Table of Contents
Table of Contents
The York Neuroimaging Centre (YNiC) maintains records concerning individuals who use the Centre and participants who are scanned at the Centre. These data are held electronically and therefore YNiC adheres to a strict code of practice in obtaining, maintaining, protecting, processing and destroying them. YNiC’s policy is in full compliance with the University of York’s Data Protection Act: Policy Procedures and Guidelines document that can be read at http://www.york.ac.uk/recordsmanagement/dpa/dppolicy2002.htm
YNiC specific policies that complement this document are:
- All individuals who are scanned at YNiC are asked to complete and sign a consent form that allows data to be used for research purposes only.
- Only data relevant to the administration of scan procedures and to the analysis of scan data may be stored.
- All YNiC data are held in a computer archive to which only registered users of YNiC have access. All YNiC users are required to sign up to the YNiC Regulations of Computer Use policy which incorporates by reference this document.
- Research workers who have permission to access the YNiC database only have access to anonymised datasets. Researchers will access the data for research purposes only, and the data will not be used in such a way as to be likely to cause substantial damage or distress to particular individuals.
- Access to an individual’s own data in the YNiC database is
possible by two methods:
- Requests from a participant for a “Picture of my brain” situations. In these cases, subjects should contact the YNiC Data Controller leaving at least one week after their scan. For further details, see the section called “Requests for “Picture of My Brain””.
- Formal subject access requests are those made under the Data Protection Act 1988 and are suitable for those who wish to discover all of the information which YNiC holds about them. Those wishing to follow this procedure must complete a “data subject enquiry form” and return it to the University Record’s Manager with the appropriate fee. This form is available from the University of York website at http://www.york.ac.uk/recordsmanagement/dpa/subjectaccessform.pdf
- YNiC staff are not authorised to release any information direct to individuals/third parties or to discuss anything relating to the images obtained during the scan with individuals/third parties. Research carried out at YNiC is not to be used in medical diagnosis.
- Researchers who wish to take data away from YNiC must write to the Data Controller stating the reason why the data needs to be stored at a site away from the University of York. No data may be taken outside of the European Economic Area (the EU member states, plus Norway, Iceland and Liechtenstein).
- Please note that if off-site analysis is being stored, viewed, analysed, maintained or otherwise processed by a third party on behalf of YNiC, it is a requirement of the Data Protection Act that a contract/agreement must be in place to ensure that the centre continues to meet its statutory obligations under the Act and that the security of the data for which it is responsible is assured. This does not apply to researchers taking data acquired for their own studies off-site (instead the normal rules about notifying data removal apply). Should a third party need to perform one of these actions, please contact the data controller before any action is taken.
All queries or requests regarding the use of data, where data
protection is involved, at YNiC must be referred to
the YNiC Data Controller. The appropriate method to
use in order to contact the controller will normally be via email to
<data@ynic.york.ac.uk>.
![[Warning]](images/html-admon/warning.jpg) | Warning |
|---|---|
| Remember that email is not a secure communication mechanism and therefore any personally identifiable or confidential information must not be sent by email unless appropriate encryption is used. At this time, YNiC does not support the use of encryption in email sent to us, but we hope to introduce this soon. |
As an alternative to email contact where this is not available or appropriate, please write to:
Data Controller, York NeuroImaging Centre,
University of York, York Science Park,
York, YO10 5NY
![[Note]](images/html-admon/note.jpg) | Note |
|---|---|
| Please note that all requests related to Data Protection, whatever the outcome, will be recorded by YNiC |
Table of Contents
This is by far the most common request for data access by participants. In order to keep things simple, YNiC does not require a full data protection request in these circumstances, and has a standard procedure for what is delivered.
For logistical reasons, it is not possible for requests to be fulfilled on the day of the scan. Requests must be made at least one week after the initial date of the scan.
