HANA Privacy Notice

HANA Privacy Notice – Data protection and Confidentiality

Version 1.0 21/08/2106

What is the HANA database?

The HANA database is the Head and Neck Audit database in England and Wales for patients diagnosed with head and neck cancers. The information in the database will be used to assess and improve the quality of services and the outcomes achieved by head and neck cancer treatments across the NHS. It will also provide comparative information to patients, commissioners and regulators of healthcare professionals.

What information does it contain?

Each year since 2004, information about newly diagnosed patients has been collected by the medical staff treating head and neck cancers.   The information includes details about the patient, how the tumour was discovered, the medical history of the disease and the patient, the investigations performed, the treatments given and outcomes achieved.   The information importantly also contains the NHS number in order to check the patient’s survival against a national register of births and deaths.   This is a vital piece of information that will help to establish how patient survival is affected by having head and neck cancer, and the way the disease is managed.

What is the legal basis for the HANA database?

HANA data are collected for a “medical purpose”, as defined in the 2006 National Health Service Act Section 251, for the provision of care and treatment and the management of health and social care services.

The data are collected on ALL patients diagnosed with head and neck cancer, with the approval of the Secretary of State under Section 251 of the Data Protection Act.   This approval is reviewed each year and approval sought for the following year.

Who manages the HANA database?

The HANA database is managed by the charity Saving Faces–The Facial Surgery Research Foundation in partnership with the British Association of Head & Neck Oncologists and Dendrite Clinical Systems, our technology partner.

What happens to the data and who can see it?

The data are collected by the doctors, nurses, and hospital staff treating and managing the patient. Hospital computers are used to collect the information, which is collated, checked and approved before being sent to a single secure database server on the NHS network.   During the data transfer from the hospital to the NHS server the information is encrypted (locked) to ensure it cannot be interfered with.  Only an approved member of staff at the hospital can load the data onto the HANA database.   Once the records have been loaded they can be reviewed by authorised staff at the hospital using an approved user account with a secure password.

Hospitals have the option of entering information directly into a secure Web-based HANA database rather than uploading it from their own hospital system.

When the data have been checked and confirmed by the hospital or clinician, the software engineers and data analysts at Dendrite Clinical Systems will download the data to a secure server in Dendrite’s offices. They will produce an annual report under the guidance of the clinicians at Saving Faces and BAHNO.   Some essential data will be shared with the birth and death register in order to confirm the current status of the patient.

The information collected is valuable as it allows clinicians to understand the nature of head and neck cancers, the profile of patients and the results that are being achieved by hospitals around the country.   The data will be analysed by Dendrite Clinical Systems under the guidance of Saving Faces to produce HANA annual reports.   The reports do not contain the details of individual patients or their cancer. They report results for groups of patients. These are broken down by region or hospital, and by other important information that may be related to outcomes such as age, general health status and how early was the tumour discovered.

The reports are used to help commissioners, providers and doctors understand how their practice and outcomes compare to performance in other centres. Non-technical versions of the reports are available for patients and members of the public. HANA head and neck cancer information may also be presented on the NHS choices website. This aims to help members of the public to understand the risks of surgery and the results that local hospitals are achieving.

No data which could identify somebody will be shared with anyone, or used for purposes other than those required to perform the audit and research to determine treatment outcomes. The audit does permit NHS numbers to be shared with the national register of births and deaths in order to verify the survival status of the patients. If the current arrangements for running the audit through Saving Faces end, the HANA data will be deleted or securely transferred to a new provider.

HANA Database Server

The server is hosted on the NHS network (N3) within a data centre in London, by Piksel.   This is a tier four data centre which meets the highest levels of building security.

The service delivery and information governance provided complies with ISO 20000 & ISO 9001 accreditation and the security structure is aligned alongside ISO27001.   The security arrangements are internally audited approximately every three months and externally audited every six months.

All servers have firewall and anti-virus software installed which is configured to use real-time scanning.

Backup Resilience

The data is securely backed-up each day.   All backed up data stored is compressed, de-duplicated and encrypted within a secure off-site vault.

There are two backup vaults, the primary one is hosted locally and is then backed up to a secure secondary off-site vault hosted within a separate datacentre located at Heathrow.

Dendrite Security

Dendrite Clinical Systems is assessed against NHS Information Governance standards, which includes both physical and organisational security measures.    Dendrite’s toolkit assessment score is available on the IG Toolkit website (https://www.igt.hscic.gov.uk/Home.aspx).

The computer software program created by Dendrite that holds the HANA data has been independently tested to ensure that it is not vulnerable to unauthorised access, or internal breaches of security.

Can I ask to see the data that the HANA registry holds about me?

Requests to see what data is held on the HANA database about you may be made through the HANA website.

Further information

Queries should be directed to Saving Faces.