Obtain Governance Approval for Project
HIC works as a Data Processor of the data HIC hosts and manages, on behalf of the Data Controllers (e.g. the NHS). All use of data must be in compliance of HIC SOPs and other data-sharing agreements agreed with the Data Controllers.
All studies need to provide HIC with a project description, containing the project’s aims, methods and how the study cohort will be identified, to enable HIC to accurately scope the data requirements for the study and provide guidance on approvals. All project team members who will be accessing the data within the HIC Safe Haven will need to sign a Data User Declaration.
The project-specific governance approvals required will vary depending on the study’s design and methods, for example:
HIC hosted to a clinical dataset
A study that will link HIC-hosted data to a clinical dataset not currently hosted by HIC to answer a research question using statistical analysis anonymised data, will require:
- Caldicott approval to allow HIC to receive an extract from the new dataset.
- NHS R&D approval of the project’s potential research use of NHS resources.
Access to patient-identifiable data
A study that will require access to patient-identifiable data, e.g. to review patient notes, or for recruitment contact purposes (out-with HIC’s securely-managed process – see Secure Patient Recruitment via General Practice), will need:
- Project-specific Caldicott Guardian approval
- A recruitment project, involving patient contact, would also require formal ethics review.
All research projects, using NHS data, will need NHS R&D approval.
Anonymised HIC data
A simple audit using anonymised HIC data could potentially require no project-specific approvals.