Queensland Health recognises the importance of data as a key strategic resource which is used for the clinical care of patients, funding, management, planning, monitoring, improvement, research and the evaluation of health and health care services.
Metro North values the ethical and responsible management of research data and expects all those responsible for research to comply with institutional policies, ethical guidelines, privacy and confidentiality legislation, and other relevant laws, regulations and guidelines relevant to research data management.
It is important that researchers understand their obligations and responsibilities with respect to the collection, access, linkage, analysis, reporting, storage, retention, disposal, custodianship and privacy of research data, and the specific obligations and responsibilities for the management of Queensland Health data when accessed for research purposes.
The following advice has been developed as a governance framework for research data management and must be read in conjunction with ethical guidelines, privacy legislation and guidelines, other relevant laws, regulations and guidelines, as well as research and clinical discipline specific practices and standards and models for best practice.
Data management plan
A data management plan that describes the planned approach for data collection, access, linkage, storage, custodianship, analysis, reporting, retention, disposal and privacy throughout the lifecycle of data management is an essential component of a research protocol.
Research protocol template
Metro North provides a Research protocol template with a specific section on research data management. As the research protocol clearly outlines exactly how the research is being conducted and managed, it often makes sense for the data management plan to be incorporated into the protocol.
Data management is supported by effective data governance practices and processes that ensure trusted access, sharing, use and disclosure of data. Good data governance is required to provide consistency and balance between the different data management functions.
The Department of Health Policy (QH-POL-279:2014) Data management outlines data management principles (accessible, privacy, confidentiality and security, managed, standardised, quality and integrity, valued and transparent) that should be considered throughout the data management lifecycle.
The Department of Health Standard (QH-IMP-279-4:2023) Data management defines key data management functions including data modelling and design, data integration and interoperability, data quality and integrity, data capture, data cleansing, data de-duplication, data migration and transformation, data analytics and reporting, open data, data profiling, data privacy, confidentiality and security.
The Queensland Health Considerations for the secondary access and use of QH data by QH users provides a comprehensive overview of data lifecycle management within Queensland Health.
Data collection
Data collection refers to data that is generated and/or collected while undertaking research. Data collection can occur through a variety of activities, including surveys, conducting interviews, completion of standardised testing or questionnaires, or the administering of medical tests and procedures.
Queensland Health REDCap
Metro North is committed to providing infrastructure and resources that enable high quality research management. Queensland Health REDCap is available for Metro North staff as the preferred secure approved system for high quality research data collection and management. REDCap is capable of capturing practically any type of data. While it may not be suitable for all research projects, it is the preferred system for data capture thanks to its advanced data security, quality and reporting capabilities.
Medical tests, procedures and clinical measurements
It is common for research conducted within Metro North to involve the use of medical tests, scan, procedures and clinical measurements for Metro North patients.
There is a difference between the conduct of these activities as standard clinical care, for example during a normal patient admission, versus the conduct of these activities as additional to standard care, for example an x-ray or blood test that is administered for the purposes of the research project.
Research that involves administering medical tests, scans, procedures or clinical measurements in addition to standard clinical care, is considered as primary materials and the associated data is considered research data.
Information related to the treatment or care of a Metro North patient must be retained in the clinical record, including details of any research/clinical trials a patient is involved in and any relevant clinical assessments.
Research that includes data collected for a medical test, scan, procedure or clinical measurement that was conducted as standard care, for example data that is contained in the patient medical record, requires permission to access the data. Use of this data for research is considered a secondary purpose. Please refer to data access.
Data access
Data access refers to viewing or receiving an existing dataset or data items (information) for use in a research project. This refers to data that has been collected for a primary purpose, for example for the care or treatment of a patient and which forms their medical record, and is then accessed for a secondary purpose, for example for research purposes.
The Australian Code for the Responsible Conduct of Research and the National Statement on Ethical Conduct in Human Research use the definition primary materials when referring to the use of data that has been collected for a primary purpose in a research project.
When undertaking research in Metro North, it is likely to involve the use of patient health information and access to patient medical records, or the use of health service information such as financial or operational data.
Access to Queensland Health data or datasets for the purposes of research will require a lawful authorisation. The confidentiality and privacy of Queensland Health information is governed by legislation including:
- The Hospital and Health Boards Act 2011 (Qld) prohibits disclosure of information that may identify a patient (ie confidential information) to any other person, including staff, unless an exception under Part 7 of the Act applies.
- The Information Privacy Act 2009 (Qld) applies to the handling of all personal information, including collection, security, access, use and disclosure of personal information.
- The Human Rights Act 2019 (Qld) protects a person’s right to privacy, family, home or correspondence being unlawfully or arbitrarily interfered with.
- Code of Conduct for the Queensland Public Service.
- The Public Health Act 2005 (Qld)
Confidential information
Access to a Queensland Health Information Technology (IT) system that contains patient information is strictly restricted to only those individuals with lawful authorisation to access the system. Approval to access data for research purposes provides access to the data or datasets only and does allow for direct access to a QH IT system.
