Dealing with the aftermath of the National Programme for IT in the NHS has been identified as one of the risks to the government’s latest reforms of the NHS, in a leaked draft of the risk register for the changes.

The undated draft, which was leaked to former NHS chair and health writer Roy Lilley, opens by noting that “the policy design for some aspects of the future organisation is incomplete” which means the Health and Social Care Bill will proceed “on the basis of incomplete / flawed design.”

The register specifically mentions the “future design of informatics” as one of the aspects of the new set-up that “comes too late to feed into the overall system definition / architecture.”

Although the government has twice said that it will “dismantle” the national programme, it has yet to publish an information strategy, outline the split between the roles of the NHS Commissioning Board and a new IT delivery agency, or finalise how IT support will be delivered to local organisations.

It also needs to complete some contractual business, with a new deal with CSC for the North, Midlands and East of England due to be signed by the end of this month, and new procurements for systems in the South due to start shortly.

The risk register puts the risk of design of key parts of the system running behind decisions being made on the Bill as ‘4’ on a five point scale running from 1 (rare) to 5 (almost certain), and assigns it an impact of ‘4’ on a similar five point scale, running from 1 (very low) to 5 (very high).

The government has fought a campaign against releasing the register for more than six months.

The Information Commissioner’s Office ruled last November that it should publish transition risks register, and the Department of Health recently lost its appeal against publication at an information tribunal.

The government argued that publishing the document could impact on the quality of advice given to ministers in the future and that it could be misunderstood by the public.

Many of the risks identified mirror criticisms of the reforms and the potential dangers of imposing them at a time of “unprecedented” financial challenge in the NHS.

Several of the risks deal with the danger of managers taking their eye off the need to make financial savings through quality, innovation, productivity and prevention programmes, of new organisations starting work before their roles and budgets are clear, and of new organisations making costly decisions.

“One example of an area where the system could be more costly is if GP consortia make use of private sector organisations / staff [that] adds costs to the overall system,” the register says, adding that “unfavourable media coverage” is already focusing on “privatisation” and “financial cuts”.

On the other hand, some of the risks discuss worries that the new system may not be different enough – that clinical commissioners will adopt management habits, and that “excessive risk aversion” among existing players will leave commissioning support and reconfiguration policy looking “much like it does now.”

The risk register suggests that senior figures at the DH and NHS CB are acutely aware of the impact on informatics on these outcomes.

The register lists three risks related to informatics, two of which relate to transitioning contracts and failing to secure basic IT infrastructure and tools, and one of which returns to the question of how IT will support the new system.

Its over-arching concern is that the reformed will be seen as a new set of organisations, rather than as a fluid, dynamic system, and that IT will be set to support these new organisations, instead of transactions between them.

It says this means there is a risk that “the enormous potential of informatics (the knowledge, skills, processes and technology which enable information to be collected, managed, used and shared to support the delivery of health and care and to promote health and well-being) is not sufficiently taken into account in the system design."