Skip to main content

Getting involved with GP Connect

We are supporting partnerships of health and care organisations and software suppliers to develop products that can use the data made available by the GP Connect APIs.

GP Connect is for direct patient care

Products can only help people share, view or act on information that they are already legally entitled to access, but cannot access easily because they are using different IT systems or set-ups.


GP Connect APIs can only be used legally for direct patient care, not for planning or research.


Direct patient care is defined as: A clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals. It includes:


  • supporting individuals’ ability to function and improve their participation in life and society
  • the assurance of safe and high quality care and treatment through local audit, the management of untoward or adverse incidents, person satisfaction including measurement of outcomes undertaken by one or more registered and regulated health or social care professionals and their team with whom the individual has a legitimate relationship for their care

Developing a consumer system

You may be working with an End User Organisation to solve their business need or you may be looking to develop GP Connect APIs in order to secure a place in the healthcare market. Whatever your reason for developing, the information below will help you to understand the process to getting your product ready for use.

Initially, we need to understand how and why you want to work with us and so you should submit a brief summary of your intentions to the GP Connect Team at The summary should include:

  • the business problem you are intending to solve
  • how this solution will be used in practice to benefit patients and staff
  • which of the APIs you will use to do this (see information for software suppliers)
  • any End User Organisations you are currently working with

If your use case is accepted by the team, we will support you through our onboarding process, to develop and assure a product and get it working in your health and care setting.

Information for commissioning or end user organisations

To use one of the GP Connect capabilities, you will need:

  • data sharing agreements in place to cover all of the organisations who you wish to share with and who wish to share with you
  • an updated data protection impact assessment and privacy notice to recognise that you are intending to use GP Connect for the relevant processes
  • a clinical safety officer who can assure the system you are using to view data as clinically safe
  • a nominated person within the organisation to review the supplier’s technical information and sign a declaration on behalf of the organisations who are signing up to use GP Connect

Through working with our pilot sites and suppliers, we have developed a process for GP Connect onboarding. 

Step 1: Getting started

To get started, we need to understand how you plan to use GP Connect or what problem you are hoping to solve by using GP Connect capabilities. 

Regionally, our implementation managers are able to support your GP Connect projects and you can contact them directly. Alternatively, you can submit an enquiry form (opens in a new window) and someone from the team will contact you to discuss your needs further. 

Step 2: Find out if your provider system is assured

The GP Connect provider system(s) is the GP clinical system(s) which the GP practices in your area are using. You may be using a range of different provider systems which GP Connect can help to join together. Provider systems are those who make information available via GP Connect.

Check the status of the GP clinical systems (see the 'Progress to date' section). Alternatively, you can contact your supplier account manager.

Step 3: Find out if your consumer system is assured

The GP Connect consumer system is any supplier who has developed the GP Connect capabilities to be able to view or use the information made available by the provider systems (or GP clinical systems). 

Consumer systems can be developed by the GP clinical systems but also any other company who has a reason to access GP practice information for the purposes of direct care.

You may choose to use a number of different consumer systems within an area to meet your interoperability needs, for example, a GP System consumer as well as a 111 consumer.

We will be providing an update on the consumer systems who have already developed GP Connect capabilities here soon. 

Step 4: Provide data sharing agreements (DSA)

A DSA is an agreement between a group of NHS and care organisations that have agreed to share data with each other to meet an agreed set of use cases.

GP Connect requires that a DSA be in place before the service can be deployed in your area. We do not require a new DSA to be developed solely for the use of GP Connect; existing agreements can be modified to encompass the use of GP Connect capabilities.

If you wish to speak to us about DSAs, please email us at

Step 5: Review and uplift the data protection impact assessments (DPIA)

Following the introduction of GDPR Legislation in May 2018, DPIAs were created and need to be uplifted to include the use of GP Connect capabilities.

The GP Connect DPIA is available on request. Please email: The GP Connect DPIA specifically covers NHS Digital's responsibilities in terms of data protection and should be used as a reference to update local documentation.

Associated privacy notices should also be uplifted in line with the DPIA. 

View the GP Connect transparency notice

Step 6: Review the supplier conformance assessment list (SCAL) for your chosen consumer system(s)

The SCAL is a technical document which details the consumer supplier approach to information governance, clinical safety, functional testing and GP Connect specific requirements.

This document will be provided to you once NHS Digital have assured the consumer supplier product as compliant with the GP Connect specification for the relevant capabilities.

It is your responsibility to review the documentation prior to implementing the consumer product(s). Any questions regarding the specific content of these documents should be directed to the consumer supplier.

