Tag: research governance framework for health and social care

  • Clinical Research Governance: Sponsor, Host, PI

    Clinical research governance in a multi-site trial is not a single chain of command but three overlapping, unequally weighted accountabilities: the sponsor owns overall trial risk and cannot delegate it away, the host organisation owns the local environment and confirms site-level capacity, and the principal investigator owns day-to-day conduct at their site. In practice, this three-way split creates gaps — in indemnity, in recruitment-shortfall accountability, and in adverse-event reporting speed — that the written framework does not fully resolve.

    Clinical research governance is the system of regulations, ethical principles and quality standards — spanning ethical approval, risk management, data integrity and financial oversight — that safeguards participants and assures the scientific validity of health research. In UK-regulated studies, the current reference point is the UK Policy Framework for Health and Social Care Research, maintained by the Health Research Authority (HRA) and last updated 10 January 2025.

    Contents

    What the framework says multi-site responsibility should look like

    On paper, the model is clean. The UK Policy Framework defines the sponsor as the organisation or individual taking on responsibility for initiating, managing and financing (or arranging financing for) a study. Every other party’s obligations flow from that single point of accountability.

    Participating NHS sites are brought in through Confirmation of Capacity and Capability — a check, run by each site’s own research and development (R&D) office, that it has the staff, facilities and local approvals to deliver the protocol safely. This is the mechanism that lets a single HRA and Health and Care Research Wales (HRA/HCRW) Approval cover recruitment across dozens of sites without a fresh full ethics review at each one.

    Contractually, the sponsor-host relationship is usually standardised through the Association of the British Pharmaceutical Industry’s model Clinical Trial Agreement (mCTA) for commercial studies, or a model Non-Commercial Agreement for academic ones — terms defined alongside related governance concepts in the CASRAI Research Administration Dictionary. Costs are mapped using the NIHR’s Attributing the Cost of Health and Social Care Research and Development (AcoRD) guidance and a Statement of Activities/Schedule of Events Cost Attribution Template (SoECAT), intended to make explicit which party pays for what before the trial opens.

    The sponsor owns the trial’s overall regulatory and scientific risk. Under the UK Policy Framework, this cannot be contracted away, even when day-to-day monitoring is subcontracted to a contract research organisation (CRO). Concretely, that means:

    • Establishing and maintaining a documented risk-management framework across all sites
    • Ensuring compliance with Good Clinical Practice under ICH E6(R2)
    • Arranging indemnity/insurance appropriate to the trial’s risk profile
    • Monitoring site-level performance and stepping in when a site under-delivers

    For commercially sponsored trials, indemnity typically follows ABPI clinical-trial compensation guidelines. For non-commercial, NHS- or university-sponsored trials, negligent harm is usually covered through the host trust’s NHS Indemnity Scheme (the Clinical Negligence Scheme for Trusts). Non-negligent harm — injury with no clinician at fault — is a separate, thinner layer of cover that sponsors of non-commercial studies must arrange themselves, and it is frequently the least-scrutinised line item in a multi-site risk assessment.

    What does the host organisation control — and what doesn’t it?

    The host — the NHS trust, health board or university hosting the research locally — controls the physical and clinical environment: staff, facilities, occupational health cover, and the local R&D governance confirming capacity and capability before recruitment opens. It does not inherit the sponsor’s overall trial risk, and is not accountable for protocol design or cross-site data integrity.

    A host trust can, and does, halt recruitment at its own site if capacity is exceeded or a safety signal appears locally — but it has no authority over the other sites in the study, and no visibility into the sponsor’s aggregate risk picture unless the sponsor actively shares it.

    Party Owns Does not own
    Sponsor Overall trial risk, protocol design, cross-site oversight, indemnity arrangement Local staffing, facilities, day-to-day site conduct
    Host organisation Local environment, capacity/capability confirmation, site-level safety culture Cross-site risk aggregation, protocol amendments, sponsor’s regulatory liability
    Principal investigator Protocol adherence, informed consent, local data accuracy, adverse-event reporting at their site Trial-wide risk decisions, insurance/indemnity arrangements, other sites’ conduct

    Where does the principal investigator’s accountability begin and end?

    The principal investigator (PI) is accountable for conduct at their own site: following the protocol, obtaining valid informed consent, keeping accurate records, and reporting adverse events promptly to both the sponsor and the relevant research ethics committee. Their authority stops at the site boundary — a PI has no formal governance role over other participating sites, even in trials where they also act as chief investigator for scientific leadership.

    The structural tension is that a PI is usually employed, or given honorary contract/letter-of-access status, by the host — while being contractually accountable for trial conduct to the sponsor. That dual reporting line works when both parties communicate; it becomes a blind spot the moment a deviation or shortfall needs escalating and neither party is clearly first in line.

    Where does the theory break down in practice?

    Three recurring failure points separate the written framework from operational reality.

