Skip to main content
BETA - The Health and Social Care Network (HSCN) standards

There are two key documents that underpin HSCN:

  1. The Solution Design which describes the technical infrastructure and HSCN services.
  2. The HSCN Operational Design Overview which describes the technical operating model.

The HSCN standards are designed to be as aligned to existing Industry standards as possible in order to ensure they are cost effective, easy to implement and enable health and care organisations to benefit from broader Industry investments in new technology and service delivery models.


HSCN Supplier Standards

HSCN is delivered by multiple suppliers providing interoperable network services that adhere to an agreed set of standards. These interoperability standards are defined in the HSCN Obligations Framework.

The process and required activities that a supplier will need to undertake in order to achieve and retain HSCN Compliance are detailed in the HSCN Compliance Operating Model.

The HSCN Supplier Obligations include obligations to provide seamless interoperability between network providers and to have strong cyber security controls in place.

Because the HSCN standards are closely aligned to existing industry standards and agreed in open consultation with industry; there is no premium associated with the price of HSCN connectivity (prices are in line if not better than other internet and private network (MPLS) connectivity available); interoperability between suppliers is seamless; and network agnostic overlay services, like voice and video, can be consumed.

All HSCN compliant suppliers are listed on the NHS Digital website.


HSCN Consumer Standards

All organisations connecting to HSCN must sign an HSCN Connection Agreement which is in line with General Data Protection Regulation (GDPR) and Data Protection principles (DPP).

The HSCN Connection Agreement replaced the N3 Information Governance Statement of Compliance (IGSoC) from April 2017.

The arrangements for being able to use the HSCN are separate from those relating to data or systems access over HSCN. Organisations that require access to NHS patient data and systems must use the Data Security and Protection Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly.


Cyber security controls

HSCN Internet connectivity is protected via the HSCN Advanced Network Monitoring (ANM) service, which inspects all Internet traffic from HSCN suppliers and instantly blocks any known malicious content. In addition, the service includes a new advanced threat detection capability designed to identify brand new or 'zero-day exploits'. It operates as a cloud-based service meaning all HSCN connectivity services benefit from the same high level of high-performance protection.

The HSCN Network Analytics Service (NAS) has been established to monitor the heartbeat of HSCN and identifies any new or anomalous behaviour on any part of HSCN. The service receives real-time feeds from HSCN connections, the ANM service and the Domain Naming Servers (DNS), proactively looking for anomalous behaviour. Any anomalous behaviour is alerted to the NHS Digital cyber security team who will investigate further.

Work is underway to adopt the National Cyber Security Centre Protective DNS service, which will block malicious websites in real-time, preventing people going to them in the first place.

NHS Digital CareCERT will contact HSCN customers about malicious activity and malware that HSCN identifies and will help resolve and prevent further cyber security incidents. CareCERT also provides a wealth of cyber security related guidance.

Despite the following central security capabilities outlined below, HSCN should not be considered a secure network. All connected organisations must risk assess their use of the HSCN and employ their own security controls to protect any data for which they are responsible. The HSCN will not automatically encrypt any data or guarantee the security of data or communications by default.

Further guidance can be found in the Data security knowledge library.


Implementation

All health and care organisations should seek to obtain HSCN connectivity through a competitive procurement. They can do this on their own or in collaboration with other health and care organisations (trusts, CCGs, local councils, emergency services for example).

Whilst no specific procurement vehicle is mandated, the HSCN Dynamic Purchasing System (DPS) managed by Crown Commercial Services is recommended as the best procurement vehicle for accessing the HSCN marketplace.

Health and care organisations should ensure the network connectivity they purchase is going to provide sufficient bandwidth to support their digital transformation plans. The HSCN marketplace offers an opportunity for health and care organisations to obtain vastly improved connectivity services at highly competitive prices and organisations are encouraged to adopt full-fibre services to support the adoption of more digital and cloud-based services.

Once organisations have procured an HSCN service they should promptly:

  • place orders with their chosen supplier
  • provide important site information required by their supplier to progress their order and schedule a migration date/time
  • use the HSCN Migration Checklist and the HSCN Readiness Testing Guidance to prepare for a timely and successful migration to HSCN

Once organisations have migrated to new HSCN services they should cease their existing Transition Network (legacy N3) connectivity as soon as possible. Further guidance on this can be found in the HSCN Migration Checklist.

All health and care organisations must migrate to HSCN connectivity before the Transition Network Point of Presence (PoP) they currently rely on is decommissioned and certainly no later than August 2020. The planned dates for decommissioning Transition Network Points of Presence have been communicated to all organisations currently reliant upon them.

Read more about HSCN here


Future ambitions

HSCN standards are regularly reviewed in consultation with Industry and health and care organisations to ensure they are responsive to new requirements and the introduction of new technology.

Consumer Network Service Provider connectivity provides best value internet and private network connectivity as a single service. This means it provides the ideal underlying connectivity to support the increased adoption of internet and cloud-based services, whilst providing continued access to applications, systems and services that are not yet developed to be accessible over the internet.

Government Strategy seeks to make public sector applications, systems and services accessible over the internet by default. The NHS Digital Internet First Strategy is aligned with this ambition and will support the work required to make all health and care systems accessible over the internet at the earliest opportunity.

NHS Digital has already made a number of its systems fully accessible over the internet and will continue to:

  • ensure that all new systems are designed to be accessible over the internet from day one
  • develop all existing systems to make them accessible over the internet at the earliest opportunity

Separate data technology standards will be added to the framework in due course to support the migration of IT systems to the internet.

Last edited: 7 September 2020 8:53 am