Add to collection(s) Add to saved
  1. Science
  2. Health Science
  3. Cardiology

NICOR Data Sharing Policy MAY 2012 VERSION 5

advertisement 
NICOR Data Sharing
Policy
MAY 2012
VERSION 5
Contents
Scope .......................................................................................................................... 3
1 NICOR audit databases
1.1 Background ....................................................................................................... 3
1.2 Data handling..................................................................................................... 5
1.3 Data quality ........................................................................................................ 5
1.4 Confidentiality and consent ................................................................................ 5
2 Application process .................................................................................................. 6
2.1 Informal contact ................................................................................................. 6
2.2 Project proposal ................................................................................................. 6
2.3 Funding.............................................................................................................. 7
2.4 Evaluation of the proposal ................................................................................. 8
2.5 Documentation required before release of data ………….................................5
2.6 Dataset release.................................................................................................. 8
2.7 Appeal process .................................................................................................. 9
3. Terms and conditions for use of NICOR data .......................................................... 9
3.1 Use of data ........................................................................................................ 9
3.2 Ethics and confidentiality ................................................................................. 10
3.3 Security ............................................................................................................ 10
3.4 Breaches in security ........................................................................................ 11
3.5 On completion of research project ................................................................... 11
3.6 Publications ..................................................................................................... 11
3.7 Accountability................................................................................................... 13
Scope
This document explains the application process for researchers who wish to access
national cardiac audit data managed by the National Institute for Cardiovascular
Outcomes Research (NICOR). It defines the terms and conditions that must be
agreed before data can be released, to ensure data security and due sensitivity for
identification of individual patients and hospitals.
1 National Institute for Cardiovascular Outcomes Research
audit databases
1.1 Background
NICOR was established in 2006 to use national clinical audit data to improve the
quality of care and outcomes of patients with cardiovascular disease. It is now part of
the Centre for Cardiovascular Prevention and Outcomes within the Institute of
Cardiovascular Science at University College London (UCL).
NICOR currently manages seven national cardiac audits, listed below, which are
clinically led by the relevant professional societies. Each of the audits has an Audit
Research Group which is represented on the NICOR Research Group. The NICOR
Research Group oversees NICOR’s research strategy and is responsible for
ensuring the confidentiality and security of NICOR data released to research groups.
National clinical audits for which NICOR has responsibility from
2011
Audit
Patients
Adult cardiac All patients undergoing major heart
surgery
surgery.
Cardiac
interventions
Audit lead’s professional
society
Society for Cardiothoracic
Surgery (SCTS)
All patients on whom a percutaneous
British Cardiovascular
coronary intervention (PCI) procedure is Intervention Society
performed.
(BCIS)
Cardiac
All patients with implanted devices or
rhythm
receiving interventional procedures for
management managing cardiac rhythm disorders.
Heart Rhythm UK
Congenital
heart
disease
All cardiac or intrathoracic great vessel British Congenital Cardiac
procedures carried out in patients under Association
the age of 16 years. All adult congenital
cardiac procedures performed for a
cardiac defect present from birth.
Heart failure
All patients with an unscheduled
admission to hospital with heart failure.
British Society for Heart
Failure
MINAP
All acute coronary syndrome patients.
British Cardiovascular
Society
TAVI
All patients undergoing Transcatheter
Aortic Valve Implantation
BCIS and SCTS
See Appendices 1-7 for specific details relating to each of the 7 audits. Datasets for
each of the audits are available on the NICOR web pages
www.ucl.ac.uk/nicor/dataforresearch.
Cardiac audit data are collected by hospitals across the UK (for most of the audits,
the coverage is of every hospital) and uploaded to servers managed by NICOR.
Online analyses and reports against national aggregate data are provided for
hospitals, ambulance services, Strategic Health Authorities, cardiac networks, the
Department of Health and the public. A highly secure electronic system for data
entry, transmission and analysis that uses encryption of patient identifiers allows
secure transfer of data between hospitals and central servers and allows linkage with
the Medical Research Information Service (MRIS) for mortality tracking.
