Prepare and plan
Before you start, you need:
- an Organisation Data Service (ODS) code – this is a unique code created by our ODS team within NHS Digital. It is used to identify organisations across health and social care. You need an ODS code to get access to national systems. You can search for an existing ODS code by organisation name or geographic location using the ODS portal, or else get a new ODS code by applying for one.
- the Data Security and Protection Toolkit (DSPT) - this toolkit shows what you need to do to keep patient data and information safe, and to protect your business from the risk of a data breach or a cyber attack. You need an ODS code to complete the DSPT.
- to register for the NHS Digital National Service Desk using the online service discovery form.
It's also a good idea to familiarise yourself with the 'connection agreement' and the 'end user acceptable use policy'.
The connection agreement explains the responsibilities, obligations and terms of use of a service - and is signed by the connecting party.
The 'end user acceptable use policy' explains the responsibilities, obligations, and terms of use for every end user organisation.
You can find samples of both these documents under the operations reference documentation.
Registering your organisation and first product
If this is your first time using digital onboarding, we ask you for details of your organisation and your first product.
Onboarding stages
Once you register your organisation and product, you can access the onboarding process for any APIs configured to use digital onboarding.
Depending on the APIs you want to use, you need to complete some or all of these four stages:
- Setup and eligibility
- Non-functional requirements
- Technical conformance requirements (not applicable for open-access APIs)
- Legal agreement
Each stage contains one or more sections with questions relating to specific onboarding requirements.
As you complete the questions in a section, the product page displays the section status.
Once a section in a stage is "Ready to submit", you can submit the section for us to assess.
Non-functional requirements stage
In this stage, you need to provide details about the non-technical parts of your product, such as your clinical risk management process and data security.
You need to show or submit the DSPT and demonstrate your conformance with Information Security Management Systems, which should be in line with ISO/IEC 27001 Information Security Management.
You also need to declare the status of your product as a medical device. If you declare your product is a medical device, you need to comply with the relevant legal requirements.
Technical conformance requirements stage
In this stage, also known as 'solution assurance', you need to provide technical details about your product and show that it meets the core conformance criteria.
You need to demonstrate your technical conformance to the APIs you wish to use.
Once you complete this stage successfully, we issue you with a technical conformance certificate.
This stage is not applicable for open-access APIs.
Legal agreement stage
At this stage, you need to sign our connection agreement.
We provide you with a customised version for you to actually sign, with relevant sections completed and areas for you to finalise clearly marked. Prior to that you can review a sample agreement.
Once you have completed and signed your connection agreement, you need to upload it via the portal.
Last edited: 3 March 2023 2:25 pm
