Risk assessment central to health data disclosure

At the NHS Information Centre, we can provide data on issues at both national and local level. For instance, we can help healthcare professionals isolate and identify particular health issues in their PCT or evaluate the quality of care in their local hospital and how it compares with others. We can assess the extent of smoking, alcohol and drug-related problems, and which groups of the population are most affected.

Because we are able to provide such localised data, the fact that we are often dealing with small numbers of people. This means that the risk of them being identified by those with a particular interest in them is higher.

Take for example data that is provided on childhood obesity in a small town. Because it might be likely this group of people will be small, there is an increased risk of them being identified out of the wider population and patient confidentiality compromised. We need to ensure we safeguard against these risks.

Because a group of people is small, there is a risk of them being identified.

All NHS organisations and those who supply or make use of the information have an obligation to ensure that there is adequate provision for the security management of the information resources that they own, control or use. Before we publish health statistics we must:

  1. Determine users’ requirements for the published statistics: It is vital to identify the main users of the statistics and understand why they need the figures and how they will use them in detail.
  2. Understand the key characteristics of the data: It is important to have a good understanding of the data that may require protection to assess any risk of disclosure.
  3. Assess circumstances where disclosure is likely to occur: We need to think of the views of patients or staff in each assessment we make and what the impact of potential identification could be.
  4. If required, select appropriate control methods to manage any risk
  5. Implement and disseminate the information: once all necessary checks have been made, data can be released.

Data encryption, digital signing, authentication and non-repudiation services are effective information security tools, which we actively use to ensure our data is reliable and secure. What is more, all individuals who work within, or under contract to an NHS organisation have a responsibility for the security of information that they create or use in the performance of their duties. Because a group of people is small, there is a risk of them being identified.

Latest from Marketing Week


Access Marketing Week’s wealth of insight, analysis and opinion that will help you do your job better.

Register and receive the best content from the only UK title 100% dedicated to serving marketers' needs.

We’ll ask you just a few questions about what you do and where you work. The more we know about our visitors, the better and more relevant content we can provide for them. And, yes, knowing our audience better helps us find commercial partners too. Don't worry, we won't share your information with other parties, unless you give us permission to do so.

Register now


Our award winning editorial team (PPA Digital Brand of the Year) ask the big questions about the biggest issues on everything from strategy through to execution to help you navigate the fast moving modern marketing landscape.


From the opportunities and challenges of emerging technology to the need for greater effectiveness, from the challenge of measurement to building a marketing team fit for the future, we are your guide.


Information, inspiration and advice from the marketing world and beyond that will help you develop as a marketer and as a leader.

Having problems?

Contact us on +44 (0)20 7292 3703 or email customerservices@marketingweek.com

If you are looking for our Jobs site, please click here