NHS Digital has published a standards framework for the NHS, which all health and care organisations – as well as suppliers – will have to adopt.
The framework, which was published alongside health and social care secretary Matt Hancock’s technology vision for the NHS, sets out both current and future standards requirements.
Although most of the standards in the framework aren’t necessarily new, they are “intended to be a clear articulation of what matters the most in our standards agenda, and is accompanied by a renewed commitment to their implementation,” said NHS Digital CEO Sarah Wilkinson in the framework’s foreword.
Most of the standards in the framework, which is currently in beta form and out for consultation, are based in international ones, however some are specialised for the NHS.
This includes using the NHS number as a primary identifier – a standard which has been in place for a long time, but has had mixed results in uptake. The framework said the standard “is live now and should be adhered to in full immediately”.
Identity and security
The framework also highlights use of the NHS Citizen ID platform, which aims to be the standard way for patients to prove who they are when accessing NHS services and records online. The identity assurance platform is currently being trialled.
“In the future, all NHS systems used by patients should check personal details using the ‘NHS Login’ system,” the framework said, adding that systems used by NHS staff “must check that staff are authenticated and authorised using the NHS identity platform”.
“These two systems will ensure that only approved and authorised people can view sensitive or confidential data, making patient data safer, and making systems easier to use,” it said.
Once the two identity programmes are fully operational, the standard will be a requirement, which “must be adhered to”.
NHS organisations also have to follow the 10-point data security model set out by national guardian for health and care Fiona Caldicott.
There are also specific standards for a range of topics, including data sharing, cloud services, clinical coding and the use of application programming interfaces (APIs).
Health secretary Matt Hancock said the framework, together with his tech vision, will drive the government’s goal of making the NHS the “most advanced health and care system in the world” through modern technology architecture, a focus on user needs, privacy and security, interoperability and inclusion.
“All new IT systems purchased by the NHS will be required to meet the standards we set out and, in time, existing services will need to be upgraded to meet these standards,” Hancock said in his vision.
However, as revealed by Computer Weekly in an exclusive interview with Hancock, NHS organisations won’t be given any extra funding to ensure they are up to scratch with the new requirements.
Read more about NHS IT
- Department for Health and Social Care estimates the immediate cost of the May 2017 WannaCry attack on the NHS was £92m, and says it will have spent about £275m on improvements to its cyber security infrastructure by the end of 2021.
- Government will mandate national open standards for the NHS and tech suppliers, build a health and caretech ecosystem and give local NHS organisations more flexibility in how and what tech they buy.
- Great Ormond Street Hospital’s Drive research unit is dedicated to bringing the latest technological developments into healthcare.