Requests must be made to the YNiC Data Controller via email or post and be accompanied by some proof of your identity. The Data Controller will then inform the participant as to when the CDROM will be available. YNiC does not charge for this service but will issue only one CD per participant. The participant will be required to pick up the CDROM from YNiC, at which time they will need to provide identification and sign for the CDROM. If the participant cannot return to YNiC to pick up the CDROM, extra identification methods will be necessary and the CDROM will be posted out (at an extra charge to the participant) by registered post. For further details, please contact the YNiC Data Controller.
Data will be prepared on a CDROM and will contain anonymised DICOM images of the YNiC T1 and T2 and AXIAL FSE protocol data along with each of those images converted into a JPEG. A README.txt will be provided at the root level to instruct users how to use the CD. No support for reading the data will be provided, however the disks have been tested on Windows, Mac OS X and Linux systems.
The creation of the disk is entirely automated and will be performed by the Data Controller. No variation in what is supplied will be available.
| Warning |
|---|---|
| Staff and other investigators must and will not hand out data in any way for removal from YNiC. All data removal and participant requests must be referred to the YNiC Data Controller who will log and deal with the request. |
Under the Data Protection Act 1988, any person has the “right to see the personal information held about (them) by businesses and organisations in the public and private sectors. This is known as the right of 'subject access'.”
YNiC policy is that all formal Data Protection requests should
come through the University Data Controller via
<dataprotection@york.ac.uk>. They will contact the
relevant person with YNiC who will arrange for all relevant data to be
returned via the University Data Controller. A fee (normally £10) will
be charged for this. Those wishing to follow this procedure must
complete a “data subject enquiry form” and return it to the
University Record’s Manager with the appropriate fee and proof of
identity. This form is available from the University of York website at
http://www.york.ac.uk/recordsmanagement/dpa/subjectaccessform.pdf
Table of Contents
| Warning |
|---|---|
| This chapter must be read before any data is removed from YNiC in any form. |
YNiC deals with data which in certain circumstances may be classed as sensitive medical data. All of those who work at YNiC, whether they be full-time YNiC staff, University staff, Postgraduate students, Undergraduate students or external centre user, have a duty of care to all participants, whether they are involved in clinical or research projects. It is therefore imperative that all investigators involved in research and/or clinical scanning understand the procedures for data handling within the centre.
This chapter will deal with the two common cases experienced in the research setting. First of all, the removal of whole datasets for off-site analysis or distribution will be examined. Secondly, the use of summary data and images (such as those included in papers) will be considered.
Datasets consist of MRI, fMRI, EEG and/or MEG data collected at the centre as well as any response information collected during functional work. Datasets are stored by YNiC in a secure manner on-site and regularly backed up. Data which is made available to investigators for analysis purposes is done so in an anonymised format only using the “R” number which was assigned to the participant and the “P” number which was assigned to project for which the recording was made.
When investigators wish to perform off-site data analysis, they must contact the Data Controller at YNiC and recieve confirmation of their request before doing so. The request must contain the exact list of datasets to be removed, information about where they are being take and what the storage and transfer mechanism will be. Requests will be logged by YNiC. No data removal must occur until confirmation that the request has been logged is recieved.
If advice is required on data removal, the YNiC Data Controller will be pleased to help.
Summary data is that which does not constitute a full fMRI/MRI/MEG/EEG dataset. Examples of summary data might include a screenshot of a fMRI overlay for a paper, mathematical plots of data, or graphs or tables of summary statistics.
It is obviously impractical and undesirable to require each use of summary data to require any form of paperwork. Therefore, as long as no personally identifiable information is presented within the summary data, investigators do not need to obtain clearance for usage of these data. Investigators should ensure that participants in experiments are aware of, and consent to the use of, data in this manner. The standard YNiC consent forms include wording to this effect, however study-specific consent forms should include any extra relevant detail.
Any summary data which poses the risk of identifiable personal information being released must be referred to the YNiC Data Controller.
If advice is required on use of summary data, the YNiC Data Controller will be pleased to help.