Data Security Guidelines for Cancer Registries

NPCR programs are subject to guidelines from policies and procedures for data security established by leading organizations in the central cancer registry and health care fields. These standards are outlined in the sections below.

Factors that have brought data security issues to the forefront include—

• Growing global concerns over privacy.
• High-profile thefts of National Institutes of Health (NIH) and U.S. Department of Veterans Affairs (VA) laptops containing databases of patient identifiers.
• Improved technology that allows for real-time encryption (encryption on the fly).

NAACCR Data Security Standards for Cancer Registries

The North American Association for Central Cancer Registries (NAACCR) provides central registry structural requirements, process standards, and outcome measures for access to source data and completeness of reporting, data quality, data analysis and reporting, and data management. NAACCR’s Standards for Completeness, Quality, Analysis, Management, Security, and Confidentiality of Data discusses reporting, data quality, data analysis and reporting, and data management.

NAACCR prepared its Standards for Cancer Registries volumes to develop and promote uniform data standards for all NAACCR members. These publications compile consensus standards among the North American cancer registry community as represented by NAACCR membership. The purpose of these standards is to increase the quality, comparability, and utility of cancer incidence data in North America.

NAACCR holds its member registries responsible for guarding data from unauthorized access and release. Each central cancer registry’s director has the ultimate responsibility for data security at the registry. These responsibilities are described in Standards for Cancer Registries Vol. III, chapter 6, “Security and Confidentiality.” Topics include—

• Structural requirements.
• Registry policies and procedures.
• Data use and release.
• Information technology policies and procedures.
• Disaster recovery.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) Administration Simplification provision provides standards for the protection and privacy of customer health data. The standards are meant to improve the efficiency and effectiveness of the nation’s health care system by encouraging the widespread use of electronic data interchange.

HHS

The U.S. Department of Health and Human Services (HHS) provides guidance on technologies and methods to protect data. The Security Rule Guidance Material Web site from HHS provides HIPAA Security Guidance and other sources of standards for safeguarding electronic protected health information (e-PHI).