A Retrospective Audit of Medical Records

A retrospective audit of patient data usually comes under the Low Negligible Risk umbrella. The LNR committee meets fortnightly and the meeting and submission closing dates can be found here.

What information is required by the LNR Committee?

Please provide the following within the LNR Application:

  • Background and rationale for audit
  • Dates audit will cover and estimated sample size
  • Inclusion/exclusion criteria of records to be audited
  • What data will be collected* and from where i.e. medical records, eMR, specific databases**
  • Who will be collecting the data
  • Data analysis plan
  • Outline how the confidentiality of identifiable data will be protected e.g. use of individual codes, removal of identifiers from data set once complete etc***

*For projects of this nature please submit either a list of all data items you will be collecting or the data collection sheet, including any identifying information that you will collect (such as MRN or DOB) and the source/s of the data (e.g. medical notes, electronic databases, scans etc)

**Please provide details of the custodian of any specific databases (eg. department database, private doctors database)

*** Please avoid using the term ‘de-identified data’, as its meaning is unclear. While it is sometimes used to refer to a record that cannot be linked to an individual (‘non-identifiable’), it is also used to refer to a record in which identifying information has been removed but the means still exist to re-identify the individual (re-identifiable). When the term ‘de-identified data’ is used, researchers and those reviewing research need to establish precisely which of these possible meanings is intended, therefore please describe the precise method of how the data will be managed.

Handy hints 

Section 3.1 is ‘yes’ for each study site requiring ethical approval from this application

Section 7.1 is ‘yes’ to ‘State/Territory department or agencies’ if you are collecting public hospital held information

Section 7.2 requires you to clarify why you require a waiver of consent to use identifiable health data for research purposes. Unless you are not collecting any identifiers (inc MRN, DOB, name etc) then this should be ‘yes’ and completed accordingly.  Before deciding to waive the requirement for consent an HREC or other review body must be satisfied that: there is sufficient protection of the individual’s privacy and there is an adequate plan to protect the confidentiality of data.