Changes between Version 1 and Version 2 of Information Governance Procedure


Ignore:
Timestamp:
05/18/16 12:49:38 (9 years ago)
Author:
Richard Bramley
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • Information Governance Procedure

    v1 v2  
    66
    77This is guidance for Information Governance based on the outcome of a meeting with Ewan Robson (UHL Head of Privacy).  It consists of a series of scenarios and what would be the appropriate Information Governance requirements in each case.  This is just guidance and should not be taken as gospel.  In the case of any doubt, ask for advice from Ewan or one of his team.
     8
     9The main thing to remember is that consent is the key deciding factor.  If we explicit consent to share data with the organisation, then we should be able to with the appropriate data sharing agreements.  On the other hand, if we do not have specific consent, we CAN NOT share the data, no matter what.
    810
    911== Scenarios
     
    2628- If we are also going to use the data for our research, we will be designated as Co-controllers of the data.
    2729
     30=== International Data Sharing
    2831
     32- In effect this is the same as Intra-NHS data sharing: if we are receiving data the sending site should get us to sign an agreement; if we are sending data, we should create an agreement and get the receiving site it.  However, it is probably worth checking all of these with Ewan and his team.
     33
     34=== Data Access within UHL
     35
     36- We are OK to access any data as long as with have explicit consent from the participant.
     37
     38=== Data Collection Over the Internet
     39
     40- This is acceptable as long as adequate security measures are in place (SSL, password protection, firewalls, etc).
     41- Collecting data from patients directly over the internet is fine as long as it has been approved in the protocol.
     42
     43=== Sharing Data Between UHL and UoL
     44
     45- Sharing of Pseudo-anonymised data between UHL and UoL does not require an agreement.
     46- However, genetic data may soon be considered genetic data.  Therefore, sharing of genetic data will not be allowed without explicit consent (this will depend on the meaning of the LCBRU, possibly).  Also, does this mean that combining pseudo-anonymised data from UHL with genetic data will be considered re-identification, which is a big no-no?  Ewan's advice on this subject is required.
    2947
    3048