Information security

We understand our responsibility to keep information secure. We work hard to protect the information we hold from unauthorised access, alteration or destruction. In particular we:

  • have clear policies and procedures in place regarding information security;
  • review our policies and procedures regularly to guard against unauthorised access;
  • restrict access to personal information to those who need to process it;
  • have contractual confidentiality agreements in place with all those who need to access/process the information; and
  • use robust technical solutions to support secure connections between web browsers and our web servers.

Patient identifiable information

Section 251 of the NHS Act 2006 allows the common law duty of confidentiality to be set aside for the collection and use of patient identifiable information. Approval is only given where the work aims to improve patient care and is in the public interest.

The work we do at ICNARC has been approved and our approval is reviewed annually. It is reviewed by the Confidentiality Advisory Group, within the Health Research Authority. Part of the approval process is focused on the security of the information collected.