Data Entry

PURPOSE

The  Operations Team carries out data entry within the secure HIC facilities. In addition to wider HIC administrative support activities, HIC receives and processes incoming NHS data relating to the community-dispensed prescription dataset. The team also provides general clerical support to individual research projects, including project-specific data entry, and handling the receipt and dispatch of paper data and mail. The purpose of this document is to define the security procedures surrounding Data Entry. 

SCOPE

This SOP covers all data entry projects and tasks which HIC undertake which involve the Operational Team.

RESPONSIBILITIES

PRINCIPLES 

1. Data Processing: NHS- network servers are used in the circumstance that the Operational Team processes non-consented NHS patient-identifiable electronic images and data. This is all processed within the secure NHS network and the NHS data and images required by the Operational Team for data entry are held on secure NHS-network servers.  The Operational Team also processes consented study data, mainly on behalf of the Tayside Clinical Trials Unit (TCTU). These data are processed via secure login to web-based study-specific databases.  

2. Data Storage: Any patient-identifiable paper-based data that is kept will be stored in a secure office or a locked storeroom when not in active use. 

3. Data Confidentiality: Access to the office is restricted to assigned access cards. New employees will read and sign the HIC Staff Confidentiality Agreement. Data entry monitors must be fully screened from observation by visitors. Computers are to be locked before leaving workstations, this automatically obscures any data displayed on the screen. Staff use unique logins and passwords to access programs and data for processing. These are to be kept confidential and are not to be shared with other staff. File system access is also read-only where appropriate. Database access is restricted to specific data entry software tools. 

4. Data Transfer: The Operational Team involved with data entry activities will be trained in the Record of Custody process before they are able to receive or dispatch paper-based data, where applicable, on behalf of HIC. 

5. Record of Data Destruction: Data destruction is managed by a supplier and certificate of data destruction is logged.

PROCEDURE  

1. Data Delivery

   • Operational Team is notified that there is a new Data Entry project to be processed.  

   • Operational Team is trained on how to enter the data, where applicable. 

   • Data is delivered with a Transfer of Custody Form attached, where applicable. Any patient-identifiable paper-based data to be processed and returned to the respective owner must be logged both in and out. Under this circumstance, the data will not be accepted without a Transfer of Custody Form. While it is kept, it will be stored in a secure office or a locked storeroom when not in active use. 

2. Data Entry

   • Operational Team will enter the data. If it is impossible to read a data item, it will be coded to reflect that it is unreadable and recorded as a discrepancy.

   • Operational Team will carry out quality control via method agreed with the project team prior to data entry commencing.  The person doing the quality check will not be the same person who entered the data into the database.   

3. Data Disposal

   • Once data entry is complete, data is either collected with Transfer of Custody or destroyed via supplier and record of destruction is logged.  

APPLICABLE REFERENCES

• HIC Staff Confidentiality Agreement 

• How to knowledge share item on Record of Custody 

• Record of Custody Form 

• Data Destruction Log

• Data Security

• For Definitions see ISMS Glossary

DOCUMENT CONTROLS