Obtain Governance Approval for Project 

HIC works as a Data Processor of the data HIC hosts and manages, on behalf of the Data Controllers (e.g. the NHS). All use of data must be in compliance of HIC SOPs and other data-sharing agreements agreed with the Data Controllers. 

All studies need to provide HIC with a project description, containing the project’s aims, methods and how the study cohort will be identified, to enable HIC to accurately scope the data requirements for the study and provide guidance on approvals. All project team members who will be accessing the data within the HIC Trusted Research Environment will need to sign a Data User Declaration

The project-specific governance approvals required will vary depending on the study’s design and methods, for example:

Governance required:

HIC hosted to a clinical dataset

A study that will link HIC-hosted data to a clinical dataset not currently hosted by HIC to answer a research question using statistical analysis anonymised data, will require:

  • Caldicott approval to allow HIC to receive an extract from the new dataset.
  • NHS R&D approval of the project’s potential research use of NHS resources.

Access to patient-identifiable data

A study that will require access to patient-identifiable data, e.g. to review patient notes, or for recruitment contact purposes (out-with HIC’s securely-managed process – see Secure Patient Recruitment via General Practice), will need:

  • Project-specific Caldicott Guardian approval
  • A recruitment project, involving patient contact, would also require formal ethics review.

Research projects

All research projects, using NHS data, will need NHS R&D approval.

Anonymised HIC data

A simple audit using anonymised HIC data could potentially require no project-specific approvals. 


For medical students, if you believe you will need Caldicott Approval for your project, please contact SMed-Caldicott@dundee.ac.uk for further guidance