Skip to main content

Operations

The Operations team is responsible for the ongoing maintenance and support of operational services.

Page contents

We ensure the health and social care products under NHS England's remit are delivered from a programme environment into an operational environment, where they can be managed on a day to day basis in line with agreed product roadmaps and strategies.

At the appropriate point in a programme's delivery the run and maintain elements of a service are transitioned into operations. 

IT Operations aims to bring efficiencies and economies of scale by taking products into a maintenance and improvement environment, right through to product retirement. It aims to standardise the management of products which the NHS and NHS IT suppliers interface in a controlled and secure manner.

What we do

As IT operations, we support the maintain aspects of live service management. We work with three main parties: 

  • NHS England, (this includes programmes, projects, subject matter experts and directorates)
  • our technology partners, such as third-party system developers and suppliers and NHS England development teams
  • health and social care organisations 

Our two core roles are transition and business as usual operations. 

The primary role of the operations function is to provide a permanent home for products and services after they have been developed by programmes, projects or development teams and are ready to be made available to our external customers. Moving home involves a process called transition (to ops).  

Our second role is to put products, services and applications in the hands of health and care professionals, 'to transform the NHS and social care'. There are various business as usual operations processes to achieve this, depending on the type of data or service and the external organisations involved. These include the following processes.

Onboarding

This process involves a technology partner requesting access to an NHS England dataset or service so that they can integrate it with their health and social care application or system. The onboarding process has a risk management and assurance focus to ensure that we, our partners and health and social care organisations take appropriate responsibility for using data safely to provide health and social care services.

Monitoring

Once an NHS England product, service or application is being used by an health and social care organisation, IT operations continues to monitor partners and the organisations using their products, for compliance with core requirements, standards and specifications (these vary with the data, product or service and cover technical/functional, clinical safety, information governance and security). As with the onboarding process, the emphasis is upon self-assurance by our partners and deploying organisations.  IT Operations provides an oversight and governance role.

Product management

As the demand on NHS England’s services changes, our products, services and applications need to evolve to meet those changing demands. Our product management role is to assess changes and developments and implement them based on impact and urgency. These changes may be mandated or imposed because of statutory changes or needed to improve functionality.

Onboarding

Onboarding is NHS England's process for allowing connecting systems to integrate with national services. Connecting systems are developed by technology partners to provide healthcare organisations and individuals with access to national services, in support of the provision of direct care.

There are three main approaches to onboarding and NHS England is working towards standardising these. GPIT, IM1 and full integration approaches are separate to the following self-declared compliance approach, which uses a Supplier Conformance Assessment List (SCAL) and Connection Agreement (CA). We are currently digitalising the SCAL onto the Digital Onboarding Service. We reference the SCAL documentation as conformance documentation within the connection agreement.  

The NHS England services and APIs that currently follow this onboarding approach include:
The following trusts
  • Ambulance Data Submission - FHIR API
  • Booking and Referral Standard (BARS) 
  • Care Identity Service 2 (CIS2) - formerly NHS Identity 
  • Child Protection Information Sharing (CP-IS)
  • Directory of Services - Urgent and Emergency Care - REST API

  • Directory of Services - Urgent and Emergency Care - SOAP API

  • Electronic Prescription Service (EPS) Prescription Tracker API
  • Electronic Prescription Service (EPS) HL7 and FHIR APIs
  • Electronic Prescription Service (EPS) Prescriptions for Patients FHIR API
  • Electronic Prescription Service (EPS) Prescription Status Update FHIR API
  • Electronic Referrals Service APIs (e-RS)
  • GP Connect Products such as Access Document, Access Record: HTML and Structured, Appointment Management,  Send Document and Update Record.

  • Healthcare Worker API

  • Immunisation History - FHIR API (Application & User Restricted Access for COVID19 and FLU vaccination history)

  • Immunisation FHIR API - consumer (Application restricted and User Restricted (CIS2))

  • Immunisation FHIR API - provider (Application restricted and User Restricted (CIS2))

  • Message Exchange for Social Care and Health (MESH) API
  • National Care Record Service (NCRS) 
  • National Event Management Services (NEMS) with PDS data 
  • National Event Management Services with Digital Child Health (NEMS-DCH)
  • National Record Locator (NRL)
  • NHS App
  • NHS App Notification and Messaging
  • NHS login
  • NHS Notify
  • Patient Care Aggregator FHIR API (Appointments; Documents; Questionnaires & MIv2)
  • Patient Flag API – Female Genital Mutilation Digital Flag
  • PDS FHIR API (Application Restricted Access; Health Worker Access; Health Worker Access with Update; Patient Access)

  • Register with a GP Surgery API

  • Urgent and Emergency Care (UEC) Appointment Booking

  • Validated Relationship Service - FHIR API (Not Patient Facing)

The onboarding process

The onboarding process is risk-based and:

  • assesses the technical conformance of the connecting system with the integration standards and requirements of the service
  • requires self-declared compliance with specified standards for data protection, clinical safety, information governance and security

The aim of the onboarding process is for all parties to work together to ensure the safe and secure transmission and/or sharing of data for healthcare purposes.

