Ensuring data confidentiality

What steps do registries take to ensure data confidentiality?

The protection of the data that they collect is extremely important to cancer registries. Every transfer of data to and from cancer registries is strictly controlled, and no breaches of confidentiality have occurred during the 40-year history of the national cancer registration system.

Registries adhere to the requirements of the Data Protection Act 1998 with regard to the receipt, storage and transfer of information relating to individuals. When releasing data to third parties, all UK registries strictly comply with the Approved UKACR Policies on the release of patient-identifiable and potentially identifiable information. Recipients of such data are required to sign a declaration stating that they will protect the information they are entrusted with, use it only for the purpose for which it was supplied and make no attempt to identify information pertaining to particular individuals or to contact individuals. They are also prohibited from presenting any information that may identify an individual. This is also the case with publications produced by cancer registries themselves , which present aggregated data only.

Why do cancer registries need to collect and release patient-identifiable information?

There are instances when the usefulness of cancer registration data would be severely compromised if registries were not allowed to collect and release patient-identifiable information. Specific examples include:

The provision of data to support the evaluation of the effectiveness of cancer screening programmes, where the checking of personal identifiers is required to ensure the accuracy of the link between the information held by the cancer registry and the cancer screening service.
The confirmation of cancer diagnoses in family members to cancer genetic counselling services to help them give someone with a potential familial predisposition to cancer a better understanding of their own risk of developing the disease. Cancer registries do not release information for this purpose without the informed consent of the family member.
The provision of the names of patients to bona fide researchers for detailed research projects investigating the causes of, or outcomes from, specific cancers. To release the information, cancer registries require that such studies are approved by the appropriate multi-centre (or local) research ethics committees and the Ethics and Confidentiality Committee (on behalf of the National Information Governance Board for Health and Social Care (NIGB)). If patients are approached to provide further information (e.g. regarding occupation or lifestyle), this approach will always be via the patient’s general practitioner or hospital consultant, and participation will depend on the patient’s fully informed consent.
The provision of data for geographical studies (e.g. studies of cancer risk in people living near landfill sites), which can only be undertaken if the full postcode is available. Full postcodes are also required to convert historical data to existing boundaries of, for example, regions, health authorities and primary-care organisations.

Although data confidentiality is the responsibility of every individual cancer registry, the UKACR has a coordinating role in ensuring that UK registries are aware of, and comply with, any legislation relating to patient confidentiality.

For further information, please see the data confidentiality and security section of the website.

About Registration

About Us

UK Cancer Registration

Who's online

Ensuring data confidentiality

What steps do registries take to ensure data confidentiality?

Why do cancer registries need to collect and release patient-identifiable information?

Search

Data

Popular Pages

About

Subscribe