API Acceptable use policy

• all organisations who use DoS, including those who access and consume data via a third-party product or service, known as an ‘End User Organisation’
• all individuals accessing DoS via a third-party product or service pursuant or employed by an End User Organisation, known as ‘Individual End Users’

End User Organisations have a web service account and individual end users have a user account, which is subject to regional authorisation.

While we’ve done our best to make this AUP complete, readable, and understandable, you may still have additional questions.

For further details email [email protected] or call 0300 303 4034.

Permitted uses of DoS  

The DoS is only for use for geographic searches within England, in support of the provision of direct care (meaning a clinical, social or public health activity concerned with the prevention, investigation and treatment of illness and the alleviation of suffering from individuals. It does not include activities that contribute to the overall provision of services to a population as a whole or a group of patients, as more particularly described in the most up-to-date published guidance of the National Data Guardian).

You are not allowed to sell, manipulate, or otherwise distribute DoS data for any purpose beyond supporting the provision of direct care.   

As an Individual End User, you must only use DoS in the performance of your professional role and as instructed by your employer.  

The DoS is provided on an "as is" and "as available" basis without (to the extent permitted by law) any warranty or representation of any kind, either express or implied (including the implied warranties of merchantability and fitness for a particular purpose).

Be responsible when displaying information publicly

Not all service information in DoS is appropriate for displaying directly to the public - many services are only available via professional referral routes and are not appropriate for self-referral by a member of the public. The information you display to the public could influence decision-making which could introduce an amount of clinical responsibility and risk on your part.  

If you are planning to present DoS information directly to the public, you must ensure patient safety is NOT compromised through the use of this API or the presentation of the data – responsibility for clinical assurance will sit with you.

Keep data fresh

You must not cache or otherwise store DoS service information. You should always retrieve the most recent information available via the DoS at the point it is required.  

Don't crawl the API  

You are not allowed to systematically crawl the DoS. Any activity resembling crawling will be monitored, investigated, and could lead to your DoS access being suspended or revoked.

You may stop using the DoS at any time.  

If you have not used the DoS (as evidenced by the activity logs we hold) for a period of six months or longer, we will terminate your access. This applies to Individual End User accounts, and to integrated web service accounts if no individual associated with an End User Organisation has used the DoS.  

Once usage has been ceased, all data originating from the DoS will be out-of-date and must not be used in any setting.  

If you wish to re-access the DoS services, you will need to undertake the onboarding process again.  

To protect the availability of the DoS as a shared resource for the delivery of health and social care services in England, we reserve the right to:  

• modify the DoS 

• refuse access to the DoS

• restrict or modify access to the DoS  

• suspend access to the DoS

We reserve the right, but do not assume the obligation, to investigate any violation of this AUP or misuse of the DoS.

You accept that NHS England may request evidence of continuing compliance with this AUP, and may request copies of documentation, design, and relevant external certifications, and you shall co-operate, provide all relevant assistance, and fulfil such requests within the timescales requested, provided the requests and timescales are reasonable.  

We may report any activity that we suspect violates any law or regulation to the appropriate law enforcement officials, regulators, or other appropriate third parties. Our reporting may include disclosing appropriate information about you, your users or your organisation.  

We may, where required, cooperate with appropriate law enforcement agencies, regulators, or other appropriate third parties to help with the investigation and prosecution of illegal conduct by providing network and systems information related to alleged violations of this AUP.

If we believe that your activity is non-compliant with this AUP we will perform the following steps:

1. Perform an impact assessment to decide the level of risk posed by your activity.  
2. Where we identify a significant risk to the DoS or wider NHS systems as a result of your usage, our priority will be to protect the DoS or wider NHS systems, and we may immediately suspend your access without prior notice.  
3. Where we do not feel that your usage poses an immediate risk, we will contact you to discuss your usage to agree a way forward, advising of our intention to suspend your access if the usage is not made compliant within a reasonable timeframe.

The DoS provides access to information about NHS services, which can include service contact information and information about the level and types of service provided. This may constitute personal data of staff or care providers but does not include any special category data.

See the privacy notice for more details. 

Approved API consumers, and a summary of their use cases will be published publicly. If there is a reason that you feel your use of the API should not be publicly reflected on this list, you must discuss with NHS England prior to commencing use.