Information Governance

Medic typing information into laptop

Home » About us » Information Governance

How does NICOR protect your data?

NICOR takes data protection extremely seriously. We comply with both the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).

Privacy policy and patient leaflet

NICOR is hosted by NHS Arden and GEM CSU. See the Privacy Notice.

For information about how we process patient data please see our Patient Information Leaflet.

Anonymised data prevents patient identification

NICOR collects information that is part of the essential activity of the NHS. It helps with decision making on service delivery and improvements in healthcare and is used in important medical research. Information for medical research usually require identifiable patient information for linkage to other datasets. However, NICOR will not use or onward share patient information for research purposes, if you have opted out under the National Data Opt-out Policy.

Section 251

All NICOR audits and registries have approval under Section 251 of the NHS Act 2006, which means NICOR can use patient identifiable data, without obtaining patient consent. Our applications for approval were reviewed by the Health Research Authority’s Confidentiality Advisory Group and where relevant by the Research Ethics Committee.

Section 251 of the NHS Act 2006  allows the use of confidential patient information for audit or medical research when it is not possible to use anonymised information and when seeking consent is not practical. Section 251 will continue to be required until the processes to link data in pseudonymised form are properly developed within the NHS.


Authorisation and Protection

Visit the webpage ‘Protecting your data‘ for more information.