Patient consent is considered the cornerstone of ethical research practice, including specific consent for the access and use of confidential health information. Where it is not practicable or reasonable to obtain patient consent for the use of confidential health information, an application under the Public Health Act 2005 (PHA) may be required.
Secure file sharing
Queensland Health staff can access KiteWorks, a Secure File Transfer (SFT) system that provides staff with an extra secure ‘dropbox’ style functionality that allows the sharing of large files with internal and external recipients. It is the Queensland Health endorsed solution for collaboration using Queensland Health data. This means you can now send large files to external people, or store files in a folder for sharing and collaborating purposes.
Data linkage
Data linkage is a process of combining information from different datasets that relate to the same person or event to create a more comprehensive and unified dataset.
The Statistical Services Branch routinely links many Queensland Health and other health-related datasets, and performs data linkage to facilitate and promote health service planning, management, monitoring and evaluation, and research within Queensland.
Data storage
In Queensland, public records (including data) include records made for use by, or a purpose of, a public authority or records received or kept by a public authority. Both Queensland Health and Hospital and Health Services (HHS’) are public authorities. Queensland Health and HHS’ are separately responsible for the management, safe keeping and preservation of all records in their possession.
A public record is any information created, received and maintained by, or on behalf of, the Department of Health in the conduct of business. It serves as evidence that a business activity, decision or transaction took place.
Corporate records are those records that provide evidence of administrative and non-clinical functions of the Department (for example, executive correspondence, finance, human resource, legal, research, scientific, cancer screening etc.).
Clinical records are data and information gathered or generated to record clinical care and the health status of an individual or group. Clinical records are also referred to as medical records, health records, and patient records and includes paper-based health records and electronic medical records.
Records can be defined as having administrative, fiscal, historical, cultural, evidential, legal or intrinsic value. The greater the value of a record to the organisation or community, the more important it is to prioritise capture in a system that will allow for its retrieval and preservation in the future.
Clinical record
Complete and accurate clinical documentation ensures that there is a clear account of the care and management of patients. Accordingly, any clinical information pertaining to research participants must be retained in the clinical record, including details of any research/clinical trials a patient is involved in and any relevant clinical assessments.
For those patients consented to a research study or clinical trial, a full signed copy of the study Participant Information Sheet and Consent Form (PICF) must be included in the patient’s clinical record.
REDCap
REDCap serves as a secure, flexible and robust platform to collect and store study data during the course of a research project. REDCap is accessible via the internet and is installed and managed in a secure environment that allows Queensland Health staff to collect and manage data in compliance with the Information Privacy Act 2009 (Qld), Part 7 Confidentiality of the Hospital and Health Boards Act 2011 (Qld), the Public Health Act 2005 (Qld) and all Queensland Government privacy and confidentiality requirements and information security policies and standards.
QH REDCap is available for use by all of Queensland Health. Metro North staff can request access to create and manage projects that are led by Metro North staff.
Secure network drives and Office 365 Teams and SharePoint
Study materials (e.g. Study Protocols, ethics and governance documentation) may be stored and accessed on a day-to-day basis via secure unit network drives and SharePoint, which are located and backed up on the Queensland Health network. However, these storage methods are not suitable for archiving of research records and data.
Office 365 (including Microsoft SharePoint and Teams) is not an authorised clinical recordkeeping application. Any clinical records held in Office 365 must be captured and recorded in an authorised recordkeeping application. Refer to Department of Health Policy (QH-POL-280:2014) Clinical records management for more information.
Hardcopy files
Original hardcopy records remain an acceptable format for storage of research records. Hardcopy records must be stored securely at all times, with access restricted to only those approved personnel involved in the research.
Data custodianship
A clear understanding and acceptance of custodianship roles and responsibilities is paramount to ensuring that data and information are appropriately managed through the data lifecycle and are accessible to appropriate stakeholders.
Data custodians are the recognised officers responsible for implementing and maintaining information to ensure proper data quality, security, integrity, correctness, consistency, privacy, confidentiality and accessibility.
Data custodianship is not synonymous with data ownership. Data custodians are crucial for maintaining the value of data and ensuring its use complies with ethical and governance approvals. For more information please refer to the Data and application custodianship Policy QH-POL-469:2019 and Data and application custodianship roles and responsibilities.
The roles and responsibilities of data custodianship will be outlined in the research protocol. This includes the mechanism for patient consent, where that is required, the types of data being collected and accessed, how the data will be stored, linked and analysed, who will have access to the data and how the data will be archived or disposed of.
For research projects that do not involve an organisation external to Metro North, the data custodianship will be outlined in the research protocol, ethics and governance approvals.
A research agreement is required for all research that involves an organisation external to Metro North and will generally cover the data custodianship arrangements for the research project.
The terminology used will differ according to the types of data involved, the collection and consent mechanisms, the research project design (e.g. clinical trials vs non-interventional) and the agreement template.
