In order to apply for permission to gain access to patient data without consent, it is necessary for researchers to gain S251 approval from the Dept of Health via an application to the Confidentiality Advisory Group. Previously each application was expected to supply a security policy at project level. This has now been replaced by a requirement that each organisation wishing to seek s251 approvals has an Information Governance Toolkit in place. This brings our organisation into line with NHS organisations. It has been agreed that this will be implemented at School level so any researcher who is part of the Clinical School will be able to refer to this if required. The School is applying for the toolkit relating to Hosted Secondary Use Teams which is the appropriate toolkit for Universities.
This policy sets out the approach to be taken within The School of Clinical Medicine in order to provide a robust Information Governance framework for the future management of research related information. The purpose of the policy is to put in place the structure, resources and processes necessary to ensure the information needed to support the research carried out by members of the Clinical School, is appropriately collected and stored in line with all current legislation and guidance.
Scope of the policy
This policy relates to sensitive/identifiable personal information collected and stored for the purposes of research. It does not relate to University staff and student data which should be stored and collected under Cambridge University guidelines.
This policy applies to all members of the Clinical School and members of other parts of the University and external researchers who are working in collaboration with Clinical School Investigators.
The School regards all identifiable personal information relating to research participants as confidential and only to be used in line with the consents received for use of the data.
The School has established a secure data storage area for the effective and secure management of personal/sensitive identifiable information used for research purposes. This area, together with the “safe haven” areas in WBIC and the MRC Epidemiology Unit are the only places that identifiable data should be stored.
The School promotes effective confidentiality and security practice to its staff through policies, procedures and training.
The School will establish and maintain incident reporting procedures and will monitor and investigate all reported instances of actual or potential breaches of confidentiality and security.
Information Quality Assurance
The School will provide advice and policies on the effective management of research data.
Chief Investigators and local Principal Investigators are expected to take ownership of, and seek to improve, the quality of information within their teams.
Wherever possible, information quality should be assured at the point of collection.
Data standards will be set through clear and consistent definition of data items, in accordance with national standards.
The School will promote information quality and effective records management through policies, procedures/user manuals and training.
Responsibilities and Accountabilities
It is the role of the Council of the School to define the School’s policy in respect of information governance, taking into account legal, University and NHS requirements. The Council is also responsible for ensuring that sufficient resources are provided to support the requirements of the policy.
The Secretary of the School of Clinical Medicine has responsibility for all Information Governance protocols and communication within the School and for ensuring that they are managed responsibly.
The Research Governance Office is responsible for overseeing day-to-day Information Governance issues, including developing and maintaining policies, standards, procedures and guidance, co-ordinating Information governance in the School and raising awareness of Information Governance.
Investigators and departmental data managers are responsible for ensuring that the policy and its supporting standards and guidelines are built into local processes, and provide evidence of compliance when requested by either the Research Governance Officer or their authorised representative, as part of an audit that there is ongoing compliance.
All staff, whether permanent, visiting, temporary or contracted, and students, are responsible for ensuring that they are aware of the requirements incumbent upon them and for ensuring that they comply with these on a day to day basis.