Deviation – Undesirable events that have resulted in, or may result in, breaches of confidentiality, violations of guidelines, or harm to research participants. (See the dedicated section on deviation in the quality assurance system.)
Processing of Health and Personal Data – Any activity performed with the data, whether automated or not, such as its collection, registration, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction.
Data Controller – The entity that alone or jointly with others determines the purpose of the processing of personal data and the means used (GDPR Article 4). In the Health Research Act, the term "data controller " is referred to as "dataansvarlig," as " data controller " in these laws is associated with patient care.
Joint Data Controllers – If two or more data controllers jointly determine the purposes and means of processing, they are considered joint data controllers. There must be documentation or an agreement that outlines the arrangement between them (GDPR Article 26).
Legal Basis for Processing – The lawful basis for processing personal data. Processing is only permitted if there is a legal basis (authority) as specified in GDPR Article 6 (ordinary personal data) or Article 9 (special categories of personal data).
Biobank – “Research biobank: a collection of human biological material used in a research project or intended for research” (Health Research Act, Paragraph 4, point c).
Dataansvarlig – See Data Controller.
Data Processor – “A data processor is a natural or legal person, public authority, institution or any other body that processes personal data on behalf of the data controller.” (GDPR Article 4, No. 8; Data Controller and Data Processor | Norwegian Data Protection Authority)
Data Management Plan (DMP) – A DMP is a plan for how research data related to a specific research project will be managed, both during and after the project.
Data Minimisation – “Data minimisation means that you should not collect more information than necessary to achieve your purpose. For example, if you plan to collect personal data that is not actually required for your research purpose, you should not collect it.” (Privacy Glossary | sikt.no)
Endorsing Research Institution – “An institution or another legal or natural person that has the overall responsibility for the research project and has the necessary prerequisites to fulfil the obligations of the research responsible party under this law.” (Health Research Act, Paragraph 4, point e). At USN, the Board has delegated this responsibility to the Principal, but tasks and authority are further delegated within the organisation in accordance with the [Roles and Responsibilities] section of the quality assurance system.
Research Data – “All records, notes, sources or reports that are systematically collected in connection with a research project can be considered research data. Good research data management is essential to ensure that data can be understood and reused.” (Open Science | Research Data)
Research Project – Systematic work to generate knowledge and understanding about a given topic.
Research Protocol – A scientifically designed project plan that includes, among other things, the project's purpose, rationale, methods, timeline, research ethics considerations, use of research data, sources of funding, and plan for dissemination of results.
(Source: Regulation concerning the organisation of medical and health research, https://lovdata.no/dokument/SF/forskrift/2009-07-01-955. Norwegian only.)
Health Research – “Medical and health-related research [that] is an activity carried out using scientific methodology to obtain new knowledge about health and disease.”
(Health Research Act, Paragraph 4, point a). For more information on what qualifies as health research, see the section on Categorisation.
Health Data – “Personal data related to a natural person’s physical or mental health, including the provision of health services, which reveals information about the individual’s health status.”
(GDPR Article 4, No. 15; Health Research Act, Paragraph 4, point d)
Human Biological Material – “Organs, parts of organs, cells, tissues and components of such material from living and deceased individuals.” (Health Research Act, Paragraph 4, point b)
Information Security – Measures to ensure that information is not disclosed to unauthorised parties (confidentiality), that the information is accurate (integrity), and that it is accessible when needed (availability).
Clinical Trials – Also referred to as experimental treatment, clinical trials are research studies that investigate the effects of new medicines or treatment methods, and whether the side effects are acceptable. (Source: https://www.helsenorge.no/en/clinical-trials/about/.)
Quality Assurance / Quality Project – “Projects, surveys, evaluations, etc., that aim to verify whether diagnostics and treatment actually produce the intended results.”
(Source: https://www.forskningsetikk.no/retningslinjer/med-helse/helseforskningslovens-saklige-virkeomrade/. Norwegian only.)
