Data Confidentiality

As well as the summary below, a presentation giving more details of the data confidentiality and information governance issues involved in NCIN's work is available to download.

Why personally identifiable information is required

The work of cancer registries (and to an extent the rest of the network) requires the use of personal and sensitive information about cancer patients and their treatment. Wherever possible this information is used in an aggregated or anonymised form but at times it is necessary to use information that identifies individuals. For example, such information is required to:

• Avoid duplication of records where patients are treated at more than one hospital.
• Allow linkage between datasets to analyse survival or patterns of care.
• Perform geographic analyses (for example to investigate 'clusters' of cancer cases).
• Provide information where people are concerned that their family history may put them at risk of cancer.
• Recontact patients with new information if previously unknown effects of a therapy are discovered.

Permissions to process identifiable information

Because of the importance of their work, and because asking every cancer patient for their consent to be registered is considered unworkable, cancer registries in England and Wales are authorised by Parliament to process information about cancer patients without their consent. Patients can opt out of the system and the United Kingdom Association of Cancer Registries (UKACR) produces an information leaflet for cancer patients with further details.

Release of information

The controls on what data are published or released by cancer registries and the wider network are designed to prevent the disclosure of identifiable data into the public domain - no publication should ever allow an individual to be identified unless they have agreed to this. The UKACR's policies on data confidentiality and security define what data may be released and to whom. The NCIN policy on Access to the National Cancer Data Repository builds on these.

Who may access data?

Data are shared between cancer registries and may be released to NHS organisations and healthcare professionals providing care for those patients, or monitoring the quality of cancer service provision. Data are also released for research uses, but only to bona fide medical researchers who:

• have either the patients' consent or support from the Ethics and Confidentiality Committee of the National Information Governance Board;
• have approval from the relevant Medical Research Ethics Committee; and
• can justify the use of identifiable data to the registry director

These researchers must agree to strict conditions of access:

1. The minimum data necessary will be provided.
2. The data must be kept securely then destroyed when the study is completed.
3. The data must not be linked with any other datasets without prior permission.
4. The researchers may not attempt to identify individuals or contact them (unless they have consent from the patients themselves or their clinicians).
5. The data must not be released into the public domain and any publications must be submitted to the registry for review.