= Information Governance Procedure Tags: [[HowTo]] [[LCBRU IT]] == Overview This is guidance for Information Governance based on the outcome of a meeting with Ewan Robson (UHL Head of Privacy). It consists of a series of scenarios and what would be the appropriate Information Governance requirements in each case. This is just guidance and should not be taken as gospel. In the case of any doubt, ask for advice from Ewan or one of his team. == Scenarios === Intra-NHS Data Sharing ==== Obtaining Patient Identifiable Clinical Data from Other Sites - Ensure that the data to be shared is contained within the protocol which is signed by the external site's PI. - It should then be up to the external site to decide if a data sharing agreement is required and get us to sign it. ==== Hosting Patient Data Entered by Clinicians at External Sites - They are acting as users to our system, entering data on our behalf, as so no data sharing agreement is required. ==== Sending Patient Identifiable Data to External Sites - This will need us to create a data sharing agreement for the external site to sign. - If we are only hosting the site and are not doing research on the data ourselves, we will be designated as Data Processors. - If we are also going to use the data for our research, we will be designated as Co-controllers of the data. [[BackLinks]]