Patient data

Our Data Protection and Privacy Notice

Privacy Notice

In order to conduct our research Imperial College London is the data controller for personal information from health care records (also known as ‘special category’ data). We either obtain this data directly from NHS Trusts or via third parties such as NHS Digital, the Office for National Statistics, National Cancer Registries (including the Welsh Cancer Intelligence and Surveillance Unit) and Information Services Division Scotland, part of NHS National Services Scotland This means that we are responsible for looking after your information and using it properly. The CSPRG intends to keep special category, personal data for 10 years after our studies finish, as per the Imperial College London data retention guidelines. Imperial College London, UK, is the sponsor for our studies.

Further information on Imperial College London’s retention periods may be found at https://www.imperial.ac.uk/media/imperial-college/administration-and-support-services/records-and-archives/public/RetentionSchedule.pdf.

A link to Imperial College London’s data protection webpage may be found at https://www.imperial.ac.uk/admin-services/legal-services-office/data-protection/. The CSPRG privacy notice, described here, is most applicable to the information provided by CSPRG study participants and therefore takes precedence.

Your rights / GDPR Individual Rights

Your usual statutory rights to access, change or move your information are limited, because of exceptions applicable to some types of research, and also because we need to manage your information in specific, lawful ways in order for the research to be reliable and accurate. To safeguard your rights, we will use the minimum personally-identifiable information possible.

The EU General Data Protection Regulation (GDPR) grants individuals several rights concerning their data:

  • The right to object (to processing of the data)
  • The right to correct (inaccurate or incomplete data)
  • The right to erasure (also known as “the right to be forgotten”)
  • The right to restrict processing (e.g. while the accuracy of the data is contested)
  • The right to portability (to have a copy of any data you have provided to us)
  • The right to access (to have a copy of data we hold about you)
  • The right to withdraw consent (if you have previously consented to take part)

If you think that we might be processing your data and you wish to exercise any of the rights listed above, please get in touch using the details on the Contact Us page.  Though it may not always be possible for us to fulfil your request, we will respond to your query within one month.  For more information on your GDPR rights, please see guidance provided by Information Commissioners Office.

Legal Basis

As a University we use personal data and special categories of personal data to conduct research to improve health, care and services. As a publicly-funded organisation, we must ensure that it is in the public interest when we use personal data and special categories of personal data.  Some of this data is from patients who have completed a consent form.  Where consent could not be sought, approval for obtaining and processing data was provided under section 251 of the National Health Service Act 2006.

Health and care research should be in the public interest, which means that we must demonstrate that our research serves the interests of society. We do this by following the UK Policy Framework for Health and Social Care Research.

Contact us

If you wish to raise a complaint on how we have handled your personal data or if you want to find out more about how we use your information, please contact Imperial College London’s Data Protection Officer via email at dpo@imperial.ac.uk, via telephone on 020 7594 3502 or via post at Imperial College London, Data Protection Officer, Faculty Building Level 4, London SW7 2AZ.

If you are not satisfied with our response or believe we are processing your personal data in a way that is not lawful you can complain to the Information Commissioner’s Office (ICO). The ICO does recommend that you seek to resolve matters with the data controller (us) first before involving the regulator.

What do we do with the data we hold for the purposes of our research studies?

We undertake research with a focus on screening, prevention and diagnosis of bowel cancer. We aim to provide high quality evidence to underpin health policy changes. To achieve this aim, we have carried out, or are carrying out, a number of UK-wide clinical trials which are testing ways to reduce the numbers of people being diagnosed with, and dying from, bowel cancer.

Our team uses statistical methods to look for trends in the data which will help improve our ability to prevent people developing bowel cancer, as well as improving survival if someone is diagnosed with this disease.

What are anonymised, pseudonymised and identifiable personal data?

The GDPR applies when dealing with “personal data”. If data is considered personal then the GDPR places specific legal obligations on the controller of that data. If data is not personal (i.e. if it never related to a person or if it has since been anonymised) then the GDPR does not apply.

