The strategic direction across UK Government has been Cloud First since 2013. This requires public sector organisations to consider and fully evaluate cloud solutions first before considering other options.
The Government Digital Services Technology Leaders Network reviewed the positioning of centralised private networks in January 2017 and confirmed that, for the vast majority of public services, the internet is OK. They say that new services should be made available on the internet, secured appropriately using the best available standards-based approaches. When we are updating or changing services, we should take the opportunity to move them to the internet. The Government Transformation Strategy February 2017 extended the digital agenda from the citizen to maximising the benefit of collaboration and flexibility across departments and government bodies.
In October 2018 the Secretary of State stated that online services, basic IT and clinical tools are far behind where it needs to be and that "We need to take a radical new approach to technology across the system and stop the narrative that it’s too difficult to do it right in health and social care" in his Vision for digital, data and technology in health and social care.
In line with the government strategic direction NHS Digital implemented an Internet First policy in March 2018. It sets the principle that all new externally accessible digital services provided by NHS Digital should be internet facing by default and for existing digital services to remediate at the earliest opportunity. The Secretary of State vision is for everyone to have access to digital health and social care services. To achieve this, the Internet First policy has been extended to become the Internet First policy and guidance.
Making digital services available over the public internet supports the requirements for health and social care professionals to work flexibly from a variety of locations, using a range of access methods. This will reduce complexity and cost for many organisations, particularly for small health and social care providers.
The policy is fully aligned to the Secretary of State aspirations and to the NHS Long Term Plan's objectives to increase productivity of NHS Staff and deliver digitally enabled care. This Internet First policy and guidance supports the strategy and governance to remove the reliance of health and social care digital services on a central private network.
Internet First definition
Internet First means that externally accessible health and social care digital services must be securely accessible over the public internet by default. This requires:
- health and social care organisations to have sufficiently scaled and functional Internet connectivity to support the needs of the organisation in consuming and where applicable providing internet hosted services
- IT service providers to offer suitable secure user access to externally accessible systems and services over the internet
- IT service providers to offer suitable secure application interfaces to externally accessible system and services over the internet
- digital services to be accessible over the internet at the earliest opportunity
HSCN has been designed to support the transition from private to public networking from the outset.
The public internet is that part of the internet that is open access to all consumers (for example, clinicians and citizens) regardless of the provider or location. However, user registration or password is usually required for the consumer to gain access.
Internet First applies to digital services
Digital services are the systems, applications and services used by healthcare professionals who require them to be externally accessible. It means going beyond being an on-premise service, accessible only on a local area network.
The network policy in health and care is that all digital services should use the internet to communicate unless they have specific (exceptional) needs that the internet cannot meet. However, many digital services will be affected. Priority should be given to those digital services that have significant numbers of users or which other digital service providers use to deliver complementary services. For example; digital services accessed for patient care, used by health and social care staff, authenticating users of a service, or structured/unstructured messaging.
Digital services that will be retired or replaced prior to March 2021 are out of scope of the policy and guidance.
This document should be used by:
NHS Digital – for anyone involved in the governance, commissioning, design, development or delivery of health and social care IT systems and applications.
Health and social care organisations – for anyone involved in the governance, commissioning, design, development or delivery of health and social care IT systems and applications.
Third-party providers – for anyone involved in the governance, commissioning, design, development or delivery of third-party health and social care IT systems, services and applications.