Guidance

Approval standards and guidelines: scientific protocol

Updated 2 August 2024

Approval standard: scientific protocol

When must this standard be met

This standard must be met for all applications to process personally identifiable or de-personalised data.

Standard

1. All applications must be accompanied by a project-specific protocol that describes in a precise, understandable manner the purposes for which UKHSA data will be processed through its lifecycle up to data destruction. The project-specific protocol must:

  • be consistent with other evidence supplied as part of the application
  • document the role and responsibility of each organisation involved in the project (including sponsors, funders, co-applicants and any data processors operating under instruction; for data processors, see Approval standards and guidelines: engaging a data processor)
  • demonstrate the necessity, proportionality and adequacy of using UKHSA data by clearly identifying all processing activities:

    • the project aims and objectives must be clearly stated, feasible, appropriately focused and specific
    • the project methods and/or data management plan must be clearly stated and be descriptive of how the aims or objectives will be met
    • the project methods and/or data management plan must clearly describe and defend the types, scale and complexity of data being requested (including data provenance, level of identifiability, relevant population and key attributes, such as temporality, as well as planned statistical analysis or end user application) – broad statements referring only to the data set, without context will not be accepted
    • where data is requested from multiple sources or from different data controllers, the provenance of each data set must be clearly attributed in the project methods and/or data management plan
    • where the project is a clinical audit, the methods must detail the standards against which practice will be compared, indicating the relevant published national, regional or local standards
    • where the methods include data linkage, how the linkage will be conducted (the method and variables to be used) and by whom must be clearly articulated in the project methods and/or data management plan, alongside the legal basis under which the linkage can occur
    • the project protocol must demonstrate that due consideration has been given to data minimisation and where personally identifiable data is requested, defend why the project cannot be delivered using de-personalised data in the ethical assessment
    • the project methods must include a comprehensive description of the data subjects of interest (the population or sample) and how they will be selected, using the medical coding systems (nomenclature) common to the data sets of interest
    • where the application includes data disseminations at period intervals, the project methods and/or data management plan methods must include the frequency of measurements or interventions
  • the protocol must demonstrate the safeguards all organisations involved in the project have in place to ensure appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures – this can include highlighting contractual controls or the extent of written instructions to data processors, in accordance with the Approval standards and guidelines: engaging a data processor
  • the protocol must describe the end-to-end processing of the data and by whom this will be conducted, including any data sharing, the instruction of data processors, persistent or in-transit storage, or tools compliant with the National Cyber Security Centre (NCSC) guidelines that will be used for data destruction
  • the protocol must clearly articulate any data sharing, which includes movement across a network, physical transfers, transfers from one media or device to another, or by remote access to the data

2. All applications must demonstrate that the proposed processing documented in the project protocol is worthwhile and will have beneficial effects that outweigh the risks posed by the project:

  • the protocol must include an ethical assessment of the processing and how such issues are accepted or mitigated
  • the protocol must include an assessment of data protection risks and how such risks are accepted or mitigated
  • the protocol must consider the risks of the proposed processing to the rights and freedoms of the data subject – where risks are identified that could compromise the data or the rights or freedoms of data subjects, the protocol must explain how these risks are to be mitigated
  • where personally identifiable data is requested, the protocol must demonstrate how the ‘right to object’, including the national data opt-out, will be upheld (where applicable)
  • the protocol must demonstrate the translational potential or value of the project
  • the protocol must include a pathway to impact (what you will do to make beneficiaries aware of the project and its outputs, so that impact can be achieved) and the project’s publication policy should be clear

3. Where the UKHSA data application form includes a request to onwardly share the data, the approach for doing this must be described.

Guidelines

Protocol content

UKHSA does not prescribe the exact format of the project specific protocol to be included in your data application. However, you are advised to think carefully about the structure and content so that each approval standard, where applicable, is met.

Table 1 has been produced as a guide to help you shape your protocol and broadly describes the necessary content to enable UKHSA to determine if the approval standards are met.

Ethical conduct

All applications submitted to UKHSA must be descriptive of the ethical implications of the project (as per the Approval standards and guidelines: ethical assessment) throughout its lifecycle, including impact of the results, publication strategy and archiving. Examples are highlighted under the sub-header ’Ethical considerations, including potential harms to the data subjects’ found in Table 1.

All applications for UKHSA data will be expected to show that the proposed analysis is worthwhile and will have beneficial effects that outweigh the risks posed by the project.

