Skip to main content

Compliance process

Connecting to PDS via SMSP is achieved by following the NHS Digital compliance process, which is made up of two NHS Digital approvals for usage and settings and technical conformance, along with an end user approval; depending on the scenario.  If the Client is to be deployed in an End User organisation the End User organisation must provide a final approval and confirm its readiness to accept the deployment.

The compliance process centres upon completion of the PDS Access Request Form and the Supplier Conformance Assessment List:

 

We have provided a diagram to show a summary of the compliance process and approval gateways.

Process flow diagram of spine compliance process

NHS Digital approvals

1. All end users wishing to connect must undergo PDS Access Request scrutiny to establish whether the purpose for which the data is required represents a legal basis for NHS Digital sharing that data with the organisation. The system and setting in which the data will be used are also assessed to ensure that Information Security and business process requirements are complied with.

These assessments together represent the usage and settings approval process that is owned by NHS Digital Information Asset Owner for PDS. There are clear escalation points to Senior Information Responsible Owner (SIRO) and IGARD (Independent Group Advising on the Release of Data) if needed. If there is a need for a Data Sharing Framework Contract (DSFC) and Data Sharing Agreement (DSA) between NHS Digital and the requesting organisation, these will also be established in this stage.

Suppliers (or developers) must undergo the Technical Conformance process to achieve Interoperability Toolkit (ITK) Conformance for their product. The purpose of ITK Conformance is for NHS Digital to validate that the specifications and technical guidance have been adhered to and that the developed product (Client) is both compliant and fit for purpose.  Developers will have access to a Toolkit Workbench and a Path to Live test environment through which simple tests are carried out, to provide the required evidence to NHS Digital.

Successful testing results in an ITK Conformance certificate that authorises the supplier to provide (End User) access to the SMS Client. Once ITK Conformance is complete, the Supplier is listed in the catalogue against their ITK conformant product (Client). A Supplier can obtain the certificate without deploying the Client to an End User. When a new End User is identified, the Usage and Settings approval must be obtained but as long as there have been no changes to the Client, the certificate remains valid for subsequent deployments.

Related pages

  1. internal

    Stage 1: Getting started quick start

    Enables a developer to become familiar with a typical journey that they will take to develop and deploy their solution in a live care setting.

Last edited: 2 August 2019 1:05 pm