Below are some suggestions for wording which may be copied into the Data Management section of Grant/Ethics Applications, protocols etc and some examples questions from a recent IRAS application
Data will be collected and curated using the Department’s Integrated Data Environment (IDE), hosted on the University High Performance Hub for Clinical Informatics and the Clinical School Safe Haven in Cambridge. The IDE comprises three software packages which may be linked to each other to provide a centralised, standardised data collection environment. The IDE provides not only an advanced data collection/curation system, but also simplifies the longer-term archiving of data. The system can be accessed by external collaborating centres to allow both uploading and downloading of data in real time.
The Cohort Management System (CMS)
The CMS has been developed ‘in house’ to provide a more formalised way of storing Personal Identifiable Data (PID), as well as simplifying the management of research cohorts. Only those personnel who are directly involved with subject recruitment are allowed a login to the system, eg. Research Nurses/Assistants. This segregation of personal and research data provides a robust way of ensuring compliance to data protection regulations and protecting against PID release in error. The CMS is hosted on the Clinical School Secure Data Hosting Service (SDHS) which provides an ISO:27001 certified ‘Safe Haven’
Research Electronic Data Capture (REDCap)
REDCap is a mature, secure, web application for building and managing research databases and will be used to collect all demographic and other measures related to the study. All data held in REDCap is anonymised and can therefore be accessed, in real time, by collaborating Researchers, Laboratory Staff and Statisticians outside of the Department once they have been issued with the appropriate logins.
Extensible Neuroimaging Archive Toolkit (XNAT)
All MRI and PET scan data will be held in the XNAT repository managed by the Wolfson Brain Imaging Centre. Scan data generated in Cambridge is automatically uploaded to XNAT after scans are completed. Scan data collected by collaborating centres outside of Cambridge can be uploaded to XNAT via a web-based interface.
Where applicable: This XNAT Repository also forms part of the DPUK imaging informatics network, and is configured to allow data sharing via the national DPUK XNAT repository.
What resources / finding will be required?
The IDE is run by the department in order to support all ongoing research projects. Development has been part funded by the Biomedical Research Centre funding received by the University. As such, no additional resource will be required for this application.
PID will not be needed for any analyses and as such, will not be released. It will however be archived at the end of the study, in accordance with the ethical approval.
Data held in the REDCap database is anonymised allowing for easy configuration of read only access logins which can be issued to anyone authorised by the Chief Invesitgator Linking data back to PID held in the CMS can only be carried out by staff with the appropriate permissions.
Identifiable information and consent may be transferred between study sites if the participant is travelling to another site for a study procedure, e.g. PETMR. The participants’ home addresses (including postcodes) and telephone numbers will be kept on a secure database on NHS/University computers in compliance to the Data Protection Act. All data transferred will be done in accordance to the NHS Code of Practice on Confidentiality and local Trust data protection policies and procedures. We will be sharing anonymised data inside and outside the consortium as open global access as agreed with the Wellcome Trust. Fully anonymised data will be analysed by study staff.
A37. Please describe the physical security arrangements for storage of personal data during the study?
All study staff will be expected to comply with, and update their knowledge of, the requirements of the General Data Protection Regulation (GDPR), the NHS Confidentiality Code Of Practice, the Computer Misuse Act (covering information security), and all Local Trust Policy with regards to the collection, storage, processing and disclosure of personal information and uphold core principles of data confidentiality both in letter and in spirit. Equipment necessary to protect personal data, such as locked cabinets, shredders (or shredding services), and necessary software and IT services to secure digital data, will be procured. Information held on personal computers will be destroyed when the computers are no longer needed.
A38. How will you ensure the confidentiality of personal data? Please provide a general statement of the policy and procedures for ensuring confidentiality, e.g. anonymisation or pseudonymisation of data.
Every person in the study will be given a Unique Identifier (UID). All study team members will be reminded to use this in day today communication to preserve anonymity. All study assessment data will be stored separately from personally identifiable data and referenced via the UID to maintain anonymity of the data accessible for research purposes.
A40. Who will have access to participants’ personal data during the study? Where access is by individuals outside the direct care team, please justify and say whether consent will be sought.
Participants’ personal data will only be accessed by designated members of the study team, in order to provide care and to contact participants as necessary. Authorised representatives of the sponsor, may access personal data as part of the review of the study.
Storage and use of data after the end of the study
A43. How long will personal data be stored or accessed after the study has ended?
We would normally suggest the ’12 months – 3 years’ option here. This should give time in case you wish to re contact subjects for a follow up study
A41. Where will the data generated by the study be analysed and by whom?
The data will be analysed by University staff at study centres under the supervision of the applicants.
Authorised representatives of the sponsor, may access personal data as part of the review of the study.
A44. For how long will you store research data generated by the study?
Please check the current regulations if you are planning a CTIMP
A45. Please give details of the long term arrangements for storage of research data after the study has ended.Say where data will be stored, who will have access and the arrangements to ensure security.
We will be sharing anonymised data inside and outside the consortium as open access is agreed with the Wellcome Trust.
Study data and images will be held on secure databases in accordance with the security policies of the University of Cambridge.