Confidentiality must be maintained when obtaining patient data, especially follow-up information. Cancer registries must have policies and procedures approved by the cancer committee or governing body, including a procedure for both written and verbal contacts, and in compliance with federal and state law and hospital policy

In the past, follow-up information has been obtained by cancer registry staff pretending to be representatives of organizations other than the hospital and central registry. This method of obtaining follow-up information is both unethical and illegal. The National Cancers Registrars Association's Code of Ethics also addresses the issues of confidentiality and staff conduct. The North American Association of Central Cancer Registries (NAACCR) has developed a very comprehensive Data Security and Confidentiality PolicyExternal Website Policy (PDF).