When the team accepts a plan, the researcher has to sign an agreement about how they will use the data. They promise that
- They will only use the data to answer their specific question and not for anything else
- They will not pass the data onto anyone else
- They will not try to find out who patients are, and will not try to link the data to other databases
- They will keep the data secure
Next, one of the 3-5 people who are allowed to see everything in IORD makes a file. This file only has the specific information the researcher needs, on the specific people they need this information from. This file is shared with the researcher using a secure system with special codes to protect it, called encryption. If anyone else somehow gets hold of the file, the encryption makes it look like a jumble of characters with no meaning.
Researchers can only keep this data on computers in secure places that people cannot get into. These computers must use a password to start. If they are using a laptop or a memory stick, the whole thing must be protected to keep everything safe (called disk encryption) and the user must not be able to turn the encryption off. These are the basic rules.
Sometimes, we might have even stricter rules. For example, if they’re working with a kind of data called “free text”, they might have to use a special NHS computer to keep things extra secure. It’s all about making sure your information stays safe and doesn’t end up where it shouldn’t be. You can find out more about how this works here in IORD application trajectory.
In the future, when researchers want to study people’s health records, they will mostly use special, secure computer areas called Secure Data Environments (SDEs). Researchers will log in to these special places, do their work there, and then ask for the important information to be taken out of them when they’re done. Making these SDEs costs a lot of money and takes a lot of time. We need to be sure the computers and software are set up securely, and employ people to check everything. Also, many laptops today are really powerful, and they can do the research work faster than the computers in SDEs. When researchers work on their own laptops, it gives them more freedom to try out new methods and get results more quickly.
These SDEs are starting to be set up but are not available yet. IORD is set up with lots of checks and balances to keep data safe without using an SDE. We do not charge researchers a fee to use IORD data. IORD gets its money from a group called the National Institutes of Health Research, which is the main government body giving out money for medical research in the UK. They send the money through the Oxford Biomedical Research Centre.