Att 5_data release policy

Att 5_data release policy.pdf

National Program of Cancer Registries Cancer Surveillance System (NPCR CSS)

Att 5_data release policy

OMB: 0920-0469

Document [pdf]
Download: pdf | pdf
Attachment 5
NPCR CSS Data Release Policy

National Program of Cancer Registries
Cancer Surveillance System (NPCR-CSS)
Data Release Policy for 2009 Data
Submission
___________________________
Policy Revised January 2009

Cancer Surveillance Branch
Division of Cancer Prevention and Control
NCCDPHP, CDC, Mailstop K-53
Atlanta, Georgia 30341-3717
Phone: 770-488-4783
E-mail: cancerinfo@cdc.gov (specify “NPCR-CSS” in subject line)

Table of Contents
Page
Acknowledgement

3

I.

Introduction

4

II.

Assurance of Confidentiality

4

III.

Overview of the Data

5

IV.

Requests for State or Local Data and Notification of States

6

V.

Public-Use Data Sets

7

A. United States Cancer Statistics (USCS) Data Set

8

B. USCS Expanded Data Set

8

C. USCS County Cancer Incidence Data Set

8

D. Public Release Disclosure Statement

8

Restricted-Access Data Set

9

A. State Level Restricted-Access Data Set

9

B. Regional Level Restricted-Access Data Set

9

Emergency and Provisional Data Releases

10

VIII. Data Release Under Controlled Conditions

10

IX.

11

VI.

VII.

References

Table 1

Comparison of NPCR-CSS Data

12

NPCR-CSS Scientific Working Group Members
NPCR-CSS Small Data Release Working Group
NPCR-CSS 308(d) Assurance of Confidentiality
NPCR-CSS 308(d) Assurance of Confidentiality
Frequently Asked Questions
NPCR-CSS Overview of Data Security
State and Metropolitan Area Cancer Registries by Federal
Funding Source and First Diagnosis Year for Which Cancer Cases
Were Reportable to CDC’s NPCR or NCI’s SEER Program
NPCR-CSS Data Sharing Agreement
Data Items for Restricted Access Data Sets

16

Appendices
Appendix A
Appendix B
Appendix C
Appendix D
Appendix E

Appendix F
Appendix G

NPCR-CSS Data Release Policy
Rev. January 2009
2

18
19
23

25
27
29

Acknowledgement
The Cancer Surveillance Branch, Division of Cancer Prevention and Control, NCCDPHP, CDC,
wishes to acknowledge and thank the members of the state-based NPCR-CSS Scientific Working
Group for their contributions to the concepts included in this document. Since 2005, the
members of the Small Data Release Working Group—a subgroup of the Scientific Working
Group—played an important role in the review and release of the USCS expanded data set on
CDC WONDER and the restricted-access data sets. Appendix A lists the members of both
working groups.

NPCR-CSS Data Release Policy
Rev. January 2009

3

National Program of Cancer Registries
Cancer Surveillance System
Data Release Policy
November 2008
I.
Introduction
This document describes the format and content of data that the National Program of Cancer
Registries’ Cancer Surveillance System (NPCR-CSS) will release or share. This multi-year
policy updates the December 2007 NPCR-CSS Data Release Policy. This policy applies to data
submitted to the Centers for Disease Control and Prevention (CDC) for the 2009 data submission
and for all future data submissions until a new policy is provided.
The NPCR-CSS Privacy Steward (Mr. Joseph Rogers) will clear all releases of state data,
ensuring that the data are released according to the terms of the NPCR-CSS Data Release Policy.
It is possible that, in future years, data release practices or the content and format of released data
may vary from those described in these guidelines. Such changes may occur as a result of
improvements in the quality of the data, changes in information technology, and evolving data
needs. However, if such variations occur, they will provide comparable protection (or more
protection) for patient confidentiality than is described in this policy. If it is anticipated that any
data will be released with less protection (as determined by the NPCR-CSS Privacy Steward) for
patient confidentiality than is described in this policy, NPCR central registries will be notified
and will have ample time to respond before the data are released. This policy will be reviewed
annually by the NPCR-CSS Privacy Steward and other appropriate CDC staff members to
determine whether revisions are needed. If revisions are needed, NPCR central registries will be
notified and allowed to review and comment on the revisions before they become final.
II.
Assurance of Confidentiality
All data collected and maintained by NPCR-CSS must be managed, presented, published, and
released in accordance with strict attention to confidentiality and security, consistent with the
general principles and guidelines established by CDC for confidential case data1-3 and specific
restrictions imposed on the NPCR-CSS data (Appendices B, C, and D).4 Special care is needed
even for cancer incidence data that are not directly identifiable because geographic and small cell
data may be indirectly identifying when combined with detailed information in case reports or
from laboratory, medical records, or linkage with other data files.5-10
NPCR-CSS has approval for protection under section 308(d) of the Public Health Services (PHS)
Act (42 USC 242m(d)) (Appendices B and C). The 308(d) confidentiality assurance protects
identifiable and potentially identifiable information from being used for any purpose other than
the purpose for which it was collected unless the person or establishment from which it was
obtained has consented to such use. This assurance protects against disclosures under a court
order and provides protections that the Privacy Act of 1974 (5 USC 552a) does not. For
example, the Privacy Act of 1974 protects individual participants, but the 308(d) confidentiality
assurance also protects institutions. Confidentiality protection granted by CDC promises
participants and institutions that their data will be shared only with those individuals and
institutions listed in the project’s consent form or in its specified policies.
NPCR-CSS Data Release Policy
Rev. January 2009

4

III.
Overview of the Data
In 1992, Congress established the National Program of Cancer Registries (NPCR) by enacting
the Cancer Registries Amendment Act, Public Law 102-515.4 The law authorized CDC to
provide funds and technical assistance to states and territories to improve or enhance existing
cancer registries and to plan for and implement population-based central cancer registries where
they did not exist. NPCR’s purpose is to assure the availability of more complete local, state,
regional, and national cancer incidence data for planning and evaluation of cancer control
interventions and for research. NPCR adopted reporting requirements and definitions consistent
with the National Cancer Institute’s (NCI's) Surveillance, Epidemiology, and End Results
Program (SEER);11,12 required the use of uniform data items and codes and record layouts as
defined by consensus of members of the North American Association of Central Cancer
Registries (NAACCR);13 and established standards for data management and data completeness,
timeliness, and quality similar to those recommended by NAACCR.13,14 In 1994, the first 37
states received funding from CDC. Currently, 45 states, the District of Columbia, Puerto Rico,
and the U.S. Pacific Island Jurisdictions are funded by NPCR (hereafter referred to as states)
(Appendix E).15,16 NPCR-funded central registries collect data on patient demographics, primary
tumor site, morphology, stage of disease at diagnosis, and first course of treatment. In addition,
NPCR central registries conduct follow-up for vital status by linking with state and national
death files.
Invasive and in situ cancer case reports are submitted to CDC by population-based statewide
central cancer registries in all 45 participating states, the District of Columbia, Puerto Rico, and
the U.S. Pacific Island Jurisdictions. In each state or territory, state laws and regulations mandate
the reporting of cancer cases by facilities and practitioners who diagnose or treat cancer to the
state health department or its designee.4 The central cancer registry receives case reports from
facilities and practitioners throughout the state and processes them according to standard data
management procedures.14 Personal identifiers including the patient’s name, social security
number, and street address are removed prior to the encryption and electronic transmission of
these case reports to a contractor acting on behalf of CDC. CDC and the contractor adhere to
strict data security procedures when receiving, processing, and managing the data (Appendix D).
For more information on the NPCR-CSS data, see the Technical Notes as posted on the United
States Cancer Statistics Web site (http://www.cdc.gov/uscs) which is updated annually. NPCRCSS received formal approval (protocol #2594) from CDC’s Institutional Review Board (IRB) in
October 1999. The approval is updated annually. CDC has an Office for Human Research
Protections (OHRP)-approved federal-wide assurance of compliance with rules for the protection
of human subjects in research (45 CFR 46) (http://ohrp.osophs.dhhs.gov/nsearch_t.htm).
Central cancer registries and federal agencies routinely publish cancer incidence data between 22
and 25 months after the close of each diagnosis year based on data that meet standards for
completeness and quality.16,17 However, other versions of the same data, based on the data file as
it exists at different time periods, are usually available. For example, some central registries have
preliminary data available as soon as 12 months after the close of each diagnosis year. Even
after the publication of official statistics, central cancer registries (and CDC and NCI) continue
to update and re-publish data with new information incorporated. Thus, when cancer incidence
data are published it is common practice to document either the data submission date (i.e., when
the data were submitted to CDC or NCI) or the date the file was prepared. Changes in central
cancer registry incidence data that occur more than 22 to 25 months after the close of a diagnosis
NPCR-CSS Data Release Policy
Rev. January 2009

