We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
We ensure the health and social care products under NHS Digital’s remit are delivered from a programme environment into an operational environment, where they can be managed on a day to day basis in line with agreed product roadmaps and strategies.
At the appropriate point in a programme's delivery the run and maintain elements of a service are transitioned into operations.
The operations function aims to bring efficiencies and economies of scale by taking products into a maintenance and improvement environment, right through to product retirement. It aims to standardise the management of products which the NHS and NHS IT suppliers interface in a controlled and secure manner.
What we do
Known as business as usual (BAU) operations, or Ops, we support the ‘maintain’ aspects of live service management. We work with three main parties:
- NHS Digital, (this includes programmes, projects, subject matter experts and directorates)
- our technology partners, such as third-party system developers and suppliers and NHS Digital development teams
- Health and Social Care (HSC) organisations
Our two core roles are transition and BAU operations.
The primary role of the operations function is to provide a permanent home for products and services after they have been developed by programmes, projects or development teams and are ready to be made available to our external customers. Moving home involves a process called transition (to ops).
Our second role is to put products, services and applications in the hands of health and care professionals, “to transform the NHS and social care”. There are various ‘BAU operations’ processes to achieve this, depending on the type of data or service and the external organisations involved. These include the following processes.
This process involves providing the technology partner with access to an NHS Digital dataset or service that they will often integrate with their HSC applications or systems. The onboarding process has a risk management and assurance focus to ensure that we, our technology partners and HSC organisations take appropriate responsibility for using data safely to provide health and care services.
Once a product, service or application is being used by an HSC organisation, the operations function continues to monitor technology partners and the deploying organisation for compliance with relevant requirements and standards (these vary with the data, product or service). As with the onboarding process, the emphasis is upon self-assurance by our partners and deploying organisations, but the operations function provides an oversight and governance role.
As the demand on NHS Digital’s services changes, our products, services and applications need to evolve to meet those changing demands. Our product management role is to assess changes and developments and implement them based on impact and urgency. These changes may be mandated, imposed due to statutory changes or needed to improve functionality.
What is Onboarding?
Onboarding is NHS Digital’s process for allowing ‘Connecting Systems’ to integrate with National Services. Connecting Systems are developed by technology partners to provide healthcare organisations and individuals with access to National Services, in support of the provision of direct care.
Which Services does it apply to?
The NHS Digital Services and APIs that currently follow the Onboarding process include:
- Spine Mini Service Provider for Personal Demographics Service (SMSP-PDS)
- Electronic Referrals Service (e-RS)
- Electronic Prescription Service (EPS) Prescription Tracker
- GP Connect capabilities e.g. HTML and Appointments
- NHS login
- NHS App
What is the purpose of the Onboarding process?
The Onboarding process is risk-based and:
- assesses the technical conformance of the Connecting System with the integration standards and requirements of the Service
- requires self-declared compliance with specified standards for data protection, clinical safety, information governance and security.
The aim of the Onboarding process is for all parties to work together to ensure the safe and secure transmission and/or sharing of data for healthcare purposes.
Who is involved in Onboarding?
The parties involved are:
- NHS Digital: the owner of the National Service.
- Connecting Party: an individual or organisation that develops, owns, and maintains the Connecting System that connects to one or more National Service(s). The term partner or supplier is also used.
- End User Organisation: the recipient or commissioning body wishing to use or commission a Connecting System to access National Service(s). The End User Organisation often represents individual end users e.g. healthcare professionals or patients.
What are the main documents used during Onboarding?
All parties have responsibilities and obligations for Information Governance, Data Protection, Information Security, clinical risk management and incident management. These are outlined in the following:
Each National Service also has a web page or portal, that contains the technical, functional, and non-functional standards and requirements that a Connecting System must meet in order to integrate to the National Service.
Finally, there is a Supplier Conformance Assessment List (SCAL), currently presented as a workbook. This is completed by the Connecting Party to create a record of the technical conformance of its Connecting System with the technical requirements of the National Service being integrated. It also contains declarations of organisational compliance with standards, regulations, and policies.
Examples of all documents are provided below are for information only. When you begin the Onboarding process for a National Service, you will be guided how to complete these documents.
- Supplier Conformance Assessment List (SCAL): completed by the Connecting Party during as a record of technical conformance
- Connection Agreement: signed by the Connecting Party each time a National Service is integrated with its Connecting System.
- Appendix 1A: End User Organisation Acceptable Use Policy (AUP) to be shared with all End User Organisations by the Connecting Party.
- Appendix 2A: Data Processing Form for the Connecting Party to detail the processing to be performed.
Special Terms for data protection relationships
The following Appendices will apply depending on the data protection relationships for the Service and parties involved:
Appendix 2B: Connecting Party as the Processor where NHS Digital is Controller e.g. where NHS Digital has a direction for a programme and the Connecting Party is a private sector supplier providing services pursuant to that programme.
Appendix 2C: Data protection relationship between Connecting Party and End User Organisation(s) e.g. where the Connecting Party is a processor to the End User Organisation but there is no data protection relationship between NHS Digital and the Connecting Party.
Appendix 2D: Connecting Party as Controller (Independently or Jointly with others) e.g. where Connecting Party is an NHS entity, and is a controller jointly with other NHS entities.
Appendix 2E: Connecting Party as Joint Controller with NHS Digital; NHS Digital lead on activity.
Appendix 2F: Connecting Party as Joint Controller with NHS Digital; Connecting Party as lead on activity e.g. when the Connecting Party is an NHS entity and working jointly with NHS Digital who has a direction in relation to the data, and there is a joint purpose or means in relation to the delivery of the programme.