eSignature and eConsent
In spring 2024, UNC acquired a long-term solution for electronic consent (“eConsent”) and electronic signature (“e-signatures”) for research-related records. Consequently, the Office of the Vice Chancellor for Research (OVCR) will retire DocuSign for all human subjects research (HSR) and Part 11 consenting in the coming months. DocuSign was a temporary solution implemented during the pandemic.
eConsent e-Signature Options: UNC researchers now have three options for eConsent e-signatures:
- REDCap
- Qualtrics
- NEW: Veeva SiteVault and eConsent, a Part 11-compliant system for managing regulatory documents and eConsent.
For a detailed comparison of the available eConsent signature options, please see the eConsent Signature Options tab above.
Recommended System: Veeva is the university-recommended system for HSR and Part 11 e-signatures. It was designed specifically for clinical research and is the only system approved for Part 11 compliance. Its benefits include:
- A better end-user experience, easier monitoring, and greater oversight.
- Simplified account provisioning and training.
- Signed consents file directly into your eBinders in SiteVault.
- Electronic signatures for digital delegation logs, AE forms, and other regulatory documents.
Important Dates:
- January 1, 2025: All NEW studies with eConsent signatures must use Veeva, REDCap, or Qualtrics, as applicable. New DocuSign HSR and Part 11 accounts will no longer be provisioned.
- April 1, 2025: EXISTING studies using DocuSign must transition to Veeva, REDCap, or Qualtrics.
- June 30, 2025: All documents currently stored in DocuSign must be moved and uploaded to a HIPAA and/or Part 11 compliant system. DocuSign documents will be archived in the UNC Secure Clinical Data Repository for compliance and audit purposes but will not be publicly accessible. Departments will incur a charge if DocuSign documents must be retrieved from the repository.
Training: Live Veeva SiteVault training sessions are scheduled for December 2024 and January-March 2025. Please submit a training request here to sign up.
If you have questions about transitioning your documents, please submit a TDX help ticket.
eConsent Signature Options
Veeva | REDCap | Qualtrics | |
Uses |
|
|
Research involving surveys where all data collection is through Qualtrics |
Part 11 compliant? | Yes | No | No |
Child assenting? | Yes, with IRB approval | Yes, with IRB approval | No |
Features | Free | Free | Free |
Instructions | UNC training video | REDCap eConsent setup | Building a consent form in Qualtrics |
FAQs
You are responsible for moving your completed, signed documents out of DocuSign into a HIPAA and/or Part 11 compliant system by June 30, 2025. Consents will be archived in a UNC repository but not retrievable without a charge.
Please submit a training request here.
No, you do not need to move them to Veeva if they are stored in a HIPAA and/or Part 11 compliant system with an active license. Veeva is the university-recommended system for all electronic consenting, however, and comes with the added benefit of filing all consents to your eBinder.
Some examples of systems that have been approved for storing PHI include Sharepoint, Veeva, OnCore, Florence, REDCap, and your departmental shared drive. If you have any questions about which systems are appropriate and approved for your department, please submit a ticket to UNC Help.
You can use Veeva to collect these signatures. Veeva also includes digital delegation logs.
REDCap can be used or obtaining and documenting assent for studies that are not FDA regulated and approved by the IRB. If it is an FDA regulated study, SiteVault must be used, and specific language is required to be in the parental consent form. Please see the Guidance: Child Assent tab above for more information.
Yes, these signatures are compliant. The UNC Clinical Research Compliance Office has investigated and confirmed that the way signatures appear in Veeva complies with the regulations.
Part 11 does not specifically require that the signature be placed in a designated area of the document. The signature can be appended at the end of the document or elsewhere, as long as it meets the following criteria:
- Linkage to the Record: The signature must be clearly linked to the electronic record, so it is evident that the signature applies to the content of the document.
- Non-Repudiation: The system should ensure that the signer cannot deny having signed the record (i.e., the system must have adequate security measures to prevent tampering).
- Integrity of the Record: The record must be kept intact, and no modifications should be made to it once the signature is applied. If the document is modified after the signature is applied, the system should indicate this, and the signature may be invalidated or “reaffirmed.”
UNC has drafted a position statement that you can share with sponsors. You can also share Veeva’s Audit and Inspection Readiness resources.
See this flowchart and Guidance: Part 11 Signatures tab above.
Guidance: Part 11 Signatures
Background:
21CFR11 compliant electronic signatures are only required in studies with FDA involvement (i.e. those subject to title 21 regulations).
