OFSEP consent
Why sign a consent form?
Legally, any entity wanting to collect medical data for research purposes must first obtain informed consent from the subjects. This means that consent must be obtained without any constraint and after properly informing the subjects.
The consent form that each doctor participating in the project gives to his patients is intended to find out whether or not they accept that their data and biological samples are collected and that certain uses may be made of them (genetic analyses, etc.).
What is a patient who signs the form committing to?
Signing an OFSEP consent form changes nothing in terms of the patient's care. No additional consultations or examinations are required.
Participation is voluntary and at the patient's own discretion. The patient's signature authorizes OFSEP to use his data and biological samples in an anonymous manner, thus protecting patient confidentiality. It does not represent a definitive commitment by the patient, who can change his mind at any time and ask to be withdrawn from the project.
If participation is refused immediately or consent is later withdrawn at any time, the patient will continue to receive the best possible care.
Are there other consent forms to be signed?
The OFSEP consent form covers the research actions related to the OFSEP cohort.
Additional studies may be set up (see "our missions" and "studies"). For studies whose scientific purpose does not come under OFSEP's initial objective or for studies that require additional consultations, examinations or questionnaires, an informed consent form must be signed by patients willing to participate.
How is data security guaranteed?
OFSEP only processes non-nominative data to which only trained, approved personnel have access.
Data can only be transmitted to a third party for the purposes of a scientific project. Before any transmission, the project must have obtained all the mandatory regulatory authorizations, have been validated by OFSEP's Scientific Board and approved by OFSEP's Steering Committee. Only data that are essential to the project are provided and advanced encryption techniques are implemented to protect against possible hack attempts.
Why is the social security number required?
OFSEP is not authorized to collect the social security number (NIR) of patients, but is considering submitting a request to do so. In order to anticipate a future authorization that the health authorities may grant, OFSEP already requests consent from patients to be able to use this number and the associated health insurance data in the future. Even with the patient's consent, until OFSEP obtains the necessary authorizations, the patient's NIR will not be collected or used.
The reason for using the NIR is to enable more detailed evaluation of the patients' treatment protocols according to their clinical state and to conduct studies on the basis of this information, which is generally difficult to obtain in routine practice.
The use of health insurance fund data will enable the study of groups of patients while ensuring data confidentiality. Such data will never be used to analyze individual data or to communicate individual or nominative data to third parties. The use of such data is governed by very strict legislation and demands specific authorizations.
How does genetics come into the project?
The gene pool can influence the occurrence of MS; we already know that there are family forms of the disease.
Analysis of the genes of MS patients is a fundamental step in identifying the genetic factors involved in triggering the disease and its action; in turn, this should help to develop new treatments.
Co-responsability of processing
As proponent of the OFSEP project within which the national OFSEP database is developed, the Eugène Devic EDMUS Foundation against Multiple Sclerosis acts as joint controller of patient personal data processing with the company EDMUS Services SAS, its subsidiary in charge of database management. The personal data processing of patients is based on the legitimate interest of the data controller, and on the intended purpose of public interest of the research project. As part of this co-responsibility :
- the EDMUS Foundation is responsible of implementing regulatory formalities of the processing (authorization request from the French data protection authority 'CNIL' or declaration of compliance with a reference methodology) and the information notification to patients (through the neurologists participating in the project) under the necessary regulatory conditions.
- the EDMUS Services SAS is responsible of implementing requests of the exercise of rights formulated by patients (rights of access, rectification, limitation, erasure and portability of personal data, right of opposition to personal data being processed ; all requests must be made in writing addressed by each patient to their neurologist) and the management of potential data breaches (report of the type and consequences of the data breach, description and implementation of measures taken against the violation, information from CNIL, etc.).
As joint data controllers of the OFSEP national database, the Eugène Devic EDMUS Foundation against Multiple Sclerosis and EDMUS Services have appointed a common contact, the Data Privacy Officer of EDMUS Services, contactable at This email address is being protected from spambots. You need JavaScript enabled to view it.
CNIL and Ethics Committee authorizations
The OFSEP cohort has registered an authorization request for biomedical research with the CNIL (France's national data protection authority). This authorization concerning the collection of clinical data and biological samples was granted under number 914066 in May 2014; the authorization concerning the collection of MRI data was granted in May 2015. The updated protocol in line with the GDPR has received a positive response of the Ile-de-France VI Ethics Committee in February 2020.
Download the OFSEP consent and information notes (in French)
Download the OFSEP information brochure (in French)
Download the OFSEP Poster (in French)