Personal Data
Also known as “identifiable data”. According to the Information Commissioner’s Office (ICO), this is “any information relating to an identifiable natural person (data subject) who can be directly or indirectly identified in particular by reference to an identifier”.

This definition provides for a wide range of personal identifiers to constitute personal data, including name, address, identification number, location data or online identifier.

In the field of medical research, some commonly encountered identifiers, in addition to name and address, are; nhs number, date of birth and date of death. Certain medical conditions could also be considered identifiers, if they are very rare.

Pseudonymised Data
Also known as “de-identification”, pseudonymisation is the process of separating data from direct identifiers so that discovering the identity of an individual is not possible without additional data. We do this with an artificially created identifier that we refer to as a “study number”. The resulting dataset is called “pseudonymised” or “de-identified” data.

When our data is pseudonymised, we do not hold patient identifiers; we only hold the clinical data needed for our research (e.g. symptoms, diagnoses, clinical examinations, outcomes, cancers and mortality information) and the study number of the individual. This makes the pseudonymised data held by the CSPRG effectively anonymous to our research team. The identifiable data (e.g. name, NHS number, address) and study number may be held by our data providers such as NHS hospitals responsible for the individual’s care, NHS Digital and the National Cancer Registration and Analysis Service.

The GDPR considers pseudonymisation to be one of several privacy-enhancing techniques that can be used to reduce the risk of re-identification. Although pseudonymised data may be hard to re-identify, it is not exempt from the GDPR.

Anonymised data
Anonymised data is data that cannot be used to identify individuals and is not linked to any individual, not even by study number. The GDPR does not apply to anonymised information.

Total anonymisation is an extremely high bar. Therefore, the ICO does not require anonymisation to be perfect but that the risk of re-identification be made remote.

Special Category Data

According to the ICO, “Special category data is personal data which the GDPR says is more sensitive, and so needs more protection. In order to lawfully process special category data, controllers must identify both a lawful basis under Article 6 and a separate condition for processing special category data under Article 9.”

The GDPR lists the special categories of data in Article 9. They include political opinions, religious beliefs, trade union membership, genetic data, biometric data, data concerning health and data concerning a natural person’s sex life or sexual orientation.

As a medical research group, much of the data we hold is special category data.

Statistical analysis and protecting the identity of individuals.

All our statistical analyses are conducted using de-identified (pseudonymised) or anonymised information (without identifiable data). Our research findings never report on individual cases and all findings are reported for aggregated data so no patients will be identifiable from any of our published research findings.

Information we may hold about you and your options if you wish to opt out.

If you have taken part in the NHS Bowel Cancer Screening Programme, visited your GP with symptoms suggestive of bowel cancer, agreed to participate in one of our studies, visited a hospital with symptoms related to bowel cancer or had bowel cancer treatment on the NHS, we may hold some information about you.

Please look at our individual Studies pages under sections ‘When and where did the study take place’ and ‘Who is included in the study’ to assess whether we may have collected your information for any of our studies.

If we only hold pseudonymised or anonymised (explained above) information about you, we cannot identify you from the data that we hold. This page and our Studies pages lists our data providers so you can approach them directly to find out whether we hold data about you.

According to the Data Protection Act 1998, you have the right to make a Subject Access Request to find out what personal data we hold about you. See the ICO website for your rights on Subject Access Request. If you wish to write to us, our contact details can be found here.

If your information has been used in any of our studies and we can identify you from the data we hold about you, you have the right to refuse or withdraw consent to sharing your information at any moment in time. There are possible consequences to our research if you do not share your information, but these will be fully explained to you to help you with making your decision. You can opt out at any time by contacting us and our contact details can be found here.

How securely are the data kept?

We take our role as guardians of individual/patient data extremely seriously. The CSPRG is part of Imperial College London and we comply with our Data Protection Policy.

The objectives of the policy are to protect the personal information processed by or disclosed to staff of the College or other authorised persons, ensuring its confidentiality, integrity and availability by processing it in accordance with current legislation.

As an organisation which processes personal data, Imperial College London is required to notify the Information Commissioner’s Office (the body that upholds information rights) on an annual basis. Imperial College London’s registration number is Z5940050 and can be searched on the Information Commissioner’s website.

