CN-SPs have obligations regarding the protection of the network infrastructure and connect to each other to exchange data via the private HSCN Peering Exchange - this makes the network a private transport medium. Although HSCN is private, it is not 'secure'. The network is a transport mechanism for data and as such does not encrypt (or similarly protect) the data transmitted. Users of the network are required to apply such methods of information confidentiality and integrity as are appropriate to the data transmitted and the applications used.
Connection is limited to authorised organisations. All organisations wishing to make a new connection to HSCN are responsible for ensuring that their connection does not compromise the security measures in place, and to co-operate on security incident management with the NHS Digital Data Security Centre. This is a key part of signing up to the HSCN Connection Agreement.
However, HSCN has a very wide and inclusive user base to support the integration of data and applications across all of health and social care; therefore security is still a threat from incompletely protected partner networks or connections to uncontrolled external networks such as the internet.
It is therefore important when using HSCN to follow guidelines on securing data transmitted over the network. Users of HSCN are strongly encouraged to implement a level of information confidentiality and integrity whenever transmitting sensitive data, as per the generic standards in the last section. This should include the operations and applications of any commercial third party who operates services for health and social care organisations.
Read more about connecting to HSCN