5

year are likely to be small; however, delays in reporting are more likely to impact certain cancer
sites and may be important for some research studies.18
IV.
Requests for State or Local Data and Notification of States
The Freedom of Information Act (FOIA) (http://www.cdc.gov/od/foia/foi/htm) generally
provides that, upon written request from any person, a Federal agency (i.e., CDC) must release
any agency record unless that record falls (in whole or part) within one of nine exemptions.
FOIA applies to only Federal agencies, and covers only records in the possession and control of
those agencies at the time of the FOIA request (except in certain narrow instances involving
grantee-held data). Because State-based data becomes a Federal record in CDC’s possession,
such records are subject to disclosure in response to a FOIA request. The FOIA exemptions that
may be available to protect some aspects of State data from public disclosures in response to a
FOIA request are:
1) Exemption 3, which specifically exempts information from disclosure by statute (in this
instance pursuant to an Assurance of Confidentiality under Section 308(d) of the Public
Health Service Act), and
2) Exemption 6, which exempts from disclosure personnel and medical files and similar files
the disclosure of which would constitute a clearly unwarranted invasion of personal privacy.
In general, non-FOIA requests to CDC from the public, the media, and other government
agencies for local cancer incidence data are referred to the state health department for a reply.
There are three reasons for this: (1) the state health departments can release cancer incidence
data in accordance with locally established policies and procedures and consistent with
provisions of the 1992 Cancer Registries Act, Public Law 102-515; 4 (2) the relative infrequency
of data submission to federal agencies assures that the state health department or its designated
central cancer registry will have the most complete, accurate, and up-to-date information; and (3)
the central registry may be able to provide more detailed data that can better meet the needs of
the requestor. When the request is for data regarding cancer incidence involving more than one
state, CDC will refer the requestor to published reports or to NPCR-CSS data sets that are
released in accordance with practices described in this document. At this time, it is anticipated
that two kinds of data sets will be released: public-use data sets and restricted-access data sets
(see definitions below).
CDC staff members or contractors perform analyses of NPCR program data as needed, including
assessment of the completeness, timeliness, and quality of cancer incidence data; and analyses of
the cancer burden as needed for meeting national cancer control objectives. Such analyses of
state and national data are conducted routinely by federal agencies, including CDC, for
programmatic or statistical purposes as needed to achieve the agency's mandate. Publications or
presentations describing the quality of the data or the burden of cancer may be one outcome of
such analyses. Examples of topics for such analyses are descriptive analyses by racial and ethnic
populations for specific cancers and descriptions of cancer incidence trends. In compliance with
the 308(d) Assurance of Confidentiality, CDC employees and contractors are required to handle
the information in accordance with principles outlined in the CDC Staff Manual on
Confidentiality and to follow the specific procedures documented in the NPCR-CSS
Confidentiality/Security Statement (Appendices B, C, and D).
In addition to adhering to strict requirements for protecting confidentiality, CDC staff members
will notify the state cancer registry in advance whenever they plan to present, publish or release
NPCR-CSS Data Release Policy
Rev. January 2009

6

state-specific information on cancer incidence that have not been previously presented,
published, or released. This notification will include, when possible, sending a pre-publication
copy of the entire publication or other information to the specific states. When that is not
possible (for example if the information is embargoed), the specific state cancer registries will
receive a summary of the information before it is published or released. In addition, CDC staff
members are required to acknowledge state cancer registries whenever NPCR-CSS data are
presented, released, or published by CDC by making available the following (or similar)
statement:
These data were provided by cancer registries participating in the National Program of Cancer
Registries (NPCR) and submitted to CDC in the (insert submission date) NPCR-Cancer
Surveillance System data submission.

V.
Public-Use Data Sets
For purposes of this policy, public-use data sets (PUDS) are defined as data sets that are
comprised of aggregated data (i.e., not individual case-specific data or microdata) that have been
modified as needed, according to accepted procedures, to block breaches of confidentiality and
prevent disclosure of the patient’s identity or the patient’s confidential information. 2, 5-10 A
combination of confidentiality protection measures is employed for each PUDS (Table 1). PUDS
will not contain information that is identifiable or potentially identifiable according to currently
accepted procedures for reducing disclosure risk. 2, 5-10 One of the PUDS is available as a Webbased query system and has a database behind a CDC firewall that is case-specific microdata;
however, even for this database users will be able to access only aggregate counts and rates with
all confidentiality protections built in. Before each PUDS is finalized, the aggregate values will
be analyzed to determine whether there is a need for complementary cell suppression.2, 5-10 If
appropriate, the analysis will include consultation with a statistician with specific expertise in
statistical disclosure limitation techniques. Following the analysis, complementary cell
suppression will be applied as needed.
There will be no restrictions on access to PUDS. A public release disclosure statement (see page
9) will caution users against inappropriate use of the data or inappropriate disclosure of
information. PUDS will be released as delimited ASCII files, a Web-based query system, or
possibly through other vehicles (Table 1). States will have an opportunity to review their state's
data before each PUDS is released and have adequate time to notify CDC if they identify a
problem with the data. As a convenience to NPCR central registries, states may request from
CDC a copy of their complete state-specific analytic database that is used to create each PUDS.
The following three PUDS are currently being released:
 United States Cancer Statistics (USCS) data set,
 USCS expanded data set, and
 USCS county cancer incidence data set.
All NPCR-CSS PUDS will consist of cancer incidence data selected from the NPCR-CSS
analytic database. This is the same database that provides cancer incidence data for the annual
publication of USCS.16 Data sources, case definitions, basic registry eligibility criteria in terms of
required data completeness and quality, population denominator sources, methods for calculating
incidence rates, and the rationale for specific cell suppression thresholds are as described in the
Technical Notes for USCS unless noted in separate documentation that accompanies the PUDS.
Data from NCI’s SEER program are included in some, but not all, data releases described in this
document. However, based on the underlying principles for coordinated nationwide cancer
NPCR-CSS Data Release Policy
Rev. January 2009

