Wednesday, 12 September 2012

Research, personal information, information governance etc.

Posted by Rose Watson

So, we all know about the Data Protection Act.

We all know that if we want personal information about people (e.g. research participants) then we have to get ethical approval to obtain that information and that this  requires us to state how and where that information will be stored; who will have access to it; and what we will do with it. We have to promise to keep it confidential. We also have to inform our participants of the same details. This is particularly true if we require access to NHS patients or staff for our research. 

Firstly a favourable ethical opinion must be sought and there is a national system for this: the Integrated Research Application System. Secondly, each NHS Trust who will be involved in the research must validate something called a Research Passport, another national system (invented by Mr Bureaucracy, as written about by Bronia Arnott a short while ago). It basically boils down to this – if you are employed by a Higher Education Institute (HEI) you fill in some forms about yourself, you get a criminal records bureau (CRB) check to check that it is OK for you to work with children and/or vulnerable adults and you undertake an occupational health assessment. This is all signed off by the HEI human resources department and then sent off to the lead NHS Trust Research and Development Department to be validated. 

This protection of people is all good. I hope my personal details held by others are well guarded too. Nobody wants to think that the people and organisations we have trusted with our personal details will just go around giving them to anyone willy nilly.

However, as researchers, we are expected to hand out our personal details on a regular basis, often in duplicate, without any information given to us about how it will be stored, who will have access, what it will be used for (although, it is implied that it will only be used to check you are suitable to work with children and/or vulnerable adults). This is all fine, I expect to give a certain amount of information about myself, I understand the need to safeguard people (and of course to not bring research into disrepute). 

It does worry me though. These are my personal details after all. Of course there are the issues with the system not being entirely followed and NHS Trusts obviously feel the need to cover their backs in case anything should go wrong, hence all of the duplication. Risk averse society and all that jazz. 

However, in the spirit of being risk averse, I would ask that my personal details are also treated carefully. With the same due respect I give to my research participants’ personal details. Unfortunately my details have now twice been lost in the post in this system. I would ask that people let me know why they are collecting information (especially details which are extra to the national Research Passport system); where they will store it (and please, a bit more information than ‘electronically’: what on earth does that mean?); and who will have access to it. These are simply the same questions that researchers must answer (and rightly so) when they ask people for personal details.

In short, it is perhaps time we were all a bit more conscious of the personal details that people are collecting about us as researchers. Do they really need ALL of that information? Why? What about how it is transported?

No comments:

Post a Comment