The safety and protection of the UK population’s personal information or data is enshrined in UK law. As such, the Cancer Screening and Prevention Research Group (CSPRG) at Imperial College London is governed by all relevant UK legislation on keeping personal data safe. The CSPRG also adheres to all Imperial policies and best practice on information security and data protection, and implements additional group policies for the safe use and storage of all patient and public health data gathered for our cancer research studies.
Privacy and data protection information about the FIT for Follow-Up study
The Cancer Screening and Prevention Research Group (CSPRG) at Imperial College London processed special category personal data for the FIT for Follow-Up study. The special category personal data used in this study are crucial to the success of this project, and the public good generally.
Imperial College London (the data controller for data processed by the CSPRG, see above) was the recipient of data for the FIT for Follow-Up study. The special category personal data for the FIT for Follow-Up study was transferred to the CSPRG from four sources, given below.
Who we received data from
NHS England (formerly NHS Digital) collect and process data from across the health and social care system in England. NHS England provided data about the timings and outcome of colonoscopies and other surveillance to the CSPRG. NHS England obtained this colonoscopy data from the Bowel Cancer Screening Programme (BCSP).
The BCSP provided some data directly to the CSPRG, this included: patient information (such as names and sex), the results of FITs and data about the incidence and progression of cancer. The cancer incidence and progression data were provided to the BCSP by the National Cancer Registration and Analysis Service, which is part of the UK Health Security Agency (formerly Public Health England).
- Patients
Participating patients also provided some information directly to the CSPRG by returning questionnaires.
Pseudonymised questionnaire data was transferred out of the CSPRG to collaborators in the Department of Behavioural Science and Health at University College London (UCL). Pseudonymised data are personal data that can no longer be attributed to a specific individual without additional information. In our case, questionnaire data was transferred with identifiable data (such as names and NHS numbers) removed. The data cannot be linked to specific individuals by our collaborators at UCL.
- University of Southampton
In conjunction with the University of Southampton, the CSPRG developed a Patient Management System to securely store and organise patient data for the FIT for Follow-Up study. The Patient Management System was used to store patient information, organise the timely distribution of FIT kits and store the results of the FITs. The Patient Management System was accessible only to specific researchers in the CSPRG. The University of Southampton have now deleted the data from their system, specifically all data stored in the FIT for Follow-Up Patient Management System or otherwise held by the Clinical Informatics Research Unit at the University of Southampton was deleted and they no longer hold data for the FIT for Follow-Up study. The University of Southampton have completed, signed and returned a CSPRG data destruction notice, confirming the date and method of destruction.
No other data was transferred out of the CSPRG.
What type of information do we hold for the FIT for Follow-Up study?
We invited approximately 8,000 eligible people from across England to participate in this study between 2012 and 2014 and approximately 6,000 took part. If you received an invitation to participate in the study, your details were kept on a list of invited participants for the FIT for Follow-Up study that is held by the NHS Bowel Cancer Screening Programme. If you decided to participate and returned a consent form, your identifiable details will have been passed to the CSPRG and your data will have been used in the study.
We hold identifiable information (including name, address and date of birth) and clinical information relating to bowel tests during the time period of the study.
Why do we need to hold identifiable data for this study?
We needed to use identifiable information for this study to contact participants by mail throughout the study, and we needed to request data on follow-up colonoscopies from the local bowel cancer screening centres.
We hold this data for scientific research in the public’s interest.
What approvals has this study received?
Everyone who took part in this study consented to be involved.
We also received permission to carry out this trial from several organisations who protect NHS patients and their data. This study received:
- Ethics approval from the NHS Research Ethics Service (NRES) London – City and East committee.
- Section 251 approval from the Healthy Research Authority (HRA) Confidentiality Advisory Group (CAG), formerly known as the National Information Governance Board (NIGB) Ethics and Confidentiality Committee. Section 251 of the NHS Act 2006 is a legal term that temporarily allows the sharing of confidential information for medical purposes. Section 251 approval is granted only if the sharing of this confidential information is clearly for public benefit, such as for medical research studies.
- Research and development approval from the Royal Surrey County Hospital NHS Trust.
How long we will retain the data
Collection of data from the study participants was completed in 2016. Additional cancer registration data was obtained from Public Health England in 2017. We have funding to continue the study until 2028. It is a requirement of Imperial College London, which is the organisation responsible for this study, that we hold study data for 10 years after the end date. We therefore plan to hold the data for this study until 2038.