Data Security, Privacy and Confidentiality

What about confidentiality?

The NCPR has developed strict policies and procedures to maintain confidentiality in disclosure of data.

If a third party is processing data on behalf of the registry and sponsor, a contractual procedure will be signed between the registry/sponsor and the third party to ensure compliance with above mentioned requirements.

The registry, its staff and its third party vendor will protect the confidentiality of registry data as follows:

	Patient�s medical information obtained by the registry is confidential and disclosure to third parties other than the clinical site providing the data is prohibited
	All electronic data processed by the Registry Coordinating Centre will be identified by patient number only, unless there is a specific need to know the identity of an individual when processing data.
	All confidential electronic data will be protected by using passwords for electronic data, and the electronic data stored in a database located in a highly secured data centre
	All paper copies of data and reports must be stored in a secure archive
	All electronic data transmission should be encrypted before sending. If possible, transmit data though a secure data network
	Only aggregate results will be reported by the registry such that it will not be possible to identify individual subjects.

The registry will institute stringent information security policies and procedures, supported by state of the art data protection technology, which will be in accord with standard disease registration practice, and in compliance with applicable regulatory guidelines.

Security Policy For NCPR-eNCPR Web Application (PDF)