HSCN considerations

CN-SPs have obligations regarding the protection of the network infrastructure and connect to each exchange data via the private HSCN Peering Exchange - this makes the network a private transport medium. Although HSCN is private, it is not 'secure'. The network is a transport mechanism for data and as such does not encrypt (or similarly protect) the data transmitted. Users of the network are required to apply such methods of information confidentiality and integrity as are appropriate to the data transmitted and the applications used.

Connection is limited to authorised organisations. All organisations wishing to make a new connection to HSCN are responsible for ensuring that their connection does not compromise the security measures in place, and to co-operate on security incident management with the NHS Digital Data Security Centre. This is a key part of signing up to the HSCN Connection Agreement.

However, HSCN has a very wide and inclusive user base to support the integration of data and applications across all of health and social care; therefore security is still a threat from incompletely protected partner networks or connections to uncontrolled external networks such as the internet.

It is therefore important when using HSCN to follow guidelines on securing data transmitted over the network. Users of HSCN are strongly encouraged to implement a level of information confidentiality and integrity whenever transmitting sensitive data, as per the generic standards in the last section. This should include the operations and applications of any commercial third party who operates services for health and social care organisations. 

Read more about connecting to HSCN

Review requirements for your application to ensure it will meet performance and availability requirements over HSCN.

Bandwidth requirements

• Your application provider should be able to supply information, based on usage (on numbers of users, for example), on how much bandwidth you may require for a specific application. The bandwidth and current usage of the HSCN connection at the consumer site should be checked to see if it is adequate.

Quality of Service (QoS)

• HSCN suppliers apply a QoS policy on traffic. Consider which QoS class your new application should be put into, and ensure that you ask your HSCN service provider.
• Contact your supplier to change the configuration to include the IP addresses and ports used by your new application.

Application providers should also check their connection to HSCN will be adequate to meet service level agreements (SLAs) provided to customers.

There are a large range of applications and services connected to the Transition Network in use today. These application services will be migrated from the Transition Network over time.

Application providers should keep their customers and users informed of plans to migrate to new HSCN connections, or another mechanism for connectivity (for example, the internet). The HSCN programme is supporting these providers in their choice of new network provision.

Note that NHS Digital will manage the programme of migration for all national applications including GPIT systems.

The journey to implement new or upgrade current business application using the appropriate HSCN frameworks may require NHS and social care sites to seek advice and assistance to ensure that they are taking the right decision paths and that they are able to obtain the right services within their budget envelope;

• Prep work - Customers should clearly define what they are prepared to buy based off current and future business/enterprise requirements
• Working with suppliers to develop a service transition strategy - understanding the various migration patterns that will exists when moving from legacy services (such as Voice service - no loss of service within migration path)
• Getting clarity on what transition assistance is available
• Co-ordination and communication between customer and supplier to ensure minimum downtime 
• Determining the right length of contract term for business application services - limiting contract terms to ensure no long term "tie-in"

There is a dedicated team of HSCN Migration Managers (MMs) that can assist organisations in taking the right steps based on the individual business requirements. There are different scenarios whereby a site migration will need to be co-ordinated appropriately to ensure that any newly provisioned HSCN business service is implemented in a fully managed and synchronised fashion.

If you would like to discuss HSCN business application procurement paths and migration options  please email the HSCN Migration mail-box at: hscn.migration@nhs.net to establish contact with your MM.