The guidance below is intended to help you to understand the different types of Connection Agreement available and judge whether your organisation needs to sign a HSCN Connection Agreement.
The different kinds of Connection Agreement
There are three types of HSCN Connection Agreement:
- Standard - most HSCN users will sign this Connection Agreement
- Organisations representing other HSCN Consumers - such as CCGs representing GPs
- IT service providers - organisations acting as data processors
In addition, for each type there are "1 Part" and "2 Part" sub-types:
- The 1 Part Connection Agreement relates to the use of HSCN only.
- The 2 Part Connection Agreement relates to the use of both the Transition Network (formerly N3) and HSCN.
The combination of these three types and two sub-types means that there are six possible variations of the HSCN Connection Agreement.
The HSCN Portal will automatically present the correct type and sub-type for you to sign based on NHS Digital's understanding of your organisation. If for any reason you do not believe this is correct, please contact firstname.lastname@example.org to discuss this.
Important note: if your organisation currently uses the Transition Network (formerly N3) then you need to sign a 2 Part Connection Agreement as soon as possible regardless of your HSCN migration plans/timelines.
Does my organisation need to sign a Connection Agreement?
All organisations using, or with access to HSCN will need to sign a Connection Agreement (subject to the "Shared Connection" scenario below).
Answer the questions presented in Figure 1 below to ascertain whether your organisation needs to sign a Connection Agreement. Further information regarding the "Shared Connection Scenario" is given in the following section.
Figure1. Connection Agreement Business Rules
The "Shared Connection Scenario" explained
If, for any reason, one or more other organisations use your HSCN connection, such as members of a community of interest network (CoIN), then you are responsible for ensuring that they are bound to the terms and conditions set out in the Connection Agreement. Clauses 220.127.116.11 and 18.104.22.168 in the Connection Agreement (paraphrased here) represent a choice that you can make about how to manage this:
- Ensure that any other organisations using your connection have signed the Connection Agreement (this is choice 22.214.171.124)
- Enter into a legally binding agreement with the organisations that use your connection with terms and conditions identical to those set out in the Connection Agreement (this is choice 126.96.36.199)
If you opt for 188.8.131.52 then the organisations using your connection do not need to sign a Connection Agreement. They will, however, need to enter into a legally binding agreement with your organisation which the HSCN Authority reserves the right to audit at any time.
Figure 2 below depicts a scenario in which an organisation has opted to follow clause 184.108.40.206. In this scenario an agreement exists between the HSCN Authority and both Org 1 and Org 2.
Figure 2, Scenario 220.127.116.11
Figure 3 below depicts a scenario in which an organisation has opted to follow clause 18.104.22.168. In that scenario an agreement exists between:
- The HSCN Authority and Org 1
- Org 1 and Org 2
The "local" agreement between Org 1 and Org 2 means that Org 2 does not need to enter directly into an agreement with the HSCN Authority i.e. by signing the HSCN Connection Agreement. The risks and responsibilities associated with this option are held by Org 1. If, in future, Org 2 wants to procure its own HSCN connection then it must sign an HSCN Connection Agreement. The "local" agreement between Orgs 1 and 2 will not be sufficient for Org 2's chosen CNSP who is obliged to ensure that its customers have signed a Connection Agreement before delivering a live service.
Figure 3. Scenario 22.214.171.124
Information Governance and data security
A current Information Governance Toolkit (IGT) is no longer a requirement to access HSCN. However, all organisations that handle patient data are still required to meet the requirements of the IGT and to provide evidence for this through an annual submission. This means that a current IGT is still required to access NHS Digital's National Applications such as NHS e-Referral Service (ERS), Personal Demographics Service (PDS) and Secondary Uses Service (SUS).
There's currently a programme of work underway to update the IGT. This will increase its relevance for senior managers and its accessibility for small organisations.
The updates will:
- focus on the new data security standards recommended by the National Data Guardian
- increase the focus on timely reporting of incidents
- reduce administrative burden on NHS organisations
More information can be found at https://www.igt.hscic.gov.uk/.