7

control as stated in the CDC and NCI Surveillance Memorandum of Understanding, the goal is to
have all data sets include data from both NPCR and SEER.
Separate documentation may accompany each PUDS which will describe its unique features; for
example, the data submission date, percentage of the U.S. population covered, diagnosis years
and cancer sites included, variables included, any special data quality criteria required for
inclusion, and any unique statistical methods employed.
A. United States Cancer Statistics (USCS) Data Set
The USCS data set contains the same aggregate counts and rates for incidence and mortality
published annually (Table 1). The PUDS is an HTML edition of USCS. Tables of male and
female combined counts and rates are in the HTML edition in addition to the published sexspecific tables. Users can download the data in ASCII, MS Excel and SAS dataset formats
for use in other applications.
B. USCS Expanded Data Set
The USCS expanded data set displays the aggregate counts, rates, and 95% confidence
intervals published yearly in the USCS, plus additional aggregate values created from the
same analytic file containing finer breakdowns of counts and rates based on selected
variables (Table 1). This PUDS is available on WONDER (http://wonder.cdc.gov), a Webbased query system, that has a database behind a CDC firewall with case-specific microdata;
however, users will be able to access only aggregate counts and rates with all confidentiality
protections built in. Because this PUDS will present data in more detail than is presented in
USCS, states will have the option to notify NPCR if they prefer not to have their state data
included.
C. USCS County Cancer Incidence Data Set
The USCS county cancer incidence data set consists of aggregate cancer incidence counts,
crude rates, and age-adjusted rates for selected counties in the United States (Table 1). This
PUDS is available as an ASCII file. Because this PUDS presents data at a sub-state
geographic level, states have the option to notify NPCR if they prefer not to have their
county data included. A limited version of this PUDS has been released to a small number of
users, including NCI for the State Cancer Profiles project
(www.statecancerprofiles.cancer.gov) and the U.S. Department of Health and Human
Services' Women's Health Initiative Project. Future versions may contain more detail about
cancer at the county level. Beginning in 2008, CDC will routinely publish county data
averaged over five years.
E. Public Release Disclosure Statement
The following (or similar) public release disclosure statement will be prominently displayed
for users of all NPCR-CSS PUDS:
Data Use Restrictions: Read Carefully before Using
By using these data, you signify your agreement to comply with the following statutorily
based requirements. The National Program of Cancer Registries (NPCR), Centers for Disease
Control and Prevention (CDC), has obtained an assurance of confidentiality pursuant to Section
308(d) of the Public Health Service Act, 42 U.S.C. 242m(d). This assurance provides that
identifiable or potentially identifiable data collected by the NPCR may be used only for the
purpose for which they were obtained unless the person or establishment from which they were
obtained has consented to such use. Any effort to determine the identity of any reported cases, or
NPCR-CSS Data Release Policy
Rev. January 2009

8

to use the information for any purpose other than statistical reporting and analysis, is a violation
of the assurance. Therefore users will:
 Use the data for statistical reporting and analysis only.
 Make no attempt to learn the identity of any person or establishment included in these data.
 Make no disclosure or other use of the identity of any person or establishment discovered
inadvertently, and advise the Associate Director for Science, Office of Science Policy and
Technology Transfer, CDC, Mailstop D-50, 1600 Clifton Road, N.E., Atlanta, Georgia,
30333, Phone: 404-639-7240) (or NCI’s SEER Program if SEER data) and the relevant state
or metropolitan area cancer registry, of any such discovery.

VI.
Restricted-Access Data Sets
For purposes of this policy, restricted-access data sets (RADS) are defined as versions of the full
NPCR-CSS analytic data set, either aggregated data or microdata (i.e., individual case-specific
data), that have been modified as needed to minimize (but may not remove entirely) the potential
for disclosure of confidential information. RADS will not contain personal identifiers such as a
patient’s name, street address, or social security number as this information is not transmitted by
central cancer registries to CDC as part of their annual data submission. However, they may
contain information that is potentially identifiable especially when linked with other data sets,
such as the occurrence of a rare cancer in a person of a certain age or racial or ethnic group. The
following two RADS are described:
 Regional level restricted-access data set (rRADS)
 State level restricted-access data set (sRADS)
The list of the variables included in these RADS is in Appendix G.
Because restricted-access data sets may potentially contain identifiable information, states will
have the option to notify NPCR if they prefer not to have their data included in either or both of
these restricted access data sets.
A. Regional Level Restricted-Access Data Set (rRADS)
The rRADS will be released after the requestor signs a detailed data sharing agreement and
provides a description of the proposed project. The intent of the regional-level dataset is to
provide access to individual case-specific data with reduced potential for disclosure of
confidential information and correspondingly less oversight from CDC. The rRADS is
similar to the sRADS, but with reduced geographic specificity and fewer data items.
Reducing geographic specificity is an effective way to reduce the potential for disclosure of
confidential information.
B. State Level Restricted-Access Data Set (sRADS)
The sRADS will be released only after CDC authenticates the requestor's identity and the
requestor either signs a detailed data sharing agreement or signs a less detailed data sharing
agreement and submits confirmation of IRB approval by an institution with appropriate
assurance from the U.S. Department of Health and Human Services’ Office for Human
Research Protections (http://ohrp.osophs.dhhs.gov/nsearch_t.htm).
To define and develop the RADS, CDC staff members are working collaboratively with a subset
(Small Data Release Working Group) of the NPCR-CSS Scientific Working Group. The
resources needed for preparation, data quality testing, releasing, logging 2 and monitoring the
release of restricted data sets have been and will continue to be substantial. Thus, release of these
data sets will be phased in over several years. The sRADS was first made available to ACS, NCI
NPCR-CSS Data Release Policy
Rev. January 2009

9

and members of the Small Data Release Working Group starting in November 2005. In
November 2006, the sRADS was made available to ACS, NCI, and all NPCR central registries.
In future years, the sRADS will be available to other researchers who meet the criteria jointly
established by CDC and NPCR central registries. These RADS are currently available as an
ASCII file. User documentation including a data dictionary for every diagnosis year since 1994
are available.13 Detailed data sharing agreements, and procedures for user authentication and for
logging and monitoring of data releases, have been developed. The recently completed
CDC/ATSDR/CSTE Data Release Guidelines for Re-Release of State Data described in detail the
recommended contents of such a data sharing agreement and provided guidance for user
authentication and logging and monitoring of data releases.2 CDC staff members and partners
who worked together to plan for the release of these data sets have reviewed these CDC
recommendations and other relevant materials and have developed data sharing agreements that
meet the requirements of federal agencies. A similar approach has been used for developing
methods for user authentication, logging of data releases, and compliance monitoring.
VII. Emergency and Provisional Data Releases
It is not anticipated that CDC will ever need to release NPCR-CSS data before the files have
been modified as needed to protect confidentiality as described in this policy. This is prohibited
by the 308(d) Assurance of Confidentiality (Appendices B and C).
Provisional data and draft data tables will be shared with CDC employees and contractors,
NPCR central registries, and other partners as needed in order to facilitate quality reviews of the
data. When appropriate, individuals who participate in such reviews will sign a data use
agreement before accessing the data or tables.
VIII. Data Release under Controlled Conditions
CDC-wide policy stipulates that a CDC program may consider release of data that cannot be
released as either a PUDS or a RADS under certain controlled conditions.1 These controlled
conditions may include a CDC-controlled data center such as the data center established at
NCHS (http://www.cdc.gov/nchs/r&d/rdc.htm) or through special licensing. NPCR-CSS data
will not be released under these controlled conditions while this policy is in place. Release of
data under controlled conditions will be considered as part of discussions with partners toward
development of RADS, and a determination will be made as to whether such releases of data will
be considered in the future for NPCR-CSS data.

