Home > Resources > Privacy & Fair Processing Notice

Privacy & Fair Processing Notice

English and Welsh language versions are available to download

What was the aim of the National Audit of Breast Cancer in Older Patients?
This audit was commissioned to evaluate the quality of care provided to women aged 70 years or older by breast cancer services in England and Wales. It explored why older women with breast cancer appear to have worse outcomes than younger women and investigated apparent differences in the patterns of care delivered to older women. The Audit examined the care pathway from initial diagnosis to the end of primary treatment, and compared patterns of breast cancer care observed for women aged 70 years and over with those among women diagnosed aged 50-69 years. From October 2022, the NABCOP is being expanded on by two new breast cancer audits.

Where was patient data collected from?
The NABCOP used existing sources of patient data collected by national organisations. No new data was required to be collected from individual patients or clinical staff. The main sources of data were the national Cancer Registration datasets in England and Wales.
The national Cancer Registration Services collect a limited amount of information on all people diagnosed with cancer. This includes information about the type of cancer and the treatments received, and the information is supplied by the medical staff involved in delivering care.
The information from the Cancer Registration Services was linked to other routine hospital datasets to provide some additional detail about surgical treatments (English hospitals use the Hospital Episode Statistics and Welsh hospitals use the Patient Episode Data for Wales). The information also included data from the Office for National Statistics (ONS) on the dates of death so that the audit could examine duration of survival after cancer diagnosis. The linkage of data from these different sources was undertaken by the Cancer Registration Services.
Information supplied to the Audit by the Cancer Registration Services was anonymised. Common health care identifiers such as NHS numbers or other potentially sensitive information that might identify individuals (such as postcode and date of birth) were not included in the supplied data. Data were converted into formats that reduce the risk of identification. For example, date of birth was converted to age at admission. The National Cancer Registration Services, together with the Healthcare Quality Improvement Partnership and NHS England, were the joint data controllers for the England NABCOP data.

Data Controller
The NABCOP was commissioned by the Healthcare Quality Improvement Partnership (HQIP) on behalf of NHS England and the Welsh Assembly Government, as part of the National Clinical Audit and Patient Outcomes Programme. HQIP were the data controller for the linked de-identified dataset that was supplied to the NABCOP Project Team for analysis. HQIP were joint controllers with NHS England for the England NABCOP data.
The NABCOP team combined the data on individuals with other information held in other national hospital databases. This is detailed in the NABCOP data flow diagram.
The data controllers for the individual national datasets were:
• Public Health England for the cancer information on English patients
• Wales Cancer Network for the cancer information on Welsh patients
• Office for National Statistics for the death register
• Public Health England for the data on chemotherapy and radiotherapy
• NHS Digital for the English hospital data (Hospital Episode Statistics, HES)

Legal basis for processing personal data
The NABCOP had approval for processing health care information under Section 251 (reference number: 16/CAG/0079) for all patients over the age of 50 diagnosed with breast cancer in England and Wales. More information on section 251 is available here: http://www.hra.nhs.uk/about-the-hra/our-committees/section-251/what-is-section-251/

Patient confidentiality and level of data collected
The patient-level information received and managed by the NABCOP team was treated as confidential. We analysed the data to produce the information on patient care and outcomes, the NABCOP team used de-identified data and so individual patients were not identifiable.
The audit was also careful when publishing information to include graphs or tables that did not allow individuals to be identified. To ensure this, the Audit followed guidelines on publishing statistics issued by the Office for National Statistics – Review of the Dissemination of Health Statistics: Confidentiality Guidance.

Management of patient data by the NABCOP team
The NABCOP team was based at the Royal College of Surgeons of England (RCS). The RCS conforms to the General Data Protection Regulation (GDPR) and other legislation that relates to the collection and use of patient data. The RCS has strict security measures in place to safeguard the use and storage of de-identified patient-level information, which is handled in accordance with the GDPR. All de-identified data extracts are stored on a password protected encrypted server at the RCS with restricted access to named analysts in the audit project teams.

Who did we share data with?
The NABCOP only shared patient-level data following a strict governance procedure to ensure compliance with the General Data Protection Regulation (GDPR).
Researchers could apply to the NABCOP Data Controller (HQIP and NHSE for England) if they wanted to use the patient data for a research study. These requests underwent a stringent approvals process as outlined by HQIP.

What if I did not want my information used by the Audit?
The National Cancer Registration and Analysis Service (NCRAS) in England and the Wales Cancer Network were allowed to collect data on patients diagnosed with cancer. Information about how patients can opt-out of data collection is provided.
NHS Digital also provides information on patient opt-out of sharing their personal confidential health and social care data.

Changes to our privacy policy
We keep our privacy policy under regular review and we will always include the latest version on this web page.
The privacy policy was last updated on 23/09/2020.

How to contact us
Please contact us if you have any questions about our privacy policy or information we hold about you.
Information about the requirements for the Audit to keep personal data secure and what to do to report a data breach, can be found on the website of the Information Commissioners Office: https://ico.org.uk

Download a copy of the NABCOP Privacy & Fair Processing Notice (English)

Archwiliad Cenedlaethol o Ganser y Fron mewn Cleifion Hŷn (NABCOP) Hysbysiad Preifatrwydd a Phrosesu Teg

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
X-Mapping-fjhppofk	session	This cookie is used for load balancing purposes. The cookie does not store any personally identifiable data.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Cookie	Duration	Description
_ce.cch	1 second	Installed by Crazy Egg - Used to check if cookies can be added.
_ce.s	1 year	Installed by Crazy Egg - Track a recording visitor session unique ID, tracking host and start time
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat	1 minute	This cookie is installed by Google Universal Analytics to restrain request rate and thus limit the collection of data on high traffic sites.
_gat_gtag_UA_82043318_1	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
cebs	session	Installed by Crazy Egg - Used to track the current user session internally.
cebsp	session	Installed by Crazy Egg - Used to determine if a survey should be shown.