NICOR news

CRM Audit Annual Report for 2013-14 now available

The 9th annual report of the National Audit of Cardiac Rhythm Management (CRM) Devices was published on 19 December 2014. More...

MINAP annual report 2014

HEART ATTACK CARE – Mortality rates for STEMI fall by a third over 10 years as More...

National Audit of Percutaneous Coronary Interventions (NAPCI) 2014 Annual Public Report 

The NAPCI assesses the process of PCI care and speed of the PCI delivery as well as the patient outcomes for example complication rates, or mortality.  Annually the audit publishes its results on the British Cardiovascular Intervention Society website supplemented by the lay summary of the findings – the latter being published today. More...

NICOR's statistical response to Nick Black's report into the review of data validation and statistical processes for consultant outcomes publication 2014.

As part of NHS England's consultant outcomes publication (COP), Professor Nick Black was asked to review the National Adult Cardiac Surgery Audit (NACSA) and provide assurance the data were fit for purpose and publication. More...

2014 Consultant Outcomes Publication 

MY NHS - NHS Choices has today published the consultant outcomes data for both the National Audit of Percutaneous Coronary Intervention (NAPCI) and the National Adult Cardiac Surgery Audit (NACSA).  More...

Data management 

NICOR security only allows access to authorised users


NICOR data collection system

NICOR uses IBM Lotus Notes® and IBM Lotus Domino® in its software infrastructure. Users of the system connect to the data collection system via the N3 net (a private data network which provides the entire NHS with fast broadband networking services) or the internet via an internet service provider through Port: 1352.

Each hospital user can access the NICOR data collection system and has the ability to create a locally encrypted replica of the database; response times are not subject to local network performance. This replication occurs automatically every time the local replica is opened or closed.

Opening a database allows users to see all the documents they are authorised to, create new documents, or edit existing information. Once data has been entered it is synchronised with the central system, it is then analysed to provide feedback, and subsequently reported back to the user.


NICOR has designed security mechanisms that allow only authorised users to access information on the NICOR data collection and reporting system. Users are only able to see records submitted by their own organisation and published information contains only comparative analysis figures.

Several levels of security are built into the system:

  • ID security: each audit database is accessed through an IBM Lotus Notes® ID, the ID can be set to expire or have its access terminated, preventing unauthorised users from accessing the system. A complex password is required to access the IBM Lotus Notes® ID  and the password can be set to expire after a given period, forcing the user to change it regularly.
  • Server security: the central (server-based) audit application database replicas are protected by server security, preventing unauthorised access to the database or replication of data to it.
  • Application security: access to the IBM Lotus Notes® database is controlled by a database Access Control List (ACL). This records when users have accessed data. Users and organisations only have access to their own records. Users may be given ‘read only’ or editing rights. Users can only delete records if they have the correct permissions.
  • The application is encrypted, an authorised ID file (and knowledge of its password) must be present on the computer requiring access to the application.
  • All system database accesses are recorded in a system log file that can be audited in the event of suspected security threats or data misuse.

Patient confidentiality

The information recorded and managed by NICOR about patients and the clinical care they have received is confidential. Strict security measures are in place to safeguard patient information. 

NICOR conforms to legislation within Data Protection Act for the collection and use of patient identifiable data. We work with the Confidentiality Advisory Group (CAG) of the NHS Health Research Authority (HRA) and the Care Quality Commission (CQC) and the Healthcare Quality Improvement Partnership (HQIP) to ensure support is provided under section 251 of the NHS Act 2006.

Section 251 of the NHS Act 2006 allows the common law duty of confidentiality to be set aside in specific circumstances where anonymised information is not sufficient and where patient consent is not practicable. All current NICOR audits have section 251 approval.

NICOR does not publish information that can identify individual patients. We maintain the confidentiality and security of patient information in the following ways:

  • Once captured, data is only accessible to people who store the data. Patients can choose to opt-out of the audit, such that their details will not be stored or used for any purpose by the audit.
  • The patient forename and surname are not extracted from the database or used in any analysis.
  • No NHS numbers, or other information that can be used to identify individuals (such as postcode, date of birth, hospital case record number) are included in analyses or reports, or released to third party research groups.
  • To this end, a number of data transformations are in place to reduce the identifiability and sensitivity of data items. For example postcode is converted to deprivation index and date of birth is converted to age at admission.
  • The NHS number is validated and retained as a unique identifier for conducting data linkage to other data sets (e.g. life status information from the Office of National Statistics).
  • All reports are produced at an aggregate level (national, LAT, CCG, Trust, hospital), never at patient level.
  • A statistical risk assessment is completed for each publication of data and small number suppression techniques are used to ensure that analysis is not disclosive. This is in line with ONS guidelines - Review of the Dissemination of Health Statistics: Confidentiality Guidance (PDF).

Page last modified on 09 apr 14 15:31