1.2 Data handling
At least once a year the NICOR Data Manager will download a full copy of the audit
datasets. The data will initially be cleaned of identifiable anomalies; the source data
will not be materially changed by any of the processes involved. The NICOR Data
Manager will document the full process of data cleaning.
Records to be withheld could be flagged in a new field to denote their status as not
normally to be sent out for research. The flag could be in the form of a coded reason
for the record being so classified.
1.3 Data quality
Consistency and range checks on data entry and on import are built into the data
applications and data completeness is monitored in online views. Each audit
monitors data completeness and validity in different ways, see Appendices 1-7.
1.4 Confidentiality and consent
The National Information Governance Board for Health and Social Care (NIGB) 1 for
England and has granted NICOR Section 251 exemption of the NHS Act 2006 for all
the cardiac audits that it manages. Section 251 permits the common law duty of
confidentiality to be lifted for activities that fall within defined medical purposes where
anonymised information will not suffice and consent is not practicable. Section 251 of
the NHS Act 2006 supersedes Section 60 of the Health and Social Care Act 2001.
Under the Data Protection Act effectively anonymised data are not regarded as
personal data and therefore may be used for research without consent. There is,
however, no legal definition of anonymised data. The Act establishes a definition of
‘personal data’ as ‘data which relate to a living individual who can be identified (a)
from those data, or (b) from those data and other information which is in the
possession of, or is likely to come into the possession of, the data controller, and
includes any expression of opinion about the individual and any indication of the
intentions of the data controller or any other person in respect of the individual’. The
Act was intended to ensure that personal data are appropriately protected, so uses a
very broad definition, including information which might potentially identify some
individual, even if no obvious mechanism exists 2.
Pseudonymised data (where the data is effectively anonymised, except for a coded
identifier, and where the recipient of the data does not have access to the coding
mechanism and so cannot identify the patient) is ‘personal data’ within the meaning
of the Data Protection Act 1998 3, but could be considered to be anonymised
1
2
3
http://www.nigb.nhs.uk/
http://www.opsi.gov.uk/Acts/Acts1998/ukpga_19980029_en_1
http://www.opsi.gov.uk/Acts/Acts1998/ukpga_19980029_en_1
information in the hands of the recipient. Pseudonymised data are
also referred to as linked anonymised data.
Linked anonymised data are still regarded as personal data even if the person is not
identifiable to the ‘Recipient’ (researcher), because the person is still identifiable to
the original holder of the data. In practice, provided the data is effectively
pseudonymised (linked anonymised), then researchers are generally given access to
this data, subject to certain safeguards.
Vital status, date of death and cause of death are obtained from MRIS. Although
patients’ names, hospital case record number, NHS number and hospital codes are
collected, these data items are pseudonymised to protect the rights of participants
and the confidentiality of their data. The names/GMC numbers of operators are
recorded in some audits and these are also pseudonymised. Date of birth is
converted to age at admission to one decimal place and postcode of residence
converted to deprivation scores and eastings and northings. However date of death
and complete eastings and northings are potential patient identifiers which are not
pseudonymised. Use of these data items must be justified before they are released.
2 Application process
This section describes the process that researchers who wish to access NICOR
audit data must follow. It is closely aligned to the HES User Guide 4. The relevant
Audit Research Group considers applications for access to the data. These may
include Universities, Research Institutions, NHS Trusts carrying out heart related
research in the European Economic Area, or individuals working for one of the
above, provided they are working in collaboration with a similar UK organisation and
are part of a recognised scheme as the US Safe Harbour Agreement.
In general NICOR will not consider requests for data from commercial organisations
but may offer to perform analyses in house. No more than two projects per year are
likely to be granted to any one research organisation.
