We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
We have provided a diagram to show a summary of the compliance process and approval gateways.
NHS Digital approvals
1. All end users wishing to connect must undergo PDS Access Request scrutiny to establish whether the purpose for which the data is required represents a legal basis for NHS Digital sharing that data with the organisation. The system and setting in which the data will be used are also assessed to ensure that Information Security and business process requirements are complied with.
These assessments together represent the usage and settings approval process that is owned by NHS Digital Information Asset Owner for PDS. There are clear escalation points to Senior Information Responsible Owner (SIRO) and IGARD (Independent Group Advising on the Release of Data) if needed. If there is a need for a Data Sharing Framework Contract (DSFC) and Data Sharing Agreement (DSA) between NHS Digital and the requesting organisation, these will also be established in this stage.
Suppliers (or developers) must undergo the Technical Conformance process to achieve Interoperability Toolkit (ITK) Conformance for their product. The purpose of ITK Conformance is for NHS Digital to validate that the specifications and technical guidance have been adhered to and that the developed product (Client) is both compliant and fit for purpose. Developers will have access to a Toolkit Workbench and a Path to Live test environment through which simple tests are carried out, to provide the required evidence to NHS Digital.
Successful testing results in an ITK Conformance certificate that authorises the supplier to provide (End User) access to the SMS Client. Once ITK Conformance is complete, the Supplier is listed in the catalogue against their ITK conformant product (Client). A Supplier can obtain the certificate without deploying the Client to an End User. When a new End User is identified, the Usage and Settings approval must be obtained but as long as there have been no changes to the Client, the certificate remains valid for subsequent deployments.
Describes the NHS Digital self certification tool or Target Operating Model (TOM).
Enables a developer to become familiar with a typical journey that they will take to develop and deploy their solution in a live care setting.
The NHS Digital Spine Mini Service Provider (SMSP) lets health and social care providers access important information held on Spine. It aims to reduce the complexities around integration with the Spine.