    • Recruitment-shortfall accountability. The framework assigns sponsors overall oversight, but recruitment targets are delivered site by site. When one site underperforms, responsibility for the trial-level consequence (a delayed readout, a statistically underpowered analysis) sits with the sponsor — yet the sponsor’s only lever is the same capacity-and-capability relationship the host controls.
    • Adverse-event reporting speed mismatches. PIs report to their own site’s systems first; sponsors then aggregate signals across sites to spot patterns. Multi-site trials with paper-based or fragmented electronic systems can see days of lag between a local signal and trial-wide risk reassessment — the exact gap that first-in-human trial reforms following the 2006 Northwick Park (TGN1412) incident were designed to close, by tightening dose-escalation and staggered-dosing risk controls at source rather than relying on retrospective aggregation.
    • Data-protection role confusion. Under UK GDPR, sponsors are usually the data controller and hosts the processor for site-level data — but joint-controller arrangements are common in investigator-led studies, and the governance documentation does not always specify which party answers a subject access request or a breach notification first.

    The historical root is worth noting: the original Research Governance Framework for Health and Social Care (Department of Health, 2001, revised 2005) followed the Bristol Royal Infirmary and Alder Hey organ-retention inquiries, which exposed exactly this kind of accountability vacuum in single-site care. The current UK Policy Framework, published in 2017 and updated since, extended that same sponsor-centred logic to a far more complex multi-site landscape — without fully re-engineering it for that complexity.

    Answer-first Q&A

    What is research governance in the NHS?

    In the NHS, research governance is the broad set of regulations, principles and standards that exist to achieve and continuously improve research quality across UK healthcare. It covers ethical approval, participant safety, data integrity, financial oversight and the roles of the sponsor, host organisation and investigator, all set out under the HRA’s UK Policy Framework for Health and Social Care Research.

    What are the seven pillars of clinical governance?

    The seven pillars, first articulated by Scally and Donaldson in their 1998 NHS clinical governance model, are: patient and public involvement, risk management, education and training, clinical audit, clinical effectiveness, staffing and management, and information management. They describe organisational quality assurance, distinct from — but closely linked to — trial-specific research governance.

    What are the five components of a clinical governance framework?

    Most operational models group clinical governance into five practical components: clear accountability structures, quality improvement and audit processes, risk and incident management, education and continuing professional development, and robust information systems. A multi-site trial needs all five replicated consistently across every participating organisation, not just at the coordinating centre.

    Implications for institutions running multi-site studies

    For research administrators and institutional leaders, the practical fix is not to wait for the framework to be re-engineered — it is to make the three-way split explicit in every study-specific document: the mCTA/mNCA, the SoECAT and the risk log. Naming which party owns recruitment-shortfall escalation, which owns the data-protection role, and which pays for non-negligent-harm cover before the first participant is consented closes most of the gaps identified here.

    As UK trial infrastructure consolidates further — with combined HRA/MHRA review pathways and shared R&D systems across integrated care systems — the sponsor-host-PI triangle will only govern more sites per study, not fewer. Institutions that document risk ownership explicitly, rather than relying on the framework’s implicit assumptions, will be the ones that catch the next Northwick-Park-scale gap before it reaches a participant, not after.

  • Research Governance Framework Explained: What UK Institutions Must Comply With

    Search “research governance framework” today and you land on documents that are, technically, retired. The Research Governance Framework for Health and Social Care — first issued in 2001 and revised in April 2005 by the Department of Health — was superseded across the UK by October 2017. Yet the phrase persists in job titles, standard operating procedures, contracts and search queries, because the underlying obligations never went away; they were consolidated, not abolished. This explainer sets out what the term still refers to in practice, what replaced it, and the concrete checklist a UK research office needs to satisfy compliance today.

    What was the Research Governance Framework?

    The Research Governance Framework (RGF) was the Department of Health’s statement of principles, requirements and standards applying to health research within the responsibilities of the Secretary of State for Health in England. Scotland, Wales and Northern Ireland each issued their own, broadly parallel versions, so a multi-site UK trial could in practice be answering to four separate documents.

    The RGF organised obligations around five domains:

    • Ethics and patient information — protecting participants’ rights, dignity, safety and informed consent
    • Science — ensuring research design is valid and methodologically sound
    • Information — confidentiality, data handling and transparent reporting of findings
    • Health and safety, and employment — competence, training and safe working environments for researchers
    • Finance and intellectual property — transparent management of funds and fair attribution

    One point of genuine confusion: “Research Governance Framework” was never a protected or exclusive title. Non-health public bodies still publish their own documents under exactly this name for research that touches their own remit rather than the NHS — the Gambling Commission maintains a current “Research governance framework” for its evidence programme, and several local authorities (Manchester City Council, Tower Hamlets among them) use the same title for research governance approval processes involving council data or vulnerable residents. These are legitimate, separate documents; they are not the health and social care framework this article addresses, and conflating the two is a common source of misdirected compliance effort.

    What replaced it: the UK Policy Framework for Health and Social Care Research

    The Health Research Authority (HRA) became a non-departmental public body on 1 January 2015 and took on responsibility for research governance guidance in England. Working with the health departments of Northern Ireland, Scotland and Wales, the HRA then issued the UK Policy Framework for Health and Social Care Research in October 2017, replacing the four devolved Research Governance Frameworks with a single, UK-wide document. The HRA has since kept it under active revision — the version in force was last updated in January 2025.

