Patient groups oppose NHSE plans for unified clinical registry platform

Patient groups for people with blood disorders have raised concerns about NHS England’s plans to consolidate the country’s clinical registries in a single platform.

There are more than 100 clinical registries in England – many set up by individual clinicians – designed to understand specific medical conditions or groups of patients.

In 2022, NHSE announced plans to combine more than 37 clinical registries in a single unified registry solution called the NHS England Outcome Registries Platform (ORP).

The platform is intended to fulfil recommendations of the Paterson Inquiry (2020) and the Independent Medicine and Medical Device Safety Review (2020), to collect details of the implantation of medical devices to measure patient outcomes.

The tender for the ORP contract, worth £969,544, was won by software provider NEC Software Solutions UK in February 2023.

Three clinical registries went live in the ORP in March 2024: the major trauma registry, the breast implant registry and the cochlear implants registry, with seven more expected to go live in summer 2024.

However, the Haemophilia Society and stem cell transplant charity Anthony Nolan are among patient groups to express opposition to the plans.

Yasmin Sheikh, head of policy and public affairs at Anthony Nolan, told Digital Health News: “While we welcome data improvement and innovation, there’s been a concerning lack of transparency and engagement from the Outcomes Registries Programme so far.

“There needs to be much more consultation about any future changes with patient organisations and the clinical community, to ensure this work truly meets the needs of each clinical area”.

She added that it is “crucial that the programme works closely with the federated data platform and secure data environments programmes, ensuring that none of this work is happening in silo.”

Meanwhile, Kate Burt, chief executive of the UK Haemophilia Society, Nigel Hamilton, chair of Haemophilia Northern Ireland and Alan Martin, director of Haemophilia Scotland have written a joint letter to Professor Stephen Powis, national medical director for NHSE, raising concerns about patient safety.

In the letter dated 6 June 2024, seen by Digital Health News, they express strong opposition to the National Haemophilia Database (NHD), which is currently run by the UK Haemophilia Centre Doctors’ Organisation, being subsumed by the ORP.

They note that recommendations from Sir Brian Langstaff, chair of the Infected Blood Inquiry, published on 20 May 2024, highlight the need for the NHD to continue to operate outside the NHS and request that NHSE “immediately halt any plans for taking over the NHD”.

“There has been no consultation with the patient organisations or the NHD and no business case has been presented.

“We therefore have no confidence that patient records would be protected or that ORP understands the scope and complexity of the NHD,” the letter says.

The Federation of Clinical Registries (FCR), a group of clinicians who manage clinical registries, says there has not been proper engagement or scrutiny on the ORP and there has been no consultation with the existing providers of clinical registries.

Its members say that the platform is vulnerable to cyber attack because it is accessible to the public rather than being located on the secure Health and Social Care Network (HSCN) and fails to meet NHS security standards because it is not protected by multi-factor authentication (MFA).

Ken Dunn, chair of the FCR told Digital Health News that clinical registry providers have experienced “huge difficulties” finding out about the ORP plans from NHSE.

“We have clinicians, IT people and admin staff around the country being told by NHSE that they need to access this system to put in a lot of sensitive patient detail, but what happens if the insecurity of the system allows access to the data by hackers?” Dunn added.

Responding to concerns, a spokesperson for NHSE said: “The tracking and monitoring of devices and implants is crucial for patient safety.

“NHSE is committed to meeting the highest standards in cyber security and data protection, and the ORP meets all appropriate security standards.”

They added that when the ORP contract was awarded, MFA was not a requirement for externally facing internet-based systems, but this will be in place by July 2024.

All the organisations eligible to submit data to the ORP are not connected to HSCN, but all technical, operational and procedural security controls are endorsed within the ORP’s system level security policy, they said.

A spokesperson from NEC Software Solutions UK told Digital Health News that the contract for the ORP platform was awarded under the Crown Commercial Service Vertical Application Framework and they have delivered it in accordance with NHSE’s security and data protection requirements.

At the time of publication the Haemophilia Society had not received a response to its letter to NHSE.