NHS Research Ethics Committee (REC) Favourable Opinion must be demonstrated for all processing of personally identifiable patient data. Access to de-personalised data for research purposes will be subject to evidence of institutional ethical oversight; however, in circumstances where the proposed processing is deemed high risk, UKHSA reserves the right to require review by the Health Research Authority (HRA).

Version control

UKHSA will compare the versioning of each document it receives with those considered by any other approval body. This helps protect against unauthorised changes outside of the approved NHS REC Favourable Opinion, institutional REC or where applicable, any exemption to the common law duty of confidentiality. It also supports the handling of future amendments, when superseded or obsolete documents need to be updated.

It is strongly advised that you have in place clear standard operating procedures (SOPs) that govern your document control practices and that all documents shared with UKHSA are appropriately versioned.

Table 1. Provision of content expected for the scientific protocol

Section Expected content
General information Provide details of the protocol title, protocol identifying number (if any), version and date.

Provide details of the governance and regulation of the project, including:
• name and address of the sponsors, where applicable
• name and address of the funders, where applicable
• name, affiliation and contact details of anyone involved in the project – one person must be identified as the principal or chief investigator
• the responsibilities of each organisation, including if they are a data controller, joint data controller or data processor
• identity of the ethical and research and development authorities approving the project, such as CAG, NHS or local ethical approval references – more information on which approvals are relevant for your proposed processing can be found in the Approval standards and guidelines: ethical assessment, as well as the additional requirements (if relevant) of Approval standards and guidelines: confidential patient information

Provide details of names and addresses of any data processors and/or collaborators that will process the data.
Abstract and/or lay summary Provide a structured summary of the project design and methods.

Provide a brief summary of the project which has been written in plain English for members of the public, rather than professionals or subject matter experts.

For a comprehensive guide on the standard which must be met, see Approval standards and guidelines: lay summary.
Rationale and background information Describe, with due reference to a recent scientific literature review, the scientific background and rationale for conducting the project considering current knowledge, policy, or need within the public health system. Pertinent outcomes of this review and how they have informed the project aims or objectives and design should be included.

Provide a thorough statement of the need or problem that is the basis of the project, the cause of this problem and its possible solutions. This can include identifying gaps in the literature.

Describe the significance of the project including potential benefit for individual subjects or society.

Project aims and objectives Describe the project’s aims and any primary, secondary and or tertiary (exploratory) objectives. In experimental designs, objectives can be stated as hypotheses to be tested. These must be succinct and unambiguous. The aims and objectives, alongside the methods, must demonstrate that the data will be processed for a specific, explicit and legitimate purpose, and not further processed in a way incompatible with these purposes.

For clinical audit, describe the standards and/or benchmarks to be measured against, for example:

• Royal College of Obstetricians and Gynaecologists (RCOG) (February 2007). Green-top guideline number 45: ‘Birth after previous caesarean birth’.
Procedures and methods: design Describe the exact nature of how the project will be conducted, by whom and when. The structure and components of this section should take into the account of type of project being conducted. This section should provide sufficient detail to allow the project to be repeated by someone who has had no previous involvement in it.

Describe the specific design attributes that characterise the project design (for example, cross-sectional survey, case or control, cohort, focus group, chart review and so on) or surveillance system (for example, description of the system as active or passive, defining reported cases as individual versus aggregate or as laboratory confirmed or not).

Describe data collection procedures, processes and documentation.

Describe the strength of the design to answer the project aims or objectives.

Describe any audience and stakeholder participation in the design of the project. Explain the process by which those affected by the study can express their views, clarify their needs, and contribute to the project.

Describe the project timeline, with due regard to retention of the data. You must keep in mind that the processing must be necessary and proportionate to the purpose.

Include a graphic outline of the study design and procedures using a data flow diagram.
Procedures and methods: population or sample frame Describe the population or sample in terms of persons, place, study time period, and selection criteria.

Describe the rationale for any exclusion criteria and their impact on the number of subjects available for analysis.

Provide an estimated number of participants.

Where applicable, describe how participants will be enrolled or recruited.

Where any sampling from a UKHSA source population is to be undertaken, describe the sampling methods. This should include a comprehensive description of the case definition (the conditions or characteristics applicable to the identification and selection of participants). All inclusion or exclusion criteria must clearly articulate the clinical codes that should be used to retrieve the correct data from the UKHSA system.

Provide justification for the sample size and method of selection. This may include sample size calculations.
Procedures and methods: data sources and specification Describe all data sources relevant to the conduct of the project. This should include reference to any instruments that will be used to support data collection (such as surveys).