NPCR-CSS Data Release Policy
Rev. January 2009

10

IX. References
1. Centers for Disease Control and Prevention. CDC/ATSDR Policy on Releasing and Sharing Data.
Atlanta: Centers for Disease Control and Prevention; 2003. Available at
http://www.cdc.gov/od/foia/policies/sharing.htm.
2. Centers for Disease Control and Prevention. CDC/ATSDR/CSTE Data Release Guidelines for ReRelease of State Data. Atlanta: Centers for Disease Control and Prevention; 2003 (available upon
request).
3. Centers for Disease Control and Prevention. CDC Staff Manual on Confidentiality. Atlanta: Centers
for Disease Control and Prevention; 1984 and National Center for Health Statistics. NCHS Staff
Manual on Confidentiality. Hyattsville MD: National Center for Health Statisitics; 1999.
4. Cancer Registries Amendment Act, Public Law 102-515, Stat. 3312 (October 22, 1992). Available at
http://www.cdc.gov/cancer/npcr/npcrpdfs/publaw.pdf.
5. American Statistical Association. Privacy, Confidentiality, and Data Security Web Site. Alexandria,
VA: American Statisitcal Association; 2005. Available at
http://www.amstat.org/comm/cmtepc/index.cfm.
6. Doyle P, Lane JI, Theeuwes JM, Zayatz LM (eds). Confidentiality, Disclosure, and Data Access:
Theory and Practical Application for Statistical Agencies. Amsterdam: Elsevier Science BV; 2001.
7. Federal Committee on Statistical Methodology. Checklist on Disclosure Potential of Proposed Data
Releases. Available at http://www.fcsm.gov/committees/cdac/cdac.html.
8. Federal Committee on Statistical Methodology. Report on Statistical Disclosure Limitation
Methodology. (Statistical Working Paper 22). Washington (DC): Office of Management and Budget;
1994. Available at http://www.fcsm.gov/working-papers/spwp22.html.
9. McLaughlin C. Confidentiality protection in publicly released central cancer registry data. Journal of
Registry Management 2002; 29(3):84-88.
10. Stoto M. Statistical Issues in Interactive Web-Based Public Health Data Dissemination Systems.
Draft report prepared for the National Association of Public Health Statistics and Information
Systems, Rand Corporation; September 2002.
11. Surveillance, Epidemiology, and End Results Program. The SEER Program Code Manual. 3rd ed.
Bethesda (MD): National Cancer Institute,1998.
12. Percy C, Van Holten V, Muir C (eds). International Classification of Diseases for Oncology, 2nd
edition. Geneva, Switzerland: World Health Organization; 1990.
13. Hultstrom D, editor. Standards for Cancer Registries, vol. II: Data Standards and Data Dictionary,
version 9.1, 6th ed. Springfield (IL): North American Association of Central Cancer Registries; 2001.
14. North American Association of Central Cancer Registries. Standards for Cancer Registries, vol. III:
Standards for Completeness, Quality, Analysis, and Management of Data. Springfield (IL): North
American Association of Central Cancer Registries; 2000.
15. Hutton MD, Simpson, LD, Miller DS, Weir HK, McDavid K, Hall HI, Progress toward nationwide
cancer surveillance: an evaluation of the National Program of Cancer Registries, 1994-1999. Journal
of Registry Management 2001;28(3):113-120.
16. U.S. Cancer Statistics Working Group. United States Cancer Statistics: 2004 Incidence and
Mortality, Technical Notes. Atlanta: U.S. Department of Health and Human Services, Centers for
Disease Control and Prevention and National Cancer Institute; 2007.
17. Method for estimating case completeness is available in: Wu XC, Hotes JL, Fulton PJ, Cormier M,
Correa CN, McLaughlin CC, Kosary C, Howe HL, Chen VW, editors. Cancer in North America,
1995-1999, vol. I: Incidence. Springfield, IL: North American Association of Central Cancer
Registries; 2002. Available at http://www.naaccr.org/Stats/CINAPubs.html.
18. Clegg LX, Fueur EJ, Midthune DN, Fay MP, Hankey BF. Impact of reporting delay and reporting
error on cancer incidence rates and trends. Journal of the National Cancer Institute
2002;94(20):1537-45.

NPCR-CSS Data Release Policy
Rev. January 2009

11

Table 1. Comparison of the National Program of Cancer Registries –Cancer Surveillance System Data Sets
Overview
Public-Use Data Sets (PUDS)
USCS Expanded

USCS
Format

Database of aggregate
counts and rates, with text
documentation

Mode of Access

Web-based query system
with downloadable ASCII
files, MS Excel files, and
SAS datasets
USCS website
(www.cdc.gov/uscs)

Web Address or
Contact
Information

Database of aggregate counts
and rates, with text
documentation. The database
behind the CDC firewall is
case-specific microdata.
Web-based query system

CDC Wonder
(http://wonder.cdc.gov)

USCS County

Restricted-Access Data Sets (RADS)
Regional Level
State Level

Database of aggregate counts
and rates, with text
documentation

Database of individual
record level data

Database of individual record
level data

Flat ASCII file and Webbased query system and
separate brief text
documentation
Request from
cancerinfo@cdc.gov
(specify “USCS County” in
subject line)

Flat ASCII file or
SEER*Stat file

Flat ASCII file or SEER*Stat
file

Request from
cancerinfo@cdc.gov
(specify “Regional RADS”
in subject line)

Request from
cancerinfo@cdc.gov (specify
“State RADS” in subject line)

Contains
Potentially
Identifiable
Information
Registry
Eligibility
Criteria for
Data
Completeness
and Quality

No

No

Yes

Yes

USCS
publication criteria

USCS publication criteria;
data meet criteria for unknown
county

USCS
publication criteria

USCS
publication criteria

When Available

Updated 2009

Updated 2009

2009

Updated 2009

NPCR-CSS Data Release Policy
Rev. January 2009
12

Table 1. Comparison of the National Program of Cancer Registries –Cancer Surveillance System Data Sets, continued
Cases Included
USCS
States/Territories

Diagnosis Years

Cancer Sites

Public-Use Data Sets (PUDS)
USCS Expanded

NPCR and SEER states that meet eligibility criteria

Single year of data from
1999-2006; combined
years of data from 20022006

NPCR states that meet
eligibility criteria*

NPCR states that meet
eligibility criteria*

NPCR states that meet
eligibility criteria*

Aggregated years of data
from 2002-2006

Single year of data from
1999-2006

Single year of data from 19992006

All reportable cancer sites
combined; female breast; in
situ female breast; cervix
uteri; colon and rectum; lung
and bronchus; melanoma;
bladder; prostate; oral cavity
and pharynx; brain and other
nervous system; thyroid;
kidney; stomach; ovary;
corpus and uterus, NOS;
leukemias; non-Hodgkin
lymphoma, liver and
intrahepatic bile duct,
pancreas, esophagus, and
childhood cancers

All reportable invasive and
in situ cancers and benign
and borderline primary
intracranial and central
nervous system tumors
(diagnosis year 2004)

All reportable invasive and in
situ cancers and benign and
borderline primary intracranial
and central nervous system
tumors (diagnosis year 2004)

Single year of data from 19992006

All reportable invasive cancers; in situ female breast, and
benign and borderline primary intracranial and central
nervous system tumors (diagnosis year 2004)

USCS County

Restricted-Access Data Sets (RADS)
Regional Level
State Level

* Future plans may include the addition of SEER data similar to the USCS data set.

