Skip to main content

National Imaging Registry (NIR) Governance

Governance for the National Imaging Registry is in place to make sure the service is safe, secure, lawful and clinically appropriate to use.

Overview

Governance for the National Imaging Registry (NIR) is in place to make sure the service is safe, secure, lawful and clinically appropriate to use.

NIR does not remove or replace the data controller responsibilities of participating healthcare organisations. Each organisation remains responsible for the patient information it makes available, retrieves, stores or uses through NIR, and for ensuring this is managed in line with its local information governance, data protection and clinical safety arrangements. The NIR data sharing agreement that all NIR users must sign up to clearly sets out roles and responsibilities.

Suppliers or health IT vendors supporting the connection to NIR must continue to meet their responsibilities as data processors, or in any other role agreed through local contracts and governance arrangements. This includes maintaining appropriate security controls, supporting safe integration, protecting patient data, managing incidents appropriately, and ensuring their products and services continue to operate safely and effectively. The NIR connection agreement that all suppliers must sign up to clearly sets out roles and responsibilities.

Therefore, NIR governance operates at two levels:

  1. Governance of the NIR product
    NHS England in its system delivery function assures the NIR product through national product governance, including the DCB0129 clinical safety approval process, information governance review, data protection, cyber security, service management and technical assurance.
  2. Governance of organisations and suppliers connecting to NIR
    Assurance is sought by NHSE as part of the onboarding governance process for the NIR. Healthcare organisations and suppliers connecting to NIR must have appropriate local governance in place before live access is enabled.

Together, these controls provide assurance that NIR can support the secure sharing of diagnostic imaging information for direct patient care.

Keeping patient data secure

NIR is one of the services established under the Secretary of State’s Digital Interoperability Platform (DIP) Directions 2019. These directions gave NHS England the authority to develop and operate the IT applications, infrastructure and systems required to deliver direct care platforms to enable systems to query and retrieve patient information for agreed direct care purpose.

The legal framework for sharing personal confidential data in health and care includes the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act 2018, UK GDPR and the Human Rights Act. The law allows personal data to be shared between those providing direct care and also supports patient rights to confidentiality and opt-out.

NIR does not replace local systems or create a new shared care record. It provides a secure way for authorised systems to access imaging information from participating organisations and their clinical teams, where there is a valid care reason to do so.

These controls help make sure patient imaging and report information is shared safely, appropriately and only with the people who need it to support care.


Clinical safety

NIR follows national NHS clinical safety standards.

The NIR API is assured by NHS England under DCB0129, which applies to the manufacture, design and development of health IT systems. This includes the NIR clinical safety case, hazard management and the controls required for the NIR product.

Suppliers connecting to the NIR must also complete their DCB0129 prior to connection, to ensure their product is clinically safe and meets the standards for a clinical IT system.

Healthcare organisations deploying and using NIR locally are responsible for their DCB0160. This standard applies to the local deployment and use of health IT systems in a care setting. Local organisations must make sure NIR is implemented safely within their own workflows, governance arrangements and operating model.

What NHS England is responsible for

NHS England is responsible for the national clinical safety assurance of the NIR API product. This includes:

  • maintaining the NIR DCB0129 clinical safety case
  • managing the national NIR hazard log
  • identifying and managing product-level clinical risks
  • providing clinical safety documentation to support local deployment
  • maintaining service-level controls, including incident and escalation processes
  • assuring changes to the NIR product through appropriate clinical safety governance

Documentation evidencing this activity is provided below and should be used to assist in completing local clinical safety documentation.


Clinical safety documentation

The NIR Hazard Log sets out the hazards identified for the NIR and provides supporting information for organisations completing their own local hazard management process.

It includes:

  • DCB0129 hazards identified and managed by NHS England for the NIR product
  • DCB0160 considerations for participating organisations to review, assess and manage as part of their local deployment and use of NIR

Organisations and suppliers should use this hazard log to support their local clinical safety assessment, update their own hazard log where relevant, and confirm that appropriate controls are in place before using NIR.

The NIR Clinical Safety Case Report provides the clinical safety case for the National Imaging Registry under DCB0129.

It describes how NHS England has assessed and managed clinical safety risks for the NIR product, including the hazards, mitigations and controls identified through the national clinical safety process.