21CFR11 compliant electronic signatures are only required when the signature is required by the FDA regulation (“predicate rules”).
“Predicate rules” mean somewhere the regulation states a signature is required (the most relevant to human subjects research being 21CFR50, 21CFR56, 21CFR312, and 21CFR812 and on FDA forms 1571, 1572, 3454, 3455, 3674, 3926).
FDA-Regulated Study Document | 21CFRPart 11 Compliant Signature Required? | System to use: |
Adverse event log | No | Dept eSignature account (DocuSign, Adobe, etc.), paper |
Form FDA 1571 | Yes | Veeva SiteVault/Florence (oncology only) |
Form FDA 1572 | Yes | Veeva SiteVault/Florence (oncology only) |
Form FDA 3454 | Yes | Veeva SiteVault/Florence (oncology only) |
Form FDA 3455 | Yes | Veeva SiteVault/Florence (oncology only) |
Form FDA 3674 | Yes | Veeva SiteVault/Florence (oncology only) |
Form FDA 3926 | Yes | Veeva SiteVault/Florence (oncology only) |
Informed consent forms, including HIPAA | Yes | Veeva SiteVault/Florence (oncology only) |
Investigator agreements | Yes – Investigator agreements are the equivalent of a 1572 for IDE studies | Veeva SiteVault |
Investigator’s brochure/acknowledgement page | No | Dept eSignature account (DocuSign, Adobe, etc.), paper |
Laboratory results | No | Dept eSignature account (DocuSign, Adobe, etc.), paper |
Minor Assent | Yes | Veeva SiteVault/Florence (oncology only) |
Other source documentation | No | Dept eSignature account (DocuSign, Adobe, etc.), paper |
Other training logs | No | Dept eSignature account (DocuSign, Adobe, etc.), paper |
Parental permission for assent of minor | Yes | Veeva SiteVault/Florence (oncology only) |
Protocol deviation log | No | Dept eSignature account (DocuSign, Adobe, etc.), paper |
Protocol Signature Page | No | Dept eSignature account (DocuSign, Adobe, etc.), paper |
Site delegation log | No | Dept eSignature account (DocuSign, Adobe, etc.), paper |
Training documentation and/or log (protocol) | No | Dept eSignature account (DocuSign, Adobe, etc.), paper |
Training documentation and/or log for usage of a Part 11-compliant system | No, unless departmental SOP specifically states that that signatures are required | No SOP requirement: Dept eSignature account (DocuSign, Adobe, etc.),
SOP requirement: Paper |
Guidance: Child Assent
To obtain electronic signatures from minors in SiteVault we must comply with additional requirements imposed by the Children’s Online Privacy Protection Rule (COPPA) to protect the children’s information, validity of the parental consent, and the minor’s assent. The following items have been agreed upon by the University Counsel Privacy Officer and the Office of Human Research Ethics to ensure that we comply with all federal requirements regarding electronic signatures for minors. An IRB modification will be necessary to include the below text and is not automatically added to the Informed Consent template at this time, though it may be available in the future.
Requirements:
- Utilize Veeva SiteVault;
- Include language within the assent that the parent also consents to having child’s information stored in platform; and
- Have in-person identity verification component where the clinician confirms with the parent at initial study visit that they consent to storage of child’s personal identifiable information within the SiteVault platform and document that in a note on the consent.
Implementation
- The below template text must be added to the informed consent and approved by the IRB.
- The informed consent/parental permission containing the text provided below MUST be sent via Veeva SiteVault.
- Any member of the study team listed as Key Personnel on the IRB can provide the “Clinician Verification”.
- The “Clinician Verification” can be completed using any UNC enterprise application approved for PHI, such as UNC’s HIPAA enabled ZOOM (UNC Health Webex it is NOT a UNC Enterprise Application and cannot be used). The meeting invitation can be sent directly through SiteVault along with the consent form.
This section is to be included at the end of the Informed Consent
Child’s Name _________________
Legal Guardian Consent
“I consent to the use of UNC’s instance of Veeva SiteVault to store the personal information of above-named child to record and store their assent. I understand that revocation or request of deletion from SiteVault may impact the child’s ability to continue to participate in the study.”
Legal Guardian’s Name ________________ Legal Guardian Signature ______________________
Clinician Verification
“During the study related visit on [DATE] I have verified the minor’s participation in this study as stated on [DATE OF PARENT SIGNATURE], including the Legal Guardian’s consent to have the minor’s information stored in UNC’s instance of SiteVault”
Clinician’s Name _________________ Clinician Signature _____________________