    The structural change matters more than a rename. The RGF was organised as five fixed domains; the UK Policy Framework is organised around defined roles across the research lifecycle — funders, sponsors, researchers and their employers, research sites and care providers — with each role carrying explicit duties, rather than a single institution being expected to satisfy five generic principles.

    Aspect Research Governance Framework (2001/2005–2017) UK Policy Framework for Health and Social Care Research (2017–present)
    Geographic scope England only; Scotland, Wales and Northern Ireland each had separate equivalent documents Single framework covering all four UK nations
    Issuing body Department of Health (England) Health Research Authority, with the devolved health departments
    Structure Five fixed domains (ethics, science, information, safety/employment, finance/IP) Role-based duties across funders, sponsors, researchers, employers and sites
    Sponsor concept Introduced but loosely defined Central and explicit: every study must have an identified sponsor accepting overall responsibility
    Last major update Second edition, April 2005 Updated January 2025

    Institutions applying for MRC/UKRI clinical research funding must now nominate a sponsor as a condition of the grant, and directors of MRC institutes are required to keep systematic documentation of every project for which sponsorship responsibility has been accepted — a direct operational consequence of the framework’s sponsor-centred structure. Read more about how these governance obligations sit alongside institutional research administration functions more broadly.

    Answer-first: common research governance questions

    What is an example of a governance framework?

    The clearest current UK example is the UK Policy Framework for Health and Social Care Research, issued by the Health Research Authority and the devolved health departments. Sector-specific equivalents also exist outside health, such as the Gambling Commission’s own research governance framework, which governs a different remit entirely.

    What are the 7 Nolan principles of good governance?

    The Nolan Principles — selflessness, integrity, objectivity, accountability, openness, honesty and leadership — were set out by the Committee on Standards in Public Life in 1995. They underpin conduct expected of anyone working in or for UK public bodies, including NHS research staff and research ethics committee members.

    What are the 7 key ethical principles in research?

    Widely cited principles include social/scientific value, informed consent, favourable risk-benefit balance, independent review, respect for participants, fairness in selection and confidentiality. UK Research Ethics Committees, coordinated by the HRA, apply equivalent tests when reviewing health and social care research proposals.

    What are the 8 elements of good governance?

    A commonly cited international model (UN ESCAP) lists participation, rule of law, transparency, responsiveness, consensus orientation, equity/inclusiveness, effectiveness/efficiency and accountability. UK research governance instruments draw on the same underlying accountability and transparency principles, adapted for research-specific risk.

    The compliance checklist: what research offices must have in place

    Whichever term staff still use internally, a UK research office running health or social care studies needs the following in place to satisfy the current framework:

    • A named sponsor — an organisation or individual formally accepting overall responsibility for each study
    • Applications and approvals managed through the Integrated Research Application System (IRAS) and, where applicable, a Research Ethics Committee (REC) opinion
    • Local NHS Research and Development (R&D) permissions confirmed at every participating site before recruitment begins
    • Documented risk assessment covering ethics, scientific validity, data protection, finance and health and safety
    • A named Principal Investigator per project with defined accountability
    • Data handling compliant with UK GDPR and the Data Protection Act 2018
    • Insurance and indemnity arrangements appropriate to the research type
    • Evidence of Good Clinical Practice (GCP) training and up-to-date competency records for research staff
    • Adverse event and complaints reporting procedures, escalating to the sponsor and, where relevant, the REC
    • Records retention and archiving arrangements consistent with sponsor and funder requirements

    Institutions can cross-check specific terminology — sponsor, REC, IRAS and related definitions — against a standards-aligned research governance terminology dictionary when drafting internal SOPs.

    Implications for institutions still using RGF language

    Institutions that still reference “the Research Governance Framework” in SOPs, job descriptions or supplier contracts are not automatically non-compliant, but they are working from superseded terminology that can create real gaps. A research governance officer hired against a job description written around the five 2005 domains may miss role-based duties the UK Policy Framework assigns specifically to sponsors or funders. Auditors and REC reviewers now expect documentation mapped to the current framework’s roles, not the old domain structure, so internal policy documents drafted before 2017 — and never revisited since the January 2025 update — are a genuine compliance risk worth flagging in the next governance review cycle.

    The practical fix is straightforward: retitle internal documents to reference the UK Policy Framework for Health and Social Care Research explicitly, re-map existing SOPs from the five domains to the current role-based duties, and confirm sponsorship arrangements are documented per project rather than assumed at institutional level.

    Looking ahead

    The Health Research Authority continues to revise the UK Policy Framework rather than replace it outright — the January 2025 update is evidence of an iterative model rather than another wholesale rewrite. For research offices, that means the practical task is not tracking down a new document every few years, but keeping local SOPs, sponsorship records and R&D permissions current against a single framework that evolves incrementally. Institutions that treat “Research Governance Framework” purely as historical vocabulary, while keeping their compliance architecture mapped to the UK Policy Framework’s role-based duties, are the ones best placed to pass audit and REC scrutiny without disruption.