Participating healthcare organisations should use this report to support their local DCB0160 assessment and confirm that NIR is deployed safely within their own clinical workflows.

Suppliers should use the report to understand the clinical safety assurance completed by NHS England for the NIR product and how this may affect their own system, integration and onboarding activity.

The Clinical Risk Management Plan sets out the clinical risk management process for NIR, including how clinical risks are identified, assessed, controlled and communicated throughout the product lifecycle. It also explains how the DCB0129 is applied to support safe development, assurance and ongoing management of the service.

Participating healthcare organisations should use this plan to support their local DCB0160 assurance. This includes reviewing the relevant hazards and controls, and considering how they apply to local workflows.

Suppliers should use this document to understand the national DCB0129 clinical risk management approach for the NIR product, including the identified product-level hazards, controls and safety requirements that may affect their integration.

 


Deployment safety responsibilities

NHS England provides national clinical safety assurance for the NIR product under DCB0129.

In turn, suppliers and participating healthcare organisations must use this national assurance to support their own NIR deployment activity.

This means suppliers and organisations should review the relevant NIR safety information and consider how it applies to their local organisations and companies.

This includes making sure that:

  • users are appropriately trained
  • role-based access control is mapped to local clinical roles
  • standard operating procedures are in place
  • local workflows have been validated
  • business continuity and fallback arrangements are understood
  • partial, failed or unavailable results are handled safely
  • metadata and patient identification processes are checked
  • incidents and clinical safety concerns can be reported and escalated
  • supplier integrations have been tested and shown to behave safely
Supplier deployment responsibilities

Supplier deployment assurance

Suppliers connecting to NIR must support safe local deployment by ensuring their integration is correctly configured, tested and clinically assured before go-live.

This includes confirming that patient identification, metadata mapping, image and report retrieval, error handling, access controls and audit logging work as expected.

Suppliers must be able to demonstrate that their connection to NIR is clinically safe and that their product continues to meet expected standards for a clinical IT system under DCB0129.

Suppliers must also support participating organisations with the information they need for local clinical safety, information governance, SOPs, training and go-live readiness.

Core responsibilities include:

  • interoperability and configuration
  • degraded modes and fallback behaviour
  • providing training materials
  • clinical safety hazards and mitigations
  • incident and escalation processes
  • changes that may affect the NIR integration
  • local clinical safety sign-off by the company’s Clinical Safety Officer
Healthcare organisations deployment responsibilities

Healthcare organisation deployment assurance

Participating healthcare organisations using NIR must complete local deployment assurance before the service is used in a live care setting.

Imaging Networks and collaboratives may coordinate IG, clinical safety and deployment assurance activity on behalf of participating organisations where agreed locally. However, responsibility remains with the participating data controllers.

This includes confirming that NIR is safely embedded into local clinical workflows, governance arrangements and operational processes, and that a local DCB0160 clinical safety assessment is in place.

Healthcare organisations remain responsible for how NIR is deployed and used within their clinical environment, including ensuring staff understand when and how to use the service, and what to do if information is incomplete, unavailable or does not match the patient context.

Core responsibilities include establishing:

  • how NIR is deployed and used locally
  • local workflows and standard operating procedures
  • execution of staff training and adoption
  • role-based access control
  • operational governance
  • local incident management
  • local clinical safety sign-off by the organisation’s Clinical Safety Officer

NIR’s national DCB0129 assurance provides a baseline for the product, but it does not replace the need for local DCB0160 assurance. A DCB0160 template which includes key NIR clinical safety information is provided, and should be further tailored to the healthcare context.

Duplicate imaging policy

The NIR duplicate imaging policy supports local deployment assurance by helping healthcare organisations consider how externally sourced imaging will be handled once it is retrieved through NIR and used within local systems.

As part of deployment assurance, organisations should confirm how imported external imaging will be identified, presented and managed within local clinical workflows. This includes making sure it is clearly distinguishable from locally created studies, handled in line with local IG, records management and clinical governance arrangements, and not re-shared back to NIR as though it were a new local study.

The policy supports safe deployment by reducing the risk of duplicate imaging causing clinical confusion, unnecessary storage growth or onward sharing loops.

The policy can be found in full under the heading Essential deployment templates.


Essential clinical safety templates

NIR Clinical Safety Guidance explains why organisations are required to complete a clinical safety assessment for NIR, how this supports the NIR programme and NHS statutory clinical safety requirements.

