It is important to consider research data management during the development of your health and social care research proposal. Management of data is an essential part of good research practice and this information feeds into legal and ethical management that may be required in order to deliver your research in a health and social care setting.
Most research funders and many academic publishers also now have mandates requiring research data to be properly managed and, where possible, shared. You can find more information on the funder expectations webpage.
When designing your proposal or project, you will need to consider the below aspects of data management. Click on each drop-down for more information and link to Lancaster University policies and guidance.
accordion
It is Lancaster University policy that all researchers are required to complete a Data Management Plan (DMP), and document this using either the funders template or the Lancaster University template. You should familiarise yourself with the 2023 Research Data Management and Archiving Policy, before developing your plan and submitting to sponsorship for any health or social care research project.
Describing in writing how you will manage your data, and mapping the flow of data from the outset of your project is an essential part of your research design process. Decisions you make about what data will be collected, in what stage of anonymisation you will receive or share data, which software you will use, how to organise, store and manage your data, and the consent agreements process, will all affect what agreements are required in order to obtain and share the data, as well as how that data can be used in the future.
You should also ensure that you data management plan is clearly outline in your proposal and in relevant sections of your IRAS application. The sponsorship team will need this information to ensure that you are compliant with the Data Protection Act and General Data Protection Regulations (GDPR), and to help identify the need for contracts or agreements. The sponsorship team will also verify the consent procedure, and that the participant information sheets reflect the correct data arrangements.
The university has resources and support available including information about what research data is, how to write data management plans, what to include in your data management plan and how to access specific support, all provided by the Library Research Data Services. You can refer to the Library's open research webpage for more information.
The MRC also support with data management plan templates, guidance and information.
The Library Open Research Team also provide a data management plan review service and offer one-to-one discussions, should this be required.
During your research project you will need to store your research data so it is secure and backed up regularly, but is easily accessible to those who are authorised.
The level of security required depends upon the nature of the data, the more personal or restricted the information is the higher the level of security needs to be. With help of the University Information Classification guidance, you can ascertain what class of data you are collecting and what level of protection is required when storing information for the purpose of Information Security.
You should also consider where and how you store information, and ensure this is clearly outlined in your IRAS application and proposal, to ensure the sponsorship team are able to conduct their review effectively.
You can access more support through the ISS webpages relating to: storing secure information, sharing or transferring information securely and secure disposal of information. Please be aware, that for those working with the NHS or with NHS data, you may be asked about ISO certification; the University is not certified in the ISO27001 family of standards, but adheres to the principles of them, which meets all Research Data Management requirements.
We have however secured multiple Data Security and Protection Tool Kit Return (DSPT) successfully, and should you be asked to provide one, you can find more information via data security and protection toolkit.
Other Data Security Helpful Webpages and Guidance:
The EU General Data Protection Regulation (GDPR) and UK Data Protection Act 2018 came into force on 25 May 2018. Both apply in the UK and influence research involving personal data.
GDPR only applies to personal data, so it is important that you are aware of the classification of data you are processing, to ensure you are meeting all of the requirements to do so. Data that is Pseudonymised may still fall under the scope of GDPR depending on how difficult it is to attribute the pseudonym to a particular individual. Therefore, it is important to ensure you are specific in your data management plan and IRAS application about what classification of data is being processed, and by who, and at what point, so that the sponsorship team can review effectively for compliance.
You can find more detailed guidance on Data Protection and GDPR regulations and how they apply specifically to research on the Ethics, Governance and Integrity webpages.
The Information Governance Team have also provided wider policies and guidance on the below pages:
If you have determined that your research involves processing or requesting another institution or person process personal data on your behalf, and/or you are sharing personal data or requesting that another party shares personal data with you, you may require an agreement or contract to cover the particulars.
For research involving NHS sites, a site agreement will be drafted as part of your sponsorship review process (EG: Organisational Information Document or mNC-PICA (Sponsor to PIC) Agreement). This agreement usually contains a Data Sharing Agreement and a Data Processing Agreement that will be used to cover Lancaster's request for the site to process personal data on our behalf, and to share this data with Lancaster University.
Where there are other arrangements to share data outside of NHS site to sponsor request, or where there are more complex data flows, such as additional data processors, or data sharing that is taking place elsewhere, you may require an additional Data Processing or Data Sharing Agreement. For example, where a Lancaster Researcher is collaborating with another university researcher and sharing personal (identifiable or some pseudonymised) data with them.
Where this is the case, the researcher should contact the RSO Contracts team with detailed information about the proposed sharing arrangements, so an agreement can be drafted.
All research data you want to publish needs to conform to Lancaster University's Code of Practice and Open Access Policies which can be found on the Library Open Research Webpages.
A lot of data with personal or confidential information can be anonymised without compromising the value data and be shared. For example you should consider to:
Remove direct identifiers (e.g. personal information such as addresses)
Aggregate or reduce the precision of variables that might be identifiable (such as postcode).
Generalise text variables to reduce identifiability
Note that re-users of data have the same legal and ethical obligation to NOT disclose confidential information as primary users.
You should also ensure that the initial consent and PIS covers the ways in which you may use data. We encourage all researchers to consider the end goal when designing their research proposal and IRAS application.
