CN-SPs have obligations regarding the protection of the network infrastructure and connect to each other to exchange data via the private HSCN Peering Exchange - this makes the network a private transport medium. Although HSCN is private, it is not 'secure'. The network is a transport mechanism for data and as such does not encrypt (or similarly protect) the data transmitted. Users of the network are required to apply such methods of information confidentiality and integrity as are appropriate to the data transmitted and the applications used.

Connection is limited to authorised organisations. All organisations wishing to make a new connection to HSCN are responsible for ensuring that their connection does not compromise the security measures in place, and to co-operate on security incident management with the NHS Digital Data Security Centre. This is a key part of signing up to the HSCN Connection Agreement.

However, HSCN has a very wide and inclusive user base to support the integration of data and applications across all of health and social care; therefore security is still a threat from incompletely protected partner networks or connections to uncontrolled external networks such as the internet.

It is therefore important when using HSCN to follow guidelines on securing data transmitted over the network. Users of HSCN are strongly encouraged to implement a level of information confidentiality and integrity whenever transmitting sensitive data, as per the generic standards in the last section. This should include the operations and applications of any commercial third party who operates services for health and social care organisations. 

Read more about connecting to HSCN

Review requirements for your application to ensure it will meet performance and availability requirements over HSCN.

Bandwidth requirements

• Your application provider should be able to supply information, based on usage (on numbers of users, for example), on how much bandwidth you may require for a specific application. The bandwidth and current usage of the HSCN connection at the consumer site should be checked to see if it is adequate.

Quality of Service (QoS)

• HSCN suppliers apply a QoS policy on traffic. Consider which QoS class your new application should be put into, and ensure that you ask your HSCN service provider.
• Contact your supplier to change the configuration to include the IP addresses and ports used by your new application.

Application providers should also check their connection to HSCN will be adequate to meet service level agreements (SLAs) provided to customers.

The journey to implement new or upgrade current business application using the appropriate HSCN frameworks may require health and social care organisations to seek advice and assistance to ensure that they are making the right decisions and that they are able to obtain the right services within their budget;

• Prep work - Customers should clearly define what they are prepared to buy based off current and future business/enterprise/clinical requirements
• Work with suppliers to develop a service transition strategy
• Find out what transition assistance is available
• Co-ordination and communication between customer and supplier to ensure minimum downtime 
• Determining the right length of contract term for business application services - limiting contract terms to ensure no long term "tie-in"

For details of suppliers offering voice, video and remote access services over HSCN, including a table of the HSCN business application services offered by each supplier, their contact details and links to further details of the services they offer, see HSCN business applications suppliers.