The guidance below is intended to help you to understand the different types of Connection Agreement available and judge whether your organisation needs to sign a HSCN Connection Agreement.
The different kinds of Connection Agreement
There are three types of HSCN Connection Agreement:
- Standard - most HSCN users will sign this Connection Agreement
- Organisations representing other HSCN Consumers - such as CCGs representing GPs
- IT service providers - organisations acting as data processors
In addition, for each type there are "1 Part" and "2 Part" sub-types:
- The 1 Part Connection Agreement relates to the use of HSCN only.
- The 2 Part Connection Agreement relates to the use of both the Transition Network (formerly N3) and HSCN.
The combination of these three types and two sub-types means that there are six possible variations of the HSCN Connection Agreement.
The HSCN Portal will automatically present the correct type and sub-type for you to sign based on NHS Digital's understanding of your organisation. If for any reason you do not believe this is correct, please contact firstname.lastname@example.org to discuss this.
Important note: if your organisation currently uses the Transition Network (formerly N3) then you need to sign a 2 Part Connection Agreement as soon as possible regardless of your HSCN migration plans/timelines.
Does my organisation need to sign a Connection Agreement?
All organisations using, or with access to HSCN will need to sign a Connection Agreement (subject to the "Shared Connection" scenario below).
Answer the questions presented in Figure 1 below to ascertain whether your organisation needs to sign a Connection Agreement. Further information regarding the "Shared Connection Scenario" is given in the following section.
Figure1. Connection Agreement Business Rules
The "Shared Connection Scenario" explained
If, for any reason, one or more other organisations use your HSCN connection, such as members of a community of interest network (CoIN), then you are responsible for ensuring that they are bound to the terms and conditions set out in the Connection Agreement. Clauses 18.104.22.168 and 22.214.171.124 in the Connection Agreement (paraphrased here) represent a choice that you can make about how to manage this:
- Ensure that any other organisations using your connection have signed the Connection Agreement (this is choice 126.96.36.199)
- Enter into a legally binding agreement with the organisations that use your connection with terms and conditions identical to those set out in the Connection Agreement (this is choice 188.8.131.52)
If you opt for 184.108.40.206 then the organisations using your connection do not need to sign a Connection Agreement. They will, however, need to enter into a legally binding agreement with your organisation which the HSCN Authority reserves the right to audit at any time.
Figure 2 below depicts a scenario in which an organisation has opted to follow clause 220.127.116.11. In this scenario an agreement exists between the HSCN Authority and both Org 1 and Org 2.
Figure 2, Scenario 18.104.22.168
Figure 3 below depicts a scenario in which an organisation has opted to follow clause 22.214.171.124. In that scenario an agreement exists between:
- The HSCN Authority and Org 1
- Org 1 and Org 2
The "local" agreement between Org 1 and Org 2 means that Org 2 does not need to enter directly into an agreement with the HSCN Authority i.e. by signing the HSCN Connection Agreement. The risks and responsibilities associated with this option are held by Org 1. If, in future, Org 2 wants to procure its own HSCN connection then it must sign an HSCN Connection Agreement. The "local" agreement between Orgs 1 and 2 will not be sufficient for Org 2's chosen CNSP who is obliged to ensure that its customers have signed a Connection Agreement before delivering a live service.
Figure 3. Scenario 126.96.36.199
Information Governance and data security
A Data Security and Protection Toolkit (DSPT) or an Information Governance Toolkit (IGT) is no longer a requirement to access HSCN.
However, all organisations that process health and care data are still required to meet the requirements of the DSPT and to provide evidence for this through an annual submission. This means that a current IGT or a DSPT is still required to access our national applications such as the NHS e-Referral Service (ERS), Personal Demographics Service (PDS) and Secondary Uses Service (SUS).
The DSPT is the successor framework to the IGT.
More information can be found at https://www.dsptoolkit.nhs.uk