Privacy notice

In order to monitor and improve patient safety, a Breast and Cosmetic Implant Registry (BCIR) has been developed. It records the:

  • implants that have been used for patients
  • organisations and surgeons that have carried out the procedures

The main aim of the registry is to be able to trace and inform affected patients in the event of any future recall of a failed implant. The registry will also allow the identification of possible trends and complications relating to specific implants.

The registry has been set up in response to the Keogh Review of the Regulation of Cosmetic Interventions, which was an independent report setting out recommendations to protect people who have cosmetic surgery. This followed issues caused by faulty Poly Implant Prothèse (PIP) breast implants in 2010.

The Breast and Cosmetic Implant Registry is being managed by NHS Digital, the trusted national provider of high-quality information, data and IT systems for health and social care on behalf of the NHS in Scotland. NHS Digital is supported by the relevant cosmetic and surgical professional groups:

  • British Association of Aesthetic Plastic Surgeons (BAAPS)
  • British Association of Plastic, Reconstructive and Aesthetic Surgeons (BAPRAS)
  • Association of Breast Surgery (ABS)

NHS Digital will receive a request (made under section 255(1) of the Health and Social Care Act 2012) from Scottish Government to join SDIIS. This system supports the outcomes and recommendations by the Keogh Review.

This data processing is being conducted to:

  • enable surveillance of specific medical devices through linkage to other data assets including patient outcomes, to enable the earlier identification of potential issues with a specific surgical device or implant which may warrant further investigation for example by the Medicines and Healthcare products Regulatory Agency (MHRA) which could result in a product recall
  • support identification of a cohort of patients and verify their latest address and deceased status as part a patient recall for review or removal of a particular implanted device in the event of a product recall being issued

Theatre data included has the following benefits:

  • improved patient safety
  • improved post-market surveillance of Class III and Class IIb implantable medical devices
  • quicker identification and investigation of poorer patient outcomes which could be related to a specific surgical device or implant and which may warrant investigation by appropriate bodies
  • ability to recall patients in a timely and more effective manner in the event of a product recall
  • ability to compare patient outcomes and longer-term effect of surgical devices and implants against comparable (‘equivalent’) alternative procedures and implants.

Controllers

A data controller is an organisation that determines the means and purposes of the processing of personal information.

The following organisations are data controllers, and they have the following roles in connection with the Breast and Cosmetic Implant Registry. Contact details are also provided if you have questions, comments, complaints or requests regarding your personal information.

Controller Role Contact details
Scottish Government Responsible for assisting Ministers in discharging their duties with NHS Scotland and the population of Scotland. The Scottish Government provides strategic direction for the Registry and is responsible in the event of a recall The Scottish Government Data Protection Officer, Victoria Quay, Commercial Street, Edinburgh, EH6 6QQ Email: DataProtectionOfficer@gov.scot
NHS Scotland territorial health boards Responsible for the protection and the improvement of their population’s health and for the delivery of frontline healthcare services Your local NHS Data Protection Officer
Public Health Scotland (PHS) Has an advisory function to the Scottish Government and Clinical Health Boards on the potential efficacy and safety of breast and cosmetic implants, evaluating breast and cosmetic implants and for making public health decisions about breast and cosmetic implants. phs.dataprotection@phs.scot
NHS Digital Responsible for establishing an information system for UK Patients, focusing initially on Breast and Cosmetic Implant Registry and related procedures and a track and trace system to allow for recall in the event of safety concerns. enquiries@nhsdigital.nhs.uk

Personal information we process

We collect, use, store and transfer different kinds of personal information about you.

Where is this information received from?

Data is received from the care provider organisation.

