DATABASES AND ETHICS / GOVERNANCE REVIEW
The establishment of databases for clinical and research purposes is the basis of good clinical care and a valuable tool for the investigation of research questions that can lead to improved patient outcomes.
The establishment of a database for research purposes requires the approval of a Human Research Ethics Committee (HREC) and the authorisation of the Research Governance Officer(s) at the site(s) where the data will be collected and stored before the activity commences. You should familiarise yourself with the following documents as part of your preparations:
Strictly speaking, the establishment of a database of clinical practice medical records (eg within a private practice or a clinical department) does not require ethics approval. However, it is likely that such a database will – sooner or later - be utilised for research purposes. For this reason, it is highly recommended that ethics approval is sought before clinical records are transferred into an electronic format.
The following documentation is required for ethics / governance review of a database:
1. A completed ethics application form – Human Research Ethics Application (HREA).
2. A protocol, which should address the following issues:
- The name of the database
- Its overall aim
- The database’s Sponsor
This can be an organisation or department. The Sponsor is responsible for the following:
- The database’s Data Custodian
This must be a named person; changes must be notified to the HREC. The Data Custodian is responsible for the following:
- Location of the database
- Platform on which the database will be developed
- Database security
This should discuss firewall protection, log-in and passwords, details of staff with routine access, privacy / confidentiality agreements signed by such staff, etc.
- Nature of the data, ie identifying, re-identifiable (ie coded), non-identifying
Consideration should be given to whether it would be practicable to develop dual databases, one of which contains personal identifiers and codes and the other contains the codes and the data fields. Separate log-ins and passwords would then give added security to the data, and reduce the risk of releasing identifying data to authorised researchers.
- The data fields to be collected
- Informed consent of the patients / research participants
There are three options to consider:
a. Obtaining the informed consent of the people whose personal and health information will be included in the database is the ‘gold’ standard. Please refer to the National Statement 2.2 and 3.2, and the Privacy Manual 5.4. Templates of the information sheet and consent form for the establishment of databases can be found here.
b. Informing the people whose personal and health information will be included in the database and then giving them the option to opt-out. Please refer to the National Statement 2.3 (particularly 2.3.5 - 2.3.8) for further information and guidelines on opt-out consent and on the bases upon which the HREC may consider this acceptable.
c. If you believe that it is not possible to obtain the informed consent of the people whose personal and health information will be included in the database, you may seek a waiver of consent from the HREC under the Statutory Guidelines on Research of the Health Records and Information Privacy Act 2002. To justify such a request, you would need to explain the following:
(1) why the database could not be developed using non-identifying data, eg
(2) why it would be impracticable to obtain consent, eg
and (3) why the public interest in the proposed database and the research to be done using the collected data outweighs the public interest in the protection of privacy.
More information and guidelines on the waiving of consent and on the bases upon which the HREC may consider this acceptable can be found in the National Statement 2.3 (particularly 2.3.9 – 2.3.12).
For both SLHD researchers and researchers from outside the SLHD, it is the expectation of the HREC that:
- The Protocol should include a footer with a version number and date.
3. The information sheet and consent form / opt-out form which will be given to patients / research participants on the development of the database. These should include a footer with a version number and date.
4. The data fields to be included in the database, along with the data dictionary, and, if appropriate, the Data Collection Form. These should include a footer with a version number and date.
5. Following receipt of ethics approval for the establishment of the database, a Site Specific Assessment Form will need to be completed and submitted for review and site authorisation to the Research Governance Officer of the site at which the database is to be located. In addition, if data are to be collected for the database from multiple sites, then the submission of a Site Specific Assessment Form will need to be made to the Research Governance Officers responsible for those sites.
Issued: 17 August 2017