List and briefly describe the categories, topics, or domains of information to be explored and variables to be collected. Explain how the variables will be used and the process by which variables will be defined. This definition of the data needs to be framed in terms of what data is adequate, relevant and not excessive in relation to the purpose.

UKHSA does not recommend inserting a complete list of variables into the project protocol, as the descriptions or availability of variables can change over time. For further information about expectations of the comprehensive and complete data specification to be submitted in addition to the protocol, see the Approval standards and guidelines: data specification.
Procedures and methods: data management and analysis plan Describe the data management and statistical software to be used in the project, including procedures for data collection, retrieval, collection and preparation.

Describe the statistical techniques and major steps that lead from raw data to a final result, including methods used to correct inconsistencies or errors, impute values, modify raw data, categorise, analyse and present results, and procedures to control sources of bias (such as missing data or known artefacts) and their influence on result. Note the analysis plan should be comprehensive and include a description of how all the data processed in the study will be handled.

Describe how the data will be managed up to and including destruction, including the methods for secure deletion. This includes data capture, data handling and coding for computer analysis, monitoring and verification, integrity, confidentiality, and retention or storage. Archiving should be included and be reflected in the project timeline.
Adverse events Describe the types of adverse events that might be encountered and how study personnel will be trained to react.

Describe methods that will be used to track adverse reactions and their potential impact on the study.

You may wish to consider the potential incidents outlined in the Approval standards and guidelines: ethical assessment, as well as the external resources provided.
Limitations Describe any limitations of the study design, data sources, and analytic methods, including issues relating to confounding, bias, generalisability, and random error.

Describe the steps that will be taken to avoid, minimise and compensate for these limitations.
Ethical considerations, including potential harms to the data subjects Describe the ethical considerations relating to the project, which should closely follow the standards outlined in the Approval standards and guidelines: ethical assessment. This should not be limited to providing information on how or from whom the ethics approval will be sought but should document the issues that are likely to raise ethical concerns (for example, ethical implications arising from the chosen study design). Examples of ethical issues to be addressed are included below:

• measures taken to ensure the confidentiality and security of personal information, including handling of data breaches
• upholding data subjects’ rights, including the national data opt-out
• harms and benefits to the data subjects, including the impact of the results on individuals and communities (stigmatisation or discrimination)
• the vulnerability of the population under study
• conflicts of interest, including commercial gain
• any statutory responsibilities under the Clinical Trials Regulations, including the handling of serious adverse events
• the adequacy of health and social supervision and psychological support for participants or volunteers during and after the course of the research
• provisions made for receiving and responding to queries and complaints of participants or volunteers • handling of incidental findings or outliers
• controls placed on data processors
• statistical disclosure control
• reputational risk to the sponsor, data subjects or any NHS or private provider sites
Data protection, information sharing and confidentiality Describe the physical, technical and organisational measures to be deployed to maintain the security of the data in a manner compliant with UK GDPR/DPA 2018 and proportionate to the sensitivity of the data.

Describes all data retention and deletion plans.

Where applicable, describe the lawful basis under which personal data or special category personal data are to be processed for the stated purpose. Where patient confidential data is requested, this must include details of the common law duty of confidentiality exemption. Read further information on how your organisation may be exempt under this common law duty for the project, while ensuring you satisfy the detailed criteria.

Where applicable, describe how a project-specific privacy notice will be shared with the data subjects. To learn more about our requirements for privacy notices, see Approval standards and guidelines: privacy notice.

Describe all individuals and/or organisations relevant to the conduct of the project, their role or responsibilities and where applicable, the instruction given by the data controller (the primary applicant or co-applicants) to any data processors. For further information on the requirements for instructing a data processor, see Approval standards and guidelines: engaging a data processor.

Describe how the data controller will actively monitor the implementation of the required safeguards and other contractual provisions on its data processors.

Describe the disclosure control procedures that ensure no statistics will be produced that are likely to identify an individual and all outputs are anonymous. This could include techniques for aggregation, and any further disclosure protection techniques as part of the output design.

Describe how data protection incidents will be handled, including in the lines of accountability and the approach that will be followed for informing the data protection officer (DPO) or comparable point of escalation within your organisation.
Pathway to impact Describe how the project will contribute to advancement of knowledge, and how the results will be utilised, not only in publications but also how they will likely affect health care, health systems, or health policies.

Clearly describe the anticipated public health benefits and/or impact of conducting the project.

Describe the dissemination strategies and communication channels that will be used to disseminate the project results and their impact to communities of interest and/or the data subjects.