Personal information Additional details
Organisation identifier (x) A unique code which identifies the provider where the activity occurred. This will be an Organisation Data Services (ODS) Code https://digital.nhs.uk/services/organisation-data-service
Organisation site identifier (of treatment) A unique code which identifies the specific site within the provider estate such as an individual hospital where the activity occurred. This will be an Organisation Data Services (ODS) Code https://digital.nhs.uk/services/organisation-data-service
Community Health Index (CHI) number Patient's Community Health Index (CHI) Number.
The CHI Number is a unique identifier for a patient within Scotland.
Patient first name The patient's first name or forename. Also known as Patient Given Name.
Patient surname The patient's surname or last name. Also known as Person Family Name.
Postcode of current address The postcode of the patients usual place of residence.
Person birth date Patient's date of birth.
Person stated gender code The gender of a PERSON.
PERSON STATED GENDER CODE is self-declared or inferred by observation for those unable to declare their PERSON STATED GENDER.
Operation responsible consultant identifier (GMC Number) GMC number of consultant responsible for the operation on the day. (May not always be a consultant. Could be a nurse, dentist, registrar – may need to be Professional Code and allow for applicable format).
Operation lead surgeon identifier (GMC Number) GMC number of lead operating surgeon. Where devices are implanted, revised or removed by different surgeons during a single operation details of each should be recorded within the Medical Devices Data Module. (May not always a consultant. Could be a nurse, dentist, registrar – may need to be Professional Code and allow for applicable format).
NHS or privately funded Source of funding.
Operation identifier A code to uniquely identify the operation (case) within a health and care provider organisation.
Operation date The operation date of the surgical device or implant.
Operation time The time patient entered into theatre. If time patient entered into theatre is not available, enter surgical incision time.
Procedure code 1 (OPCS) Procedure Code 1 (OPCS) is the OPCS Classification of Interventions and Procedures used to identify the procedure carried out for the patient which relates to the implant, revision, replacement or removal of a surgical device or implant as stated by the surgeon. For OPCS Codes the decimal point (.) should not be included – for example F46.1 should be submitted as F461. Where providers use OPCS-4 codes with a fifth character added for local use, the fifth character should be excluded prior to submission. The intended procedure should not be recorded within this data item.
Type of operation The type of operation performed on the patient.
Laterality The laterality of the surgical device or implant. This is the laterality within the patient's body from the patient's perspective.
Global location number (manufacturer) The Global Location Number (GLN) is used to identify locations and legal entities. This unique identifier is comprised of a GS1 Company Prefix, Location Reference, and Check Digit.
Device manufacturer The manufacturer of the surgical device or implant.
Unique device identifier The unique identifier for the surgical device or implant. This should use GS1 Standards such as Global Trade Identification Number (GTIN).
This is available on the label/bar code associated with a surgical device or implants.
Device catalogue reference number The surgical device or implant catalogue reference number.
Product description The description of the device being implanted (or revised or removed) into the patient.
Device serial number The surgical device or implant serial number. Captured in the UDI-PI. In instances where the device UDI is scanned, the UDI-DI and lot/batch number fields are able to be automatically populated, as this information is captured within the barcode.
Device lot or batch number The lot number or batch number associated with a specific surgical device or implant.
Device quantity The number of individual devices of this type implanted within the patient. For example where the medical device comes as a pack of 4 but only 2 are implanted into the patient or where several of the same device are implanted. Each medical device included within the quantity must have the same unique device identifier and serial number (or batch/lot number).
Expiry date The date the surgical device or implant expires. This is the date up to which the surgical device or implant may be used – it is not the date that the device should be removed once impanted.
Type of device (description) The type of surgical device that has been implanted, revised, replaced or explanted. This is applicable to devices without an identifier to attribute to a broad category. Where GMDN is not available.
Type of device (GMDN) GMDN is a system of internationally agreed generic descriptors used to identify all medical device products. This nomenclature is a naming system for products which include those used for the diagnosis, prevention, monitoring, treatment or alleviation of disease or injury in humans.
Reason for revision or removal The reason that a surgical device or implant was revised, replaced or explanted.
Implant material The material that the implant is made from.
Implant dimensions length (cm) The size of the implant in centimetres (cm) for length.
Implant dimensions width (cm) The size of the implant in centimetres (cm) for width.

How we use your personal information

We will only use your personal information when the law allows us to do so and to the minimum extent possible.