2.1 Informal contact
It is recommended that the researcher first contacts the audit project manager or
clinical lead to discuss the feasibility of their proposed project.
2.2 Project proposal
4
http://www.hesonline.nhs.uk/Ease/servlet/ContentServer?siteID=1937&categoryID=403
2.2.1 NICOR Data Application Form
This form is part of the application pack which is available on the NICOR web pages
and must be submitted to the relevant audit project manager together with CV of the
Principal Investigator.
2.2.2 Data requested
A list of data items, including whether patient identifiers required, the time period and
whether annual updates are required must be specified in the NICOR Data
Application Form. Annual updates are available, which will include new records and
updated vital status, at an additional charge. If the application includes patient
identifiable data, a copy of the organisation’s ECC approval must be submitted. The
audit datasets are available on the NICOR web pages5. Further use of the data in
other areas of interest will require the submission and approval of a new application.
Requests for access to more than one NICOR dataset should be submitted on one
form, identifying the required datasets and the application will be reviewed by the
relevant Audit Research Groups.
2.2.3 Data linkage
Where linkage of datasets is required, NICOR can act as a trusted third party (TTP)
and data are released in pseudo-anonymised form with an assigned unique identifier
or alternatively an external TTP can be used, (see Appendix 1 of the ‘Approval
process for release of NICOR audit data’ for details of the process). When NICOR
acts as the TTP, an additional charge will be made to cover this service.
2.3 Funding
If a grant application is partially or totally based on the use of NICOR data the
applicant should give details about the funding application. If the researcher wishes
to apply for funding once the application has been approved and the grant
application is based on, or contains references to NICOR data, the audit research
lead must be informed about the funding application (organisation, when and by
whom).
Proposals that have not undergone formal peer review e.g. by a funding organisation
will be peer reviewed by a nominated member of the relevant Audit Research Group.
There will be a charge for data extracts (see Appendix 8) and NICOR recommends
that this is included in research grant proposals. A smaller charge could be
negotiated for smaller studies.
2.4 Evaluation of the proposal
The completed application form should be sent to the audit project manager.
Evaluation of the proposal will be made at the next Audit Research Group meeting.
For most of the datasets a collaborator with specialist knowledge of the dataset is
likely to be of great value. In most situations a member of NICOR will be allocated to
assist with the project to provide appropriate input.
Applications for patient identifiable data from audits funded by the Healthcare Quality
Improvement Partnership (HQIP) must also be approved by HQIP, following
approval of the Audit Research Group, before data can be released. HQIP will be
informed of data released to external research groups and publications arising from
HQIP funded audits.
2.5 Documentation required before release of data
When the application has been approved, the following documents should be
returned to the audit project manager
•
•
•
•
the NICOR Data Sharing Agreement signed by the Principal Investigator
and all users of the data
the organisation’s System Level Security Policy (see section 3.3.1)
letter of REC approval if required ( see section 3.2)
ECC approval if patient identifiable data requested (see section 2.2.2).
2.6 Dataset release
Once all conditions for approval have been accepted in writing by the applicant and
the above documentation has been received, the Audit Research Group will
authorise the release of the requested data. HQIP approval is required before the
release of patient identifiable data.
The NICOR Data Manager will generate the requested dataset and associated
documentation where necessary. The dataset will be supplied in ASCII format
appropriately delimited, encrypted using AES 256 encryption and delivered via a
secure drop box. The key will be given separately. Technologies will change with
time and so this method will be monitored and reviewed constantly.
2.7 Appeal process
Reasons for refusal of an application could include lack of outputs from previous
projects totally or partially based on NICOR data or concerns about the quality of the
project.
Should an application be refused, the applicant is welcome to make the appropriate
changes and submit a new application which would be expected to be substantially
different to the original one. The Audit Research Group will stipulate the reasons for
not approving the application as well as the action points. The revised application
would need to state that the application was previously rejected and how the issues
that led to rejection were addressed.
