If you are conducting research (sharing the results with others) then yes is the only answer. If the data is for internal use use only and will not be shared than IRB approval is not needed
I was asking in view of publishing the data in the journal.
As you are aware that the data related to antibiotic sensitivity and incidences of hospital acqiured infections needs to be shared with all. For this we dont take any formal consent form from patient , so in such cases what should we do?
Talking about incidence of hospital acquired infections or other events usually is referring to aggregated data. Raw data is not necessarily reported.
So if it is a hospital report without raw data in our jurisdiction(!) you would not need any approval - its statistics within the intended work of an hospital = intended use and no individual recognizable.
If you go for research and publication you should go to IEC approval. If the journal wants raw data published you have to ascertain that the data provided is anonymized / pseudonymized. Different methods are available. Take the patient identifier, add "salt" (random digits like a poem...) and calculate a one way HASH function. Take this as new patient ID and delete the old one. Check your data on k-anonymity (k>3 should be sufficient). This should work for IEC approval.