NHS Digital Data Release Register - reformatted
Nec Software Solutions Uk Limited projects
1 data files in total were disseminated unsafely (information about files used safely is missing for TRE/"system access" projects).
Opt outs honoured: No - data flow is not identifiable, Anonymised - ICO Code Compliant, No (Consent (Reasonable Expectation))
Legal basis: Health and Social Care Act 2012 – s261(1) and s261(2)(b)(ii), Health and Social Care Act 2012 s261(1) and s261(2)(b)(ii), Health and Social Care Act 2012 - s261 - 'Other dissemination of information'
Purposes: (Supplier, Commercial)
Sensitive: Non Sensitive, and Non-Sensitive
When:2020.08 — 2021.01. DSA runs 2020-04-20 — 2021-04-19
Access method: Ongoing
Data-controller type: NORTHGATE PUBLIC SERVICES (UK) LIMITED, NEC SOFTWARE SOLUTIONS UK LIMITED
Sublicensing allowed: No
- Patient Reported Outcome Measures (Linkable to HES)
The purpose of collecting the data is service evaluation. Northgate Public Services (NPS) are the data controller for the NHS Digital data supplied under this agreement for the purposes set out below. They specialise in integration of IT and network technologies that can be used to benefit people and businesses worldwide, including health and social care. NPS have designed the data collection platform and the reports that will be disseminated. It is NPS that collate, aggregate, analyse and disseminate data needed during the assessment process. Access to the platform is offered by Northgate to the implant manufacturers who have products registered with the Beyond Compliance Service on an annual subscription-basis.
Beyond Compliance is a service to support the safe and stepwise introduction of new or modified implantable medical devices.
An independent panel of experts, known as the Beyond Compliance Advisory Group, who are governed by a Beyond Compliance Steering Committee, work with the implant manufacturer to assess the relative risk of any new product, and the rate at which it should be introduced to the market. The service collects data about patients who receive these implants and about their recovery following surgery.
This data is made available to clinicians using the implant, to the manufacturer, and to independent assessors from the Beyond Compliance Advisory Group, to provide real-time monitoring of the implant’s performance. The clinicians who agree to joining the advisory group are drawn from the most experienced and respected members of their field.
Beyond Compliance is the name of the platform created, the service provided, and there is also a Steering Committee and an Advisory Group.
The linkage requested under this agreement is justified in line with Article 6 (1)(F) of the GDPR; This work is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. As set out in the legitimate interest assessment that Northgate Public Services have undertaken - the data requested is to help achieve the following: Aid and assist The Beyond Compliance service which has been set up in the interest of patients, to support the safe and stepwise introduction of new or modified medical implants such as joint replacements. This is done by supporting surgeons’ and manufacturers’ close scrutiny of the performance of their implants in their early years of use. This is principally achieved through the collection of various data describing the types of surgery, details of the devices and characteristics of the patients. The outcome of the device is monitored for signs of excessive early revision and lower than expected PROMs scores (based on same-in-class industry standard benchmarks). As all NHS funded patients in England and Wales undergoing hip or knee replacement are asked to complete a pre and post-operative questionnaire, the Beyond Compliance service is requesting access to this valuable information for the purposes already specified and to reduce the burden of data collection on the patients by avoiding having to ask them to complete multiple copies of the same PROMs instruments.
The data is also required for service evaluation purposes - meeting the conditions outlined as per Article 9 (2)(I) of the GDPR. Processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy. Northgate Public Services are carrying out service evaluation work and quality checking work as described in this agreement to investigate how the safety of implants can or should be improved.
Northgate Public Services (NPS) is a commercial entity, providing a technology platform for the provision of the Beyond Compliance service. Beyond Compliance as as service was introduced in 2012, by the Association of British Healthcare Industries (ABHI), the British Orthopaedic Association (BOA) and the Medicines & Healthcare products Regulatory Agency (MHRA), as a service available to manufacturers of implants used for joint replacements, such as total hip or total knee replacements, which supports their safe introduction. The Beyond Compliance service is a service available to implant manufacturers (themselves commercial entities) wishing to enhance the safety and vigilance of the entry of a new or modified CE (European Conformity) marked product into the UK market. CE Marking is a declaration that a product complies with the essential requirements of the relevant legislation so that it may be marketed in Europe. A modified CE product is one which is an existing product that has been substantially modified so as to be considered "new". The service provides analysis of on-market implant performance to implanting surgeons, independent expert advisors, and the implant manufacturer who collectively monitor the implant. NPS collects information about patients who receive these implants and then tracks their post-surgical progress and provide reports to Beyond Compliance that illustrate whether each new design or design modification is performing as required.
