In this section

About patient data in our cancer research

About patient data protection for:

We undertake research with a focus on screening, prevention and diagnosis of gastrointestinal cancers such as bowel cancer, gastric cancer and oesophageal cancer.

How patient data in our cancer research helps save lives

Our research aims to provide high quality evidence to improve NHS cancer screening and early detection and to inform UK government health policy. To achieve this aim, we carry out UK-wide clinical trials and studies to find out ways to reduce the numbers of people being diagnosed with and dying from gastrointestinal cancer.

Using statistics we look for trends in the research data. Spotting trends can help improve our ability to prevent people developing gastrointestinal cancer, and improve survival for people diagnosed with this disease.

What personal data, pseudonymised data and anonymised data mean

Personal data

The Information Commissioner’s Office (ICO) defines personal data as: “any information relating to an identifiable natural person (data subject) who can be directly or indirectly identified in particular by reference to an identifier”.

Personal data is anything that can identify a person, which is why it is also known as “identifiable data”. A direct identifier is something that can clearly identify someone, such as name such as their name or photo. Indirect identifiers don’t identify someone immediately but could allow them to be identified, such as their address, national insurance number, passport number, IP address, voter registration and so on. Some indirect identifiers on their own, such as date of birth, gender, race, place of employment or school, may not identify a person, but if combined together could.

In the field of medical research, some commonly encountered identifiers, in addition to name and address, are NHS number, date of birth and date of death. Certain medical conditions could also be considered identifiers, if they are very rare.

Pseudonymised data

Also known as “de-identification”, pseudonymisation is the process of separating data from direct identifiers so that discovering the identity of an individual is not possible without additional information. We do this with an artificially created identifier that we refer to as a “study number”. The resulting dataset is called “pseudonymised” or “de-identified” data.

When our data is pseudonymised, we do not hold patient identifiers; we only hold the clinical data needed for our research (e.g. symptoms, diagnoses, clinical examinations, outcomes, cancers and mortality information) and the study number of the individual. This makes the pseudonymised data held by the CSPRG effectively anonymous to our research team. The identifiable data (e.g. name, NHS number, address) and study number may be held by our data providers such as NHS hospitals responsible for the individual’s care, NHS England and the National Cancer Registration and Analysis Service.

The GDPR considers pseudonymisation to be one of several privacy-enhancing techniques that can be used to reduce the risk of re-identification. Although pseudonymised data may be hard to re-identify, it is still personal data and so not exempt from the GDPR.

Anonymised data

Anonymised data is data that cannot be used to identify individuals. It is not linked to any individual, not even by study number. Personal data that has been anonymised is no longer considered personal data by the GDPR.

Special category data

According to the ICO, “The UK GDPR singles out some types of personal data as likely to be more sensitive, and gives them extra protection”.

Special categories of personal data under the GDPR data include political opinions, religious beliefs, trade union membership, genetic data, biometric data, data concerning health, and data concerning a person’s sex life or sexual orientation.

As a medical research group, much of the data we hold is data concerning health and so classed as special category data.

Personal data and the UK General Data Protection Regulation (GDPR)

The GDPR applies when dealing with “personal data”. If data is considered personal then the GDPR places specific legal obligations on the controller of that data. If data is not personal (i.e. if it never related to a person or if it has since been anonymised) then the GDPR does not apply.

Protecting your privacy in our published research findings

All our research analyses are conducted using de-identified (pseudonymised) or anonymised information (without identifiable data). Our findings are reported as aggregated (grouped) data, so no patients will be identifiable from any of our published research findings. Our research never report on individual cases.

Information we may hold about you and your options if you wish to opt out of our cancer research

If you have taken part in the NHS Bowel Cancer Screening Programme, visited your GP with symptoms suggestive of bowel cancer, consented to participate in one of our studies, visited a hospital with symptoms related to bowel cancer, or had bowel cancer treatment on the NHS, we may hold some information about you.

Please look at our individual Studies pages under sections ‘When and where did the study take place’ and ‘Who is/was included in the study’ to assess whether we may have collected your information for any of our studies.

If we received only pseudonymised or anonymised information about you, we cannot identify you from this data. This page and our Studies pages list our data providers so you can approach them directly to find out whether we hold data about you.

