NHS Digital approvals
1. All end users wishing to connect must undergo PDS Access Request scrutiny to establish whether the purpose for which the data is required represents a legal basis for NHS Digital sharing that data with the organisation. The system and setting in which the data will be used are also assessed to ensure that Information Security and business process requirements are complied with.
These assessments together represent the usage and settings approval process that is owned by NHS Digital Information Asset Owner for PDS. There are clear escalation points to Senior Information Responsible Owner (SIRO) and IGARD (Independent Group Advising on the Release of Data) if needed. If there is a need for a Data Sharing Framework Contract (DSFC) and Data Sharing Agreement (DSA) between NHS Digital and the requesting organisation, these will also be established in this stage.
Suppliers (or developers) must undergo the Technical Conformance process to achieve Interoperability Toolkit (ITK) Conformance for their product. The purpose of ITK Conformance is for NHS Digital to validate that the specifications and technical guidance have been adhered to and that the developed product (Client) is both compliant and fit for purpose. Developers will have access to a Toolkit Workbench and a Path to Live test environment through which simple tests are carried out, to provide the required evidence to NHS Digital.
Successful testing results in an ITK Conformance certificate that authorises the supplier to provide (End User) access to the SMS Client. Once ITK Conformance is complete, the Supplier is listed in the catalogue against their ITK conformant product (Client). A Supplier can obtain the certificate without deploying the Client to an End User. When a new End User is identified, the Usage and Settings approval must be obtained but as long as there have been no changes to the Client, the certificate remains valid for subsequent deployments.
Last edited: 2 August 2019 1:05 pm