this challenge of scaling the network, in case there is a massive amount of transactions, there are some implementations of Bitcoin-based protocol isolated from the Blockchain, the most renown is called SideChain (https://www.deepdotweb.com/2014/06/26/sidechains-blockchain-2-0/; https://www.reddit.com/r/Bitcoin/comments/2kdxy8/).

Moreover, with regard to the authentication process, we can expect that, when the use of Blockchain’s technologies will be more common, there is an important chance that users already possess a Blockchain public-private-key identity. Therefore, sending keys for access and identification later in the signing process will be obsolete. This will require maintenance of a double key attribution (as explained above in the “Authentication method" section) for users that do not have any Blockchain network identity and to be able to take into account those who have already one. In the latter case, verification of the digital signature of these users will have to occur.

One step further, we can schematically consider there are two main issues regarding the consent process, the first one being related to the quality of the process itself and the second one related to the identity of the individual consenting, we chose to focus on the first point, and tackle the issues raised by the FDA^3,4 (https://www.fda.gov/downloads/AboutFDA/CentersOffices/CDER/UCM256376.pdf). Indeed, in this POC study, we aimed to consider problems where existing patients were included in a study in the presence of their physician or staff, so that ensuring that the consenting participant was precisely the one expected to be was not a critical matter. Moreover, in the setting of a real online consent process, there is no chance that a patient who would not effectively consent—for instance if there were some fraudulous operation registering him/her as a consenting participant subject—would actually participate to the study.

However, the issue related to assert the identity will be of importance in the context of a real clinical trial and should be done in a more secure manner than linking between a participant and his/her digital identity through email address. In a production application, we could implement several solution to secure the digital identity of participants: at least implementing a KYC-like solution to bind digital identities and physical entities — Know Your Customer (KYC) are technics used by fiscal administration or banks to secure their online services. A more advanced technique could use a blockchain-based solution to provide material objects, such as USB keys, holding the cryptographic signatures, which can be unlocked by an easy-to-remember code.

It should be noted that we did not implement a consent revocation workflow. However, there is no issue in transposing at that end the Blockchain transaction logic we implemented for the consent. On that point, we should be careful about the fact that if the consent or its revocation can be given or withdrawn with no problem, these actions cannot be erased from the Blockchain. Indeed, if participants revoked their consent by accident, then the action can be reversed, but data will remain containing the revocation of the consent and the cancellation of this revocation.

Finally, we evoked a possible improvement in the enrolment rate, by empowering patients and granting them information and control over the enrolment phase. However, Blockchain is certainly not a “one size fits all” solution to the problem of a low enrolment rate. Indeed, there are many other parameters that interfere with the enrolment, which fall beyond the scope of transparency, user control and reliability that Blockchain technology helps to achieve: age, sex, cultural background, socio-economic factors, lack of educational materials¹⁵, readability and length of consent^16–18, limited awareness about clinical research or patient-physician relationship¹⁹ and momentum of consent request^20,21. Besides, the scope of our method did not address the question of consent collected in singular situations, such as intensive care, unconscious patients or psychiatric pathologies.

Conclusion

Keeping track of consent collection is consolidated through the use of Blockchain technology. We have seen in this proof-of-concept study that all consent-related data can leave an unfalsifiable and verifiable fingerprint on the Blockchain. This is important both on the stakeholder’s side, letting them prove the existence and the consistency of the data, and on the patient’s side, giving them more visibility, transparency, and hence control over their consent.

Moreover, though it was not be the focus of this paper, we anticipate that Blockchain technology, in that it does not rely trust on third party but inversely empowers peer-to-peer users by granting them control over consent agreement and revocation, can help gathering conditions of an improved privacy-respected freely-given consent. Besides, given its decentralized protocol, it can help introduce communities to contemporary clinical research, opening, for clinical reasearch, the path to implementing community management techniques in order to enrol patients using a more targeted approach.

From a global perspective, the application of Blockchain technologies in the context of clinical research is broad and promising. Indeed, tracking the complex data flow with numerous diverse stakeholders, and documenting it in real-time through a timestamping workflow, is a key step towards proving data consistency and inviolability, and will hence improve clinical trial methodology.

Software availability

Latest source code available at: https://github.com/benchoufi/DocChain

Archived source code as at time of publication: doi, 10.5281/zenodo.237040 (https://zenodo.org/record/237040#.WHSxorYrI_V)

Licence: 3-clause BSD licence