NPCR-CSS Data Release Policy
Rev. January 2009

13

Table 1. Comparison of the National Program of Cancer Registries –Cancer Surveillance System Data Sets, continued
Variables Included
Public-Use Data Sets (PUDS)
Restricted-Access Data Sets (RADS)
USCS
USCS Expanded
USCS County
Regional Level
State Level
All areas combined; U.S.
All areas combined; NPCR
NPCR state;
United States Census
NPCR state or territory*
Geographic
census region and
and SEER state or territory;
county*
Region (and Division**)
Levels

Race

Ethnicity
(Hispanic)
Age Groups

Summary
Stage
Histology

division; NPCR and
MSA for cities of 500,000 or
SEER state or territory;
more* (additional levels may
SEER metropolitan area
be added in 2008)**
All races combined; white; black; Asian/Pacific Islander;
American Indian/Alaska Native

Yes
All ages combined and
standard 5 year age
groups for adults and <15
and <20 for childhood
cancers

All ages combined and
standard 5-year age groups
that can be combined by the
user.

All races combined; white;
black; American
Indian/Alaska Native;
Asian/Pacific Islander (with
appropriate 50,000 population
suppression and state
permission for AI/AN and
A/PI)
Yes for State Profiles only
(with state permission)

All races reported

All races reported

Yes

Yes

Childhood cancers: <15 and
<20; all other cancers: <50,
50-64, 65+

Standard 19 age groups

No

Yes

Standard 5-year age groups
and individual ages (Month
and day of birth are not
provided for confidentiality
reasons. If the age at
diagnosis over 99, then
grouped into one category.
Year of birth is also grouped.)
Yes

No

Yes

Yes

No
International Classification of Childhood Cancers, Third
Revision (all geographic areas combined)
Mesothelioma (national and state level)
Kaposi Sarcoma (national and state level)
Consensus Conf on Cancer Registration of Brain and CNS
Tumors (all areas only)

* Future plans may include the addition of SEER data similar to the USCS data set.
** Pending further data quality investigation and discussion with the NPCR-CSS Scientific Working Group.

NPCR-CSS Data Release Policy
Rev. January 2009

14

Table 1. Comparison of the National Program of Cancer Registries –Cancer Surveillance System Data Sets, continued
Confidentiality Protection/Disclosure Limitation Measures Employed
Public-Use Data Sets (PUDS)
Restricted-Access Data Sets (RADS)
USCS
USCS Expanded
USCS County
Regional Level
State Level
Direct Identifiers?

No

No

Yes

Yes

Aggregation

Yes

Yes

No

No

Limited Number of
Variables

Yes

Yes

Yes

Yes

Grouping/Collapsing
of Variables or
Response Codes
(1) Average Annual
Counts Rounded
to the Nearest
Whole Number
(2) Average Annual
Rates
(3) Annual averages
are based on at
least 5 years of
data
Cell Suppression

Yes

No

Yes

Yes

No

Yes

No

No

Yes
Counts and rates: count of less than 16

No

No

No

No

Complementary Cell
Suppression
Public Release
Disclosure Statement
Data Sharing
Agreement and/or
IRB Approval
User Authentication

As needed

Yes
Counts and rates: 5 year total
count of less than 16
As needed

Yes

Yes

Yes

Yes

No

No

Yes

Yes

No

No

Yes

Yes

Logging and
Monitoring

Limited

Limited

Yes

NPCR-CSS Data Release Policy
Rev. January 2009

15

Appendix A

NPCR-CSS Scientific Working Group Members

Mark E. Allen, MS, California Cancer Registry
Janet Bates, MD, MPH, California Cancer Registry
Sally Bushhouse, DVM, PhD, Minnesota Cancer Surveillance System
Vivien W. Chen, PhD, Louisiana Tumor Registry
Susan T. Gershman, MS, MPH, PhD, CTR, Massachusetts Cancer Registry
Georgette G. Haydu, MS, Ohio Cancer Incidence Surveillance System
Jeannette Jackson-Thompson, PhD, MSPH, Missouri Cancer Registry
Alison T. Johnson, CTR, Vermont Cancer Registry
Amy Kahn, MS, CTR, New York State Cancer Registry
Karen L. Knight, MS, North Carolina Central Cancer Registry
Sue Min Lai, PhD, MS, MBA, Kansas Cancer Registry
Melinda Lehnherr, RN, Illinois State Cancer Registry
Jill A. MacKinnon, CTR, Florida Cancer Data System
Fangchao Ma, MD, MPH, PhD, Illinois State Cancer Registry
Howard J. Martin, PhD, Virginia Cancer Registry
Xiaoling Niu, MS, New Jersey State Cancer Registry
Emily Reed, CTR, Kentucky Cancer Registry
Maria J. Schymura, PhD, New York State Cancer Registry
Tiefu Shen, MD, PhD, Illinois State Cancer Registry
Laura Stephenson, BA, Wisconsin Cancer Reporting System
Cheryll C. Thomas, MSPH, Centers for Disease Control and Prevention
Thomas C. Tucker, PhD, MPH, Kentucky Cancer Registry
Hannah Weir, PhD, Centers for Disease Control and Prevention
Melanie Williams, PhD, Texas Cancer Registry
Reda J. Wilson, MPH, CTR, Centers for Disease Control and Prevention
Brian D. Wright, BS, Pennsylvania Cancer Registry
Xiao Cheng Wu, MD, MPH, CTR, Louisiana Tumor Registry

NPCR-CSS Data Release Policy
Rev. January 2009

16

Appendix A
NPCR-CSS Small Data Release Working Group
Mark E. Allen, MS, California Cancer Registry
Pamela Agovino, MPH, New Jersey State Cancer Registry
Patricia Andrews, MPH, CTR, Louisiana Tumor Registry
Vivian W. Chen, PhD, Louisiana Tumor Registry
Georgette G. Haydu, MS, Ohio Cancer Incidence Surveillance System
Amy Kahn, MS, CTR, New York State Cancer Registry
Karen L. Knight, MS, North Carolina Central Cancer Registry
Sue Min Lai, PhD, MS, MBA, Kansas Cancer Registry
Jill A. MacKinnon, CTR, Florida Cancer Data System
Xiaoling Niu, MS, New Jersey State Cancer Registry
Maria J. Schymura, PhD, New York State Cancer Registry
Cheryll C. Thomas, MSPH, Centers for Disease Control and Prevention
Jeannette Jackson-Thompson, PhD, MSPH, Missouri Cancer Registry
Reda J. Wilson, MPH, CTR, Centers for Disease Control and Prevention