Personal information Purpose / activity / task
Name The name of the patient is required to ensure the CHI Number can be traced in the event that it is missing OR verified where it is present. Name may also be used in the event of needing to contact patients who have left Scotland - for example cross border patients or may also be used in the event international recall.
Postcode Postcode is required to support patient identification for data linkage purposes to enable surgical devices and implants data to be correctly linked at patient level to Scottish data sets. It will also support geographical analysis and derivation of area of residence and other geographies. It will also be used to derive measures of deprivation (such as IMD) which are used for risk adjustment. Postcode may also be used in the event of needing to contact patients who have left Scotland - for example cross border patients or may also be used in the event international recall.
Date of birth Data of Birth is required to support patient identification for data linkage purposes to enable surgical devices and implants data to be correctly linked at patient level to Scottish data sets. It will also be used to derive age to be used for equality monitoring and for casemix adjustment.
Age This item will not be collected as part of the surgical devices and implants data set but could be derived from Data of Birth and activity dates i.e. Age at surgery etc. This could be used as a risk factor to support casemix adjustment to ensure that data is comparable.
Gender Person Gender is required to support patient identification for data linkage purposes to allow surgical devices and implants data to be correctly linked at patient level to Scottish data sets. This will support equality monitoring and will be used for casemix adjustment which is applied to enable true comparison of data to account for expected differences between patients.
General identifier - for example CHI number Community Health Index (CHI) Number: CHI Number is the unique patient identifier for patients in Scotland and is required to support patient identification for data linkage purposes to enable surgical devices and implants data to be correctly linked to the corresponding Scottish Hospital activity and other data sets at patient level. Local Patient Identifier: Local Patient Identifier is required to support patient identification for data linkage purposes to enable theatre data to be correctly linked to the corresponding SMR episodes at patient level in the absence of an NHS Number or where data quality exist. GMC Number: The GMC Number is a unique identifier for the professional registration of the healthcare professional. This is publicly available on the GMC website.
Physical/mental health or condition A variety of data items relating to surgical procedures including procedure code, operation type, unique device identifier (Global Trade Identification Number (GTIN)), medical device serial number/lot/batch and associated relevant dates and additional clinical data items, including relating to equivalent procedures not involving a surgical device or implant, and patient reported outcome measures/patient assessments.
Racial/ethnic origin This item will be collected or derived once data is linked at patient level to Scottish data sets and can be used to support equality monitoring to ensure equitable access to services.

How long will we hold retain this information?

Personal data will be retained for as long as the Department of Health and Social Care directs and the Scottish Government requests NHS Digital to continue to maintain the registry.

This data is required to track patient outcomes and therefore will be retained until the patient is deceased or 8 years after the data is no longer used.

What are the lawful grounds?

These are the lawful grounds on the basis of which each controller processes your personal information.