Data analysis
Data analysis is the process of examining and transforming raw data into usable information to identify patterns, trends or relationships, to answer a research question, discover useful information and draw conclusions.
While data analysis happens in the later stages of a research project, planning for data analysis is important at the beginning of a research project. The data analysis methods will be informed by the research question, the study design and research protocol, power and sample size calculations, the type of data, the statistical analysis software packages, and the reporting and presentation requirements.
The Queensland Institute of Medical Research Berghofer (QIMRB) Statistics Unit
Metro North has partnered with the Queensland Institute of Medical Research Berghofer (QIMRB) Statistics Unit to provide a statistical consultancy and support service for Metro North staff. The service can assist with statistical design, analysis and interpretation of research protocols and findings.
Statistics software packages
IBMS SPSS Software is available for Metro North employees to conduct statistical analysis for research projects.
Access to the SPSS license is restricted to Metro North employees. A Payroll ID must be provided to request access.
The software may only be installed on a Queensland Health device. Installation is not permitted on a personal device.
Metro North provides access under a concurrent license model. If the maximum number of users is reached, any users who try to access the software will be notified that all available licences are currently in use.
Metro North employees can visit Queensland Health IT Support to Log a job for SPSS – Application Support.
Data reporting
The Australian Code for the Responsible Conduct of Research (the Code) articulates the broad principles that underpin responsible research conduct. The Publication and dissemination of research: a guide supporting the Code provides assistance for researchers in the reporting, publication and dissemination of research findings.
Researchers have an obligation to responsibility disseminate a full account of their research. Researchers must take all reasonable steps to ensure the methodology, data and findings are reported accurately and consistently with recognised guidelines and conventions appropriate to the discipline.
Researchers are responsible for fostering transparency in research, and must retain clear, accurate, secure and complete records of all research including research data and primary materials. At the conclusion of a researcher project, researchers should, where appropriate, publish or allow interested parties to access and refer to research data, survey instruments, coding manuals and the tools and resources that supported the analysis of research data.
Publication and dissemination of research must take account of the ethical and legal restrictions relating to intellectual property and the appropriate handling of confidential, personal or sensitive information. Researchers can refer to the Queensland Health De-identification and anonymisation of data guideline when de-identifying of anonymising personal, confidential and/or sensitive information for the purposes of authorised use or disclosure.
Data retention, archiving and disposal
All records, regardless of format, must be managed so that they remain full and accurate records for the entire time they must be kept. Guidance on defining records and corporate information, including how to determine what is a record, the difference between corporate and clinical records, and how to prioritise the management of corporate records, is provided by the Queensland Health Corporate Services division – Corporate information management.
The Queensland Health General Retention and Disposal Schedule covers all corporate and clinical records across the Queensland Health sector.
The Management of Data and Information in Research: A guide supporting the Australian Code for the Responsible Conduct of Research Section 2.3 Storage, retention and disposal, also sets out relevant retention periods for research, including gene therapy.
If more than one disposal authorisation applies to the respective research records, the records should be retained for the longer of the retention periods.
There is a requirement to maintain and preserve records in a state that is fit-for-purpose, discoverable and accessible for use and re-use. Physical records may be stored onsite at a Metro North facility if space permits. They may also be stored offsite at companies such as Grace Records, TIMG Australia or Iron Mountain, with the preferred storage company differing between Metro North facilities.
All archiving occurs at the expense of the individual research team, which in some circumstances may be passed on under an agreement to a clinical trial sponsor.
The Queensland Health Corporate Services division provides information on archiving support relating to corporate records and process information to support digitisation of physical records.
Digitisation of physical records may occur, provided the records do not fall under an excluded record category as set out in the Disposal Authorisation. Metro North’s approved corporate recordkeeping system is Content Manager (EDRMS), and it can be used for the archiving of all digitised corporate (non-clinical) records.
Data privacy
Privacy and confidentiality in public sector health services in Queensland Health is strictly regulated and Metro North is committed to safeguarding the privacy of all patients and research participants. All research conducted within Metro North must comply with privacy and confidentiality legislation, namely the Information Privacy Act 2009 and Part 7 of the Hospital and Health Boards Act 2011.
Privacy Impact Assessment
A Privacy Impact Assessment (PIA) is an important component in the protection of privacy and confidentiality. It is a systematic assessment of a project that identifies the impact that the project might have on the privacy and confidentiality of individuals, and sets out recommendations for managing, minimising or eliminating that impact.
For any project that will involve the handling of personal and/or confidential information, Queensland Health’s PIA Threshold Assessment should be completed to determine whether it will be necessary to undertake the rest of the steps involved in a PIA.
Privacy Breach
All staff have a duty to handle personal and confidential information respectfully and in accordance with the law. Inappropriate or insecure handling of personal and confidential information may result in a private breach, which can harm individuals and damage our organisational reputation.
For any suspected privacy breach involving a Metro North research project, please contact the Office of Research or Privacy Metro North.