Data Confidentiality

The work of the NCRAS requires the use of personal and sensitive information about cancer patients and their treatment. Wherever possible this information is used in an aggregated or anonymised form but at times it is necessary to use information that identifies individuals. For example, such information is required to:

  • Avoid duplication of records where patients are treated at more than one hospital.
  • Allow linkage between datasets to analyse survival or patterns of care.
  • Perform geographic analyses (for example to investigate 'clusters' of cancer cases).
  • Provide information where people are concerned that their family history may put them at risk of cancer.
  • Recontact patients with new information if previously unknown effects of a therapy are discovered.

Permissions to process identifiable information

Because of the importance of their work, and because asking every cancer patient for their consent to be registered is considered unworkable, the cancer registries in England and Wales are authorised by Parliament to process information about cancer patients without their consent. Patients can opt out at any time..

Release of information

The controls on what data are published or released by PHE are designed to prevent the disclosure of identifiable data into the public domain - no publication should ever allow an individual to be identified unless they have agreed to this. 

Who may access data?

Data are shared between cancer registries and may be released to NHS organisations and healthcare professionals providing care for those patients, or monitoring the quality of cancer service provision. Data are also released for research uses. Whenever it is possible to do so, these data are released in an anonymised form so no one individual can be identified.

In certain circumstances, using anonymised data would not be fit for purpose. Requests to access potentially or explicitly identifiable data are handled by the PHE Office for Data Release (ODR).