What is the IFSO Registry?
The IFSO Registry is an International registry that collects data on bariatric and metabolic surgical procedures performed on patients who suffer from obesity and metabolic disorders. The information in the database is used to improve clinical practice and outcomes for the patients worldwide.
What information does it contain?
The information includes only the date of birth and gender of the patients, the surgical treatments given and outcomes achieved (eg. weight loss, change in diabetes status, complications). The data are stored on a secure server and are only available to the staff treating the patients. An anonymous dataset is available for analysis and reporting. For more details, all the reports are available on our website: www.ifso.com/ifso-registry.
The database only contains country identifiers – There are no hospital data stored or consultant information.
Data is submitted to IFSO either by keying data directly into the database or via an upload portal. All users registered to submit data are validated and can only see their own data . Only Authorised Dendrite staff will see the raw data.
Who manages the IFSO Registry?
In 2014, IFSO commissioned Dendrite to run its International Registry. Dendrite Clinical Systems Ltd is a specialist supplier of clinical database and analysis software and consultancy services for the international healthcare sector. Dendrite Clinical Systems was established in 1993, by co-directors Dr. Peter Walton, Keith Price and Neal McCann, and over the last 24 years has become one of the leading suppliers of clinical software to hospitals and institutions in the world. The company now has two offices in the UK and agents across four continents. The company now has expanded its global user base across thousands of hospitals, more than 170 national and international registries in more than 80 countries.
IFSO is the “data controller”, which, as such, determines the purposes, the conditions and means of the processing data. IFSO Registry Committee determines which data have to be collected and to which purpose.
Dendrite is the “data processor and custodian”, that processes (imports, analyses and presents) data and stores them on behalf of IFSO.
What happens to the data and who can see it?
The data can be provided to the IFSO registry by 2 methods – Either Direct Data Entry or bulk upload
For uploads, the data are uploaded by the National Societies, that are members of IFSO, that have a national registry in their own country and by individual surgeons who live in countries where there is no national registry or where the National Society is not a contributor. Dendrite provides each contributor log in credentials to upload the data.
Direct Data Entry logins are provided to individual surgeons who do not already have their own database. Dendrite provides each contributor log in credentials to manually enter their data.
When entering or uploading data, no contributor can have access to data already uploaded by other contributors.
National Societies’ computers and private computers of the individual surgeons are used to collect the information, which is collated, checked and approved before being sent to a single secure database server.
During the data transfer from the computer to the server, the information is encrypted (locked) to ensure it cannot be interfered with. Once the records have been loaded, they can be reviewed by authorised staff using an approved user account with a secure password.
For Direct Data Entry input to registry, the website is secured by an encrypted https certificate. Again, once the records have been entered, they can be reviewed by authorised Dendrite staff using an approved user account with a secure password for support purposes or merging in with the uploaded data.
Once the data have been checked and confirmed by the responsible person in the Society or the individual surgeon, the software engineers and data analysts at Dendrite Clinical Systems download the data to a secure server in Dendrite’s offices, they analyse and elaborate the data and finally produce an annual report. These data are totally anonymized and also contain no surgeon names. The report itself lists those hospitals that contributed data to the report, but no hospital level reporting is or can be carried out.
The information collected is valuable as it allows surgeons to understand the nature of obesity, the profile of patients and the results that are being achieved around the countries. The reports do not contain the details of individual patients nor surgeons or hospitals. These are broken down by Country, and by other important information that may influence outcomes including age, gender and comorbidities.
The reports are used to help understand how surgical practice and outcomes compare to performance in other centres and countries. IFSO Registry annual reports (or part of them) are usually published on Obesity Surgery, the official Journal of the IFSO and are also available on IFSO website dedicated page.
The data collected are not shared with anyone, nor used for purposes other than those identified by IFSO. After the creation of the annual report, the data are deleted. Data and user accounts of the individual surgeons are deleted as well.
Data will remain sole property of the contributor. No property rights regarding the data is transferred to IFSO nor to Dendrite.
Each contributor is free to decide – year after year – whether to continue uploading his/her data in the IFSO Registry or not.
IFSO Database Server
The server is hosted on a server hosting platform provided by Rackspace based in London, UK. This is a tier four data centre which meets the highest levels of building security.
The service delivery and information governance provided complies with ISO 20000 & ISO 9001 accreditation and the security structure is aligned alongside ISO27001. The security arrangements are internally audited approximately every three months and externally audited every six months.
All servers have firewall and anti-virus software installed which is configured to use real-time scanning.
The data is securely backed-up each day. All backed up data stored is compressed, de-duplicated and encrypted within a secure off-site vault.
There are two backup vaults, the primary one is hosted locally and is then backed up to a secure secondary offsite vault hosted within a separate datacentre located at Heathrow.
Dendrite Clinical Systems is assessed against NHS Information Governance standards, which includes both physical and organisational security measures. Dendrite’s toolkit assessment score is available on the IG Toolkit website (www.igt.hscic.gov.uk/Home.aspx).
The computer software program created by Dendrite that holds the IFSO data undergoes periodic independent penetration testing in line with industry standards to minimise the risk of unauthorised access, or internal breaches of security.
Any further queries can be directed to IFSO at: firstname.lastname@example.org