You have the right to access the personal data we hold about you. See the ICO website for your rights on Subject Access Request. If you wish to write to us, our contact details can be found on our Contact us page.

If your information has been used in any of our studies and we can identify you from the data we hold about you, you have the right to refuse or withdraw consent to sharing your information anytime. There are possible consequences to our research if you do not share your information, but these will be fully explained to you to help you with making your decision. You can opt out at any time by contacting us.

Please note that your usual statutory rights to access, change or move your information could be limited by exceptions applicable to some types of research, and also because we need to manage your information in specific, lawful ways in order for the research to be reliable and accurate. If you withdraw from a study, we will keep the information about you that we have already obtained. To safeguard your rights, we will use the minimum personally-identifiable information possible.

How we keep your data secure

We take our role as guardians of patient data extremely seriously. The CSPRG is part of Imperial College London and we comply with the university’s Data Protection Policy.

The objectives of the policy are to protect the personal information processed by or disclosed to staff of Imperial College London or other authorised persons, ensuring its confidentiality, integrity and availability by processing it in accordance with current legislation.

As an organisation which processes personal data, Imperial College London is required to report to the Information Commissioner’s Office (the body that upholds information rights) certain types of personal data breaches within 72 hours. Imperial College London’s registration number is Z5940050 and can be searched on the Information Commissioner’s Office website.

We have administrative, technical and physical safeguards in place to ensure that the data we hold on study participants are held and processed securely. We continuously monitor and improve our Information Governance arrangements to minimise any security risk for our data. Our staff receive regular training on data handling, data confidentiality and Information Governance. As a result of the data handling and IT security measures we have put in place, we have been granted an NHS Data Security and Protection Toolkit by NHS England (see details below).

The NHS Data Security and Protection Toolkit

As our research involves NHS patient data we must demonstrate that we handle this sensitive information in accordance with the Department of Health and Social Care’s stringent requirements.

Every year we carry out a comprehensive assessment of how we handle the sensitive information we use for our research with NHS England’s Data Security and Protection Toolkit. The Data Security and Protection Toolkit helps organisations like us check that we practise good data security and handle personal information correctly.

Our Toolkit has been assessed by NHS England and been found to satisfactorily meet requirements.

Permissions we need to collect patient data for our research

Ethics approval

All research involving human participants in the UK, whether in the NHS or the private sector, must be approved by an independent research ethics committee. These committees protect the rights and interests of the people who will be the subject of the research study. Before we conduct any research, we submit a detailed plan of our proposed research (protocol) to a recognised research ethics committee. We cannot begin our studies until the appropriate ethics committee(s) have reviewed and approved it. The ethics committees that review clinical trials in the NHS are part of the Health Research Authority’s National Research Ethics Service (NRES). NRES publishes plain-language summaries of clinical trials so that the research is accessible to anyone who is interested.

Research and development (R&D) approval

For any research that involves NHS hospital patients, we have to obtain permission from NHS Trusts to collect and use data from their patients. The Research and Development (R&D) Office(s) at each NHS Trust assesses the study carefully before approving it. All NHS organisations are required to give permission before research can begin within their organisation (this is in addition to ethical approval). Without this approval, indemnity/insurance cannot be assumed to be in place to cover the proposed research activity.

See more details about R&D approval on the Health Research Authority website.

Section 251 approval

In some circumstances informed consent for a research study cannot be obtained, and anonymised or de-identified (pseudonymised) data are not sufficient to answer the research question(s). In these circumstances, and if research is deemed to be in the interests of patients or the wider public, permission to use identifiable data can be sought from bodies with legal responsibility for the protection of the interests of patients and the public in health research. In England and Wales, approval is obtained from the Confidentiality Advisory Group (CAG) of the Health Research Authority under Section 251 of the National Health Service Act 2006. The ‘Section 251 agreement’ (previously Section 60 of the Health and Social Care Act 2001 as re-enacted by Section 251 of the NHS Act 2006) allows the Secretary of State for Health to make regulations to set aside the common law duty of confidentiality for defined medical purposes. In Scotland, approval can be sought from Caldicott Guardians and in Northern Ireland from Medical Directors.

We are also required to comply with the Data Protection Act 2018, the General Data Protection Regulations and other relevant standards about how data must be processed. Further details can be found on the Information Commissioner’s Office website and throughout this page.

