When is informed consent really consent, and not just paperwork? My local newspaper carried an interesting article yesterday where professor Stein Kaasa at NTNU stated that the paperwork for getting informed consent for participation in research projects from cancer patients has grown too complex.  The text in the consent form is three times what is was some years ago, and the added text is mostly legalese (legal issues, economic terms, privacy information, data storage information).  He states that this is preventing his patients, mostly ill and elderly, from understanding the issues involved in volunteering for research projects.  I believe that he is fundamentally right, not only for elderly patients.  The user/patient’s need to understand consent information should override the need for us to add complex disclaimers.

How many of the Microsoft Office users are aware that you agree to not use Word’s media elements to create scandalous works?

You may not create obscene or scandalous works, as defined by federal law at the time the work is created, using the Media Elements

And that text is snipped from the first part of the EULA, a part that innocent users might see while scrolling through the text to be able to agree and then get work done.  One of the major roadblocks for security is the Press-OK-to-continue-syndrome.  Because the questions asked are either self-evident or too complex to understand, the only possible answer is YES.  This is why I believe that complexity breeds consent.

Back to the cancer patients, where almost all agree to participate in research.  The proposal from professor Kaasa was to use established channels: spend some time in the conversation with the patient to inform about issues (mostly done by research nurses).  And he states that the hospital must be able to take on more of the administrative burden with regards to the consent forms, possibly also take on board more responsibility as an organization instead of outsourcing everything to each project.

How much of the policy work done today is about disclaimers, where we are covering our backsides?  How much is really needed?  How formalized should policies be?  How much of the formalization of policy must be visible to the end users?