NPCR-CSS Data Release Policy
Rev. January 2009

17

Appendix B

National Program of Cancer Registries Cancer Surveillance System
308(d) Assurance of Confidentiality Statement
A surveillance system of population-based cancer incidence data received from cooperative
agreement holders for the National Program of Cancer Registries is being conducted by the
National Center for Chronic Disease Prevention and Health Promotion (NCCDPHP) of the
Centers for Disease Control and Prevention (CDC), an agency of the United States Department
of Health and Human Services, and Macro International Inc., a contractor of the CDC. The
information to be received by the CDC is a subset of a standard set of data items that the State
central cancer registry routinely receives from hospitals, pathology labs, clinics and private
physicians on all cancer patients diagnosed in the state. This information includes patient
demographics and cancer diagnosis and treatment data. Once a year in January, CDC will
request cumulative data from central cancer registries. The variables reported to CDC may vary
from year to year. The cancer registries maintain these data permanently in longitudinal
databases that are used for public health surveillance, program planning and evaluation, and
research. CDC will update its longitudinal database each year with data received from the states.
These data are used by CDC scientists for routine cancer surveillance, program planning and
evaluation, and to provide data for research. NCCDPHP, recognizing the sensitivity of the data
being furnished by the States, has applied for and obtained an Assurance of Confidentiality to
provide a greater level of protection for the data while at CDC and at the contractor site.
Information received by CDC or its contractors as part of this surveillance system that could lead
to direct or indirect identification of cancer patients is collected and maintained at CDC under
Section 306 of the Public Health Service (PHS) Act (42 USC 242k) with an assurance that it will
be held in strict confidence in accordance with Section 308(d) of the PHS Act (42 USC 242m).
It will be used only for purposes stated in this Assurance and will not otherwise be disclosed or
released, even following the death of cancer patients in this surveillance system.
Information collected by the CDC will be used without personal identifiers for publication in
statistical and analytic summaries and for release in restricted release datasets for research.
Information that could lead to direct or indirect identification of cancer patients will not be made
available to any group or individual. In particular, such information will not be disclosed to:
insurance companies; any party involved in civil, criminal, or administrative litigation; agencies
of Federal, State or local government; or any other member of the public.
Collected information that could lead to direct or indirect identification of cancer patients will be
kept confidential and, aside from NCCDPHP employees, their contractors, and qualified
researchers, no one will be allowed to see or have access to the information. CDC employees
and contractors will be required to handle the information in accordance with principles outlined
in the CDC Staff Manual on Confidentiality and to follow the specific procedures documented in
the Confidentiality Security Statement for this project. Qualified researchers and organizations
(e.g., the North American Association of Central Cancer Registries, the American Cancer
Society, the National Cancer Institute) will be required to sign a detailed data release agreement
to have access to restricted release data.
NPCR-CSS Data Release Policy
Rev. January 2009

18

Appendix C

National Program of Cancer Registries Cancer Surveillance System
308(d) Assurance of Confidentiality
Frequently Asked Questions
Background
The Centers for Disease Control and Prevention (CDC) is responsible for public health
surveillance in the United States. CDC collects, compiles, and publishes a large volume of
personal, medical, epidemiologic, and statistical data. The success of CDC’s operations
depends, in part, on the agency’s ability to protect the confidentiality of these data. While it is a
matter of principle for CDC to guard sensitive information, and federal statutes such as the
Privacy Act provide a degree of protection for personally identifiable data, the Public Health
Service Act, Section 308(d) enables CDC to provide the highest level of confidentiality
protection for sensitive and mission-significant research and surveillance data.
CDC received a formal delegation of authority from the National Center for Health Statistics
(then a separate agency) to grant 308(d) confidentiality protection in 1983. Section 308(d) of the
Public Health Service Act (42 U.S.C. 242 m(d)) ensures the confidentiality of data collected
under Sections 304 and 306 of the Public Health Service Act. These special legislative
authorities were the provisions under which NCHS collects and safeguards most of its survey
data, along with the mortality data within the National Death Index. CDC was required to
establish a stringent application process, and continues to use the authority sparingly. The
agency has granted confidentiality assurances to projects deemed significant to CDC’s mission,
such as surveillance of hospital infections, AIDS and HIV infections, pregnancy related
mortality, and congenital defects. Fewer than fifty projects have received 308(d) protection
since CDC received this authority, and currently there are only approximately 25 active projects
with 308(d) confidentiality assurances. As a testament of the importance of this project to the
mission of CDC, the National Program of Cancer Registries (NPCR) has been afforded this
special data protection.
1. What is stated in Public Health Service Act, Section 308(d)?
The first clause of Section 308(d) states that CDC must explain the purpose for collecting data to
persons or agencies supplying information, and it guarantees that CDC will be limited to those
specified uses unless an additional consent is obtained. Moreover, the information obtained may
be used only by staff of CDC, or its contractors, in the pursuit of such stated purposes. The
second clause states that CDC may never release identifiable information without the advance,
explicit approval of the person or establishment supplying the information or by the person or
establishment described in the information.
2. What process did NPCR undertake to obtain 308(d) confidentiality protection?
NPCR staff worked with the CDC Office of General Counsel and the CDC Confidentiality and
Privacy Officer to prepare the application for the NPCR Cancer Surveillance System (CSS)
NPCR-CSS Data Release Policy
Rev. January 2009

19

Appendix C
project. The application contained the following four components:
a. A Justification Statement summarizing the NPCR-CSS project’s programmatic
purpose, the type of data to be collected, and the uses to be made of the information.
This statement also included an assurance that a) the requested data would not be
furnished without the guarantee of a confidentiality assurance, b) confidentiality
assurance is important to protect the individuals described in the data and to reassure
the institutions submitting data, c) the information cannot reliably be obtained from
other sources, d) the information is essential to the project’s success, e) granting the
confidentiality assurance would not prohibit CDC from fulfilling its responsibilities,
and f) the advantages of assuring confidentiality outweigh the disadvantages.
b. An Assurance of Confidentiality Statement delineating anticipated data uses and
those with whom identifiable data would be shared, along with general advisements
regarding the confidentiality protection.
c. A Confidentiality Security Statement detailing the stringent safeguarding measures in
place to ensure that the promise of confidentiality would not be jeopardized by
practices of staff handling the data.
d. An IRB Review Status Statement verifying NPCR-CSS’s exemption from CDC
Institutional Review Board (IRB) approval. (The Human Subjects Administrator at
the National Center for Chronic Disease Prevention and Health Promotion determined
that NPCR-CSS activities are routine surveillance and not research on human
subjects. Therefore, protocol review by CDC IRB was deemed not necessary.)
The application was submitted to the CDC Confidentiality Officer for review and modification,
prepared for presentation to the CDC Confidentiality Review Group (CRG), and in May 2000
NPCR received 308(d) confidentiality protection approval for NPCR-CSS data, including
authorization for retroactive confidentiality protection beginning with diagnosis year 1995.
NPCR must file for continuation every five years to maintain the assurance. In 2006, NPCR filed
and received approval for continuation.
3. What makes 308(d) confidentiality assurance the best protection for NPCR-CSS data?
The 308(d) confidentiality assurance is the only confidentiality protection that covers routine
surveillance activities, such as those conducted by NPCR-CSS. The assurance specifies that data
protected by 308(d) may be used only for statistical or epidemiological purposes and not released
further in identifiable form without consent. Another exclusive advantage of 308(d) is that it
also protects indirectly identifiable data. Operationally, this means that NPCR may never release
a directly identifiable variable (e.g., social security number) or any combination of variables that
could be used to indirectly identify an individual. Finally, 308(d) provides protection for
information on both living and deceased individuals.
4. Are there any disadvantages to individuals or institutions protected by the 308(d)
confidentiality assurances?
A 308(d) confidentiality assurance does not pose a disadvantage for individuals or institutions
NPCR-CSS Data Release Policy
Rev. January 2009

