Betrokken en zorgvuldig - Kennis maakt ons beter

7. Research data management

7. Research data management

7.1 Design

All research protocols must meet professional standards. Protocols that are subject to the Medical Research Involving Human Subjects Act (WMO) must be examined by the MEC ; see also Chapter 5. All other protocols should be examined by an institutional or departmental committee of peers. Examination must be carried out prior to the actual conducting of the study.

7.2 Permissions, privacy and data protection

The collection of data for medical research is subject to both the Data Protection Act (Wet Bescherming Persoonsgegevens; WBP ) and the Medical Contract Bill (Wet Geneeskundige Behandelingsovereenkomst; WGBO ).

The WGBO does not require the patient's consent for research using data the researcher already has at his/her disposal in his/her capacity as practitioner, but it does require consent to supply patient information to other researchers (including examination by them of patients' medical records).

The WBP, however, requires the participant's explicit permission for the use of their data. This consent does not need to be in writing, but it must be explicit. For example, if a researcher presents a person with a questionnaire and the person completes the questionnaire and gives it back, the act of handing the questionnaire to the researcher grants the researcher permission to use the data.There are a few situations in which permission is not needed, for example if the request for consent would entail a heavy burden of mental stress for the data subject in view of the subjects' condition, or if a long period has elapsed between the treatment and the request for consent. An important factor when deciding if consent is required is whether the data are encoded in such a way that they reasonably cannot be traced to the patient by the researcher who receives them. These conditions are described in a Code of Conduct for the Use of Data in Health Research ( Code Goed Gedrag ), which was approved by the Dutch Data Protection Authority (College Bescherming Persoonsgegevens ). It is now under revision and will be resubmitted to the Dutch Data Protection Authority in 2013. Consult a specialist, like the security and privacy (protection) officer of the AMC ( ) or the VUmc ( ), for guidance on these, sometimes complicated, situations.

The following principles are important:

  • The results of data research must not be traceable to the subjects; direct or indirect reducibility to the natural person in publications is absolutely forbidden. This is only allowed with the written consent of the person.
  • The infringement of subjects' privacy must be minimized. This means that, for instance, (a) information must not be collected from subjects if sufficient secondary data are available; (b) traceable data must not be used if the research could be carried out using anonymous data; and (c) if it is not possible to use anonymous data, encoded data must be used. Prior to data analysis, data must be converted into the least identifiable forms. Data that are not strictly necessary for answering the specific question should be removed from the analytical dataset. This must be done without losing the analytical value of the data. Examples are the conversion of birth dates to the age of a person, aggregation of data or reduced postcodes.

The whole process of data collection, processing and storage must be properly shielded. The relevant regulations can be found in the official guidelines of the Data Protection Authority (Richtsnoer beveiliging van Persoonsgegevens, CBP 2013). Practical guidelines can be found in the Quality Handbook of EMGO+ , the Institute for Health and Care Research of the VUmc and the VU in Amsterdam. This electronic quality assurance handbook has been created to help researchers set up and conduct research on data. It covers the various stages of preparation, data collection, data processing, data analysis and archiving, and contains tips and examples.

The use of third parties in data collection, management and storage is only allowed when agreements are made between the AMC/VUmc and the third party (see Chapter 8). These contracts must fulfil the requirements of the Data Protection Authority.

7.3 Traceability and reproduction

A study or research project must be well documented in order to meet the increasing demand for open and transparent research (see the reports Zorgvuldig en integer omgaan met wetenschappelijke onderzoeksgegevens , KNAW 2012 and Vertrouwen in de wetenschap , KNAW 2013). This means that:

  • All important decisions must be documented in an understandable and accessible way. All decisions that affect the content or execution of a research project are important. Logbooks and notes of work meetings are key documents that allow these decisions to be retrieved.
  • Study documentation should be filed in a clear way that makes it accessible to all team members who have the necessary authorization. Also, the study documentation should be filed under the AMC or VUmc backup regime.
  • Raw data should be shielded against any changes and be available for later retrieval.
  • The entire data management process, from data definitions (code book) to data collection, cleaning and transformation, must be well documented.
  • Reported results must be reproducible for each AMC or VUmc author or co-author. This can be achieved by maintaining a good folder structure, clear file names and annotated data analysis. Also, agreements, including oral agreements, should be made between the project members, for example to hand a copy of the dataset, syntax and manuscript to the responsible principal investigator before submitting it for publication.

The Quality Handbook of EMGO+ provides guidelines for documentation throughout the research process.

7.4 Data sharing

Data from a research project may be made available to third parties, such as fellow researchers who might use the data for additional analysis and publications. Prior to the delivery of the anonymous data, however, an agreement must be made. The agreement should stipulate what the third party may and may not do with the data, and detail the arrangements regarding co-authorships and the safeguards against possible identification of research subjects.