How does NICOR protect my data?

Anonymised data prevents patient identification

NICOR collects information that is part of the essential activity of the NHS, this is used in important medical research and requires identifiable patient information. However, patients may not have agreed for their information to be used in this way.

All of the audits managed by NICOR have Section 251 approval, which means NICOR can use patient identifiable data, without patient consent. Our applications for approval were reviewed by the NIGB Ethics and Confidentiality Committee.

Section 251 of the NHS Act 2006 allows the use of confidential patient information in medical research when it is not possible to use anonymised information and when seeking consent is not practical. Section 251 will continue to be required until the processes to link data in pseudonymised form are properly developed within the NHS.


  • NICOR produces anonymised data from individual identifiable patient records to support medical purposes.
  • NICOR collects and uses information about past or present geographical location from patient records. Postcodes are required for analysis, however it is possible to identify individual patients using this information and therefore it is regarded as patient identifiable data.
  • NICOR is able to identify and contact patients and invite them to participate in medical research.
  • NICOR can use patient data for medical research.
  • NICOR links patient identifiable information from more than one source, validating the completeness or quality of the information.
  • NICOR has the authority to process patient identifiable information for the purpose of auditing, monitoring and analysing patient care and treatment.
  • NICOR has the authority to process patient identifiable information for an authorised user for one or more of the purposes outlined above.


  • NICOR protects this information by using security and confidentiality processes recognised by the community to be more advanced than other national data collection and aggregation initiatives.
  • NICOR stores and analyses the information in a secure environment.
  • Access to this information is restricted to appropriate members of NICOR.
  • NICOR provides regular information governance training to all NICOR staff.
  • NICOR ensures the information collected conforms to the strict rules of confidentiality established by Acts of Parliament, including the Data Protection Act 2018, the NHS Act 2006, the Health and Social Care Act 2001 and the Health and Social Care Act  2008.