Things we will not migrate
I think it’s likely I will break something if I try and carry over the existing consent system, including subpopulations, consents, and study consents. I propose to leave these as a v1 model of consent, and create a new v2 version of consent. An app should include a flag indicating whether or not it uses v1 or v2 of the consent system. I don’t propose to go back and migrate existing studies, copying the relevant information from an App
to a new Study
, as it’s a large and risky undertaking.
Each study has one (and only one) required consent that must be signed to enroll in the study (with the caveat that the required consent may be in multiple languages). The consent can also be flagged if the client should force the user to reconsent (the user enrolled with a prior consent). There can be any number of optional, supplemental consents that can be presented to the user.
Users will no longer have to consent based on criteria selection… I want to make this more deterministic because right now, we have a hard time telling administrators the state that users are in. We’ll think about it in terms of study selection and we should be able to tell unambiguously what studies a user is in.
The consent includes a model for presenting the consent, and a model for verifying comprehension of the consent. The consent document will be assembled through the use of the content fields of all the document sections, with a signature block at the end of the consent which can be tailored for individual consents.
class Consent { String name; String description; String language; boolean required; boolean reconsentRequired; String appId; String studyId; String guid; // Name of the approving IRB String approvedBy; DateTime approvedOn; DateTime approvalExpiresOn; ComprehensionType type; // summative, formative List<DocumentSection> sections; // timestamps, deleted, version } class DocumentSection { int order; String title; String content; // markdown or HTML String summary; // markdown or HTML ComprehensionQuestion question; // optional } class ComprehensionQuestion { String question; List<Answer> answers; } class Answer { String text; boolean correct; // assuming it was either selected correctly, or in error, the // response will be an affirmation or a correction/further explanation String response; }
The enrollment record which indicates that a participant has been enrolled in a study, will include the GUID of the consent that was used when the participant consented. It may be the same or different as the current required consent guid. If it’s different and the current consent requires re-consent, the app should act like the user has never consented and consent the user again (however, the user is consented and nothing will fail while this is happening, like pending uploads). If it’s not required, no action needs to be taken by the client. (Maybe we show somewhere that there’s a newer version of the consent document, I don’t know).
SQL
The consent signatures table may be able to store signatures for the v2 version of consent, if the consent GUID can be stored in the subpopulation GUID column (the values are in fact globally unique). If a new Hibernate model can be associated to to the same table, it may reduce confusion.
Candidates API
Candidate { String anonymousId; DateTime firstContactOn; DateTime mostRecentContactOn; String anonSessionToken; // should map 1:1 with a consent, but we can include consentGuid String studyId; String userId; String stepCompleted; // eligibility, comprehension, consented, demographics Enum eligibility; // eligible, ineligible List<RejectedAnswer> eligibilityRejections; JsonNode clientState; }
Users engage in some important activities before they create an account in Bridge, such as checking their eligibility to participate in a study, or agreeing to join a study before they create an account.
Currently we have an “intent to participate” API to help cover some of these cases, but it is lacking insofar as we would like the following information for governance and recruiting:
What eligibility criteria are causing candidates to be rejected?
What aspect of informed consent are people not understanding?
Do we have people who consented, but never created an account?
The candidate history APIs is a proposal to track this domain-specific information. It is intended to track the required consent for a study (if we need to track more than this, the API should change). Each API will look for the Bridge-Session header to recover a session, or if it doesn’t exist, a token in a cookie. If neither exists, it will set a new token in a cookie and use it to track a record during anonymous consent. This should allow browser applications to save consent while working.
Method | URL | Description |
---|---|---|
GET | /v1/studies/{studyId}/candidates | Return the current state of consent, if not, return a new session cookie with a new anonymous session in the JSON. |
POST | /v1/studies/{studyId}/candidates | If session cookie exists, update the current state of consent (such as UI state, or the step of consent the user has just completed). |
GET | /v1/candidates/{consentId} | Paginated list of candidate records for a consent |
On sign up, the candidate session token can be included, and we will associate this candidate record with the user.
Because this doesn’t require authentication and can be used to generate a denial-of-service attack, we should consider the design of this API carefully. For example, when setting a cookie and returning a blank state object, we should not persist anything on the server. We may also wish to use rate limiting, IP address locking, and other mechanisms, or accept that we cannot track eligibility before people authenticate with our system.