Federated Data Platform procurement: what questions should NHSE be asking?

The Faculty of Clinical Informatics (FCI) has published a paper exploring the context and planned future of the Federated Data Platform (FDP) currently undergoing procurement from NHS England.

The paper highlights a variety of information around the FDP, including what the platform is expected to look like and a list of questions requiring answers to ensure safe and efficient implementation.

To identify the areas in which improvements are required, the paper firstly notes some of the concerns that have been raised around the FDP proposals.

Concerns about FDP proposals

Concerns have been raised about “the approach that NHSE seems to take [towards data collection], the procurement process, lack of clarity around process and purpose, risk of supplier lock-in and the high and escalating cost”, which is currently estimated as £360m to £480m. There are also concerns around NHSE proposals to use the FDP to support direct care where use cases are “a complex mixture of cohort management, public health, population health interventions and individual care.”

The British Medical Association (BMA) has also expressed concerns that a single supplier solution for the FDP could result in vendor lock-in. In order to tackle this, their GP committee has called on the BMA to work with NHSE to determine if the four existing secure data platforms supported by the BMA and the Royal College of General Practitioners can provide some or all of the requirements of the proposed platform. In addition, the committee calls for scrutiny of organisation submitting tenders to ensure a “demonstrable positive track record on security, privacy and ethics”, and states that there should be mitigation against vendor lock-in “from the outset” to “ensure the commitments to modern, open working methods”.

Data access and oversight 

The paper highlights that NHS Digital has collected NHS activity data for many years for a variety of purposes. It adds that the Independent Group Advising on the Release of Data was established by NHS Digital in 2016 to provide independent advice and recommendations on applications for the release of patient data into secure environments for research, audit and planning purposes. For GP data, the Professional Advisory Group exists to gain feedback on data sharing applications.

There is “some uncertainty” about the future of these two groups, following the incorporation of NHS Digital into NHSE in February 2023, the paper notes; NHSE’s proposals require the establishment of an independent Data Advisory Group, but there are concerns that this group may not be fully independent.

Ultimately, “it is still unclear what level of oversight and independent scrutiny will be applied to the FDP – either to internal NHSE uses or access to data held in the FDP. This is an important unknown when assessing the risks and benefits of the project.”

Leadership, transparency and trust

Although the NHS has been trying to get better access to all health and care data for years, “there seems to have been a lack of clear, committed and consistent sponsorship” from the Department of Health and Social Care and NHSE, the paper notes. It points to the DHSC committee evaluation of government commitments towards NHS digitisation, which rated progress as inadequate.

It adds that commercial partner involvement in infrastructure of data collections is not obvious to the public, and the public does not tend to be well-sighted on the procurement process.

“Overall there is a general lack of transparency about many aspects of the FDP,” the paper states. “There is a need to build trust by taking concrete action on privacy and transparency; trust cannot be earned through communications and public engagement alone. One approach that could ameliorate matters would be to start with a set of tightly controlled purposes, with clear constraints, communications, and oversight, at national and locality level, defining what will and will not happen to healthcare data.”

Defining the purpose, scope and governance requirements of the FDP

With the above challenges in mind, the paper sets out a list of questions which should be answered in order to clarify the purpose and scope of the FDP, and the oversight required and local and national level to build public and professional trust in the programme.

The questions are split into five categories, designed to provide clarity around DHSC and NHSE issues; information governance issues; data issues; customer issues; and procurement issues. They seek clarification around topics such as organisational culture change within DHSC and NHSE to support successful, publicly acceptable deployment of the FDP, oversight arrangements to build public and professional trust, and measures in place to remove data duplication and assure data quality.

The full list of questions can be found on page 10 here.