Policies for Researchers

This page provides important instructions that must be read before the sharing and publication of any OpenSAFELY project results released from the Level 4 results server.

If you have any questions, in the first instance contact your co-pilot; if you do not have a co-pilot, please contact [email protected].

WARNING: You MUST NOT screen share (or share via any other means) any results held on the Level 4 results server that have not been released through the official process, otherwise you will be in breach of your data access agreement.

All highlighted sections should be amended as appropriate; please discuss with your co-pilot or contact [email protected] if you have any questions.

Permitted Study Results Policy

All outputs from the OpenSAFELY-EMIS/-TPP (NHS England COVID-19 research) platform must be aggregated data with small number suppression applied.

OpenSAFELY operates as a trusted research platform where no patient record level data is permitted to be extracted from the platform.

You MUST NOT request the release of any information (e.g. name, listsize) that identifies, or could identify, STPs, Local Authorities, CCGs and individual GP practices from the Level 4 results server.

Larger geographic / regional outputs can be released, such as NHS England operating regions, which are listed in relevant data tables in the OpenSAFELY platform. An example use of these regions is in Table 1, p.3 of this paper.

Authorship Policy

Our team is strongly committed to “team science”, and to recognising the deep technical and methodological contribution of research software engineers to research outputs. We have a strong preference, specifically during the pilot phase when all projects are delivered in close collaboration, for members of the OpenSAFELY team who materially contribute to your study and/or to the iterative development of the platform and analytic pipelines to be offered authorship on outputs. This is likely to change over time as the platform expands, and as external teams become more “customers” than “collaborators”. For clarity, this relates to platform contributions, and there is never any expectation of authorship for individual researchers involved in OpenSAFELY who are not involved in a research project. A formal authorship policy is under active development, please contact your co-pilot to discuss ahead of submission of presentations, papers, pre-prints or reports.

Acknowledgment and Data Sharing / Publication Policy

NHS England oversees the final approval for all publication ready papers, reports or presentations, principally to check that the outputs align with the stated application purpose; NHS England has been extremely supportive of all research and analyses to date. The usual response time for approval is 1-2 weeks.

The acknowledgment and sharing/publication of results guidelines are dependent on the datasets used for your project. The acknowledgement content must be used in all published manuscripts, official reports and presentations given outside of your research team/collaborators.

Datasets used

All Datasets

Acknowledgement content

We are very grateful for all the support received from the EMIS and TPP Technical Operations team throughout this work, and for generous assistance from the information governance and database teams at NHS England / NHSX.

If the High Cost Drug dataset was also used, add:

North East Commissioning Support Unit provided support on behalf of all Commissioning Support Units to aggregate the high cost drugs data for use in OpenSAFELY studies.

SHARING OF RESULTS

The results of ANY dataset can be shared IN CONFIDENCE and ONLY with key members of the wider research team / research collaborators (principally for the purpose of seeking feedback and contribution to inform the final paper or report). For example, the author may give a presentation and/or send an email (to a clearly defined and small group of key researchers / collaborators), but importantly everyone must be reminded that the results are shared in confidence and they must not be distributed further until the publication guidelines listed below are followed.

Acceptable sharing examples include: the senior sponsor; analysts and senior manager in the NHS E/I/X department accountable for the specific policy activities being investigated (but NOT other departments); key members of the relevant scientific advisory groups; established relevant expert collaborators. If you are unsure that your planned sharing is appropriate, please contact your co-pilot or email [email protected].

PUBLICATION OF RESULTS (e.g. papers, presentations, etc.)

You must seek NHS England approval for any publication or wider sharing of results. Email [email protected] (and copy your copilot) a copy of your proposed publication documents. They must be roughly “90%” finalised versions, but the results and conclusions must be final. A response will usually be provided within 1-2 weeks.

You must keep your GitHub repository private and not publish any papers, presentations, etc. until you have received approval by email from NHS England.

For the Datasets listed below

The following additional acknowledgement and publication of results guidelines must be followed if your study uses data from ICNARC, ISARIC, ONS-CIS, PHOSP.

ICNARC data

Acknowledgement content

Use the All Datasets acknowledgement above and the following:

This publication is based on data derived from the Intensive Care National Audit & Research Centre (ICNARC) Case Mix Programme Database. The Case Mix Programme is the national, comparative audit of patient outcomes from adult critical care coordinated by ICNARC. We thank all the staff in the critical care units participating in the Case Mix Programme. For more information on the representativeness and quality of these data, please contact ICNARC. Disclaimer: The views and opinions expressed therein are those of the authors and do not necessarily reflect those of ICNARC.

