How data is kept safe

The National Disease Registration Service (NDRS) puts patient security and confidentiality first.   

The information we hold is crucial to improving the way people with cancer, rare diseases or congenital anomalies are diagnosed and treated. But we know that it is also highly sensitive and very personal information. For this reason, security and patient confidentiality are at the forefront of everything we do. 

We have special legal permission to collect data

We have legal permission to collect patient-level data and to use it to protect the health of the population. This permission is given under Section 254 of the Health and Social Care Act 2012 (2012 Act).

This law is in place to enable use of patient information for medical purposes, where it was not possible to use anonymised information and where seeking consent was not practical in terms of the cost and technology available. 

Patient information can only be used to improve the public’s health.

How we keep data safe

We apply the strongest form of encryption to the data we hold. Data about an individual’s health is highly sensitive, and so great care is taken over the way it is collected, stored and analysed. We have a duty to the National Data Guardian to make sure all sensitive data is strongly encrypted and stored on NHS compliant secure servers.

Everyone working with patient data is trained in information governance and follows strict rules to make sure patient information stays safe.

You can opt-out of disease registration

If you do not want us to hold or use your information, you can opt-out. 

Find out how to opt-out of disease registration here.

Webpage last updated: October 2021