3. Terms and conditions for use of NICOR data
The confidentiality of the patients and contributing hospitals must not be
compromised by use of the NICOR data. The reputation of funding bodies, NICOR
and the professional societies must not be compromised through unethical,
premature or opportunistic data analysis and the subsequent production of scientific
outputs.
The terms and conditions for data sharing outlined here are, together with the rest of
the sections of this document, in line with the MRC data sharing policy and access
principles.
3.1 Use of data
3.1.1 Data must be used only for the purposes specified in the application form.
NICOR data, in whole or in part, cannot be processed, disseminated or
otherwise made available or used for any other purpose. The data must not
be distributed to third parties and the data must not leave the organisation that
provided the System Level Security Policy.
3.1.2 Analyses are allowed only according to the protocol described in the
application; major changes will require a new application.
3.1.3 Data users will not have sole and exclusive access to their required set of
data.
3.1.4 Data users should notify the NICOR Data Manager of any errors or
inconsistencies discovered in the data.
3.1.5 Data users should offer their derived variables to enrich the audit databases if
requested to do so.
3.2 Ethics and confidentiality
3.2.1 All medical research using identifiable personal information, must be
approved by a Research Ethics Committee (REC). The audit project manager
will expect to see a copy of the REC approval.before data are released.
3.2.2 Ethical approval from the relevant NHS Research Ethics Committee is the
responsibility of the researcher.
3.2.3 Once the project has been approved, datasets will be provided without
restrictions within the European Economic Area (EEA, which consists of the
twenty seven member states of the European Union together with Iceland,
Liechtenstein, Norway and the States of Guernsey) and internationally
recognised schemes as the US Safe Harbour Agreement.
3.2.4 NICOR data must not be transferred to a country or territory outside the
European Economic Area and internationally recognised schemes as the US
Safe Harbour Agreement.
3.2.5 Researchers must ensure that any personal information is handled by staff
with an equivalent duty of confidentiality to that in a National Health Service
(NHS) contract (e.g. an honorary NHS contract or university contract of
employment).
3.2.6 It is virtually impossible to guarantee that an individual will never be identified,
given the nature of the data. It is therefore the responsibility of data users to
ensure that the participants’ identity is not disclosed under any circumstances.
Data that identifies hospitals or Strategic Health Authorities cannot be
published without the prior permission of the organisation’s chief executive
and the audit’s research group.
3.2.7 Data users must consider the risk of identifying individuals in their analyses
prior to publication. ‘Small numbers' are considered from one to five. Lowlevel analyses are more likely to contain small numbers which might facilitate
identification of individual patients. A higher level of aggregation should be
considered when analyses produce fewer than six cases.
3.3 Security
3.3.1 Your organisation’s System Level Security Policy must be sent to the audit
project manager before data can be released. It should specify precisely how
and where the dataset will be stored and used. It should include who is
responsible for the data security and what access controls, network
monitoring and screening, anti virus defences are in place (i.e., all the
information described in points 3.3.2 and 3.3.3). It should also describe the
levels of training regarding data handling and security that will be given to all
staff involved.
3.3.2 Secure data access such as passwords, firewalls, etc., must be in place to
ensure that the data are kept secure. Ideally, data users should access the
provided dataset using a network drive set up by the organisation where they
work, and avoid keeping datasets on their own PC/laptop. This network drive
should be accessible through password control.
3.3.3 Data users working on the same project must not use memory
sticks or send files to each other as attachments in e-mails. Instead, they
should use a shared drive for transferring files.
3.3.4 The audit project manager requires a list of all individuals who will have
access to the data, the names of their employers in this context and their job
titles is required in the NICOR Data Sharing Agreement.
