Confidentiality
Research and Information
All of those who request data from the WMCIU must complete an Information Request Form. The purpose of the request must be clear. In particular we need to know: who is requesting data, full details of why the data are required, who will have access to the data (raw and analysed) and to whom the data will be disseminated and in what format.
Identifiable data are those from which a patient can be directly identified (name, address) and also those which could potentially allow the patient to be identified, for example through:
- Patient level data (even if they do not contain obviously identifiable variables, such as names, full postcodes, dates of birth, NHS numbers or hospital numbers)
- Tabular data based on small geographic areas (i.e. smaller than a PCT) with cell counts <5 (or rates/percentages derived from cell counts <5)
- Tabular data containing cells with underlying population denominators <1000
The need for identifiable information must be justified and we have to be certain that non identifiable alternatives cannot be used instead. Wherever possible we look to use alternatives to identifiable data, for example using the WMCIU patient or tumour number instead of name, using PCT instead of postcode and survival time in days instead of dates of diagnosis and death. Identifiable information can only be released in two instances
- To authorised personnel in legitimate organisations for approved purposes.
- If PIAG has granted the release and, in the case of research, Ethical Committee approval has also been provided.
We take great care to ensure that identifiable information is not disclosed. This includes not sending or accepting identifiable patient details via email. Identifiable information is only sent through the post double wrapped and any electronic data are sent password protected. We keep a record as part of an annual review by PIAG of all releases of patient identifiable information.
Back to Confidentiality Main Page |