The Northgate system allows for the collection, analysis and reporting of information on (orthopaedic) implants in order for their performance and safety to be monitored and assessed during their introduction to the market (required of all implant manufacturer’s Post Market Surveillance activities as defined by the Medical Device Regulations). The charges Northgate makes for the provision of its services are direct to the device manufacturers who fully fund the costs of running the programme. The addition of PROMs data to this service will not attract any additional changes and therefore provide no commercial benefit to Northgate.
To support and enable the monitoring of implants registered as part of the Beyond Compliance Service, NPS has developed a Beyond Compliance platform for the secure collation, aggregation, analysis and dissemination of data needed during the assessment process. Access to this platform is offered by NPS to implant manufacturers with products in the Beyond Compliance Service on an annual subscription-basis, to support their monitoring of implant performance.
Beyond Compliance is governed by a Steering Committee, chaired by the National Clinical Director for Musculoskeletal Services, NHS England. The BC Steering Committee has responsibility for ensuring buy-in and involvement of representatives of all stakeholder groups. Membership of the BC Steering Committee is made up of an independent group of orthopaedic experts, including representatives from: Department of Health, Patient representative, Lay representative, Notified Bodies, Association of British Healthcare Industries, British Hip Society, National Joint Registry, British Orthopaedic Association, NHS Supply Chain, British Association for Surgery of the Knee, Medicines and Healthcare products Regulatory Agency (MHRA) who are the Secretariat for the BC Steering Committee. The Steering Committee has responsibility for ensuring representatives of all the stakeholders are involved.
The objective of processing is for Northgate Public Services to provide the Beyond Compliance Advisory Group (and accompanying service) and the implant manufacturer with the mechanism to assess the patient reported outcomes of patients receiving an implant (within the Beyond Compliance service) in comparison to the national average procedure-specific scores to monitor implant performance, and to flag any areas where patient outcomes report to be statistically significantly worse than the expected.
Northgate Public Services are the data controller and processor of the data collected and processed by the service. Beyond Compliance is the name of the project commissioned by NPS.
Implant risk assessment and on-going safety monitoring is undertaken by the Beyond Compliance Advisory Group. http://www.beyondcompliance.org.uk/About/Committees/TheAdvisoryGroup.aspx.
The role of the Advisory Group is:
• To offer advice to industry on a voluntary basis.
• To act as an independent data monitoring committee for clinical follow-up data on new or modified products within the Beyond Compliance Service.
The Beyond Compliance Advisory Group reports to the Steering Committee.
Surgeons who decide to use an implant that is registered with the Beyond Compliance Service are authorised by the manufacturer for the specific implant. To be accepted as an implant within Beyond Compliance Service, the manufacturer and the Beyond Compliance Advisory Group agree and sign a Risk Assessment which includes a commitment by the manufacturer that: "The manufacturer understands that surgeons who use a device registered with the Beyond Compliance Service will have to obtain specific consent from each patient for the use of personal data held within the Beyond Compliance platform. This is in addition to the consent for operation and consent for the National Joint Registry."
In terms of the governance and commercial position of the Beyond Compliance Service, all data describing the performance of implants are scrutinised by an independent Advisory Group drawn from healthcare professionals (surgeons), who are experienced and respected members in their field and who work with the implant manufacturer to assess the risk of any new product. Based upon this risk, the Advisory Group and the manufacturer agree the most appropriate way for the product to be introduced into the market. The Group will consider the rate of introduction of the product and will also review the specialist training to be provided to surgeons. The Beyond Compliance Advisory Group give their time voluntarily, and they have no commercial ties with the implant manufacturer.
The surgeons who volunteer to assess and monitor implants claim expenses for attending risk assessment meetings from SCCL (Supply Chain Coordination Limited), who also provides their legal indemnity and general administrative support.
The only “commercial” relationship that exists is between Northgate and the implant manufacturers and is for the provision of the IT and data services on which the surgeons rely for their assessments and monitoring.
The governance of BC comprises a steering committee which meets every quarter and comprises the following as its members:
· British Orthopaedic Association
· Industry representative (manufacturer)
· Chair of the Advisory Group (see below)
Under this is the Advisory Group which is chaired by a retired orthopaedic Surgeon and functions as the means by which new implants are initially risk assessed (presentations by manufacturers to surgeon rapporteurs) and reviews the latest data on implant performance across all BC implants. It meets monthly and issues official minutes which are approved by SCCL.
