No, GlobalSurg cohort studies are unfunded. Our studies are put together purely through enthusiasm, goodwill and collaborative effort! We are unable to help source funding for costs incurred. There is no charge for participation in our study. Apart from the requirement for internet access, the main resource required for our study is your time.
Data will be held for duration of analysis in line with standard NHS best practice. Data will eventually be deleted from shared server space and all backup will eventually be permanently removed from storage using robust secure data disposal methods. Briefly, data will be overwritten with random data to ensure complete data clearance.
REDCap is being provided by the department of Clinical Surgery at the University of Edinburgh and is hosted within the University of Edinburgh Virtual Machine architecture which is physically secured. “At rest” encryption is in place on the database server. Access control is achieved by directly administered usernames and passwords, with limitation of collaborator access to institution-specific data. Passwords are stored as an encrypted one-way hash of the password. Accounts are disabled after 5 failed login attempts. Users are auto logged out after 30 minutes of no activity. Users are forced to change password after 90 days. Daily audit tracking of users is in place.
Data is protected by being stored in MySQL databases on a separate server. This server is behind a firewall and can only be accessed from the IP address of the web server. An SSL-tunnel encrypts communication between the web and databases servers. File upload is secured between servers using the WebDAV protocol with SSL. “At rest” encryption is in place on the database server (aes-xts-plain64:sha256 with 512-bit keys). Operating security updates are installed automatically. Antivirus software runs to a scheduled protocol on the web server.
REDCap has a built-in audit trail that automatically logs all user activity and logs all pages viewed by every user, including contextual information (e.g. the project or record being accessed). Whether the activity be entering data, exporting data, modifying a field, running a report, or add/modifying a user, among a plethora of other activities, REDCap logs all actions. The logging record can itself be viewed within a project by users that have been given privileges to view the Logging page. The Logging page allows such users to view or export the entire audit trail for that project, and also to filter the audit trail in various ways based upon the type of activity and/or user. The built-in audit trail in REDCap allows administrators to be able to determine all the activity and all the data viewed or modified by any given user. Audit trail data will be analysed and any problems will be initially raised internally to the University of Edinburgh Information Services, before contacting the Scottish National Caldicott Guardian scrutiny panel.
For those with intermittent data access, paper forms will be provided with matching fields that can be printed and used. These must be held securely to conform with the local hospital data security policy, and then uploaded as soon as possible to the website.
Data will be collected via a secure online system run by University of Edinburgh using REDCap software, used under licence from Vanderbilt University (Nashville, Tennessee, USA; Project REDCap). REDCap is used in by 2683 active institutional partners in 117 countries around the world to securely gather research data. This system is designed specifically around US Health Insurance Portability and Accountability Act (HIPAA) security guidelines.
Our protocol outlines our intention to use the patient-identifiable variables of age, gender and patient identification number. Age of the patient is essential to meaningful interpretation of data. We believe this poses less risk of inadvertent patient identification than collecting date of birth. Gender is an essential prerequisite for meaningful analysis of our data and carries negligible risk of inadvertent patient identification. Patient identification numbers are necessary for local data collectors to be able to accurately identify patients on their dataset (for example, to add new information to that patient’s details). See the technical details FAQs for assurance of data security.
In the UK, the processing of this patient-identifiable data is lawful according to the Data Protection Act (1998) as it meets the following Schedule 2 condition: (6) “legitimate interests pursued by the Data Controller or the third party” and the following Schedule 3 condition: (8), “processing is necessary for “medical purposes…includes the purposes of medical research…”.
Collaborators are individually responsible for ensuring that all normal processes of study approval are correctly followed. Collaborators will be asked to confirm that permissions are all obtained before commencing data collection and submission. As above, this study is best regarded as a global audit; we are collecting data that is already available routinely, and are not making any change to normal care.
Approvals might be sought from local clinical audit departments, research departments or institutional review boards, depending on local regulations. It is appreciated that centres in some countries will not have a formalised review process, in which case written permission should be obtained from the next best available source, such as a chief of surgery, or supervising consultant/attending surgeon.
All approvals should be sought at the earliest possible opportunity as they make take some time to obtain. Further FAQs on technical details are supplied below and protocol details should also be referred to in local approvals.
Within the UK, GlobalSurg 3 was assessed by the South East Scotland Research Ethics Service who defined the study as audit (reference NR/161AB6 ), therefore it was not necessary to obtain full NHS ethical review. UK collaborators still need to obtain local NHS Trust/Board and consultant approval. Collaborators based in England, Wales and Northern Ireland should also check with their hospital about whether they require local Caldicott Guardian approval for information transfer. The information about data security, anonymity and the ethical review to support this can all be found in the current protocol and in the FAQs in the technical section. Scotland-wide Public Benefit and Privacy Panel for Health and Social Care approval has been granted.
All approvals should be sought at the earliest possible opportunity as they make take some time to obtain.
To preserve the data quality, we will only accept completed datasets from your hospital if you have submitted ALL consecutive relevant operations undertaken during your chosen data collection period. Case ascertainment will be verified during a data validation study
We will also only include datasets where at least 95% of the data is complete.