Step 7: Clinical safety review of the consumer supplier system

As part of accepting the consumer supplier system(s), your Clinical Safety Officer must:

  • review the supplier's Clinical Safety Case Report and Hazard Log, and have accepted and mitigated any relevant clinical risks
  • establish their own Clinical Safety Case Report and Hazard Log in readiness for the implementation of GP Connect (ensuring that any relevant clinical risks and mitigations passed from the supplier have been included)

Guidance for Clinical Safety Officers has been developed to support a Clinical Safety Officer when reviewing the consumer supplier system. For a copy, email:

Step 8: Sign and submit an end user organisation declaration (EUOD)

An EUOD is an online form which collects information about the intended use of GP Connect as well as site specific information on where the capabilities will be used. 

The EUOD captures information relating to steps 2 to 7 detailed above. The form requires the end user to confirm their acceptance of the terms of use as well as detailing which sites should be enabled and how they will share information with each other in line with the data sharing agreements in place.

The declaration is the final step required before NHS Digital can enable the GP Connect capabilities.

Step 9: Establish connection to GP Connect

NHS Digital use the information provided in the declaration form to ensure that the provider and consumer suppliers have configured the correct connections to GP Connect on the Spine.

Step 10: Data sharing agreement (DSA) on Spine

The relationships between the organisations represented in the DSA (see step 4) are used to control data sharing on the Spine. The data sharing relationships that are provided to NHS Digital via the EUOD are replicated to a part of the Spine called the Spine Security Proxy (SSP) which acts as a postman service for GP Connect messages.

If a DSA is not in place and a GP Connect request is made, the Spine Security Proxy will reject the request. 

Step 11: Technical go-live

To enable GP Connect capabilities, end users at the relevant GP Practices must select the GP Connect options in their 'organisation preferences' screens within their clinical systems. Guidance will be provided, specific to the provider supplier(s).

At the present time, NHS Digital are providing test patients to enable commissioners to test the GP Connect capabilities are working as intended. Test patients should be registered at the GP Practices for use in testing prior to the date indicated in the EUOD.

Once a successful GP Connect transaction has been recorded on Spine using the Test Patient, the GP Practice will be considered ‘technically live’ with GP Connect.

Step 12: Business go-live

Once a successful GP Connect transaction has been recorded on the Spine against a real patient, the GP Practice will be considered ‘business live’ with GP Connect.

Information for consumer supplier organisations

If you are a software development organisation already working with the NHS or would like to work with the NHS and use the GP Connect APIs to consume GP data we have developed some guidance to help you understand the process


Step 1: Contact NHS Digital to express an interest

To get started, we need to understand how you plan to use GP Connect or what problem you are hoping to solve by using GP Connect capabilities.

The GP Connect Team can be contacted at: or by using our contact form (opens in a new window).

Step 2: Find out if you already meet the prerequisites

Review the prerequisites required to progress through GP Connect assurance.

If you would like to discuss the prerequisites, please email

Step 3: Development against the relevant specifications

Complete your development of the GP Connect capabilities which you want to use. Supporting materials are available alongside our specifications.

We have developed an internet facing system demonstrator to help with your development and initial testing.

Once development has been completed, we require evidence of your development in the form of example interactions between your system and our demonstrator. Once you reach this stage, please contact the GP Connect Team at

Step 4: Testing in the NHS integration environment

Once development has been evidenced, you will be given access to the NHS Digital integration environment in order to test your consumer system against the full end to end NHS Digital system, including Personal Demographics Service (PDS) and Spine Directory Service (SDS) integration.

The test evidence from Integration will be used to complete your Supplier Conformance Assessment List (SCAL). The SCAL is a technical document which is used to assure all consumer suppliers against the NHS Digital API Specifications. The SCAL, with associated test evidence, is submitted to NHS Digital's Solutions Assurance Team who will review and approve the document.

Whilst in the integration environment, you will also be expected to test against each of the GP provider systems whom you expect to consume in live. A statement confirming that this testing has been completed is required by NHS Digital's Solutions Assurance Team.

Step 5: Technical conformance

Once your SCAL has been approved, NHS Digital's Solutions Assurance will create and issue a Technical Conformance Certificate to finalise the assurance process.

The Technical Conformance Certificate gives you the approval to deploy your consumer product in conjunction with an NHS Commissioner. Guidance for commissioners is available on this page. 

The First of Type process

We have developed the First of Type process to take partnerships through the pilot phase, to develop and test an assured product that works in the setting it was designed for. Real users will test the product and feed back on its strengths and any opportunities to improve it.

The end product will go through an assurance process to make sure it’s fit for purpose.

It will be assessed on:

  • clinical safety – checking there’s no risk in using this product in a clinical setting
  • information governance – protecting patient data to agreed high standards
  • technical conformance – how well it works with other systems
  • whether it does what it was designed to do

Express interest in the GP Connect Pilot

If you’re interested in taking part in the pilot, email us at

GP Connect specifications for developers

Last edited: 19 August 2019 1:24 pm