In addition to the collection of data on the type of implant used and outcomes such as death, revision and PROMs, the service also has the legal (by means of its consent wording) and technical ability to carry out bespoke patient surveys. Previously BC has surveyed patients who had received a particular knee implant following evidence within the data of a higher than expected rate of revision. The system also collects x-rays and the results of explant analysis (where a BC implant has been removed).
In addition to looking at the survivorship of implants (revision), BC also carries out bespoke patient surveys and long term PROMs follow up (up to 10 years) to evaluate how patients are living with their implants in terms of satisfaction and ADL. The service therefore informs surgeons on best practice and best products in the market.
Only participants recruited on later versions of the consent material (v1.7 onwards) are the subject of the cohort for this agreement.
The cohort comprises all patients who received an orthopaedic implant (hip, knee or shoulder) since the 1st June 2018, that was registered with Beyond Compliance (https://www.beyondcompliance.org.uk/) at the time of implantation and who consented to share their personal data for (amongst other things) the purposes specified within this application i.e. use of their personal data to link their Beyond Compliance record to their PROMs record (if present within the national NHS PROMs dataset).
Through its independence and collaborative approach, the Beyond Compliance Service has realised some significant benefits in effecting changes to product introduction. These include: - Discovery of significant factors, hitherto unknown, affecting patient outcomes - Changes to product design features - Change of indication for use and contraindication - Changes to instruments and instrument box contents - Revised Instructions for use, surgical technique, package inserts and labelling Working with the Beyond Compliance Service, manufacturers can make considered and informed changes during a product’s market introduction. Such changes may be small or large but will be evaluated and monitored carefully to maintain patient safety and aim to ensure an implant is used to best effect. With closer, independent scrutiny, greater assessment of product risk prior to market introduction, ongoing assessment of data collected independent of the manufacturer, and sharing of early stage results across all user surgeons, there is little question that the Beyond Compliance Service significantly enhances assurance that product innovations are being introduced in a risk-proportionate way
The close monitoring of new or modified implants has significant benefits to patients and to the health and social care system. It is the objective of the Beyond Compliance Service to support the responsible and safe introduction of new or modified orthopaedic implants into the UK market, and to provide an additional level of scrutiny to these products during the early stages of product introduction. The Beyond Compliance Service aims to identify implant-related failures as early as possible, and to work collaboratively with the implant supplier to scrutinise implant performance data, taking swift action to investigate and remedy issues highlighted through the data collected. Such remedies may ultimately result in implants being withdrawn from the market prior to wide-scale adoption.
In summary, the benefits gained from the Beyond Compliance Service are: -
• Enhanced and objective monitoring of orthopaedic implant performance that provides greater safety to patients
and assurance to health professionals in order to:
o detect potential issues sooner, to implement solutions earlier and
o expose fewer patients to any unnecessary risk,
• Supporting innovation of new implant technology coupled to increased patient protection, guided by expert
• Independent assessment of the relative risk of new implants and the recommended rate at which they should be introduced to the NHS through ongoing service evaluation,
• Supporting and encouraging peer governance over orthopaedic advances
• Building confidence in, and adoption of, improved orthopaedic implants that benefit patients, healthcare providers and the national economy.
Northgate Public Services will provide Implant Summary Reports on a monthly basis about specific Beyond Compliance Implants. The reports will detail implant performance and outcome and inform authorised stakeholders of this. A certain section of the reports will contain data that is derived from PROMs, however it will only take the form of aggregated data with all small numbers suppressed in line with the HES Analysis Guide. The first reports containing the PROMs data is expected for release from April 2018 onwards.
The Implant Summary Reports are made accessible to
• Designated independent assessors who are responsible, as members of the Beyond Compliance Advisory Group, for leading the safety monitoring process for each implants
• Surgeons who use the implant and are registered with Beyond Compliance Service by the implant manufacturer
• Nominated personnel within each implant manufacturer.
The section containing the PROMs data will report on the following information:
a) Overall PROMs
- Mean pre-operative and six month Oxford Hip/Knee, EQ-5D, and EQ-VAS scores for the Beyond Compliance implant and
comparator group, together with mean Health Gain (six month minus pre-operative score), and the percentage of patients with an improved vs. unchanged/worsened score are tabulated.
b) Success and Satisfaction
- The proportion of patients giving each of the five possible responses is plotted for both the Beyond Compliance implant and for all other implants in that product category is plotted for the following questions:
o Success: "Overall, how are your problems now, compared to before your operation?"
o Satisfaction: "How would you describe the results of your operation?"
The Implant Summary report is distributed to those authorised users listed above via the Beyond Compliance service and platform.
These authorised users may only download the reports when they are logged in to their secure account on the Beyond Compliance platform.
