Skip to main content

National Imaging Registry governance

This page explains how clinical safety, audit, and information governance are managed for the National Imaging Registry (NIR).

Page contents

This page explains how clinical safety, audit, and information governance are managed for the National Imaging Registry (NIR), and what responsibilities apply to organisations and suppliers.

Clinical safety (DCB0129 and DCB0160)

The National Imaging Registry (NIR) follows NHS digital clinical safety standards.

  • DCB0129 applies to the manufacture (design and development) of health IT systems.
  • DCB0160 applies to the deployment and use of systems within health and care organisations.

What trusts and imaging networks need to do

Trusts and imaging networks remain responsible for DCB0160 for how NIR is deployed and used locally. This includes:

  • local configuration and workflows
  • training and standard operating procedures (SOPs)
  • operational governance and incident management

Local DCB0160 must be signed off by your Clinical Safety Officer (CSO).

NIR’s national clinical safety work under DCB0129 provides a baseline, but local DCB0160 is still required to address deployment risks and ensure safe use in your setting.

What suppliers provide (to support local DCB0160)

Suppliers remain responsible for DCB0129 for their own products.

Suppliers are expected to provide deployment‑level safety assurance for their NIR integration to support local DCB0160 activities, including:

  • interoperability and configuration
  • degraded modes and fallback behaviour
  • incident and escalation processes

Clinical safety documents

Clinical safety documents

You can download the following documents to support clinical safety assurance:

  • NIR Clinical Safety Guidance Document (DCB0160)
    Guidance for suppliers and deploying organisations on how DCB0160 applies to NIR integrations and what a compliant safety submission should cover.

  • NIR CSCR DCB0160 Template (v0.1)
    Template for a supplier deployment Clinical Safety Case Report (CSCR), including expected content, hazard log expectations, go‑live controls, and monitoring and incident management considerations.

  • Mapping of NIR deployment recommendations to NHS England digital onboarding
    Mapping of NIR deployment safety recommendations to the NHS England digital onboarding approach, highlighting where local deployment activities must be evidenced (for example training, RBAC mapping, SOPs, business continuity, and workflow validation).

  • NIR hazard log (DCB0129 including DCB0160 hazards)
    The NIR hazard log covering DCB0129 design hazards and including DCB0160 deployment hazards that must be managed locally (for example incorrect local configuration, fallback failure, misinterpretation of metadata, certificate expiry, and audit or escalation failures).

Patient Audit Record Service (PARS)

Patient Audit Record Service (PARS)

PARS is an NHS England reporting service that records and manages audit events showing how patient data has been accessed. It supports accountability, transparency, and traceability.

PARS uses FHIR AuditEvent records to provide an auditable trail of access activity for governance and reporting purposes.

Access and reporting

Audit access and reporting follows the standard Spine Reporting Service (SRS) process.

Privacy officers can query the SRS database to produce:

  • User Access Reports (UARs)
  • Patient Access Reports (PARs)

What NIR sends to PARS

NIR sends audit events to PARS for key transactions. For these transactions, the request is audited; the response is not logged.

ITI‑38 – Cross‑Gateway Query

  • Event type: Query
  • Action: R (Read)
  • Captures: timestamp, patient identifier (for example NHS number), requester identity (organisation, practitioner or system), transaction ID, endpoint details
  • Outcome: success, failure (with error details), or partial success

ITI‑39 – Cross‑Gateway Retrieve

  • Event type: Export
  • Action: E (Export)
  • Captures: timestamp, patient identifier, requester identity, transaction ID, endpoint details
  • Includes document metadata such as document unique ID, repository unique ID, and home community ID
  • Outcome: success, failure, or partial success

RAD‑75 – Cross‑Gateway Retrieve Imaging Document Set (“Study‑Used”)

  • Event type: Study‑Used
  • Action: R (Read)
  • Captures: timestamp, patient identifier, requesting system or gateway, transaction ID, endpoint details
  • Includes imaging metadata such as Study Instance UID, Series Instance UID(s), and relevant document or repository identifiers
  • Outcome: success, failure, or partial success

 

Data protection and data sharing

  • Data Protection Impact Assessment (DPIA) templatecoming soon
  • Data Sharing Agreement (DSA)coming soon

Further information

internal National Imaging Registry

The National Imaging Registry (NIR) allows for the sharing of imaging data across clinical organisations.

internal National Imaging Registry API

Use this API to access patient imaging records across NHS and private healthcare networks. The National Imaging Registry (NIR) API allows authorised systems to view a patient’s imaging history, including examinations, diagnostic reports, and imaging studies.

Last edited: 13 February 2026 10:23 am