We understand our responsibility to keep information secure. We work hard to protect the information we hold from unauthorised access, alteration or destruction. In particular we:
- have clear policies and procedures in place regarding information security;
- review our policies and procedures regularly to guard against unauthorised access;
- restrict access to personal information to those who need to process it;
- have contractual confidentiality agreements in place with all those who need to access/process the information; and
- use robust technical solutions to support secure connections between web browsers and our web servers.
Our policies around information security may be available on request. Please email dpo@icnarc.org for details.
Patient identifiable information
Section 251 of the NHS Act 2006 allows the common law duty of confidentiality to be set aside for the collection and use of patient identifiable information. Approval is only given where the work aims to improve patient care and is in the public interest.
The work we do at ICNARC has been approved and our approval is reviewed annually. It is reviewed by the Confidentiality Advisory Group, within the Health Research Authority. Part of the approval process is focused on the security of the information collected.
National Data Opt-Out (NDOO)
Both the Case Mix Programme (CMP) and the National Cardiac Arrest Audit (NCAA) have been granted a policy postponement on the NDOO, until we hear the outcome of exemption applications for both national clinical audits from the Confidentiality Advisory Group (CAG). Please see the NHS Digital website here for confirmation.
This means that CMP units and NCAA hospitals can submit data for all patients, regardless of NDOO status.
We will update this page as soon as we have news on whether the CMP and NCAA have been granted full exemption from the NDOO.