Definitions and abbreviations - Ansatt

Definitions and abbreviations

Definitions and abbreviations

Definitions and abbreviations regarding privacy, research and information security.

Anonymous data

Data is anonymous if the name, social security number and other personally identifiable information has been removed so that the data can no longer be traced back to an individual (also if the identification requires an unreasonable amount of effort or large costs).

Authorised / unauthorised access

Approved access/ not approved access.

De-identified data

Data is de-identified if the name, social security number or other personally identifiable information has been replaced by a number, code, fictitious name or the like, which refers to a separate list of direct personal data. This way the information cannot be traced back to an individual without connecting the number or code to the list.

Data controller

The data controller determines the purpose of the personal data processing  as well as which aids should be used. "It is emphasized that it is the business that is the data controller for the processing of health data and personal data. Responsibility must be assumed by the day-to-day management of the business which is subject to legal obligations" (Privacy and data security in research projects within the health sector, page 6, published with support from the Directorate of Health).

Budget manager

The budget manager is the person who has the budget deployment authority for the unit to which the project manager belongs (dean / faculty director / head of department).


A database is made up of data collected in connection with a survey and may consist of a large amount of information. A database can form the basis for the results of a R&D project. 

Data processor

The data processor processes personal data on behalf of the data controller. Note that a data processor is an external person or agency with respects to the data controller's business.

Directly personally identifiable information

A person will be directly identifiable by name, social security number or other personally identifiable characteristics.

Research coordinator

According to the Act relating to universities and university colleges, it is the board with the rector on behalf of the board which is the supreme governing body at the university college. The university college director has the greatest administrative responsibility and therefore also the top administrative responsibility for the research taking place at HiOA. The university college director is considered the research coordinator and can delegate tasks, but not responsibility.

Research file

An extract of personal data to be used in a research project. The personal date in the research file is usually not directly identifiable. The research file may consist of personally identifiable, pseudonymised, de-identified or anonymous personal data.

Research protocol

A scientifically designed project plan with requirements for content according to the regulations. See regulation to the Health Research Act section 8.

R&D project

An activity that has a beginning and an end, a budget, a project manager and an objective/result. An R&D project always has an R&D result as shown through publications. The project may have more participants, run over a period of several years and be financed by internal or external funding. Time is also a form of funding.


Directorate of Health

Health research

Activities conducted with scientific methodology to provide new knowledge about health and illness.

The scope of the Health Research Act

Medical and healthcare research (health research) on humans, human biological material or health data.

Medical data

Confidential information according to section 21 of the Health Personnel Act and other information and assessments of health conditions, or of importance to health conditions, which may be associated with an individual.

Human biological material

Organs, parts of organs, cells and tissues and constituents of such material from living and dead humans.

Intellectual property rights

Intellectual property rights is a generic term for the area of law relating to the legal protection of intellectual presentations and characteristics of persons, goods and services. These are rights to "non physical objects" created thanks to human knowledge and creativity - referred to as IPR.

Indirectly personally identifiable information

A person will be indirectly identifiable if it is possible to identify him/her based on background information such as residential or institutional association combined with information about age, sex, profession, diagnosis, etc.

Scrabling key

A list or a file that allows identification of individuals based on a set of non-personally identifiable data. The scrambling key contains the link between a person's code in the project and his/her name or social security number.


"Confidential" means that the information provided is subject to limited access. All personal data should be considered confidential and must be protected in a way that makes it difficult or impossible for unauthorised persons to gain access. Research  participants are entitled to have all the information they provide about personal conditions treated confidentially. The researcher must prevent the use and dissemination of information that could harm these individuals.


The information is encoded in such a way that only the person who knows the code can read the information.

Qualitative research

Qualitative research is in essence the science of interpretation and includes analysis of texts, images and objects whose scientific value is based on the material’s unique character and meaning and not on their quantity or representativeness. E.g. interviews, observation protocols, academic texts, documents, relics, physical objects, works of art, images and media.

Quantitative research / methodology

Quantitative methods are research methods that relate to numbers and what is measurable (quantifiable). Counting and measuring are common techniques of quantitative methods. The result of the research will be a number or a series of numbers. These are often presented in tables, graphs or other statistical representations.

Storage media

A place for storing information, also in the form of audio and images. Examples include information on paper, photography, video, CV-ROM, removable hard drives ("USB disk") and memory sticks / cards.

Pharmaceutical drugs

Substances, drugs and preparations intended to prevent, cure or alleviate illnesses, symptoms or pain, affect physiological functions in humans or animals, or for internal or external use to detect illness.

Medical equipment

Instruments, apparatuses, aids, materials or other items including necessary software used alone or in combination which, by the manufacturer, is intended to be used on human beings in order to:

  • diagnose, prevent, monitor, treat or alleviate illness
  • diagnose, monitor, treat, alleviate or compensate for injury or disability
  • examine, replace or change the anatomy or a physiological process (prevent pregnancy)


Norwegian centre for research data.

Personal data

Information and assessments that can be linked directly or indirectly to an individual. Photographs, videos and voices on audio recordings may also be considered as personal data.

Persons registry

Listings, etc. where personal data is stored systematically so that information about the individual can be easily found.

Project responsibility / project owner

The institution, company or business that, towards the Research Council or any other external financiers, is responsible for ensuring that the project is carried out in compliance with the contract. In special cases, the project manager may be a person.

Project description

The project description must explain the topic, issues and choice of theory and method of the research project. The description should specify the progress plan for the various parts of the work.

Project manager

The project manager is an academic and administrative manager for of the day-to-day implementation of the project. The project manager has the main responsibility when it comes to ensuring that the research is carried out in accordance with Norwegian law, regulations, good research practice and recognised scientific and ethical principles in the subject.


Pseudonymisation is the process in which the identity of the individual is hidden, yet the personal data is individualised so that it is possible to follow each person through the research project without their identity being revealed.


Regional Committees for Medical and Health Research Ethics.

Raw data

Data in its original form, the result of original observations and activities in a project. Raw data may include images, films, machine readable media, dictated observations, data records from automated equipment or other data storage mediums.

Sensitive personal data

Information about ethnic background, political, philosophical or religious opinions, criminal background; whether the person has been suspected, sentenced, charged or convicted of a criminal offense, health, sexual relations, and membership in trade unions.

Confidential Information

Confidential information includes medical records, information from government agencies and various registries (health records, criminal records, social and security records, etc.). The duty of confidentiality precludes healthcare personnel from giving away confidential information about patients / clients.

Duty of confidentiality

The duty of confidentiality is a prohibition on disclosing information and may result from a law or agreement. What information is subject to confidentiality will depend on the provision that imposes the duty of confidentiality. Employees and students participating in research projects have duty of confidentiality if they deal with confidential information.


The Norwegian Medicines Agency.