Confidentiality

Confidentiality of data is of great concern to the Georgia Cancer Registry (thereinafter referred to as Registry) and is extremely important to the operation and maintenance of the Registry. The following are critical elements of the Registry's comprehensive confidentiality policies and procedures that relate to research use, reporting, and release of cancer data. Confidentiality policies, pledges, and procedures are required in all phases of the Registry operation to:

• Protect the privacy of the individual cancer patient.
• Protect the privacy of the facilities reporting the case.
• Protect the privacy of the physicians and other providers responsible for the care of the cancer patient.
• Provide public assurance that the data will not be abused.

Since 1989 cancer has been a reportable disease in Georgia and the Registry has been delegated with the responsibility for collecting data on cancer from health care facilities or providers, including but not limited to hospitals, outpatient surgical facilities, laboratories (hospital and free standing), radiation therapy facilities which are independent and/or free standing facilities, nursing homes and hospice facilities not hospital owned or operated, medical oncology facilities and physicians that diagnose or treat cancer patients that include but not limited to Urologists, Dermatologists and Hematologists.

Furthermore, the GCR database under O.C.G.A § 31-12-2(b) protects persons submitting reports or data to the Registry, in good faith, from liability for any civil damages. Refer to Updated Mandate for New Template.pdf for more information.

The Registry defines confidential as all data that identifies patient-specific information. The Registry also treats information that specifically identifies a health care provider or an institution as confidential. Information that characterizes the caseload of a specific institution or health care professional is considered proprietary and confidential.

It is the responsibility of the Registry to protect the data from unauthorized access and release. The Registry maintains the same standards of confidentiality as customarily apply to the physician-patient relationship as well as the confidentiality of medical records. This obligation extends indefinitely, even after the patient is deceased.

The costs of inappropriate release of confidential data are many. Inappropriate release of data could damage an individual whose diagnosis of cancer is made public. In addition, support and cooperation of facilities providing data to the Registry could also be severely compromised. Registry personnel responsible for violating confidentiality policies and procedures will be administratively disciplined up to and including dismissal from employment.

Security of data maintained both on paper and in electronic form are addressed below in this section under the heading Data Security.

Each staff member, as part of his/her employment agreement, reads the GCR Confidentiality Statement.pdf and signs a pledge that confidential information will not be released to unauthorized persons. The pledge remains in effect after cessation of employment. The Registry Director maintains a file of staff members who have signed pledges.

The orientation and training of each new staff member includes instructions concerning the confidentiality of data.

Failure to observe the confidentiality policies will result in firm disciplinary action up to and including dismissal from employment. In extreme circumstances legal action may be warranted against a staff member who fails to comply with the Registry's confidentiality policies.

The Registry Director is responsible for data security.

Registry staff are responsible for the confidentiality of all data encountered during the collection of cancer data.

The following components are required to assure data security in all areas of registry operation:

1. Suitable locks are installed to control access to the Registry and custodial staff are notified of the importance of maintaining a secure environment.
2. Confidential data will not be transmitted from the registry by any means (mail, telephone, electronic, or facsimile) without explicit authority from the Registry Director or a staff member to whom such authority has been delegated. All mail with confidential data must be marked “confidential”.
3. Precautions must be taken, for both physical and electronic security of confidential data sent on electronic media, to include secure packaging and tracking (i.e. using federal express for deliveries to be delivered only to the appropriate person.
4. The use of desktop and notebook computers for the ascertainment and management of confidential data must be controlled by electronic and physical measures to protect the security of the data. These include passwords, screen savers, and whole disk encryption utilizing two-factor authentication.
5. Training and demonstration of computer systems must be performed with separate fictitious and/or anonymous data sets, or when this is not possible (i.e. training registry staff on new procedures, or during data audit for quality assurance), observers are required to sign confidentiality agreements.
6. The physical security of confidential data stored on paper documents, computer printouts, and other media present in the Registry must be ensured. For instance, when reports or computer printouts are no longer necessary, they are disposed of by shedding. Data abstracts are kept secure in a locked room and have limited access by the Registry staff.
7. Confidential documents to be destroyed are kept in a secure environment (i.e. kept in a box labeled “confidential documents to be shredded” and kept in a locked room with limited Registry staff access) until they are shredded.

Computer security safeguards must be followed, including, but not limited to:

• whole disk encryption is required for all desktops and laptops, as are secure passwords (e.g. database content is password protected, password is changed every 90 days).
• all back-ups of registry data must be encrypted.

Release of registry data for clinical purposes, research, and health care planning is central to the purpose of the Registry. The Registry has developed procedures for data release that ensure the maintenance of confidentiality.

For complete case ascertainment, the Registry exchanges confidential data with the other state registries with whom Georgia has reciprocal case-sharing agreements.

The Registry may release limited patient data to providers of health services for that patient. Such data will not include the names of the other health care providers used by the patient.

