Keeping data safe is of utmost importance to the EPIC-Norfolk researchers. All data that are analysed for research are ALWAYS anonymised which means that information that can identify an individual is removed. Personal identifiable data that we use to identify and contact participants (which are never used for data analysis by researchers) are safeguarded in line with current legislation and guidelines that are in line with NHS organisations. These data are kept separate from the data that are used for analysis.
The Department of Public Health and Primary Care of the University of Cambridge, based in the Institute of Public Health in Cambridge, has a licence permitting it to carry out research in collaboration with general practitioners. General practitioners have a licence to permit them to conduct research in collaboration with universities. This study is therefore covered by both these licences. All practices associated with EPIC comply with the General Data Protection Regulation (GDPR) 2016. Please click here to view our latest privacy notice. In addition, all members of staff who work with EPIC sign a confidentiality declaration, stating that they will not divulge data to any other party and that specific and identifiable information will not be used in any other context than that of health care. Access to identifiable data necessary to carry out an appointment is restricted to those who have a direct need and where proof of identity is required as part of the appointment. Data, both in the form of paper records and computer records, are kept in a coded form, which makes it impossible to identify any individual without the key. When blood samples are provided, a 'double encryption' is used to preserve anonymity. All paper records are kept securely in locked rooms within a locked building.
Safeguarding the rights of EPIC Participants
The rights and well-being of our participants are always protected, and our procedures are closely monitored both internally by the University of Cambridge and externally by various governing committees such as the Local Research Ethics Committee and Confidentiality Advisory Group (CAG) of the Health Research Authority. These committees not only ensure that rights of the individuals are safeguarded but also assess the integrity and value of our research to both science and to society. These committees are informed of our activities through annual updates, and if we make any changes to our protocol, then we have to seek their approvals before any changes can be made.