Information security

We understand our responsibility to keep information secure. We work hard to protect the information we hold from unauthorised access, alteration or destruction. In particular we:

  • have clear policies and procedures in place regarding information security;
  • review our policies and procedures regularly to guard against unauthorised access;
  • restrict access to personal information to those who need to process it;
  • have contractual confidentiality agreements in place with all those who need to access/process the information; and
  • use robust technical solutions to support secure connections between web browsers and our web servers.

Our policies around information security may be available on request. Please email for details.

Patient identifiable information

Section 251 of the NHS Act 2006 allows the common law duty of confidentiality to be set aside for the collection and use of patient identifiable information. Approval is only given where the work aims to improve patient care and is in the public interest.

The work we do at ICNARC has been approved and our approval is reviewed annually. It is reviewed by the Confidentiality Advisory Group, within the Health Research Authority. Part of the approval process is focused on the security of the information collected.


National Data Opt-Out (NDOO)

Both the Case Mix Programme (CMP) and the National Cardiac Arrest Audit (NCAAhave been granted exemption from the NDOO by the Secretary of State following advice from the Confidentiality Advisory Group (CAG). Please see the NHS Digital website here for confirmation.

This means that CMP units and NCAA hospitals can submit data for all patients, regardless of NDOO status.


Copyright © 2024 ICNARC