The implant summary reports are the basis for the ongoing assessment of the implant’s safety performance
All organisations party to this agreement must comply with the Data Sharing Framework Contract requirements, including those regarding the use (and purposes of that use) by “Personnel” (as defined within the Data Sharing Framework Contract ie: employees, agents and contractors of the Data Recipient who may have access to that data).
Data that is disseminated under this agreement will only be used for the purposes stated. The data will only be linked to data as stated in this agreement.
Any proposed change in the use of the data would require a new application.
Where a patient has provided consent to share their PROMs data with NPS for the purpose of delivering the Beyond Compliance Service implant monitoring service, NPS will, request associated PROMs data for the patient from NHS Digital.
To identify patients who have given consent to Beyond Compliance, for each consented patient, NPS will provide NHS Digital with the following data:
• BC Index Number (Study ID)
• NHS number
• Date of birth
• Post code
Where NHS Digital finds a matching PROMs record for this patient, they are requested to provide back to NPS the following data:
• BC Index Number (Study ID)
• All orthopaedic (Hip & Knee) PROMs data
• All EQ-5D and EQ-VAS scores (contained within PROMs)
• All Oxford Hip or Knee scores (contained within PROMs)
Upon receipt of this data from NHS Digital, NPS will link the PROMs data with the corresponding patient record and store this data within the Beyond Compliance system. The linking is completed at the patient level in order to ensure that the correct PROMs scores are analysed and reported upon. For example, the pre-operative and post-operative reports relate to the same patient and implant. The analysis will then summarise the PROMs data and outputs will be aggregated with small numbers suppressed inline with the HES analysis guide. It will not be possible to identify any individual patients from the outputs made using the data provided by NHS Digital.
Beyond Compliance currently collects data from England, Wales and Northern Ireland - however for the purposes of linkage it will be ensured that only Beyond Compliance identifiers for patients with postcodes in England will be sent to NHS Digital. No further PROMs data from outside England is being requested and no separate linkages will be taking place.
All processing of the data will take place at Northgate Public Services. All those processing the data are substantive employees of Northgate Public Services.
Northgate Public Services will process the PROMs data provided by NHS Digital to report comparisons, for each available PROMs measure, between the specific implant and the national average procedure, specific scores to show:
- Mean scores reported,
- Health Gain achieved,
- Percentage patients who are improved, unchanged or worsened
- Success rates,
- Satisfaction rates.
The Beyond Compliance platform is only available to authorised users. Each person has an individual account that is set up by Northgate Public Services that can be accessed only by a secure password that is confidential to themselves.
Gyron Internet Limited are the NPS data centre providers. Gyron provides the data centre facility, namely the location, building/data centre fabric, racks, power, cooling and selected "hands on" services. Gyron also provide the network switches for the Secure Shared Environment (SSE). However, Gyron have no access to NPS systems for management purposes as all of the switch configuration is stored, managed and accessed by NPS.
Gyron is ISO-IEC 27001:2013 certified, and both the Hemel and Slough Gyron data centers used by NPS are also Police Assured Secure Facility (PASF) approved. Gyron do not have access to any data.
The data will not be made available to any third parties except in the form of aggregated outputs with small numbers suppressed - this will apply to all PROMs data provided by NHS Digital.
PROMS terms and Conditions will be adhered to.
HQIP have no role within Beyond Compliance but they are the Data Controller for the National Joint Registry (NJR) data. The primary source of Beyond Compliance’s implant data is the National Joint Registry. Beyond Compliance provides the NJR with the product codes of the implants it is monitoring and when these are detected within the NJR system a copy of certain specified fields from these records is transferred to the BC system. Where a patient has consented to BC this information also includes personal data which enables BC to link these records to other data (NHS PROMs) and to contact the patient for additional PROMs or bespoke patient surveys. Where consent is not given, no personal data is transferred. All transfers of data are subject to a data sharing agreement (DSA) between Northgate and HQIP (the respective data controllers). As part of the DSA, NJR also provides benchmarks based on implant types which enables BC to make comparative assessments of its subscribed implants against expected values.
Only participants recruited on later versions of the consent material (v1.7 onwards) are the subject of the cohort for this agreement. c) The cohort comprises all patients who received an orthopaedic implant (hip, knee or shoulder) since the 1st June 2018, that was registered with Beyond Compliance (https://www.beyondcompliance.org.uk/) at the time of implantation and who consented to share their personal data for (amongst other things) the purposes specified within this application i.e. use of their personal data to link their Beyond Compliance record to their PROMs record (if present within the national NHS PROMs dataset).