Our approach: Research data ethics and information governance

This outline is in draft and was updated in June 2019 following comments from colleagues both locally and nationally. We continue to seek the views of people around our region about our approach to the ethics and information governance around data sharing. We welcome comments and feedback either on our social media channels, or our Discourse network (account required), or on email.

A PDF version of our approach to research data ethics is available here.

Purpose of this approach

Here we describe the context for research and research uses of data for the Great North Care Record and the people of the North East and North Cumbria (NENC) who may be asked to participate in research or whose data may be used for research purposes. We also outline the Great North Care Record and Connected Health Cities North East and North Cumbria (CHC) roles in developing processes for respectful, trustworthy, fair and transparent processes for facilitating research in the NENC.

Underpinning Great North Care Record values

1. Respect and trustworthiness

a. Values-driven rationale, but also…

b. Pragmatic – if we lose trust we will not be able to do research.

2. Transparency and fairness

a. We will explain to people what we are doing (e.g. Privacy Notices),

b. We will only do what people expect with their data.

Background and underpinning projects

Understanding public views about data sharing has been central in shaping the Great North Care Record Research Ethics Framework. CHC NENC has undertaken a range of public engagement exercises and research with NENC publics.

  • Focus groups with people of NENC (Teesside and Newcastle Universities, Healthwatch)
  • Co-production workshops and people’s panels (Newcastle University)
  • Preference tool development


People said that they expect and want to have control of their data.

Great North Care Record will continue to talk with the NENC public to ensure its ethical practice aligns with their expectations of data use and control.

The Great North Care Record Research Ethics Framework for Responsible and Respectful Data Use is also based on national and international data access governance policy and practice developed by The Data Group of the Policy Ethics and Life Sciences research centre, led by Prof Madeleine Murtagh (www.metadac.ac.uk and www.ga4gh.org/work_stream/regulatory-ethics/).

The approach is informed by and compliant with NHS Information Governance regionally and nationally.

Great North Care Record role – Development of data governance processes and criteria

To be fit for purpose, data governance mechanisms need to be co-produced with the public, health and social care professionals, researchers, research ethics/IG/legal experts. Great North Care Record and CHC NENC have engaged publics and professionals to co-produce criteria and processes for data sharing and address ongoing questions.

Great North Care Record has developed mechanisms to record individual’s preferences for research
Great North Care Record will continue to address open questions:

  • What is ‘public interest’ research from the peoples’ perspective?
  • What are people’s (reasonable) expectations of research?
  • What types of research are considered sensitive or exceptional?
  • How can we encompass different preferences for decision making and granularity? Responsible and respectful data ethics

















Defining primary and secondary health and social care research

The Great North Care Record will provide a platform for recruiting patients to new research and will enable the use of existing data for analysis. These uses are known as primary and secondary research, respectively.

1. Primary research involves collecting new research data directly from individuals (e.g. health and/or social care service users) by involving them in observational, comparative, experimental or other types of research study.

2. Secondary research uses existing data for research purposes which is not collected directly from the individual. Data may be derived from:

a. Routinely collected data, e.g. medical and social care records, or

b. Previously collected data from research studies or for research repositories.

Primary research – research ethics/IG considerations

Legal basis –Under GDPR, the lawful basis for Public Authorities will most likely be Article 6 Public Interest and for a non-public authority or private company legitimate interest. Article 9 Scientific Research should be used for all organisations. This allows the derogations under GDPR for research to be used which allows certain protections against serious damage to research but also balances with rights of the individual.

Primary data collection: Using Scientific Research as the lawful basis to conduct medical research with patients requires valid ethics from the NHS Health Research Authority (HRA). The Data Protection Act 2018 sets out in Section 19 what must be in place to lawfully conduct medical research. Under GDPR you must also be transparent and fair. This requires information given to the research participant prior to data collection.

The Common Law Duty of Confidentiality is formed by case law and covers all professions where there is an expectation of confidentiality. Medical care, Social care are both covered. Common law requires consent to be able to share data outside of the care team or requires valid legal support under the NHS Act 2006 section 251. This support is provided by the HRA’s Confidentiality Advisory Group (CAG). Consent under common law is to participate in research and not for GDPR purposes where, as set out above, alternative (and equally valid) legal conditions can be relied on.

Ethics requirement – Primary research which recruits participants will always require ethics approval. The storage, curation and/or sharing of data collected through primary research will be subject to the rules of data processing.

Process – bona fide researchers (NHS, university or industry, e.g. pharma) are responsible for seeking ethical approval of their project, including producing all participant information and consent materials, plus meeting all IG requirements.

Participant recruitment – Researchers cannot directly approach potential research participants from health and social care services, regardless of ethical approval. Initial contact with potential participants from these organisations is made by service providers – e.g. GPs seek permission from patients for researchers to make contact about approved research.

Proactive-recruitment – identification and first contact by health or social care providers for recruitment to research may be facilitated by identifying individuals who are already interested in being approached to participate in research. Those who identify as interested in taking part in research and have given their permission to be contacted about research would be sent invitations for relevant research projects (i.e. for which they fit the selection/exclusion criteria). Individuals can then choose whether they are interested in taking part in any particular research study in the normal way (i.e. through ethically approved informed consent processes for the particular research).

Secondary research/analysis

Legal basis –The same lawful basis for data processing as for primary research applies. Data processing must also meet UK Common Law Duty of Confidentiality conditions.

Ethics requirement – A data analytics platform which enables access to health and social care data for secondary research will require ethical approval under the HRA. IG and ethics requirements under GDPR are achieved under models currently used for data sharing governance of data derived from research studies, i.e. ethical governance devolved to a hierarchy of Data Access Committees (DAC), e.g. DARS, METADAC, GNCR DAC. Bona fide researchers apply to the relevant DAC for data access.

The Great North CareRecord DAC/Data Trust

Criteria for the GNCR Data Access Committee / Data Trust should be GDPR compliant, follow national and international principles for responsible data sharing (https://www.igt.hscic.gov.uk/Caldicott2Principles.aspx, https://adrn.ac.uk/policies-procedures/, http://data-archive.ac.uk/, https://www.ga4gh.org/ga4ghtoolkit/regulatoryandethics/framework-for-responsible-sharing-genomic-and-health-related-data/, https://www.metadac.ac.uk/), and should be co-produced with publics and professional.

Great North Care Record DAC criteria will:

  • ensure fairness, transparency, privacy and security
  • allow research in the public interest (to meet GDPR/DPA requirements for data processing for research/scientific purposes and the Common Law Duty of Confidentiality)
  • allow research uses which are commensurate with the public’s (reasonable) expectations