SHARING OF RESULTS

Use the All Datasets Sharing of Results guide above.

PUBLICATION OF RESULTS (e.g. papers, presentations, etc.)

Use the All Datasets Publication of Results guide above and the following:

Contact and email ICNARC if any safety concerns are identified.
020 7831 6878
[email protected]

Email [email protected] (and copy [email protected] and your copilot) one draft copy of any proposed publication or presentation at the same time as submission for publication or at least 28 days before the date intended for publication/presentation, whichever is earlier.

You must keep your GitHub repository private and not publish any papers, presentations, etc. until you have received approvals by email from both ICNARC and NHS England.

ISARIC data

Acknowledgement content

Use the All Datasets acknowledgement above and the following:

This report is independent research which used data provided by the MRC funded ISARIC 4C Consortium and which the Consortium collected under a research contract funded by the National Institute for Health Research. The views expressed in this publication are those of the author(s) and not necessarily those of the ISARIC 4C consortium.

SHARING OF RESULTS

Use the All Datasets Sharing of Results guide above.

PUBLICATION OF RESULTS (e.g. papers, presentations, etc.)

Use the All Datasets Publication of Results guide above and the following:

Email [email protected] (and copy [email protected] and your copilot) a copy of any publication at least 7 days in advance of submission for publication.

Submit the results to an open access platform and in accordance with normal academic practice; publication to a bona-fide pre-print service is encouraged where possible.

You must keep your GitHub repository private and not publish any papers, presentations, etc. until you have received approvals by email from both ISARIC and NHS England.

ONS-CIS data

Acknowledgement content

Use the All Datasets acknowledgement above and the following:

Awaiting additional acknowledgement content.

SHARING OF RESULTS

Use the All Datasets Sharing of Results guide above.

PUBLICATION OF RESULTS (e.g. papers, presentations, etc.)

Use the All Datasets Publication of Results guide above and the following:

Email ONS (and copy [email protected] and your copilot) a copy of all proposed publications and presentations arising from agreed analysis to the ONS not less than 7 days in advance of submission for publication or presentation, for approval; such approval shall not be unreasonably withheld or delayed by ONS.

You must keep your GitHub repository private and not publish any papers, presentations, etc. until you have received approvals by email from both ONS and NHS England.

PHOSP data

Acknowledgement content

Use the All Datasets acknowledgement above and the following:

Awaiting additional acknowledgement content.

SHARING OF RESULTS

Use the All Datasets Sharing of Results guide above.

PUBLICATION OF RESULTS (e.g. papers, presentations, etc.)

In discussion.

Information Governance and Ethics content policy

For published manuscripts, official reports and presentations you must use the following content for the relevant section headings.

Note: the naming conventions for EMIS and TPP versions of the OpenSAFELY platform are OpenSAFELY-EMIS and OpenSAFELY-TPP. If a study uses both EMIS and TPP you can reference them both separately, or as OpenSAFELY-EMIS/-TPP.

Abstract

  • Must add: “With the approval of NHS England we…”

Methods - Data Sharing or Data Source headings

  • Must add: All data were linked, stored and analysed securely within the OpenSAFELY platform: https://opensafely.org/. Data include pseudonymised data such as coded diagnoses, medications and physiological parameters. No free text data are included. All code is shared openly for review and re-use under MIT open license [LINK TO GITHUB REPO OF PAPER BEING SUBMITTED]. Detailed pseudonymised patient data is potentially re-identifiable and therefore not shared.
  • When listing data sources, suggested phrase: Primary care records managed by the GP software provider, TPP/EMIS were linked to [ONS death data, etc.] through OpenSAFELY.

Software and Reproducibility

  • If required use: Data management was performed using Python [XX], with analysis carried out using [Stata 16.1/Python/R]. Code for data management and analysis, as well as codelists, are archived online [link your project github repo]. [All iterations of the pre-specified study protocol are archived with version control https://github.com/opensafely/xxxxxx/protocol].
  • For any federated analyses (involving EMIS and TPP) please contact the OpenSAFELY team first.

Patient and Public Involvement and Engagement (PPIE)

  • Where relevant: Insert any project specific PPIE.
  • Consider: OpenSAFELY has developed a publicly available website https://opensafely.org/ through which they invite any patient or member of the public to make contact regarding the broader OpenSAFELY project.

