Data Entry

PURPOSE

The HIC Business Support Team (BST) carries out data entry within the secure HIC facilities. In addition to wider HIC administrative support activities, HIC receives and processes incoming NHS data relating to the community-dispensed prescription dataset. The team also provides general clerical support to individual research projects, including project-specific data entry, and handling the receipt and dispatch of paper data and mail. The purpose of this document is to define the security procedures surrounding Data Entry. 

SCOPE

This SOP covers all data entry projects and tasks which HIC undertake which involve the HIC Business Support staff. It is applicable to all the HIC Business Support staff involved with data entry and their managers. This SOP will be made available to all users and potential users of the HIC Service and will be externally visible on the public HIC website. 

RESPONSIBILITIES

PROCEDURE

Policy

For overall Policy see Legal and Governance Policy. 

Principles 

1. Data Processing: NHS- network servers are used in the circumstance that the Business Support Team processes non-consented NHS patient-identifiable electronic images and data. This is all processed within the secure NHS network and the NHS data and images required by HIC Business Support for data entry are held on secure NHS-network servers.  The Business Support Team also processes consented study data, mainly on behalf of the Tayside Clinical Trials Unit (TCTU). These data are processed via secure login to web-based study-specific databases.  

2. Data Storage: Any patient-identifiable paper-based data that is kept will be stored in a secure office or a locked storeroom when not in active use. 

3. Data Confidentiality: Access to the office is restricted to assigned access cards. New employees will read and sign the HIC Staff Confidentiality Agreement. Data entry monitors must be fully screened from observation by visitors. Computers are to be locked before leaving workstations, this automatically obscures any data displayed on the screen. Staff use unique logins and passwords to access programs and data for processing. These are to be kept confidential and are not to be shared with other staff. File system access is also read-only where appropriate. Database access is restricted to specific data entry software tools. 

4. Data Transfer: Any staff involved with data entry activities will be trained in the Record of Custody process before they are able to receive or dispatch paper-based data on behalf of HIC. 

5. Record of Data Destruction: Only trained and experienced HIC Business Support Staff are permitted to shred paper-based data and enter data into the Record of Data Destruction system on behalf of HIC. 

Steps  

1. The HIC Project Lead notifies the Data Processor that there is a new Data Entry project to be processed.  

2. Data Processor is trained by the Project Administrator on how to enter the data. 

3. Project Administrator will deliver the data with a Transfer of Custody Form attached. Any patient-identifiable paper-based data to be processed and returned to the respective owner must be logged both in and out. While it is kept it will be stored in a secure office or a locked storeroom when not in active use. 

4. Data Processor will enter the data. If it is impossible to read a data item, it will be coded to reflect that it is unreadable and recorded as a discrepancy. An audit trail of who performed entry and on what date will be maintained.  

5. Data Quality Controller will do a quality check on the entered data. Unless otherwise specified the default data entry quality checking method is from King DW and Lashley R (see references), as described.  The quality check is based on visual verification with correction, which requires a member of staff to compare each item in a record with the same item on the source record.  Double entry may alternatively be used. The method of data entry QC to be used will be agreed with the project team prior to data entry commencing. The person doing the quality check will not be the same person who entered the data into the database.   

6. Data Processor will inform Project Administrator that the data has been entered and quality checked. The Project Administrator will then collect the data. 

APPLICABLE REFERENCES

• HIC Staff Confidentiality Agreement 

• How to knowledge share item on Record of Custody 

• Record of Custody Form 

• Data Security

• Legal and Governance Policy

• King DW and Lashley R, A quantifiable alternative to double-entry. Controlled Clinical Trials 2000; 21, 92-102  

• For Definitions see ISMS Glossary

DOCUMENT CONTROLS