Protecting your data

Home » Protecting your data

NICOR data collection system

Users of the system connect to the data collection system via the Health and Social Care Network (HSCN) (a private data network which provides the entire NHS with fast broadband networking services) or the internet via an internet service provider. This is to ensure that hospitals who are not on the HSCN network (e.g. private hospitals, non- NHS organisation, other devolved nations) can connect and submit their data.

Opening a database allows users to see all the documents they are authorised to access, create new documents, or edit existing information. Once data have been entered, they are synchronised with the central system, they are then analysed, and subsequently reported back to the user in the form of online data reporting tools available within the system

Security

NICOR has designed security mechanisms that allow only authorised users to access information on the NICOR data collection and reporting system. Users are only able to see records submitted by their own organisation and published information contains only comparative/ aggregated information.

Several levels of security are built into the system:

ID security:

  • All users of the service are required to authenticate through a NICOR username and password. Users are not allowed to read any web pages on the server until they authenticate successfully.
  • Policies are in place that make passwords difficult to guess. These include lockout after failed password attempts, minimum password length or “strength,” password aging, and password history. Passwords are set to expire after a given and users are required to change these at regular intervals.

Server security:

  • All servers are secured from network access. They are behind industry standard firewalls and all data transactions are filtered through these firewalls.
  • Deployment of SHA 256-bit Secure Socket Layer (SSL) authenticated Website Certificates to prevent access to the data packets as they are being sent across the Internet.

Application security

  • Access to the database is controlled by a database Access Control List (ACL). This records when users have accessed data. Users and organisations only have access to their own records. Users may be given ‘read only’ or editing rights. Users can only delete records if they have the correct permissions.
  • All system database accesses are recorded in a system log file that can be audited in the event of suspected security threats or data misuse. The information recorded and managed by NICOR about patients and the clinical care they have received is confidential.

NICOR does not publish information that can identify individual patients.

We maintain the confidentiality and security of patient information in the following ways:

NICOR conforms to the Data Protection Act 2018 for the collection and use of patient identifiable data. We work with the Confidentiality Advisory Group (CAG) of the NHS Health Research Authority (HRA), the Care Quality Commission (CQC), NHS England and Health and Care Wales to ensure support is provided under section 251 of the NHS Act 2006.

Patient confidentiality

  • Once captured, data is only accessible to specially trained NICOR staff members who store the data. Following the National Data Opt-out Policy exemption granted to NICOR, patients are NOT able to opt-out of the audit. However, patients are able to opt out so that their information will not be used for research purposes.
  • The patient forename and surname are not extracted from the database or used in any analysis.
  • No NHS numbers, or other information that can be used to identify individuals (such as postcode, date of birth, hospital case record number) are included in analyses, published reports or released to third party research groups (unless required for data linkages to other datasets and with appropriate permissions).
  • A number of data transformations are in place to reduce the identifiability and sensitivity of data items. For example, postcode is converted to deprivation index and date of birth is converted to age at admission.
  • The NHS number is validated and retained as a unique identifier for conducting data linkage to other NHS administrative data sets (e.g. Hospital Episode Statistics, life status information from the Office of National Statistics).
  • All reports are produced at an aggregate level hospital), never at patient level.
  • A statistical risk assessment is completed for each publication of data and small number suppression techniques are used to ensure that analysis is not disclosive.