We have administrative, technical and physical safeguards in place to ensure that the data we hold on study participants are held and processed securely. We continuously monitor and improve our Information Governance arrangements to minimise any security risk for our data. Our staff receive regular training on data handling, data confidentiality and Information Governance. As a result of the data handling and IT Security measures we have put in place, we have been granted an Information Governance (IG) toolkit by NHS Digital (see details below).

IG toolkit – assessment of our data handling processes.

As our research involves data from NHS patients we must demonstrate that we handle this sensitive information in accordance with the Department of Health’s stringent requirements. We have carried out an assessment of how we handle the sensitive information we use for our research using the Department of Health’s Information Governance (IG) Toolkit. The aim of the IG toolkit is for an organisation to demonstrate that it can be trusted to keep your data securely and maintain confidentiality. We have met those requirements and our IG toolkit assessment can be found here.

What permissions do we need before we can collect the data we use for our research?

Ethics approval
All research involving human participants in the UK, whether in the NHS or the private sector, must be approved by an independent research ethics committee. These committees protect the rights and interests of the people who will be the subject of the research study. Before we conduct any research, we submit a detailed plan of our proposed research (protocol) to a recognised research ethics committee.  We cannot begin our studies until the appropriate ethics committee(s) have reviewed and approved it. See details here. The ethics committees that review clinical trials in the NHS are part of the Health Research Authority’s National Research Ethics Service (NRES). NRES publishes plain-language summaries of clinical trials so that the research is accessible to anyone who is interested.

Research and development (R&D) approval
For any research that involves NHS patients, we have to obtain permission from NHS Trusts to collect and use data from their patients. The Research and Development (R&D) Office(s) at each NHS Trust assesses the study carefully before approving it. See details here. All NHS organisations are required to give permission before research can begin within their organisation (this is in addition to ethical approval). Without this approval, indemnity/insurance cannot be assumed to be in place to cover the proposed research activity.

Section 251 Approval
In some circumstances informed consent for a research study cannot be obtained, and anonymised or de-identified (pseudonymised) data are not sufficient to answer the research question(s). In these circumstances, and if research is deemed to be in the interests of patients or the wider public, permission to use identifiable data can be exceptionally sought from bodies with legal responsibility for the protection of the interests of patients and the public in health research. In England and Wales, approval is obtained from the Confidentiality Advisory Group (CAG) of the Health Research Authority under Section 251 of the National Health Service Act 2006. The ‘Section 251 agreement’ (previously Section 60 of the Health and Social Care Act 2001 as re-enacted by Section 251 of the NHS Act 2006) allows the Secretary of State for Health to make regulations to set aside the common law duty of confidentiality for defined medical purposes. In Scotland, approval can be sought from Caldicott Guardians and in Northern Ireland from Medical Directors.

We are also required to comply with the Data Protection Act 1998 which requires us to process personal data fairly and lawfully and details can be found here.

Privacy Advisory Committee
In Scotland,  permission from the Privacy Advisory Committee (PAC) is required to approve any information released by the Information Services Division (ISD). From 1st May 2015 a single application and scrutiny process is now operated across Scotland by the newly formed Public Benefit and Privacy Panel for Health and Social Care.

Why do we need to collect additional data from other sources?

In some cases, our research may require us to collect additional data for the following reasons:

  • To provide supplementary data that we may not have been able to obtain during the initial data collection stage because it was not available at that time.
  • For validation of the quality of datasets i.e. to ensure that datasets are consistent and accurate, usually by cross-checking data from different sources.
  • To enable research that follows the health outcomes of individuals over extended periods of time. For example, for the UK Flexible Sigmoidoscopy Trial (UKFSST), for which recruitment and screening started in November 1994 and was completed in March 1999, we are still collecting data for the purposes of this study to understand the duration of the protective effect of screening.
  • To collect information on cancer diagnoses and deaths over the long term and combine this with clinical data collected from our studies. This enables us to use statistical methods to improve our understanding of bowel cancer prevention, screening and treatment strategies, which we anticipate will help improve bowel cancer survival.