Individual patient information may also be released in response to a request to provide confidential data for approved research projects where a written agreement specifies and ensures the protection of information identifying any individual patient. Such studies should be approved by the Registry management team and the appropriate Institutional Review Board (IRB).

No information identifying an individual health care provider or facility will be made available except as required by Georgia Law or with written consent of that health care provider or facility.

Copies of specific patient information will not be provided to individuals (patients), except when required by Georgia Law.

Confidential information will not, under any circumstances, be published or made available to the general public.

Inquiries from the press should be referred to the cancer registry director, state epidemiologist, state chronic disease epidemiologist or other persons designated by the Georgia Department of Public Health. Inquiries could be referred to the Georgia Center for Cancer Statistics (GCCS) Director or another member of the staff who has been delegated the authority to respond by emailing gccs@sph.emory.edu . Measures will be taken to eliminate the possible identification of individual patients from data table cells containing very small numbers (i.e. less than five).

Researchers are reminded that all publications resulting from research performed under the National Cancer Institute (NCI), Department of Public Health (DPH), and Centers for Disease Control and Prevention (CDC), or other funded contract shall acknowledge support of the supporting organization.

Any data released or published where it is known that fewer than 90% of the expected cancer cases have been registered should include a qualifier indicating this fact (e.g. Data in this geographic area is less than 90% complete).

Confidential data will never be made available for commercial purposes including but not limited to:

• Businesses that are trying to market a product to cancer patients.
• Health care institutions that are trying to recruit new patients.
• Insurance companies that are trying to determine the status of an individual patient.

The Registry has a data request form GCR Research Agreement.pdf for use by researchers, registry staff, and others. The form serves as internal documentation of data requests, documents all requests for information, assists in the monitoring of staff efforts, and is used to prepare periodic data request summary reports.

Statistical data requests received via the telephone and in writing (such as cancer inquiries from citizens) are processed by the Registry's Program Director. Written documentation of the requested data is prepared for the programming staff. Copies of all correspondence along with a computer output of the data are filed in locked cabinets at the Georgia Department of Public Health to be used for summary tabulations to prepare routine reports.

Reports of summary statistics do not generally raise concerns about confidentiality. However, confidential information may be inadvertently conveyed through summary statistics. The Registry has instituted a policy to suppress the publication of summary statistics in some instances, especially where data are being presented for geographic areas with small populations. For example, the Registry will suppress the reporting of statistical data when there are fewer than five cases reported in a single cell of a table, if a cell of the table represents a combination of variables, such as small geographic area, race, age, and sex, which can inadvertently identify individuals. However, breakdowns by age, sex, and large geographic areas such as the state of Georgia and having cells with less than five cases will not be suppressed.

The Registry uses the following guidelines for controlling access to registry data for research purposes:

Requests for research data should be in writing and include a detailed outline of the proposed research and justification for the need of any confidential data. The Registry management team (i.e. director of the registry, director of the Georgia Center for Cancer Statistics, and the chronic disease chief epidemiologist) and others, who serve in an advisory capacity, review, and approve research requests.

The written proposed research plan will be reviewed by the appropriate registry management team or committee to assess the following:

• Scientific and technical merit of the study
• Type of confidential and/or non-confidential data required
• Adherence to Registry's guidelines on confidentiality
• Approval of the appropriate Institutional Review Board (IRB)
• Credentials of the researcher
• Costs incurred and budget requirements

The investigator should assure that he/she requests consent to conduct this research from each health care facility. In addition, physician consent should be obtained for each case to be contacted and consent should be obtained from each patient (a copy of the consents should be attached to the research proposal).

IRB approval is required before releasing registry data on individual patients. If the researcher is affiliated with another institution, then IRB approval is also required from that institution (e.g. academic institution, health care facility, government agency, etc.).

The scientific objectives of the study should be peer reviewed to ensure scientific validity.

After the review of the research proposal, the registry management team may request the researcher to revise the data request, work plan, and/or the cost estimate. Work will not begin on the data request until there is a mutually agreed upon plan and cost estimate.

The researcher must complete and sign a written agreement GCR Research Agreement.pdf to adhere to all confidentiality policies. Written agreements will include provisions for use of this information and for its return or destruction at the end of the study. The researcher should demonstrate adequate resources to conduct the research, including funding, staff, and technical expertise.

The Registry will ensure that confidential information is not under any circumstances published or displayed in reports that summarize the research results. The Registry will retain the right to review any reports prior to their dissemination to ensure that confidentiality has been respected.

A researcher who receives computerized data sets from the Registry should provide assurances that any confidential data will be destroyed or returned to the Registry after the project ends. Confidential data should be protected after the research investigator leaves the employment of the institution. The researcher is liable for civil damages for improper use of data.

Quality control studies of the cancer registry data, including re-abstracting and completeness studies will be conducted periodically by Registry staff and funding agency contractors. Registry staff and agency contractor persons are subject to the same confidentiality standards as indicated in this document. The results of the quality control audits for each individual institution will be kept confidential and only shared with that institution.

More information about cancer data requests. Cancer Data Requests.pdf