Information governance and ethical approval

  • Must add: NHS England is the data controller for [OpenSAFELY-EMIS] [OpenSAFELY-TPP] [OpenSAFELY-EMIS and OpenSAFELY-TPP]; [TPP is the data processor] [EMIS is the data processor] [EMIS and TPP are the data processors]; all study authors using OpenSAFELY have the approval of NHS England. This implementation of OpenSAFELY is hosted within the [EMIS environment which is] [TPP environment which is] [EMIS and TPP environments which are] accredited to the ISO 27001 information security standard and [is][are] NHS IG Toolkit compliant;12

    Patient data has been pseudonymised for analysis and linkage using industry standard cryptographic hashing techniques; all pseudonymised datasets transmitted for linkage onto OpenSAFELY are encrypted; access to the platform is via a virtual private network (VPN) connection, restricted to a small group of researchers; the researchers hold contracts with NHS England and only access the platform to initiate database queries and statistical models; all database activity is logged; only aggregate statistical outputs leave the platform environment following best practice for anonymisation of results such as statistical disclosure control for low cell counts.3

    The OpenSAFELY research platform adheres to the obligations of the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. In March 2020, the Secretary of State for Health and Social Care used powers under the UK Health Service (Control of Patient Information) Regulations 2002 (COPI) to require organisations to process confidential patient information for the purposes of protecting public health, providing healthcare services to the public and monitoring and managing the COVID-19 outbreak and incidents of exposure; this sets aside the requirement for patient consent.4

    Taken together, these provide the legal bases to link patient datasets on the OpenSAFELY platform. GP practices, from which the primary care data are obtained, are required to share relevant health information to support the public health response to the pandemic, and have been informed of the OpenSAFELY analytics platform.

  • For RESEARCH, you must add: This study was approved by the Health Research Authority [REC reference XXX] and by the XXX Ethics Board [reference XXX].

  • For SERVICE EVALUATION/AUDIT, you must add: This study was supported by [NAME + OFFICIAL ROLE] as senior sponsor, and approved by the XXX Ethics Board [reference XXX]. (NHS England service evaluations/audits are currently not required to have Ethics approval.)

  • NOTE: remember to add additional governance and ethical content pertaining to data not processed within OpenSAFELY.

Data access and verification

  • If requested, use the following: Access to the underlying identifiable and potentially re-identifiable pseudonymised electronic health record data is tightly governed by various legislative and regulatory frameworks, and restricted by best practice. The data in OpenSAFELY is drawn from General Practice data across England where [EMIS is the data processor][TPP is the data processor][EMIS and TPP are the data processors].

    [EMIS][TPP][EMIS and TPP] developers (XX - please contact your co-pilot or OpenSAFELY to obtain this named list) initiate an automated process to create pseudonymised records in the core OpenSAFELY database, which are copies of key structured data tables in the identifiable records. These pseudonymised records are linked onto key external data resources that have also been pseudonymised via SHA-512 one-way hashing of NHS numbers using a shared salt. DataLab developers and PIs (XX - please contact your co-pilot or OpenSAFELY to obtain this named list) holding contracts with NHS England have access to the OpenSAFELY pseudonymised data tables as needed to develop the OpenSAFELY tools.

    These tools in turn enable researchers with OpenSAFELY data access agreements to write and execute code for data management and data analysis without direct access to the underlying raw pseudonymised patient data, and to review the outputs of this code. All code for the full data management pipeline—from raw data to completed results for this analysis—and for the OpenSAFELY platform as a whole is available for review at github.com/OpenSAFELY.

    The data management and analysis code for this paper was led by (XX) and contributed to by (XX).


  1. BETA — Data Security Standards - NHS Digital. NHS Digital. https://digital.nhs.uk/about-nhs-digital/our-work/nhs-digital-data-and-technology-standards/framework/beta---data-security-standards (accessed 30 Apr 2020). ↩︎

  2. Data Security and Protection Toolkit - NHS Digital. NHS Digital. https://digital.nhs.uk/data-and-information/looking-after-information/data-security-and-information-governance/data-security-and-protection-toolkit (accessed 30 Apr 2020). ↩︎

  3. ISB1523: Anonymisation Standard for Publishing Health and Social Care Data - NHS Digital. NHS Digital. https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/publications-and-notifications/standards-and-collections/isb1523-anonymisation-standard-for-publishing-health-and-social-care-data (accessed 30 Apr 2020). ↩︎

  4. Secretary of State for Health and Social Care - UK Government. Coronavirus (COVID-19): notification to organisations to share information. 2020. https://web.archive.org/web/20200421171727/https://www.gov.uk/government/publications/coronavirus-covid-19-notification-of-data-controllers-to-share-information ↩︎