Which external agencies/data providers do we use to obtain data?

There are several government agencies/data repositories in the UK that hold patient information that we require for our research. We have to apply to each agency separately and comply with their criteria in order to obtain or hold this information. In addition to this, in many cases, we have to submit annual reviews/assessments to show that we are complying with all the requirements. Some of the data repositories/agencies we use are listed below:

  • Office of National Statistics (ONS) – The ONS collects information on cause of death from civil registration records related to a person’s death taken from the death certificates for all deaths registered in England and Wales. In the past, we obtained information on cancer diagnoses and deaths from the ONS. The CSPRG no longer obtains follow-up data on cancer diagnoses and deaths from the ONS directly, instead getting this data via NHS Digital. All researchers who process this data are required to be ONS Approved Researchers.
  • NHS Digital – We obtain ONS cancer and mortality data through NHS Digital. We comply with the Information Governance (IG) Toolkit required by the NHS Digital, which is a detailed assessment to ensure that we follow strict Information Governance policies and standards to ensure the confidentiality of the data held by us. Our IG Toolkit reference is 8HL46-FOM-CSPRG.
  • Cancer Registries – The National Cancer Registration and Analysis Service (NCRS) registers all cancers and some pre-cancerous lesions diagnosed in England. The Welsh Cancer Intelligence and Surveillance Unit (WCISU) does the same for Wales. We obtain cancer staging information, which is based on the size and/or extent (reach) of the original (primary) tumour, the location of the cancer and whether or not the cancer has spread in the body. This provides very valuable insight for our bowel cancer research.
  • NHS Bowel Cancer Screening Programme (BCSP) – We sometimes request pseudonymised data (no patient identifiers are shared with us) that are collected as part of the Bowel Cancer Screening Programme. We do this because applying our research techniques to the very large numbers of people included in the screening programme helps ensure our results are of high quality. We have to obtain permission from the Office for Data Release (ODR) before doing this. The ODR ensures that all releases are conducted in accordance with the rights of the data subject, the legislative framework (including the principles set out in the GDPR and Data Protection Act 1998) and the seven Caldicott Principles.
  • NHS National Services Scotland (NSS) – Information Services Division (ISD) Scotland is part of NHS National Services Scotland and we obtain the cancers and mortality data that are registered in Scotland for patients who either currently live in Scotland or who previously lived in Scotland. We have to obtain approval from the Public Benefit and Privacy Panel for Health and Social Care (PBPP) before ISD can release any information to us.
  • NHS Central Register (NHSCR) – The National Health Service Central Register (NHSCR) exists mainly to allow the smooth transfer of patients who move between Health Board areas (or across borders within the UK). We obtain the cancer and mortality data that are registered in Scotland for patients who either currently live in Scotland or who previously lived in Scotland. It allows us to validate the data provided by the NSS or NHS Digital and obtain cancer or mortality data that may have been missed by other agencies. Before we obtain any data we have to obtain approval from the Public Benefit and Privacy Panel for Health and Social Care (PBPP).

Do we share the personal data we hold and, if yes, with whom do we share it?

The data we hold are only shared when we have received permission to do so as part of the approvals process for our research study. Moreover, data collected by the CSPRG are only shared with the following groups, where a clear legal basis for such sharing exists:

  • Approved collaborators, sub-contractors and joint principal investigators for specific studies on a need to know basis if they have legal contracts with Imperial College London or CSPRG. Wherever possible no patient identifiable data are shared , unless absolutely necessary and where we have the appropriate approvals in place to do so.
  • Organisations such as NHS Digital, Cancer Registries, GPs, etc. to obtain additional data for research. These organisations already hold the patient identifiable information which they obtain from the NHS and other sources. We sometimes provide them with a list of patients taking part in a particular study and ask them to match our study participants to their data so that they can supply us with follow-up data that are required for our research. For example, we supplied NHS Digital details of individuals on our UKFSST study to determine who has been diagnosed with a colorectal cancer.

The legal contracts with collaborators ensure that the shared data is held and processed securely and no further sharing is allowed without our permission or knowledge.