Clinical Audit A Practical Guide
41
• Data is only accessible by appropriately authorised staff on a need-to-know basis
• Data collection sheets containing any personal identiable information should only be kept for the length of
time they are absolutely required (for the purposes of the clinical audit). Once they are no longer required,
they should be destroyed immediately
• Raw data is anonymised before it is entered into a computer database
• Data is checked to ensure condentiality and accuracy
• No service user identiable information is stored on a computer with raw data
• Anonymised data sheets/questionnaires should be kept only for as long as is necessary and destroyed as
soon as all information has been retrieved from the questionnaires
• Any waste material that contains personal, private or condential information should be eliminated in a
manner which ensures that privacy rights and condentiality obligations are not compromised
• There should be a designated point of storage for data in current use. This should be a locked ling
cabinet, to comply with data protection requirements
• All data should be stored together i.e. the physical raw data, the rst data input into the computer, any
subsequent analysis, and the nal draft
• The data must be archived, so that it remains available throughout the subsequent phases of the clinical
audit and for seven years afterwards
• Archived clinical audits should be stored on a secure computer
• All computers are password protected
• All devices used to store data are encrypted (for example, laptops and USB devices)
• If laptops are removed from the work location, the person responsible for that laptop must ensure that it is
secure at all times
• The service provider should have a central location for the storage of nal clinical audit reports (both
in hard and soft copy). It is also recommended that a log be maintained for traceability purposes of the
reports and where they are at any given time
• All data recorded for clinical audit purposes should be made anonymous by appropriately authorised
individuals before being made available for review and consideration by others
4.8 Anonymisation of Data
The anonymization of data involves removal of all data elements that could be used to identify an individual, for
example, name or healthcare record number. It is recommended that service user data be anonymised before
it is accessed for clinical audit purposes:
• Irrevocable anonymisation of personal data puts it outside data protection requirements as the data can no
longer be linked to an individual and therefore cannot be considered to be personal data
• Where service user data is anonymised, there is no need from a data protection perspective to seek
consent for the use of the data for clinical audit purposes
However, care needs to be taken when rendering data anonymous, as depending on the nature of the
illness and the prole of the service user, there may be instances in which the data may actually still be
identiable. Where this might possibly be the case, an extra effort should be made to further remove any
potential identifying information. Where this is not possible it would be advisable to either refrain from using
the identiable information or seek the consent of the person for such use.