Skip to main content

Partner onboarding

We provide support to people building healthcare software wishing to integrate NHS England services into their clinical IT systems.

About this service

The Partner Onboarding Team help NHS organisations and 3rd party software developers ('partners') who wish to connect to our digital services via their clinical IT systems. We offer a single point of contact for guidance and assistance in our application programming interfaces (APIs) and services.

We can support you throughout the lifecycle of your integration with our services, from initial contact through to decommissioning, all the while ensuring connections are safe, secure, and that you have a legal basis to do so.

Before getting in touch, you should familiarise yourself with our developer and integration hub and how to get started with our APIs.


Benefits

The benefits of working with the Partner Onboarding Team include:

  • a more efficient onboarding process
  • a single point of contact for advice and support
  • guidance through the assurance and legal framework necessary to use our services

Who this service is for

NHS England runs and offers a wide range of services for the benefit of NHS primary and secondary care, social care and mental health services in England.

If your organisation is interested in using our APIs but need help getting started, the Partner Onboarding Team can help you. Our website contains a lot of information about our services and technical information about each API integration but, if you're still unsure as to how to proceed, we can guide you through the technical, assurance and legal steps required.



How this service works

Following an initial assessment of your needs, we will support you through the various onboarding activities and stages.

Assessment criteria

We will assess your product in 4 core areas. 

  1. Clinical safety - to ensure that clinical safety measures are in place and that organisations undertake clinical risk management activities to manage this risk.
  2. Data protection - to ensure that data protection and privacy is ‘by design’ and the rights of individuals are protected.
  3. Technical assurance - to ensure that products are secure and stable. Ensuring that data is communicated accurately and quickly whilst staying safe and secure.
  4. Information Security - products are assessed for vulnerabilities and mitigating actions taken to address.

Onboarding guidance

We can provide guidance and support in the following 3 areas.

Framework

You can integrate via the Service Conformance Assessment List (SCAL) framework.

The framework records your declarations of compliance against the healthcare system development standards and requirements. It captures details of how you manage risks and evidence of functional and non-functional assurance.

Assurance

All partners that connect to one of our APIs or services will be asked a standard set of common assurance questions. In addition, you will also be asked API specific assurance questions relating to the API/service to which you are onboarding.

You should make sure the product meets the required standards and the proposed use case meets the legal basis for using the service you are connecting to.

For some of our APIs, digital onboarding will be used for go-live approval. See further guidance and support on digital onboarding.

Legal agreements

All partners must sign a connection agreement (CA) before they can go-live with any of our APIs and services. The agreement contains the NHS England conditions of use, obligations and responsibilities that apply to the connecting partner. For IM1 APIs a Model Interface License (MIL) will be required prior to test activity.

View further information and a draft CA on our Operations page.

Partner changes

All partners who have completed our assurance process are obligated (as per connection agreement), to inform us of all changes. This includes but is not limited to:

  • the ownership and/or legal entity of your organisation, (such as change of name, registered company number or address)
  • the legal ownership of your product or what your product is called
  • the use case(s) for which you are accessing the NHS England API/Service you are connected too
  • the functionality of your product
  • how and where you or any processor (sub processor) store or process data
  • the named data controller or data processor
  • contact information for your organisation

Partners may inform us of changes via our portal (for further assistance on how to use the portal, please see guidance). The guidance provides instructions how to self-register for an account if you do not have access to the portal. 

Annual Requirements

Partners must maintain the standards of the Data Security and Protection Toolkit (DSPT) and must refresh their submission on an annual basis.


Contact us

To discuss your requirements in more detail, or to ask a question, please complete our enquiry form.


Further information

internal API and integration catalogue

These are the APIs and API standards which are currently available, or in development, from NHS England.

Last edited: 6 February 2025 10:57 am