Notification Form – Documentation used to demonstrate compliance with data protection regulations (data protection protocol).
Multicentre Studies – Research projects conducted at multiple institutions simultaneously and according to the same protocol.
NEM – The National Committee for Medical and Health Research Ethics.
Personal Data – Any information that can be linked to an individual.
Anonymous Data – “Anonymous data is information that in no way can identify individuals in a dataset—neither directly through name or personal ID number, nor indirectly through background variables, or through a name list/linking key or encryption formula and code.” (Privacy Glossary | sikt.no)
De-identified Data – “Personal data where names, personal ID numbers, or other uniquely identifying characteristics have been removed.” (Glossary | Norwegian Data Protection Authority)
Directly Identifiable Data – Data such as fingerprints, personal ID numbers, names, audio recordings, photographs, etc.
Linking Key – A name list or file that enables identification of individuals in a dataset. (Privacy Glossary | sikt.no)
Indirectly Identifiable Data – “A person is indirectly identifiable if it is possible to identify them through a combination of background information. For example, municipality of residence or institutional affiliation combined with age, gender, occupation, diagnosis, etc.” (Privacy Glossary | sikt.no)
Pseudonymised Data – “De-identifying personal data so that it cannot be linked to a specific person without the use of additional information (e.g., a linking key) that is stored separately and securely. Pseudonymised data is not anonymous.” (Glossary | Norwegian Data Protection Authority)
Sensitive Data – “Referred to in law as special categories of personal data. These are data that require extra protection, such as information about racial or ethnic origin, religion, health, sexual orientation, and more.” (Glossary | Norwegian Data Protection Authority)
Special Categories – See above.
Data Protection Officer (DPO) – A person appointed by the data controller, responsible for assisting in ensuring compliance with data protection regulations. (Glossary | Norwegian Data Protection Authority)
Data Protection Impact Assessment (DPIA) – “An assessment of data protection consequences. A process intended to help manage the risks that data processing poses to individuals’ rights and freedoms by identifying and evaluating those risks and establishing mitigating measures.” (Glossary | Norwegian Data Protection Authority)
Project Manager – “A natural person responsible for the day-to-day management of the research project, who possesses the necessary research qualifications and experience to fulfil the obligations of a project manager under this law.” (Health Research Act, Paragraph 4, point f)
REK – Regional Committees for Medical and Health Research Ethics, which provide prior approval for research applications within these fields. (National Research Ethics Committees | https://www.forskningsetikk.no/en/about-us/who-are-we-and-what-do-we-do/).
Consent – A voluntary, informed, and active declaration by a person that they agree to participate in research. “Freely given informed consent is considered one of the central requirements in research involving human subjects, particularly where the research involves data collection and/or any form of discomfort, inconvenience, or risk to the participants.” (Consent | National Research Ethics Committees, https://www.forskningsetikk.no/en/resources/the-research-ethics-library/data-protection-and-responsibility-concerning-the-individual/consent/)
Broad Consent – Consent for personal data or biological material to be used for broadly defined research questions.
Norwegian Medical Products Agency (DMP) – The Norwegian Medical Products Agency (https://www.dmp.no/en) ensures that all medicines used in Norway are of high quality, safe to use, and have the intended effect. The agency approves clinical trials of medicine, holds supervisory authority, and conducts inspections.
Sikt – The Norwegian Agency for Shared Services in Education and Research (https://sikt.no/en/home) – “Sikt develops, procures, and delivers products and services for education and research.” USN uses Sikt for data management plans and for registering and receiving guidance on the processing of personal data in student and research projects.
Vulnerable Informants – Research participants who may require special follow-up and facilitation. This may include individuals with reduced capacity to consent, minorities, or critically ill persons. (Vulnerable Groups | National Research Ethics Committees, https://www.forskningsetikk.no/en/resources/the-research-ethics-library/research-on-particular-groups/vulnerable-groups/)
Duty of Confidentiality – The obligation to prevent others from gaining access to or knowledge of certain information.