The NIR Clinical Safety Case Report template provides a tailored NIR specific template to support clinical safety case reporting for NIR deployment. Healthcare organisations can use this to understand the expected structure and evidence required for local deployment assurance.


Information governance

NIR’s information governance approach is designed to support lawful, secure and appropriate sharing of diagnostic imaging information for direct patient care.

NIR is one of the services established under the Secretary of State’s Digital Interoperability Platform (DIP) Directions 2019. These directions gave NHS England the authority to develop and operate the IT applications, infrastructure and systems required to deliver direct care platforms to enable systems to query and retrieve patient information for agreed direct care purpose.

The legal framework for sharing personal confidential data in health and care includes the NHS Act 2006, the Health and Social Care Act 2012, the Data Protection Act 2018, UK GDPR and the Human Rights Act. The law allows personal data to be shared between those providing direct care and also supports patient rights to confidentiality and opt-out.

Further information on NHS England’s approach to information governance is available on the NHS England Information Governance page.

Audit

NIR activity is auditable through PARS, which records when patient imaging information is queried or retrieved, who requested access, and whether the request succeeded or failed allowing authorised teams to monitor appropriate use and investigate access queries.

Data Sharing Arrangement

The Data Sharing Arrangement (DSA) or Agreement, sets out the legal, governance and operational rules for sharing diagnostic imaging information through NIR.

It confirms that NIR may only be used for direct patient care. It must not be used for secondary purposes such as planning, research or other non-direct care activity.

Data security

NIR is designed to support secure access to diagnostic imaging information.

Before connecting to NIR, organisations and suppliers must provide assurance that they meet relevant information governance, cyber security and data protection requirements, including:

  • Data Security and Protection Toolkit (DSPT) standard of met or exceeded
  • Local healthcare organisation Data Protection Impact Assessment (DPIA)
  • Acceptable Use Policy, set out within the Data Sharing Agreement (DSA)
  • NHS England Supplier Connection Agreement (applicable to suppliers and IT healthcare vendors)

The NIR product-level DPIA is not published externally because it contains information about NIR architecture and security controls which could increase cyber security risk if disclosed.

To support local governance, NIR will provide DPIA template material for onboarding organisations to use as part of their local assessment and approval processes.

Information governance safeguards

The Data sharing agreement

The Data Sharing Arrangement / Agreement (DSA) sets out the legal, governance and operational rules for sharing diagnostic imaging information through NIR.

It applies to participating healthcare providers and consumers and must be agreed before live access is enabled.

The Data Sharing Arrangement confirms:

  • the purpose of sharing through NIR
  • the responsibilities of participating organisations
  • the direct care basis for using the service
  • the requirement for appropriate information governance controls
  • the requirement for transparency information and privacy notices
  • expectations for role-based access control
  • audit and monitoring requirements
  • incident and breach management responsibilities
  • how patient rights are upheld

Providers and Consumers act as independent Data Controllers, and the DSA applies to both public and private healthcare organisations using NIR. The Data Sharing Arrangement document must be signed by a suitably qualified person within the organisation, such as the SIRO, Caldicott Guardian, CIO, CEO or other suitably qualified person.

NHS England connection agreement

The NHS England supplier Connection Agreement sets out the requirements suppliers must meet when connecting to NIR. This includes complying with data protection law, maintaining appropriate security measures, notifying NHS England of any actual or potential security issues, and ensuring their integration does not compromise NHS England systems, services or security.

Suppliers must sign the Connection Agreement once they have successfully completed technical conformance testing. This is required before they can progress to being commissioned by a healthcare organisation for integration testing and a live NIR connection.

  • appropriate privacy and transparency information for customers
  • the ability to support role-based access controls
  • system specific NIR training materials
  • support audit and monitoring
  • an acceptable Data Security and Protection Toolkit (DSPT) status
  • local clinical safety governance

IG documentation

Below you'll find copies of the DSA and links to the Privacy Notice and NIR Onboarding.


Patient Audit Record Service (PARS)

The Patient Audit Record Service (PARS) is a national reporting service that shows how patient data has been accessed using modern FHIR-based audit standards. PARS is a product within NHSE that records audit events for NIR activity. It helps show when patient imaging information has been queried or retrieved, which organisation or system requested access, and whether the request was successful or failed. 

