Information Governance
How does NICOR protect your data?
NICOR takes data protection extremely seriously. We comply with both the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
Privacy policy and patient leaflet
NICOR is hosted by NHS Arden and GEM CSU. See the Privacy Notice.
For information about how we process patient data please see our Patient Information Leaflet.
Anonymised data prevents patient identification
NICOR collects information that is part of the essential activity of the NHS. It helps with decision making on service delivery and improvements in healthcare and is used in important medical research. Information for medical research usually require identifiable patient information for linkage to other datasets. However, NICOR will not use or onward share patient information for research purposes, if you have opted out under the National Data Opt-out Policy.
Section 251
All NICOR audits and registries have approval under Section 251 of the NHS Act 2006, which means NICOR can use patient identifiable data, without obtaining patient consent. Our applications for approval were reviewed by the Health Research Authority’s Confidentiality Advisory Group and where relevant by the Research Ethics Committee.
Section 251 of the NHS Act 2006 allows the use of confidential patient information for audit or medical research when it is not possible to use anonymised information and when seeking consent is not practical. Section 251 will continue to be required until the processes to link data in pseudonymised form are properly developed within the NHS.
Programme governance
NCAP governance and delivery helps to explain the governance arrangements for the National Cardiac Audit Programme (NCAP) within NHS England.
Reference
-
24/CAG/0032
Application title
NHS England National Institute for Cardiovascular Outcomes Research (NICOR) National Clinical Databases (NNCD) – The new National Cardiac Audit Programme (NCAP)
Audits/population/cohort
1. Myocardial Ischaemia National Audit Project (MINAP)
2. National Adult Cardiac Surgery Audit (NACSA)
3. National Audit of Percutaneous Coronary Intervention (NAPCI)
4. National Audit of Cardiac Rhythm Management (NACRM)
5. National Congenital Heart Disease (Surgery and Intervention)
6. National Heart Failure Audit
7. The UK Transcatheter Aortic Valve Implantation (TAVI) Registry
8. The Transcatheter Mitral and Tricuspid Valve (TMTV) Registry
9. Left Atrial Appendage Occlusion (LAAO) Registry
10. Patent Foramen Ovale Closure (PFOC) Registry.Approval period and Review date
Annual – 16/08/2025
-
24/CAG/0079
Application title
NHS England: NICOR – National Clinical Databases
Audits/population/cohort
1. Myocardial Ischaemia National Audit Project (MINAP)
2. National Adult Cardiac Surgery Audit (NACSA)
3. National Audit of Percutaneous Coronary Intervention (NAPCI)
4. National Audit of Cardiac Rhythm Management (NACRM)
5. National Congenital Heart Disease (Surgery and Intervention)
6. National Heart Failure Audit
7. The UK Transcatheter Aortic Valve Implantation (TAVI) Registry
8. The Transcatheter Mitral and Tricuspid Valve (TMTV) Registry
9. Left Atrial Appendage Occlusion (LAAO) Registry
10. Patent Foramen Ovale Closure (PFOC) Registry.(This application covers research)
Approval period and Review date
Annual – 16/08/2025
For the latest approvals, please visit the Health Research Authority (HRA) website: CAG registers – Health Research Authority (hra.nhs.uk).
Authorisation and Protection
-
Authorisation
- NICOR produces anonymised data from individual identifiable patient records to support medical research.
- NICOR collects and uses information about past or present geographical location from patient records. Postcodes are required for analysis. As there is a potential to identify individual patients using this information, it is regarded as ‘patient identifiable data’.
- NICOR is able to identify, and with appropriate data controller’s approval, contact patients to invite them to participate in medical research.
- NICOR can use patient data for medical research.
- NICOR links patient identifiable information from more than one source, validating the completeness or quality of the information.
- NICOR has the authority to process patient identifiable information for the purpose of auditing, monitoring and analysing patient care and treatment.
- NICOR has the authority to process patient identifiable information for an authorised user for one or more of the purposes outlined above.
-
Protection
- NICOR protects this information by using security and confidentiality processes recognised by the community to be more advanced than other national data collection and aggregation initiatives.
- NICOR stores and analyses the information in a secure environment.
- Access to this information is restricted to appropriate members of NICOR.
- NICOR provides regular information governance training to all NICOR staff.
- NICOR ensures the information collected conforms to the strict rules of confidentiality established by Acts of Parliament, including the Data Protection Act 2018, the NHS Act 2006, the Health and Social Care Act 2001 and the Health and Social Care Act 2008.
Visit the webpage ‘Protecting your data‘ for more information.