Table 2

An overview of the Data Request Form and data access considerations

The Data Request Form
A summary of the data request
The project: Technical summaryProject title, aims, scientific rationale and background in technical language.
The project: Lay summaryProject title, aims, scientific rationale and background in lay language.
Patient and public involvementTo describe the patient and public involvement and engagement (PPIE) work completed so far and to offer the opportunity for PIONEER supported PPIE.
Expected value of the project to the NHS and general publicTo describe how the project is likely to lead to patient and public benefit.
Data requirements and analysis planThis includes an exact description of the data fields required, whether aggregate or individual data lines are needed, and the justification for this. PIONEER offers the ability to perform analysis on behalf of the researchers. If the researchers wish to perform their own analysis, a description of techniques and tooling required is requested.
SecurityData access is only permitted with a data licensing agreement, but if necessary, anonymised data can be sent to an external trusted research environment (TRE). The security arrangements for this TRE will be listed and reviewed by the PIONEER team, including whether specific ISO standards are met.
ExpertiseListed to ensure the researchers have the relevant training and expertise to conduct the analysis.
Dissemination planPIONEER supports open access of data outputs to ensure insights benefit as many people as possible.
The ‘Five Safes’ includes an assessment of whether data outputs could lead to patient reidentification, so the DRF includes a description of how this will be avoided.
Due Diligence
An assessment of the data requestor, which is completed for all data access requests
Human rights violations and significant harmAll data requestors undergo a due diligence assessment to determine evidence of serious human rights violations, arms manufacturing or trade and tobacco industry involvement.
Controversies and data breachesAll data requestors undergo a due diligence assessment to determine evidence of data breaches, falsified scientific reports or involvement in significant controversies including financial irregularities and health and safety fines.
Risk Assessment
A summary of the potential benefit vs risk of the project, the researcher, the data and the data environment
BenefitDesignated as clear benefit to NHS patients or society, potential benefit or no potential benefit.
DataDesignated as data which is aggregated or highly unlikely to or may lead to patient identification or data which has a realistic potential patient identification.
SecurityDesignated as provides evidence of data security which meet all requirements or meet most requirements with additional support or does not meet data security requirements.
Potential reputational risk to PIONEERDesignated as low, moderate or high based on due diligence check.
Previous dealingsTo determine the outcome of previous data access activities.
Overall assessment of riskLow, moderate or high with a recommendation to support or not support data access.