Why this matters 

PARS supports information governance by helping authorised teams review how patient information has been accessed through NIR. This helps healthcare organisations monitor appropriate use, investigate access queries, and provide assurance that diagnostic imaging information is being accessed safely and for legitimate direct care purposes. 

PARS can capture key audit details such as: 

  • the type of activity, such as a query, export or image retrieval  
  • the time the activity took place  
  • the patient identifier, such as NHS number  
  • the requesting organisation, practitioner or system  
  • transaction and endpoint details  
  • relevant imaging or document identifiers  
  • whether the activity succeeded, failed or partially succeeded  

For NIR, this means audit events can be recorded for activities such as checking whether imaging information is available, retrieving reports, or retrieving imaging studies.  

How to access PARS 

Access to PARS reporting is managed through the existing Spine Reporting Service (SRS) interface.



Data security

NIR is designed to support secure access to diagnostic imaging information.

Before connecting to NIR, organisations and suppliers must be able to show that they can meet the relevant security and data protection requirements.

This includes:

  • maintaining appropriate cyber security controls
  • protecting access credentials, certificates and connection keys
  • using secure network configurations
  • maintaining appropriate access controls
  • ensuring staff are trained in the handling of patient information
  • reporting actual or suspected security issues
  • managing incidents in line with NHS England requirements
  • maintaining compliance with the DSPT where applicable

Data Security Protection Toolkit (DSPT)

Suppliers and participating healthcare organisations connected NIR must have an in-year acceptable Data Security and Protection Toolkit (DSPT) standard.

The DSPT provides assurance that an organisation has the right cyber security, data protection and information governance controls in place. This includes how the organisation protects systems, manages access, trains staff, handles incidents and keeps patient information secure.

An organisation may not be able to onboard to NIR if it does not meet the required DSPT standard. Continued compliance is also checked after onboarding.

You must have an active ODS Code to be able to complete and be assessed under DSPT.



Data Protection Impact Assessment (DPIA)

A DPIA helps organisations identify and reduce data protection risks before using or sharing personal data. For NIR, this is important because participating organisations will be using identifiable health and care information, including diagnostic imaging information, to support direct patient care.

NHS England has completed a DPIA for the NIR product and national service. This supports the information governance and data protection assurance for the platform.

The national NIR DPIA cannot be published or shared as it contains sensitive information about the NIR product.

The NIR DPIA describes:

  • what diagnostic imaging information is being shared
  • why the sharing is necessary for direct care
  • who the information may be shared with
  • the lawful basis for processing
  • how patients are informed
  • how access is controlled
  • how data security risks are managed
  • how any residual risks are reviewed and approved

To support participating organisations, NHS England provides a template NIR DPIA for local use. This will help organisations complete their own DPIA by setting out the key areas they need to consider.

However, each healthcare organisation remains responsible for completing and approving its own DPIA before connecting to NIR, based on its local systems, suppliers, workflows and governance arrangements.

What the local NIR DPIA should cover

The healthcare organisation completing the DPIA is responsible for understanding how NIR will work with its own supplier system and the local care environment.

This means the DPIA should not only describe the national NIR service. It should also explain how the organisation’s PACS, RIS, imaging viewer, shared care record or other connected system will query, retrieve, display, store or audit information through NIR.

Healthcare organisations should work with their supplier to confirm the local data flow, including:

  • which systems connect to NIR
  • what information is queried, retrieved or made available
  • how user access and role-based controls are managed
  • how audit logs are captured and accessed
  • how errors, incomplete results or system outages are handled
  • what business continuity arrangements apply

The template DPIA will provide a structure and suggested wording, but each organisation must review and adapt it, so it accurately reflects its own supplier system, local workflows, information governance arrangements and deployment model.

Key DPIA sections

Why NIR is being used?
Explain the purpose of using NIR, including how it supports direct patient care, joined-up working, access to imaging information, safer decision-making and reduced delays in care.

What data will be used or shared
Set out the types of data involved. This is likely to include patient identifiers such as name, date of birth, NHS number and imaging-related information. Organisations should also confirm that health information is special category data and explain why identifiable data is needed rather than anonymous data.

Where data will flow
Describe how imaging information and associated reports may be queried, retrieved or made available through NIR. The DPIA should explain the local systems involved, such as PACS, RIS, imaging viewers, repositories or gateways, and how these connect with NIR.

