Does NHS Digital’s Internet First policy mean the end of HSCN?

Last week, NHS Digital issued new policy guidance on internet usage that, at first glance, appeared to herald the end of HSCN – but is that really the case?

The recently issued Internet First: policy and guidance from NHS Digital has been interpreted as meaning that the Health and Social Care Network (HSCN) is a temporary transition network residing in time between the N3 network and the internet.

I would like to add some perspective to the position. Across the public sector, the proposal to migrate services to the internet is accepted. HSCN, in many respects, is technology agnostic, with additional controls and service assurance that supports the NHS drive to digital, therefore we see the use of the internet as complementary, and not a radical change in direction.

The N3 network existed for 16 years, supplied by a single organisation. At the end of the contract, a transition arrangement was put into place allowing NHS users to transition to the HSCN. This network is built by multiple suppliers, of all sizes, working to a common set of obligations with a variety of connectivity options available.

This transition is still happening, with the first wave of connections having started at the end of 2018, following competitive procurements. During 2019, most of the N3 connections will be replaced by HSCN connections. The aim is that, by 2020, all connections will be on HSCN rather than N3. This activity sets the foundation going forward.

One interpretation is that the recent policy paper means that the 34,000 HSCN connections will be now replaced by internet connections. So have the procurements and investments by industry and consumers been a waste of time? No, but it does raise some interesting points that users and suppliers should consider.

In simple terms, what is the difference between HSCN and the internet?

First, we should take note that HSCN includes internet access. Indeed, HSCN does not state whether a private connection or internet connection is used to deliver services. It does, however, set out the “service management and commercial” surround on how a multi-supplier environment works to provide a suitable degree of assurance to end-users.

Within the HSCN environment, the technical topology can flex to suit the applications being consumed. At the moment, the way that applications have been delivered is centred around a private multiprotocol label switching (MPLS)-based wide area network (WAN). Therefore, HSCN must mimic that requirement.

However, as more applications become focused around a more open structure, HSCN has the ability to evolve to accommodate that capability. Indeed, a number of HSCN connections are provided down the same physical fibre connection to the premises that also delivers public internet access and the Public Service Network (PSN), as well as an organisational WAN.

With the growth of software-defined wide area networking (SD-WAN) capability, these different “networks” can be flexed dynamically depending on the application, availability, volume and security requirements.

More mobile workforce

The ubiquitous access offered by the internet is particularly attractive to a more mobile workforce. As patients increasingly adopt full-fibre broadband connectivity and with the dawn of 5G networks, it is likely that in five to six years’ time, health workers will have reliable remote connectivity to enable access to patient records, and much more. This will reduce time to update and file reports, and will potentially allow more data to be shared with more agency workers.

Similarly, the movement of private servers to public cloud providers such as Amazon, Microsoft and Google will hasten the adoption. We have seen a number of international healthcare application providers viewing the opportunity that the open HSCN market provides. The cost of porting an existing service into a UK instance of AWS or Azure and delivering to NHS users is almost negligible. The result will be cheaper and faster services using the latest technology.

When it comes to the choice to use a public internet or a private network connection, the answer depends on the business criticality of the connection. A private connection might appear to be the same as a public internet connection, but there is a big difference behind the scenes. The infrastructure is much the same, but differences arise in how the data is monitored and routed.

A private connection, such as an internet protocol virtual private network (IP-VPN) or SD-WAN, can be likened to a bus lane. The private connection has a dedicated routing through networks to ensure that bottlenecks are avoided, traffic is delivered, and the routing is known and monitored. Just like a bus lane where the segregation of traffic means that buses have a greater chance of keeping to the timetable, road sensors provide progress updates, which means that bus stops are not missed and journeys are not held up.

The internet is more like the public road. The traffic can be held up or slowed depending on the volume of traffic, the shortest route may not be taken, and detours and re-routing are common. Journey times can be a rough estimate, rather than fixed. The time of day can affect driving time significantly and it is likely that you don’t know where someone is on the journey.

Reliable network connections

Given the clear benefit of reliable network connections in pre-emptive healthcare scenarios – such as wearables for medical use – and the increasing move towards centralised cloud services, understanding the difference between a congested internet connection and a network service with guaranteed service-level agreements (SLAs) is crucial to the success of the digital vision.

This vision is also supported by both the guidance from the National Centre for Cyber Security (NCSC) and the Government Digital Service (GDS), where the needs of the application service are paramount in determining the assurances required.

In relation to interpretations of the NHS policy paper, we need to understand the context of time. Fully migrating into an “internet only” world would rely on all relevant applications being available on the internet. The NCSC suggests that an internet connection is an acceptable option, provided that the service is treated as untrusted and that additional security should be deployed to protect the data in transit.

Currently, the vast majority of applications that NHS workers would need to access are not internet-enabled, and do not yet have the application security recommended by the NCSC. Indeed, the estimate is that it could be well over seven years before those applications meet the standards published or are replaced.

Although there are pockets of NHS workers for whom this will be achievable much sooner because new applications are being deployed, there will need to be a greater focus and investment to shorten this gestation period. HSCN will therefore remain the prime choice for NHS consumers for some time yet.

It is also important to consider the cost. The recent procurements were benchmarked against standard internet connections and HSCN connections were 5-10% cheaper. Savings will typically be made through applications and more efficient work practices, rather than the connectivity.

The focus for NHS Digital should be enabling public-facing, internet-delivered front ends to their current applications, where appropriate. This will help realise health secretary Matt Hancock’s vision of an internet-based NHS complementing, not replacing, HSCN.

Read more on Telecoms networks and broadband communications

Data Center
Data Management