An overview of the Data Request Form and data access considerations
| Heading | Requirements |
| The Data Request Form | |
| A summary of the data request | |
| The project: Technical summary | Project title, aims, scientific rationale and background in technical language. |
| The project: Lay summary | Project title, aims, scientific rationale and background in lay language. |
| Patient and public involvement | To describe the patient and public involvement and engagement (PPIE) work completed so far and to offer the opportunity for PIONEER supported PPIE. |
| Expected value of the project to the NHS and general public | To describe how the project is likely to lead to patient and public benefit. |
| Data requirements and analysis plan | This includes an exact description of the data fields required, whether aggregate or individual data lines are needed, and the justification for this. PIONEER offers the ability to perform analysis on behalf of the researchers. If the researchers wish to perform their own analysis, a description of techniques and tooling required is requested. |
| Security | Data access is only permitted with a data licensing agreement, but if necessary, anonymised data can be sent to an external trusted research environment (TRE). The security arrangements for this TRE will be listed and reviewed by the PIONEER team, including whether specific ISO standards are met. |
| Expertise | Listed to ensure the researchers have the relevant training and expertise to conduct the analysis. |
| Dissemination plan | PIONEER supports open access of data outputs to ensure insights benefit as many people as possible. The ‘Five Safes’ includes an assessment of whether data outputs could lead to patient reidentification, so the DRF includes a description of how this will be avoided. |
| Due Diligence | |
| An assessment of the data requestor, which is completed for all data access requests | |
| Human rights violations and significant harm | All data requestors undergo a due diligence assessment to determine evidence of serious human rights violations, arms manufacturing or trade and tobacco industry involvement. |
| Controversies and data breaches | All data requestors undergo a due diligence assessment to determine evidence of data breaches, falsified scientific reports or involvement in significant controversies including financial irregularities and health and safety fines. |
| Risk Assessment | |
| A summary of the potential benefit vs risk of the project, the researcher, the data and the data environment | |
| Benefit | Designated as clear benefit to NHS patients or society, potential benefit or no potential benefit. |
| Data | Designated as data which is aggregated or highly unlikely to or may lead to patient identification or data which has a realistic potential patient identification. |
| Security | Designated as provides evidence of data security which meet all requirements or meet most requirements with additional support or does not meet data security requirements. |
| Potential reputational risk to PIONEER | Designated as low, moderate or high based on due diligence check. |
| Previous dealings | To determine the outcome of previous data access activities. |
| Overall assessment of risk | Low, moderate or high with a recommendation to support or not support data access. |