20

Appendix C
submitting data to CDC. In fact, 308(d) provides an added benefit because it prevents CDC from
freely releasing data to researchers and any other persons or entities that could request access to
the data. With the confidentiality assurance protecting NPCR-CSS data, NPCR staff members
are prohibited from sharing data except for the purposes stated at the time of data collection,
unless consent from those provided the assurance is obtained.
5. Does NPCR’s 308(d) confidentiality assurance protect the data from subpoena and
Freedom of Information Act (FOIA) requests?
The 308(d) assurance is the strongest protection against compulsory legal disclosure that CDC
can offer. Although CDC receives Freedom of Information Act (FOIA) requests, the FOIA
(b)(6) exemption enables CDC to withhold sensitive, individually identified data that would
constitute a “clearly unwarranted invasion of personal privacy.” It is CDC’s firm position that
all projects covered by a 308(d) confidentiality assurance, including NPCR-CSS, meet this
exemption.
6. Has a case involving 308(d) been tested in court?
Yes. CDC’s ability to protect data submitted to the agency was upheld in court. The case
involved a National Institute for Occupational Safety and Health project collecting death
certificate information, which is widely accepted as the least sensitive data protected by 308(d).
The court’s ruling in favor of the non-release of these data establishes an effective precedent for
restricting access to more sensitive data, such as that collected by a cancer registry.
7. How long are confidential data submitted to NPCR-CSS protected?
NPCR-CSS data are covered by the 308(d) confidentiality assurance forever. Individual records
in the NPCR-CSS surveillance system are protected even following the death of the cancer
patients.
8. Will NPCR release CSS data to persons or agencies outside of CDC?
An assurance of confidentiality protects NPCR-CSS data held at CDC and by its contractor,
Macro International, Inc. Data that are released to external researchers are done so in accordance
with the Data Use Agreement (copy attached) prohibiting attempts to identify subjects within the
record system. The 308(d) confidentiality protection does not go with the data, and any data
released to qualified researchers by CDC are subject to the limits of any coverage afforded by the
requesting agency. However, it is important to note that NPCR’s confidentiality assurance
prohibits the release of any data that are directly or indirectly identifiable. Therefore, CDC
would not release highly sensitive NPCR-CSS data. Under the 308(d), NPCR is permitted to
release NPCR-CSS data to qualified researchers and organizations, such as the North American
Association of Central Cancer Registries (NAACCR), the American Cancer Society (ACS), and
the National Cancer Institute (NCI). This is so because these entities were specifically
mentioned in the NPCR-CSS confidentiality assurance as anticipated recipients of identifiable
data. Prior to the restricted release of NPCR-CSS data, a detailed data use agreement must be
NPCR-CSS Data Release Policy
Rev. January 2009

21

Appendix C
signed by the requesting party. Information that could lead to the identification of cancer
patients, through either direct or indirect methods, cannot be made available to any other group
or individual. In particular, NPCR cannot disclose information to insurance companies; any
party involved in civil, criminal, or administrative litigation; agencies of federal, state or local
government; or any other member of the public.
9. Are there penalties for violating the confidentiality assurance?
NPCR employees and contractors at Macro International, Inc. working on the NPCR-CSS
project may be subject to fine, imprisonment, and termination of employment for unauthorized
disclosure of confidential information. To assure that all NPCR employees are aware of their
responsibilities to maintain and protect NPCR-CSS records and the penalties for failing to
comply, CDC employees must read and sign a data use agreement. Contract employees at
Macro International, Inc. with access to NPCR-CSS data are required to sign a Confidentiality
Agreement.

NPCR-CSS Data Release Policy
Rev. January 2009

22

Appendix D

National Program of Cancer Registries Cancer Surveillance System
Overview of Data Security
The NPCR-CSS project data reside on a dedicated server at Macro International (thereafter
“Macro”). To ensure the security and confidentiality of project data, the following provisions
have been incorporated into the Macro NPCR-CSS Security Plan in accordance with the
requirements of the Assurance of Confidentiality.
The NPCR-CSS server is housed in a secure facility at Macro’s Bethesda office with a guard on
duty in the lobby 24 hours a day. Elevator and stairwell access is controlled by card key. The
server resides on its own local area network (LAN) behind Macro’s firewall.


Access to the NPCR-CSS server is limited to authorized Macro project staff (see below). It is
password protected on its own security domain. No one, including nonproject staff at Macro,
is allowed access to the NPCR-CSS data.



All Macro project staff must sign a confidentiality agreement before passwords and keys are
assigned. All staff must pass background checks appropriate to their responsibilities for a
public trust position.



NPCR-CSS data that are submitted electronically are encrypted during transmission from the
States. They arrive on a document server behind Macro’s firewall. Each State has its own
directory location so that no State has access to another State’s data. The data are moved
automatically from the document server to the NPCR-CSS server.



Receipt and processing logs are maintained to document data receipt, file processing, and
report production. All reports and electronic storage media containing NPCR-CSS data are
stored under lock and key when not in use and will be destroyed when no longer needed.



A comprehensive security plan has been developed by Macro’s security team. The security
team consists of Donald McMaster, Business Steward; Kevin Zhang, Project Director; Leo
Shen, Data Manager and Security Officer; David Radune, Database Administrator; and
Gretchen Stanton, LAN and WAN Security Steward. All project staff receive annual security
awareness training covering security procedures. The Macro project security team oversees
operations to prevent unauthorized disclosure of the NPCR-CSS data.



Periodic (currently quarterly, but no less than once a year) review and update of Macro
security processes will be conducted to adjust for rapid changes in computer technology and
to incorporate advances in security approaches. The security plan will be amended as needed
to maintain the continued security and confidentiality of NPCR-CSS data.

NPCR-CSS Data Release Policy
Rev. January 2009

23

Appendix D
Macro
Authorized Project Staff
Staff Member
Donald McMaster, M.B.A., M.S.
Kevin Zhang, Ph.D.
Leo Shen, M.B.A.
David Radune, B.S.
Gretchen Stanton, M.S.
Qiming He, Ph.D.
Yuan Ren, Ph.D.
Jonathan Stanger, M.P.A.
Phillip Schaeffer, M.S.
Jagruti Rana, M.S.
Shaobin Xu, M.S.
Shailendra Bhavsa, B.S.

Position
Business Steward
Project Director
Deputy Director/Security Officer
Development Manager/Database
Administrator
LAN and WAN Security Steward
QA Manager/Sr. Programmer Analyst
Data and Statistical Manager/Sr.
Statistical Programmer
SQL Programmer
Sr. SAS Programmer
Sr. Developer
Programmer Analyst
Programmer Analyst

NPCR-CSS Data Release Policy
Rev. January 2009

24

Appendix E
State, Metropolitan Area, and Territory Cancer Registries by Federal Funding Source, and
First Diagnosis Year* for Which Cancer Cases Were Reportable to CDC’s NPCR or NCI’s
SEER Program
First Diagnosis Year for
Which Cancer Cases
State, Metropolitan Area, or
Were Reportable to
Territory
NPCR or SEER*
Alabama
1996
Alaska
1996
Arizona
1995
Arkansas
1996
California
1995/2000
Los Angeles
1992
San Francisco-Oakland
1973
San Jose-Monterey
1992
Colorado
1995
Connecticut
1973
Delaware
1997
District of Columbia
1996
Florida
1995
Georgia
1995
Atlanta
1975
Hawaii
1973
Idaho
1995
Illinois
1995
Indiana
1995
Iowa
1973
Kansas
1995
Kentucky
1995/2000
Louisiana
1995/2000
Maine
1995
Maryland
1996
Massachusetts
1995
Michigan
1995
Detroit
1973
Minnesota
1995
Mississippi
1996
Missouri
1996
Montana
1995
NPCR-CSS Data Release Policy
Rev. January 2009

25

Federal Funding Source
NPCR
NPCR
NPCR
NPCR
NPCR/SEER
SEER
SEER
SEER
NPCR
SEER
NPCR
NPCR
NPCR
NPCR
SEER
SEER
NPCR
NPCR
NPCR
SEER
NPCR
NPCR/SEER
NPCR/SEER
NPCR
NPCR
NPCR
NPCR
SEER
NPCR
NPCR
NPCR
NPCR