3.3.5 Data must always be stored in a secure repository as a computer file server.
This data can then be accessed directly from computer workstations within
the same secure environment of the recipients’ organisation. Copies of the
data must not be taken out of this secure environment, for working on a local
personal computer or lap top computer, or taken off site by any means unless
the copy has had all potential identifiers, including eastings and northings,
removed. Data should be encrypted on pen drives and lap tops if there is any
possibility of identifying a patient. Data in a cell that contains fewer than six
records should not be taken out of a secure environment.
3.4 Breaches in security
3.4.1 NICOR retains the right to demand the return of all data if any of the above
terms and conditions are breached.
3.4.2 Knowingly disregarding the conditions relating to the release of data given in
the NICOR Data Sharing Policy will be considered a serious offence and will
result in action being taken against the applicant and their organisation.
3.4.3 Any breach in data security which has or could lead to disclosure must be
reported to the NICOR audit project manager within one working day. A
decision will then be made as to whether to request changes to the security
measures the recipient organisation has in place.
3.4.4 A serious breach or a case of misuse of the data will be reported to the head
of the recipients’ organisation for internal disciplinary measures to be taken.
As a last resort, NICOR has the right to demand the return of the data.
3.5 On completion of research project
3.5.1 On completion of the project, all electronic copies of NICOR data held by the
applicant must be returned to the NICOR Data Manager who will archive
these copies to the 10th anniversary of the formal end date of the project. Any
local copies must be electronically shredded (simple deletion is not enough). It
is envisaged that this will be within one year and no longer than two years
following the formal end date of the project.
3.5.2 A final study report summarising presentations and publications must be
submitted at the end of the study.
3.6 Publications
3.6.1 Data users must preserve the confidentiality of the data in outputs and
publications (see 3.1.1, 3.2.6 and 3.2.7). No presentation or publication from
the study will be permitted until the relevant Audit Research Group has had
the opportunity to assess data analysis and interpretation to
verify the accuracy and interpretation of the dataset and to confirm that no
personal identifiers are included in the results. This requires that any
proposed presentation/publication is provided to the Audit Research Group at
least four weeks before the time that it is intended to present the data. NICOR
reserves the right to prevent presentation or publication if it identifies
significant problems with the analysis or on the grounds of data protection. No
hospital/s can be identified without written agreement from both the source
hospital and from the Audit Research Group.
3.6.2 The scope of the project should be aimed at the publication of one or two
scientific articles within two years from the date when the requested dataset is
received by the data users. Users can subsequently submit new applications
for data if they wish to do further analyses. However, NICOR will not accept a
new application for data if a previous download has not resulted in a
publication.
3.6.3 The name of the audit must be included in the title or subtitle and any
publication must include the sentence: ‘This study includes data collected on
behalf of the relevant audit’s professional society under the auspices of the
National Institute for Cardiovascular Outcomes Research (NICOR).
3.6.4 Co-authorship is not required but if any member of the relevant audit’s
professional society has provided significant input they should be included as
an author.
3.6.5 No presentation or publication of the study will be permitted until NICOR has
had an opportunity to assess the data analysis and interpretation to help verify
accuracy and appropriate interpretation of the dataset.
3.6.6 NICOR reserves the right to prevent presentation or publication of the
proposed study if it identifies significant problems with the analysis performed
in the proposed study
3.7 Accountability
3.7.1 Overall accountability to funding bodies for research projects remains the
responsibility of the Principal Investigator.
3.7.2 The audit project manager should be updated on the progress of the project
and outputs should be submitted within two years from the date when the
requested dataset is received by the data users.
3.7.3 The Principal Investigator must prepare a summary of their main findings
when asked.
Please note that the NICOR Research Group retains the right to modify the
contents of this document at any time.
Related documents
Beginning the first week of May, Nicor Gas will begin working in your
Beginning the first week of May, Nicor Gas will begin working in your
Heart patients receive major awareness boost with first patient
Heart patients receive major awareness boost with first patient
What does it take to change a life?
What does it take to change a life?
Look Ahead Feature To access the application that
Look Ahead Feature To access the application that
Download
advertisement