Lawful basis and confidentiality
Confirm the lawful basis for processing under UK GDPR, the special category condition for health and care data, and the common law position for sharing information for direct care. Suggested areas include for public task, health or social care purposes, and implied consent for direct care, but organisations must review and confirm their own position locally.

How data is kept secure
Explain the security controls in place, including encryption, authentication, role-based access control, security policies, business continuity arrangements, audit and local controls within imaging and clinical systems.

Retention and records management
Describe how long data will be kept, where it will be stored, and how it will be managed in line with local clinical record and records management requirements.

Patient rights and transparency
Explain how patients will be informed, including updates to local privacy notices. The DPIA should also describe how subject access requests, rectification requests, objections and other rights will be handled where they apply.

Organisations involved
List the organisations involved, including controllers, processors, sub-processors and any other relevant organisations. This should include the participating healthcare organisation, relevant suppliers and any intermediary or shared care record services involved in the local model.

Risks and mitigations
Identify local data protection risks and the controls that reduce them. This may include risks around unauthorised access, patient awareness, metadata accuracy, patient matching, incomplete results, system availability, audit access, duplicate results and undocumented data flows.

Review and sign-off
Confirm the local review and approval route. This may include the SIRO, Caldicott Guardian, Data Protection Officer, Information Governance Lead, Information Asset Owner, IT lead or other appropriate approvers, depending on local governance.

High-level data flow to discuss with your supplier

This is a high-level guide to help organisations work through their local DPIA with their imaging supplier. At a high level, your data flow would include:

  1. An authorised clinician uses a local clinical system, imaging viewer, PACS, RIS or connected application to search for relevant imaging information.
  2. The local system sends a secure query through the supplier integration to NIR.
  3. NIR helps identify whether imaging information or reports are available from participating organisations.
  4. Where information is available and there is a valid direct care purpose, the requesting system retrieves the relevant imaging information or report from the source organisation.
  5. The clinician views the information in the local system to support care.
  6. Access is logged and audit information is available through local audit arrangements and NHS England audit service, PARS.

Organisations should work with their supplier to confirm the actual local flow, including which systems are involved, where information is temporarily or permanently stored, how access is controlled, how errors are displayed, how audit logs are captured, and how business continuity works if NIR or the local imaging system is unavailable.


Ongoing assurance

Governance does not stop once a healthcare organisation or supplier has connected to NIR.

NHS England may request evidence of continued compliance. Suppliers and organisations must also notify NHS England of relevant changes, incidents, security issues or clinical safety concerns via the National IT Service Desk.

Where requirements are not met, NHS England may require remediation, suspend access, restrict access, prevent onboarding of further organisations, or terminate access where necessary.

This ongoing assurance helps make sure NIR remains safe, secure and appropriate as the service evolves.


Offboarding responsibilities

Healthcare organisations remain responsible for the patient information they make available, retrieve, store or use through NIR.

If an organisation stops using NIR, or if a supplier connection is removed, the organisation must make sure that any offboarding activity is managed safely and in line with local information governance, records management and clinical safety processes.

This includes confirming:

  • who needs to be notified before access is removed
  • when NIR access should be disabled
  • whether any local system changes are required
  • how audit information will be retained or accessed if needed
  • how any temporary data is removed or managed
  • whether local records, ROPA, DPIA, privacy notices or information asset records need to be updated
  • how business continuity or alternative image-sharing arrangements will work after offboarding

NIR does not remove the organisation’s responsibilities as a Data Controller. Each participating organisation remains responsible for the personal data it holds, makes available or retrieves through NIR, including how that information is used in the local care setting and how it is managed after use.

Suppliers must also meet the offboarding obligations set out in their Connection Agreement. This includes supporting organisations to confirm what happens during offboarding, including access removal, certificate or key management, audit log access, deletion of temporary data, and any changes to local system configuration.


Contact us

For further information about information governance or clinical safety for NIR, contact the NIR Delivery Team at:

[email protected] 


Further information

internal National Imaging Registry API

Use this API to access patient imaging records across NHS and private healthcare networks. The National Imaging Registry (NIR) API allows authorised systems to view a patient’s imaging history, including examinations, diagnostic reports, and imaging studies.

Last edited: 17 July 2026 10:45 am