Skip to main content

Internet First guidance

This guidance gives you the information you need to make sure your Digital Services meet the Internet First policy. 

Page contents

Terms we use

In this guidance, we use the following terms:

  • Digital Services - the term Digital Services covers any software or system used as part of your work to provide health and care
  • consumer - you are a consumer if your health and care organisation commissions, procures or uses Digital Services
  • supplier - you are a supplier if you design or provide Digital Services for health and care
  • must and should - when we talk about requirements or standards that you are legally required to meet, or that are compulsory, we say they must be met, and where we recommend requirements or standards, we say you should meet them

Information on Internet First

Find out about the Internet First policy and why it is important that health and care moves towards making Digital Services available over the public internet.

The case for Internet First

The benefits of making health and care services accessible over the public internet, and supporting government and NHS policy around Internet First.

Go to guidance on the case for Internet First

Internet First technical guidance

This guidance outlines the standards and requirements your Digital Services must and should meet, when they are being designed or remediated to be available over the public internet.

Suppliers must be aware of this guidance and design their Digital Services to meet the Internet First policy.

Consumers also need to understand it to ensure that the Digital Services they commission, procure or use meet the compulsory and recommended standards, and that this is supported by contract where appropriate.

The guidance brings together resources from NHS Digital, NHSX, the UK government and other relevant guidance.

Clinical standards

Our guidance on the clinical risks in the manufacture, deployment and use of clinical systems in health IT systems.

Go to clinical standards guidance

Technical standards

This guidance brings together clinical safety and technical design and implementation standards that have been written by central authorities within the NHS (NHSX and NHS Digital) and the UK government, for Digital Services in health and care.

Go to technical standards guidance

Network sizing and capacity guidance

Bandwidth demands increase as Digital Services are accessed over the internet. Organisations need to factor this into their network requirements, and suppliers need to consider the bandwidth demands of their Digital Services.

Go to network sizing and capacity guidance

IP, DNS and hosting guidance

Technical guidance on IP (Internet Protocol) addressing, Domain Name Systems (DNS) and hosting. Requirements are likely to change as Digital Services move to become available over the public internet. Consumers and suppliers need to consider these changing requirements.

Go to IP, DNS and hosting guidance

Cyber, information governance and data security guidance

Cyber and data security are crucial factors in providing services over the public internet. This guidance will help suppliers of Digital Services build secure services. Consumers must have a full understanding of the standards and requirements the Digital Services they use must meet.

Go to cyber, information governance and data security guidance

User accessibility

Find out about accessibility standards and requirements Digital Services must meet.

Go to accessibility guidance

User authentication

Options for authenticating that meet the Internet First policy.

Go to authentication guidance

Non-functional attributes

The design of all Digital Services in health and care should consider 9 key non-functional attributes. This guidance outlines these attributes and tells you where to get more information.

Go to non-functional attributes guidance

Last edited: 10 November 2020 4:20 pm