From October 2022, the work of the NABCOP has been expanded on by two new national audits of primary breast cancer and metastatic breast cancer in women and men of all ages.

Find out more.

Privacy & Fair Processing Notice

English and Welsh language versions are available to download

What was the aim of the National Audit of Breast Cancer in Older Patients?
This audit was commissioned to evaluate the quality of care provided to women aged 70 years or older by breast cancer services in England and Wales. It explored why older women with breast cancer appear to have worse outcomes than younger women and investigated apparent differences in the patterns of care delivered to older women. The Audit examined the care pathway from initial diagnosis to the end of primary treatment, and compared patterns of breast cancer care observed for women aged 70 years and over with those among women diagnosed aged 50-69 years. From October 2022, the NABCOP is being expanded on by two new breast cancer audits.

Where was patient data collected from?
The NABCOP used existing sources of patient data collected by national organisations. No new data was required to be collected from individual patients or clinical staff. The main sources of data were the national Cancer Registration datasets in England and Wales.
The national Cancer Registration Services collect a limited amount of information on all people diagnosed with cancer. This includes information about the type of cancer and the treatments received, and the information is supplied by the medical staff involved in delivering care.
The information from the Cancer Registration Services was linked to other routine hospital datasets to provide some additional detail about surgical treatments (English hospitals use the Hospital Episode Statistics and Welsh hospitals use the Patient Episode Data for Wales). The information also included data from the Office for National Statistics (ONS) on the dates of death so that the audit could examine duration of survival after cancer diagnosis. The linkage of data from these different sources was undertaken by the Cancer Registration Services.
Information supplied to the Audit by the Cancer Registration Services was anonymised. Common health care identifiers such as NHS numbers or other potentially sensitive information that might identify individuals (such as postcode and date of birth) were not included in the supplied data. Data were converted into formats that reduce the risk of identification. For example, date of birth was converted to age at admission. The National Cancer Registration Services, together with the Healthcare Quality Improvement Partnership and NHS England, were the joint data controllers for the England NABCOP data.

Data Controller
The NABCOP was commissioned by the Healthcare Quality Improvement Partnership (HQIP) on behalf of NHS England and the Welsh Assembly Government, as part of the National Clinical Audit and Patient Outcomes Programme. HQIP were the data controller for the linked de-identified dataset that was supplied to the NABCOP Project Team for analysis. HQIP were joint controllers with NHS England for the England NABCOP data.
The NABCOP team combined the data on individuals with other information held in other national hospital databases. This is detailed in the NABCOP data flow diagram.
The data controllers for the individual national datasets were:
• Public Health England for the cancer information on English patients
• Wales Cancer Network for the cancer information on Welsh patients
• Office for National Statistics for the death register
• Public Health England for the data on chemotherapy and radiotherapy
• NHS Digital for the English hospital data (Hospital Episode Statistics, HES)

Legal basis for processing personal data
The NABCOP had approval for processing health care information under Section 251 (reference number: 16/CAG/0079) for all patients over the age of 50 diagnosed with breast cancer in England and Wales. More information on section 251 is available here:

Patient confidentiality and level of data collected
The patient-level information received and managed by the NABCOP team was treated as confidential. We analysed the data to produce the information on patient care and outcomes, the NABCOP team used de-identified data and so individual patients were not identifiable.
The audit was also careful when publishing information to include graphs or tables that did not allow individuals to be identified. To ensure this, the Audit followed guidelines on publishing statistics issued by the Office for National Statistics – Review of the Dissemination of Health Statistics: Confidentiality Guidance.

Management of patient data by the NABCOP team
The NABCOP team was based at the Royal College of Surgeons of England (RCS). The RCS conforms to the General Data Protection Regulation (GDPR) and other legislation that relates to the collection and use of patient data. The RCS has strict security measures in place to safeguard the use and storage of de-identified patient-level information, which is handled in accordance with the GDPR. All de-identified data extracts are stored on a password protected encrypted server at the RCS with restricted access to named analysts in the audit project teams.

Who did we share data with?
The NABCOP only shared patient-level data following a strict governance procedure to ensure compliance with the General Data Protection Regulation (GDPR).
Researchers could apply to the NABCOP Data Controller (HQIP and NHSE for England) if they wanted to use the patient data for a research study. These requests underwent a stringent approvals process as outlined by HQIP.

What if I did not want my information used by the Audit?
The National Cancer Registration and Analysis Service (NCRAS) in England and the Wales Cancer Network were allowed to collect data on patients diagnosed with cancer. Information about how patients can opt-out of data collection is provided.
NHS Digital also provides information on patient opt-out of sharing their personal confidential health and social care data.

Changes to our privacy policy
We keep our privacy policy under regular review and we will always include the latest version on this web page.
The privacy policy was last updated on 23/09/2020.

How to contact us
Please contact us if you have any questions about our privacy policy or information we hold about you.
Information about the requirements for the Audit to keep personal data secure and what to do to report a data breach, can be found on the website of the Information Commissioners Office:

Download a copy of the NABCOP Privacy & Fair Processing Notice (English)

Archwiliad Cenedlaethol o Ganser y Fron mewn Cleifion Hŷn (NABCOP) Hysbysiad Preifatrwydd a Phrosesu Teg