Keeping your data safe
We follow best practices to keep your information secure and confidential.
We follow the data security standards set down by NHS Digital
Each year the IBD Registry completes NHS Digital’s Data Security and Protection Toolkit. This enables relevant organisations to measure their performance against the data security and information governance requirements mandated by the Department of Health and Social Care.
We are formally assessed by NHS Digital on these data security standards every year.
You can see our assessment results at NHS Digital (our number is 8JX66).
We set out clear rules and procedures on how we handle information
We have an overarching Information Governance Framework, under which there is a set of policies which includes data security, data protection and confidentiality.
We also have careful policies to govern in what circumstances we can share data, who we can share data with, and what types of data can be shared.
There is an annual review of our data security and protection procedures that reinforce these policies to ensure the Registry runs smoothly and securely.
We follow best technical practice in how we handle information
We keep data in a secure data centre – also used by some NHS organisations – it is both physically secure against intruders, and electronically secure against hackers. It is completely separate from our office IT systems, so that if (in the worst case) we suffer an intrusion, there is no connecting route to your data.
We are very careful about which staff members can access what types of data. Staff will only see your personal details if their job role requires it
We train our staff carefully, so they know what they need to do to keep information safe. We update their training and assess them every year.
We conduct our analysis on a de-identified form of your data (where your personal identifying details have been removed)
We design data protection in from the start
We undertake Data Protection Impact Assessments (DPIAs) to ensure we build in data protection from the very start of any new project or significant changes. View a list of our DPIAs completed for approved projects here.