Appendix E
First Diagnosis Year for
Which Cancer Cases
State, Metropolitan Area, or
Were Reportable to
Territory
NPCR or SEER*
Nebraska
1995
Nevada
1995
New Hampshire
1995
New Jersey
1995/2000
New Mexico
1973
New York
1996
North Carolina
1995
North Dakota
1997
Ohio
1996
Oklahoma
1997
Oregon
1996
Pennsylvania
1995
Puerto Rico
1998
Rhode Island
1995
South Carolina
1996
South Dakota
2000
Tennessee
1999
Texas
1995
United States Pacific Island
Jurisdictions
Planning
Utah
1973
Vermont
1996
Virginia
1996
Washington
1995
Seattle-Puget Sound
1974
West Virginia
1995
Wisconsin
1995
Wyoming
1996

Federal Funding Source
NPCR
NPCR
NPCR
NPCR/SEER
SEER
NPCR
NPCR
NPCR
NPCR
NPCR
NPCR
NPCR
NPCR
NPCR
NPCR
NPCR
NPCR
NPCR
NPCR
SEER
NPCR
NPCR
NPCR
SEER
NPCR
NPCR
NPCR

* Diagnosis year is the year during which a reported cancer case was first diagnosed.
CDC = Centers for Disease Control and Prevention
NCI = National Cancer Institute
NPCR = National Program of Cancer Registries
SEER = Surveillance, Epidemiology, and End Results

NPCR-CSS Data Release Policy
Rev. January 2009

26

Appendix F
National Program of Cancer Registries
Cancer Surveillance System
Data Sharing Agreement
It is of the utmost importance to insure the confidentiality of individuals diagnosed with cancer
when information about their cancer is entered into a data base for the purpose of establishing a
research resource. In order to protect this data, CDC has obtained an Assurance of
Confidentiality under Section 308(d) of the Public Health Service Act (42 U.S.C. 242m(d)),
which provides that this data can only be used for the purpose for which it was obtained. In
utilizing data on such individuals for research purposes, it is absolutely necessary to insure, to
the extent possible, that uses of such data will be limited to research; any effort to determine the
identity of any reported cases, or to use the information for any purpose other than for health
statistical reporting and analysis, would be prosecuted to the full extent of the law.
The Division of Cancer Prevention and Control (DCPC) does all it can to assure that the identity
of data subjects cannot be disclosed. All direct identifiers, as well as characteristics that might
lead to identifications, are omitted from the data set. Nevertheless it may be possible in rare
instances, through complex analysis and with outside information to ascertain from the data set
the identity of particular persons. Considerable harm could ensue if this were done.
In order for the DCPC to provide a restricted dataset to you, it is necessary that you agree to the
following provisions:
1.
I will not use nor permit others to use the data in any way other than for statistical
reporting and analysis;
2.
I will not release nor permit others to release the data sets or any part of them to any
person except with the written approval of DCPC;
3.
I will not attempt to link nor permit others to link the data set with individually
identifiable records from any other CDC or non-CDC data set;
4.
I will not attempt to use the data sets or permit others to use them to learn the identity of
any person or establishment included in any set; and
5.
If the identity of any person or establishment should be discovered inadvertently, then
a)
no use will be made of this knowledge,
b)
the Director of the DCPC will be notified of the incident,
c)
the information that would identify an individual or establishment will be
safeguarded or destroyed as requested by DCPC, and
d)
no one else will be informed of the discovered identity.
In addition, I will make every effort to release all statistical information in such a way as to avoid
inadvertent disclosure. For example:
•
No figure, including totals, should be less than 6 in tabulations, unless it is a tabulation
routinely published by DCPC.
•
No data on an identifiable case should be derivable through subtraction or other
calculation from the combination of tables in a given publication.
•
No data should permit disclosure when used in combination with other known data.

NPCR-CSS Data Release Policy
Rev. January 2009

27

Appendix F
My signature indicates my agreement to comply with the above stated provisions with the
knowledge that deliberately making a false statement regarding any matter within the jurisdiction
of any department or agency of the Federal Government violates 18 USC 1001 and is punishable
by a fine up to $10,000 or up to five years in prison.
__________________________________________________________________
Signature
Date
Print or type name
Title
Organization

__________________________________
__________________________________
__________________________________

Mailing Address

__________________________________
__________________________________
__________________________________
__________________________________

Telephone
Fax
E-mail

__________________________________
__________________________________
__________________________________

Proposed use:

Please return completed form to:
Attention Mr. Joseph Rogers
Division of Cancer Prevention and Control
National Center for Chronic Disease Prevention and Health Promotion
Centers for Disease Control and Prevention
4770 Buford Hwy, N.E., Mailstop K-53
Atlanta, GA 30341-3724
Phone: (770) 488-4783
Fax: (770) 488-4759

NPCR-CSS Data Release Policy
Rev. January 2009

28

Appendix G

Data Items for Restricted-Access Data Sets (RADS)
The restricted access data sets are individual case-specific data from the NPCR-CSS data set.
The data items to be included are listed below.

Name
Demographic Data Items
Patient ID Number
Address at Diagnosis—State
Address at Diagnosis—Census Region

Status [NAACCR Data
Item number listed in
brackets]

Spanish/Hispanic Origin
NHIA Derived Hispanic Origin
Sex

[20]
[80]
Derived based upon [80]
Derived based on [160],
[161] and [192]
[190]
[191]
[220]

NPCR Age at Diagnosis

Derived based upon [230]

NPCR Age Recode

Derived based upon [230]

NPCR Race Recode

NPCR Birth Date

Derived based upon [240]

Cancer Identification Data Items
Sequence Number—Central

[380]

NPCR Date of Diagnosis

Derived based upon [390]

Primary Site
Laterality
Grade
Diagnostic Confirmation
Type of Reporting Source
Histologic Type ICD-O-3
Behavior Code ICD-O-3
NPCR Behavior Recode for Analysis

[400]
[410]
[440]
[490]
[500]
[522]
[523]
Derived based upon [523]
Derived based upon [400]
and [522]
Derived based upon [400]
and [522]
Derived based upon [400]
and [523]

SEER Incidence Site Recode
SEER Incidence Site Recode with
mesothelioma and Kaposi sarcoma
SEER International Classification of
Childhood Cancer (ICCC) Recode

NPCR-CSS Data Release Policy
Rev. January 2009

29

Notes

Only in sRADS

Age over 99 will be
recoded.
Only year will be
provided; if age is over
99, then year of birth will
be recoded.

Day of diagnosis will not
be provided.

Appendix G

Status [NAACCR Data
Item number listed in
brackets]

Data Item
Stage/Prognostic Factors Data Items
SEER Summary Stage 2000
SEER Summary Stage 1977
CS Extension
CS Lymph Nodes
CS Mets at DX
CS Site-Specific Factor 1
CS Site-Specific Factor 3
CS Version 1st
CS Version Latest
Derived SS2000
Derived SS2000—Flag
Derived SS1977
Over-ride Flags
Over-ride Age/Site/Morph
Over-ride SeqNo/DxConf
Over-ride Site/Lat/Sequence Number
Over-ride Site/Type
Over-ride Histology
Over-ride Report Source
Over-ride Ill-define Site
Over-ride Leuk,Lymphoma
Over-ride Site/Behavior
Over-ride Site/Lat/Morph

[759]
[760]
[2810]
[2830]
[2850]
[2935]
[2900]
[2935]
[2936]
[3020]
[3050]
[3010]
[1990]
[2000]
[2010]
[2030]
[2040]
[2050]
[2060]
[2070]
[2071]
[2074]

NPCR-CSS Data Release Policy
Rev. January 2009

30

Notes


File Typeapplication/pdf
File TitleMicrosoft Word - Appendix cover pages.doc
Authorhbw4
File Modified2009-07-24
File Created2009-07-24

© 2024 OMB.report | Privacy Policy