Part of Data Protection Impact Assessment Direct Care APIs (GP Connect)

Nature and scope of the processing

GP Connect has components which enable interoperability between GP clinical systems and other consumer care setting systems.

The components comprise a set of standardised, non-proprietary APIs used by all provider systems. The capabilities provided via these APIs are:

GP Connect: Access Record (HTML) – enables a read-only view of a full patient’s record to health and care staff directly involved with their care
GP Connect: Access Record (Structured) – a coded, machine-readable export of a patient’s record
Update Record – care staff can write back and update the patient record held by the GP
Access Document – health and care staff (using consumer supplier systems) can access a document which is part of a patient record as held in the provider supplier system
Send Document - care staff (using consumer supplier systems) can access a document which is part of a patient record as held in the provider supplier system
Appointment booking - care staff (using consumer supplier system) book an appointment for a patient whose record is held on the provider supplier system
Patient Facing Services – this enables parts of the GP record to surface in the NHS App

Central (NHS England) Spine-based ‘middleware’ the Spine Secure Proxy, SSP

This component provides security and message validation functionality for NHS England, enabling more open, generic interfaces and appropriate controls to be put in place.

Central (NHS England) Spine-based ‘middleware’ Message Exchange for Social Care and Health (MESH)

This is the main messaging service used across health and social care. It is used to transfer electronic messages directly from one clinical system to another, so different organisations can communicate securely.

A Data Sharing Configuration File Rule Builder Tool

This tool was originally used to manage point to point data sharing but has now been set to allow data to potentially flow between all organisations with a whitelisted arrangement to support national data sharing.

The GP Connect service also has the following non-technical components.

A commercial framework which allows suppliers to use the standard interfaces.

An onboarding process, which provides:

a developer portal which contains the technical guidance, documentation and tools required for easy development using GP Connect
an end user organisation portal which contains the guidance and the declaration needed for commissioning or end user organisations to commission GP Connect capabilities to be implemented in their area or organisation
conformance and assurance processes, including engagement with commissioning organisations to enable end-user organisations to commission GP Connect capabilities to be implemented in their area or organisation
a national data sharing agreement is part of the commercial framework and lays out the responsibilities of end user organisations and NHS England’s role in supporting the service

Ongoing API platform management

Information governance components will need to be aligned as required to any evolving solutions designed to meet broader strategic objectives for interoperability.

National data sharing arrangement

To which all providers and consumers accede.

GP Connect actors

This table describes the actors (human, organisational and system) involved in the deployment and use of the GP Connect service, and their role.

View the table

What/who	Role
Healthcare organisation	May be a commissioning organisation, a consumer organisation or provider organisation
End User Organisation (EUO)	An organisation which has an enabled provider or consumer GP Connect system. An end user organisation can be: An organisation deploying the GP Connect-enabled consumer system to access GP Connect services. Or the patient’s current, registered GP practice, or other appointment-hosting practice that holds the patient’s record and which is responsible for patient information shared via the GP Connect Services
Consumer system	The technically conformant and commissioned (deploying) system that is consuming data via the GP Connect
Commissioning organisation	The organisation with overall responsibility for the deployment by: either commissioning the development of a GP Connect-enabled consumer system or leading the deployment of GP Connect capabilities within a group of deploying organisations
Provider systems	The principal clinical system providing the data in response to a SSP validated request for patient data, currently this is the patient’s registered practice system
API Interactions	These implement the capabilities being delivered by GP Connect
Personal Demographics Service (PDS)	All GP Connect consumer systems must use PDS to obtain a patient’s NHS number, date of birth and registered practice
Spine Directory Service (SDS)	All GP Connect consumer systems must use SDS to obtain details about the target GP provider organisation
Spine Secure Proxy (SSP)	The Spine component controlling access and validating the API interactions for information requests to the provider systems
The Message Exchange for Social Care and Health (MESH)	The Spine component which is used to transfer electronic messages directly from one clinical system to another
Developer Portal (currently hosted on the Developer Network)	Externally facing resource available to suppliers that supports: principal system suppliers to develop and test in an unsupported, independent environment. consumer system suppliers to develop and test in an unsupported, independent environment the assurance and accreditation processes carried out by NHS England Solutions Assurance team
Supplier Conformance Assessment List (SCAL)	Collates consumer suppliers’ evidence of the technical conformance of their systems to the GP Connect specification
End User Organisation Onboarding Portal	The provision of an End User Organisation Onboarding Portal where commissioning organisations can commission GP Connect capabilities via a self-serve process
End User Organisation Declaration (‘Declaration’)	The declaration is hosted on the Portal and is an online form which requires a Commissioning organisation or an end user organisation to confirm their compliance to NHS England requirements. Once submitted the declaration and end user organisation terms forms part of the agreement between NHS England and the EUO(s).
National Data Sharing Arrangement	A unilateral statement of assurance that all providers and consumer agree to abide by in terms of responsibilities and obligations.
Sender	The sender of the messaging capability via MESH
Receiver	The recipient of the messaging capability via MESH

NHS England responsibilities in the context of GP Connect

NHS England was directed by the Department of Health and Social Care under Section 254 of the Health and Social Care Act 2012 to establish and operate the GP Connect Service. The signed Direction is available.

To comply with the Direction, NHS England is responsible for establishing and maintaining a service which enables interoperability between GP IT systems.

For NHS England to support the GP Connect service, audit data about the message transactions is collected, which is used for operational support by service management. NHS England is the data controller for the message audit data collected on Spine. The patient information contained within the messages is not collected or stored by NHS England.

In summary, NHS England are responsible for the following

the development and upkeep of the API specifications which are clinically safe and set out clearly to explain how the suppliers should develop their products
the review of test evidence from the consumer suppliers to assess the technical conformance of a consumer system’s use of the APIs, including the review of test evidence of information security controls
assuring that provider systems are meeting the necessary information governance and information security requirements. The DSPT is completed which provides a common confidentially and security tool for all GPS and NHS care providers
the development and maintenance of self-service assurance (currently the Supplier Conformance Assessment List – shortened to the SCAL) and onboarding materials for consumer suppliers
assuring the SCAL for completeness; this includes the necessary framework requirements, for example usage and settings statement, Clinical safety requirements, Information governance requirements
obtaining confirmation from lead end user organisation or commissioning organisation that there are appropriate IG arrangements in place
the programme will continue to support how data sharing arrangements can be made visible to end users, a portal and data sharing agreement is being prepared
mitigation and management of the information security risks incurred by Spine processing - these are found in IAR000144 Spine Core DPIA
the safe and responsible use and storage of SSP audit data
the safe and responsible use and storage of MESH audit data
the validation of legitimate requests to the SSP for the use of GP Connect services
ensuring the secure, accurate and safe transfer of messages containing patient data while it traverses Spine (NOTE: the patient data contained within GP Connect messages is not collected or stored by NHS England). Dealing with incidents when users are reported to be using the service inappropriately
notification to relevant Stakeholders (such as, NHS England, Department of Health and Social Care, the Provider organisation and the Consumer Organisation) if there is a data breach that occurs during the processing of data over Spine. This is fulfilled by the Spine Core System Level Security Policy (SLSP)

It is the legal responsibility of each data controller in whatever capacity of provider or consumer, who are a user of the GP Connect Service, to assess and manage data protection risks.

Last edited: 19 March 2025 10:49 am

Nature and scope of the processing