NICOR SECURITY ONLY ALLOWS ACCESS TO AUTHORISED USERS
NICOR data collection system
Users of the system connect to the data collection system via the Health and Social Care Network (HSCN) (a private data network which provides the entire NHS with fast broadband networking services) or the internet via an internet service provider.
Opening a database allows users to see all the documents they are authorised to access, create new documents, or edit existing information. Once data have been entered they are synchronised with the central system, they are then analysed, and subsequently reported back to the user.
NICOR has designed security mechanisms that allow only authorised users to access information on the NICOR data collection and reporting system. Users are only able to see records submitted by their own organisation and published information contains only comparative analysis figures.
Several levels of security are built into the system:
- ID security: each audit database is accessed through a secure ID, the ID can be set to expire or have its access terminated, preventing unauthorised users from accessing the system. A complex password is required to access the ID and the password can be set to expire after a given period, forcing the user to change it regularly.
- Server security: the central (server-based) audit application database replicas are protected by server security, preventing unauthorised access to the database or replication of data to it.
- Application security: access to the database is controlled by a database Access Control List (ACL). This records when users have accessed data. Users and organisations only have access to their own records. Users may be given ‘read only’ or editing rights. Users can only delete records if they have the correct permissions.
- The application is encrypted, an authorised ID file (and knowledge of its password) must be present on the computer requiring access to the application.
- All system database accesses are recorded in a system log file that can be audited in the event of suspected security threats or data misuse.The information recorded and managed by NICOR about patients and the clinical care they have received is confidential. Strict security measures are in place to safeguard patient information. Section 251 of the NHS Act 2006 allows the common law duty of confidentiality to be set aside in specific circumstances where anonymised information is not sufficient and where patient consent is not practicable. All current NICOR audits have section 251 approval.
NICOR does not publish information that can identify individual patients.
We maintain the confidentiality and security of patient information in the following ways:
NICOR conforms to the Data Protection Act 2018 for the collection and use of patient identifiable data. We work with the Confidentiality Advisory Group (CAG) of the NHS Health Research Authority (HRA), the Care Quality Commission (CQC), NHS England and Digital Health and Care Wales to ensure support is provided under section 251 of the NHS Act 2006.
- Once captured, data is only accessible to specially trained NICOR staff members who store the data. Following the National Data Opt-out Policy exemption granted to NICOR, patients are NOT able to opt-out of the audit. However, patients are able to opt out so that their information will not be used for research purposes.
- The patient forename and surname are not extracted from the database or used in any analysis.
- No NHS numbers, or other information that can be used to identify individuals (such as postcode, date of birth, hospital case record number) are included in analyses or reports, or released to third party research groups (unless required for data linkages to other datasets and with appropriate permissions).
- To this end, a number of data transformations are in place to reduce the identifiability and sensitivity of data items. For example postcode is converted to deprivation index and date of birth is converted to age at admission.
- The NHS number is validated and retained as a unique identifier for conducting data linkage to other data sets (e.g. life status information from the Office of National Statistics).
- All reports are produced at an aggregate level (national, LAT, CCG, Trust, hospital), never at patient level.
- A statistical risk assessment is completed for each publication of data and small number suppression techniques are used to ensure that analysis is not disclosive. This is in line with ONS guidelines – Review of the Dissemination of Health Statistics: Confidentiality Guidance (PDF).