Information Governance
How does NICOR protect your data?
NICOR takes data protection extremely seriously. We comply with both the Data Protection Act 2018 and the General Data Protection Regulation (GDPR).
Privacy policy and patient leaflet
NICOR is hosted by NHS Arden and GEM CSU. See the Privacy Notice.
For information about how we process patient data please see our Patient Information Leaflet.
Anonymised data prevents patient identification
NICOR collects information that is part of the essential activity of the NHS. It helps with decision making on service delivery and improvements in healthcare and is used in important medical research. Information for medical research usually require identifiable patient information for linkage to other datasets. However, NICOR will not use or onward share patient information for research purposes, if you have opted out under the National Data Opt-out Policy.
Section 251
All NICOR audits and registries have approval under Section 251 of the NHS Act 2006, which means NICOR can use patient identifiable data, without obtaining patient consent. Our applications for approval were reviewed by the Health Research Authority’s Confidentiality Advisory Group and where relevant by the Research Ethics Committee.
Section 251 of the NHS Act 2006 allows the use of confidential patient information for audit or medical research when it is not possible to use anonymised information and when seeking consent is not practical. Section 251 will continue to be required until the processes to link data in pseudonymised form are properly developed within the NHS.
Reference
-
22/CAG/0118
Application title
NICOR – Extended Use of Data V1.1 2017
Audits/population/cohort
Six existing national clinical audit datasets (22/CAG/0114 non research application)
Approval period and Review date
Annual – 28/06/2024
-
22/CAG/0117
Application title
NICOR Commissioning through Evaluation Registries/Audits: “NICOR Commissioning through Evaluation Registries/Audits:
Audits/population/cohort
Patients undergoing the procedures: Percutaneous Mitral Valve Repair;
Left Atrial Appendage Occlusion; Patent Foramen Ovale Closure in Adults.Approval period and Review date
31/08/2023
-
22/CAG/0117
Application title
National Data Opt-Out (NDO) exemption request
-
22/CAG/0116
Application title
NHS England (NICOR): UK Transcatheter Aortic Valve Implantation (TAVI)
Audits/population/cohort
Transcatheter Aortic Valve Implantation (TAVI) registry
Approval period and Review date
Annual – 31/12/2023
-
24/CAG/0032
Application title
NHS England (NICOR) National Cardiac Audit Programme (NCAP)
Previously 17/CAG/0071Audits/population/cohort
1. Myocardial Ischaemia National Audit Project
2. Adult Cardiac Surgery Audit
3. National Heart Failure Audit
4. Congenital Heart Disease Audit
5. Cardiac Rhythm management Audit
6. Adult cardiac Interventions AuditApproval period and Review date
Annual – 07/03/2024
Authorisation and Protection
-
Authorisation
- NICOR produces anonymised data from individual identifiable patient records to support medical research.
- NICOR collects and uses information about past or present geographical location from patient records. Postcodes are required for analysis. As there is a potential to identify individual patients using this information, it is regarded as ‘patient identifiable data’.
- NICOR is able to identify, and with appropriate data controller’s approval, contact patients to invite them to participate in medical research.
- NICOR can use patient data for medical research.
- NICOR links patient identifiable information from more than one source, validating the completeness or quality of the information.
- NICOR has the authority to process patient identifiable information for the purpose of auditing, monitoring and analysing patient care and treatment.
- NICOR has the authority to process patient identifiable information for an authorised user for one or more of the purposes outlined above.
-
Protection
- NICOR protects this information by using security and confidentiality processes recognised by the community to be more advanced than other national data collection and aggregation initiatives.
- NICOR stores and analyses the information in a secure environment.
- Access to this information is restricted to appropriate members of NICOR.
- NICOR provides regular information governance training to all NICOR staff.
- NICOR ensures the information collected conforms to the strict rules of confidentiality established by Acts of Parliament, including the Data Protection Act 2018, the NHS Act 2006, the Health and Social Care Act 2001 and the Health and Social Care Act 2008.
Visit the webpage ‘Protecting your data‘ for more information.