Public Benefit and Privacy Panel for Health and Social Care

In Scotland, a single application and scrutiny process for uses of health data is operated by the Public Benefit and Privacy Panel for Health and Social Care.

We may need to collect a patient’s data from different sources

In some cases, our research may require us to collect additional patient data for the following reasons:

To provide supplementary data that we may not have been able to obtain during the initial data collection stage because it was not available at that time.
For validation of the quality of datasets i.e. to ensure that datasets are consistent and accurate, usually by cross-checking data from different sources.
To enable research that follows the health outcomes of individuals over extended periods of time. For example, for the UK Flexible Sigmoidoscopy Screening Trial (UKFSST), for which recruitment and screening started in November 1994 and was completed in March 1999, we are still collecting data for the purposes of this study to understand the duration of the protective effect of flexible sigmoidoscopy for bowel cancer screening.
To collect information on cancer diagnoses and deaths over the long term and combine this with clinical data collected from our studies. This enables us to use statistical methods to improve our understanding of bowel cancer prevention, screening and treatment strategies, which will help improve bowel cancer survival.

Who provide us with UK patient data

Many of our studies collect data directly from patients who volunteer to take part in our research.

There are also special government agencies/data repositories in the UK that hold patient information that we apply to for additional health data for our research. We apply to each agency separately and comply with their data protection and information security rules and requirements in order to gain permission to obtain this information. In addition to this, in many cases, we have to submit annual reports to the agencies to show that we are complying with all their requirements. Some of the data repositories/agencies we use are listed below.

NHS England

NHS England governs and manages access to all NHS health and social care data for patients in England, Wales and Northern Ireland through its Data Access Request Service (DARS).

Examples of data we obtain from DARS include: National Cancer Registry diagnosis/treatment data, mortality (cancer deaths) data, and NHS Bowel Cancer Screening Programme (BCSP) data.

We comply with the Data Security and Protection Toolkit required by NHS England, which is a detailed assessment to ensure that we follow strict Information Governance policies and standards to ensure the confidentiality of the patient data held by us.

NHS Scotland

Health data for patients in Scotland is provided by NHS Scotland. Access to this information is governed by its Public Benefit and Privacy Panel for Health and Social Care (HSC-PBPP) patient advocacy panel. The panel scrutinises all applications for access to NHS Scotland health data for non-direct care, such as for research purpose.

Welsh Cancer Intelligence and Surveillance Unit

The Welsh Cancer Intelligence & Surveillance Unit (WCISU) is the National Cancer Registry for Wales and its primary role is to record, store and report on all incidence of cancer for the resident population of Wales wherever they are treated. Applications to access Welsh patient cancer data is done through WCISU.

Who we might share personal data with

The data we hold are only shared when we have received permission to do so as part of the approvals process for our research studies. Moreover, data collected by the CSPRG are only shared with the following groups, where a clear legal basis for such sharing exists:

Approved collaborators and sub-contractors for specific studies on a need-to-know basis if they have legal contracts with Imperial College London. Wherever possible no patient identifiable data are shared, unless absolutely necessary and where we have the appropriate approvals in place to do so.
Organisations such as NHS England, Cancer Registries and GPs to obtain additional data for research. These organisations already hold the patient identifiable information which they obtain from the NHS and other sources. We sometimes provide them with a list of patients taking part in a particular study and ask them to match our study participants to their data so that they can supply us with follow-up data that are required for our research. For example, we supplied NHS England details of individuals in our UKFSST study to determine who has been diagnosed with colorectal cancer.
It may also be a requirement of some funders (e.g. Cancer Research UK) to make data available to legitimate access requests for secondary academic research. Our NHS Data Security and Protection Toolkit and Information Governance Policy ensure that we have processes in place to manage data access requests and the secure transfer and storage of data where requests are granted, and in compliance with the UK Data Protection Act 2018 and UK GDPR. If an application for access is approved and it is in compliance with all data sharing restrictions mandated by the Research Ethics Committee, Health Research Authority (HRA) and HRA Confidentiality Advisory Group (HRA-CAG), as well as any formal data sharing agreements with other data providers (e.g. NHS England), we would share only de-identified/anonymised data.

The legal contracts with collaborators ensure that the shared data is held and processed securely and no further sharing is allowed without our permission or knowledge.