Personal data Data Controller Lawful basis
Scottish Government has no access to personal data (except in the circumstances where we are asked to look at specific data at the request of the individual with their explicit consent) Scottish Government Necessary for performance of a task carried out in the public interest on the basis of The Public Health etc. (Scotland) Act 2008 section 1 (Duty of Scottish Ministers to protect public health) (UK GDPR Art 6(1)(e)). Necessary for reasons of substantial public interest for statutory and Government purposes on the basis of The Public Health etc. (Scotland) Act 2008 section 1 (Duty of Scottish Ministers to protect public health) and National Health Service (Scotland) Act 1978 (UK GDPR Art 9(2)(g) supplemented by The Data Protection Act (DPA) 2018, Schedule 1, Part 1, paragraph 3 – Public Health). Necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of The Public Health etc. (Scotland) Act 2008 section 1 (Duty of Scottish Ministers to protect public health) and National Health Service (Scotland) Act 1978 (UK GDPR Art 9(2)(h) supplemented by The Data Protection Act (DPA) 2018, Schedule 1, Part 1, paragraph 2 - Health or social care purposes). Necessary for reasons of public interest in the area of public health on the basis of The Public Health etc. (Scotland) Act 2008 section 1 (Duty of Scottish Ministers to protect public health) and National Health Service (Scotland) Act 1978 (UK GDPR Art 9(2)(i) supplemented by The Data Protection Act (DPA) 2018, Schedule 1, Part 1, paragraph 3 – Public Health). Necessary for scientific research or statistical purposes in the public interest (UK GDPR Art 9(2)(j) supplemented by The Data Protection Act (DPA) 2018, Schedule 1, Part 1, paragraph 4 – Research etc).
Health boards will be the source of all personal data Health boards Necessary for the performance of a task carried out in the public interest on the basis of NHS (Scotland) Act 1978 - Section 2 and The National Health Service (Functions of the Common Services Agency) (Scotland) Order 2008 Section 2 (Functions of the Agency)(duty to provide services in support of the functions of Scottish Ministers, Health Boards or Special Health Boards). (UK GDPR Art 6 (1)(e). Necessary for reasons of substantial public interest for statutory and Government purposes on the basis of The Public Health etc. (Scotland) Act 2008 section 1 (Duty of Scottish Ministers to protect public health) and National Health Service (Scotland) Act 1978 (UK GDPR Art 9(2)(g) supplemented by The Data Protection Act (DPA) 2018, Schedule 1, Part 1, paragraph 3 – Public Health). Necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of The Public Health etc. (Scotland) Act 2008 section 1 (Duty of Scottish Ministers to protect public health) and National Health Service (Scotland) Act 1978 (UK GDPR Art 9(2)(h) supplemented by The Data Protection Act (DPA) 2018, Schedule 1, Part 1, paragraph 2 - Health or social care purposes).
To be decided for analysis requirements PHS Necessary for performance of a task carried out in the public interest on the basis of Public Health Scotland Order 2019 section 4 (Functions of the Board, in particular (d) the protection of public health including those specified in section 1 of the Public Health etc. (Scotland) Act 2008 (duty of Scottish Ministers to protect public health)) (UK GDPR Art 6(1)(e)). Necessary for reasons of public interest in the area of public health on the basis of The Public Health etc. (Scotland) Act 2008 section 1 (Duty of Scottish Ministers to protect public health) and National Health Service (Scotland) Act 1978 (UK GDPR Art 9(2)(i) supplemented by The Data Protection Act (DPA) 2018, Schedule 1, Part 1, paragraph 3 – Public Health). Necessary for scientific research or statistical purposes in the public interest (UK GDPR Art 9(2)(j) The Data Protection Act (DPA) 2018, Schedule 1, Part 1, paragraph 4 – Research etc).
To be decided for analysis requirements NHS National Services Scotland (NSS) Necessary for performance of a task carried out in the public interest on the basis of Public Health Scotland Order 2019 section 4 (Functions of the Board, in particular (d) the protection of public health including those specified in section 1 of the Public Health etc. (Scotland) Act 2008 (duty of Scottish Ministers to protect public health)) (UK GDPR Art 6(1)(e)). Necessary for reasons of public interest in the area of public health on the basis of The Public Health etc. (Scotland) Act 2008 section 1 (Duty of Scottish Ministers to protect public health) and National Health Service (Scotland) Act 1978 (UK GDPR Art 9(2)(i) supplemented by The Data Protection Act (DPA) 2018, Schedule 1, Part 1, paragraph 3 – Public Health). Necessary for scientific research or statistical purposes in the public interest (UK GDPR Art 9(2)(j) The Data Protection Act (DPA) 2018, Schedule 1, Part 1, paragraph 4 – Research etc).
NHS Digital will collate all of the personal data NHS Digital Data collection by NHS Digital is on the basis of a non-mandatory request under s255(1) of the health and social care act 2012. In accordance with section 256(1) of the 2012 Act, this request is a confidential information collection request because the Scottish Government are asking NHS Digital to collect information which enables the identity of an individual to be ascertained. They are able to request the collection of this confidential information because in accordance with section 256(2)(c) the information may lawfully be disclosed to the Scottish Government or to NHS Digital by virtue of Articles 6 (c) and (e) of the EU General Data Protection Regulation, and of the National Health Service (Scotland) Act 1978 (c29) (the 1978 Act), which places a general duty on Scottish Ministers to promote the improvement of the physical and mental health of the people of Scotland and to do anything which Scottish Ministers consider is likely to assist in discharging that duty. GDPR / Data Protection Act 2018: Article 6(1)(e) - exercise of official authority, supplemented by Data Protection Act 2018 (DPA 2018) section 8(c) - processing that is necessary for the exercise of a function conferred by enactment, namely section 255 of the HSCA 2012. Article 9(2)(g) - substantial public interest, supplemented by DPA 2018 Schedule 1, Part 2, paragraph 6 - statutory and government purposes; and/or Article 9(2)(h) - the management of health and social care systems supplemented by DPA 2018, Schedule 1, Part 1, paragraph 2 - health or social care purposes. Legal basis for analysis: Analysis is undertaken under Health and Social Care Act section 255(1) “establish and operate a system for the collection or analysis of information of a description specified in the request"

Disclosures of your personal information

The parties with whom personal information is shared are:

  • NHS Digital
  • PHS as requested
  • NSS as requested
  • territorial health boards (their own patient data only) as requested
  • secondary care providers – including NHS Providers, Independent Sector Healthcare Providers (ISHPs) and private healthcare providers involved in the reporting and recording process (their own patient data only) as requested

Data retention

NHS Digital will retain, and delete, the personal data for the period instructed by the Scottish Government and in line with NHS Digital Corporate Records Management Policy and Retention and Disposal Framework Implementation Process.

If there is no instruction data will be retained only for a period necessary to meet the purpose to support surveillance of surgical devices and implants and to support patient recall activities. This will be in line with the Corporate Records Management Policy and Retention and Disposal Framework Implementation Process.

Personal data will be retained for as long as the Department of Health and Social Care directs and the Scottish Government requests NHS Digital to continue to maintain the registry.

Personal data is required to track patient outcomes and therefore will be retained until the patient is deceased or 8 years after the data is no longer used for processing and reporting purposes.

International transfers

Processing of the data will be restricted to NHS Digital supplier data centres within the UK; subject to Data Protection (2018) legislation.

No data will be transferred or processed outside of the UK.

Data security

Read further information about how the registry works and the security measures used.

Also on NHS inform