Introduction
This Policy sets out the approach undertaken by The School of Clinical Medicine in order to provide a robust Information Governance framework for the management of research related identifiable information. The purpose of the Policy is to put in place the structure, resources and processes necessary to ensure the information needed to support the research carried out by members of the Clinical School, is appropriately collected and stored in line with all current legislation and guidance. This Policy should be read in conjunction with the Clinical School Secure Data Hosting Policy.
Under the Policy all identifiable research data – from both NHS and healthy volunteer participants must be held in one of the named approved Clinical School safe havens or on NHS computers
Scope of the Policy
This Policy relates to sensitive/identifiable personal information
collected and stored by Clinical School employees for the purposes of
research. It does not relate to University staff and student data which
should be stored and collected under the University of Cambridge
guidelines.
This Policy applies to all members of the Clinical School and other
members of the University or external researchers who are working in
collaboration with Clinical School Investigators.
This Policy does not apply to identifiable research data held on NHS computers or to the storage of anonymous data.
Legal Compliance
The Clinical School regards all identifiable personal information
relating to research participants as confidential. It is only to be used
in line with the ethical approval and consents received for use of the
data.
All participant data collected and stored by Clinical School researchers
must be stored and used in line with the Data Protection Act 2018 and
the Common Law of Confidentiality.
Information Security
The Clinical School has established safe haven areas for the effective and secure management of personal/sensitive identifiable information used for research purposes. There are eight safe havens which comply with the NHS Digital Data Security and Protection Toolkit requirements:
- The Clinical School Secure Data Hosting Service which is open to all Clinical School staff;
- The UIS Secure Platform for Storage of Research Data. This has three tenancies for the storage of Clinical School sensitive/identifiable personal research data. One is specifically for the storage of WBIC identifiable imaging data, one for Cambridge Clinical informatics team and the third is the main Clinical School tenancy which is open to all Clinical School researchers. All three areas are for the storage of NHS and healthy volunteer identifiable/sensitive data;
- The MRC Epidemiology Unit for MRC Epidemiology staff only has two areas. One air-gapped system for archive purposes only and one Secure Research Database.
- The NCITA XNAT repository for specified projects only
- The UIS Ronin platform for specified project only
The MRC Cognition and Brain Sciences Unit (MRC CBU) have a secure area for storage of identifiable research data available for MRC CBU project only. At the current time, the MRC CBU secure area is not covered by the NHS Digital Data Security and Protection Toolkit.
The School promotes effective confidentiality and security practice to its staff through policies, procedures and training.
The School will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security.
Information Quality Assurance
The Clinical School, the University Information Compliance Office and
the Research Integrity Office will provide advice and policies on the
effective management of research data.
Chief Investigators and local Principal Investigators are expected to
take ownership of, and seek to improve, the quality of information
within their teams.
Wherever possible, information quality should be assured at the point of collection.
Data standards will be set through clear and consistent definition of data items, in accordance with national standards.
The School will promote information quality and effective records
management through policies, procedures/user manuals and training.
Responsibilities and Accountabilities
It is the role of the Council of the School to define the School’s
Policy in respect of information governance, taking into account legal,
University and NHS requirements. The Council is also responsible for
ensuring that sufficient resources are provided to support the
requirements of the Policy.
The Secretary of the School of Clinical Medicine has responsibility for
all Information Governance protocols, for communication of such policies
within the School and for ensuring that they are managed responsibly.
The Research Governance Office is responsible for overseeing day-to-day
information governance issues, including developing and maintaining
policies, standards, procedures and guidance, co-ordinating information
governance in the School and raising awareness of information
governance.
Investigators and departmental data managers are responsible for
ensuring that the Policy and its supporting standards and guidelines are
built into local processes, and provide evidence of compliance when
requested by either the Research Governance Officer or their authorised
representative, as part of any audit..
All staff, whether permanent, visiting, temporary or contracted, and
students, are responsible for ensuring that they are aware of the
requirements incumbent upon them and for ensuring that they comply with
these on a day to day basis.
June 2022