The parties involved in onboarding are:

  • NHS England the owner of the national service
  • the connecting party an individual or organisation that develops, owns, and maintains the connecting system that connects to one or more national service or services - this is sometimes called a partner or supplier
  • the end user organisation, the recipient or commissioning body wishing to use or commission a connecting system to access a national service or services - the end user organisation often represents individual end users for example, healthcare professionals or patients

Each party is responsible for their own information governance, data protection, information security, clinical risk management and incident management. The connection agreement explains the responsibilities, obligations and terms of use and is signed by the connecting party. The end user acceptable use policy explains the responsibilities, obligations, and terms of use for every end user organisation. 

Each national service also has a web page or portal, that contains the technical, functional, and non-functional standards and requirements that a connecting system must meet to integrate to the national service. Search the API catalogue for more information.  

The SCAL (conformance documentation)

The Supplier Conformance Assessment List (SCAL) is currently presented as a workbook. This needs to be completed by the connecting party to create a record of the technical conformance of its connecting system with the technical requirements of the national service being integrated. It also contains declarations of organisational compliance with standards, regulations, and policies. 

We are in the process of digitising all our SCAL's using the Digital Onboarding Service. Once a developer account has been set up, the connecting party must register their organisation, to which they may register multiple products, each product may onboard with multiple APIs within the one record.

When an organisation, product and its associated APIs are added, the supplier will be presented with the appropriate question set for the APIs they are onboarding too and may commence completion of the assurance questions.

Users can upload documents and evidence as directed by the question sets and the onboarding teams. The NHS England will review, request more information, and approve the question sets.

This sample sets out the assurance questions that applies to all NHS England service listed to demonstrate that your organisation and product has processes in place to handle data securely, manage clinical risk and use our production environments. Each of the NHS England services will contain service specific technical conformance question which will be on the service specific SCAL.

The form includes a section for you to provide details about your organisation and product. For some APIs you must also demonstrate you are eligible or have an appropriate use case.

The end user organisation acceptable use policy (EUO AUP)

The end user organisaton acceptable use policy (EUO AUP) explains the responsibilities, obligations, and terms of use for every end user organisation. This may be updated from time to time. The latest copy is published below.

The connecting party shall incorporate or otherwise alert the end user organisations to the end user organisation AUP as updated and published on this web page.

If you are an end user organisation and have any questions about this End User Organisation AUP, please contact us by emailing  [email protected]

Connection agreement

As part of our ongoing efforts to improve our service and streamline our processes, we have moved to a fully digital system for managing connection agreements effective from 1 August 2025. This transition is being supported through our ServiceNow customer portal.   

If you have been issued with a connection agreement effective from 1 August 2025 the latest version of your connection agreement will be available on the customer portal.  The connection agreement is a downloadable document. 

Signatures have been replaced with an acceptance state of 'Active' and date 'Accepted on'  and will contain the registered onboarding contact name who has accepted the terms and conditions under 'Accepted by'.  

When your connection agreement is ready, you will receive an email notification issued from [email protected] containing a link to the customer portal. 

Connection agreement updates that generate an email notification are:  

  • new contract - contract awaiting acceptance containing new API products applicable or removal of some API Products previously applicable due to offboarding

  • new contract - contract awaiting acceptance containing existing API products applicable previously signed for v5 to uplift you to v6 which has been digitalised

  • terms change - new contract version because terms have been updated

  • contract termination - due to offboarding of all API products previously applicable

You must have a registered account to view the connection agreement through the customer portal.

If you do not have access to the portal learn how to to self register for an account.  Or read our Customer portal account guidance for more information on how to use the portal if you have registered. 

To accept the connection agreement, you must be registered with responsibility of 'Onboarding Contact' by completing the supplier onboarding contact nomination form.

You can find this on the customer portal by searching for supplier Onboarding Contact Nomination form. 

Once the form has been completed it will automatically update the user to be the onboarding contact. 

Digital Connection Agreement effective from 1 August 2025

You will only receive terms and conditions through the customer portal  that are applicable to the NHS England services and APIs your product has been through this onboarding approach.

This is an example connection agreement.

Further guidance can be found in the user guide for acceptance of a digitised connection agreement through the ServiceNow Customer Portal 

Connection Agreement before 1 August 2025

If you have if you have signed your connection agreement before 1 August 2025 The agreement version will be 5.22.

Change management

NHS England publish the latest versions of the digital connection agreement as a sample. Please note that this sample contains all NHS England services and APIs terms and conditions.

Details of change or version and effective from date for each change to the connection agreement and EUO AUP can be found in the connection agreement published changes.

If you have any questions about the published changes, contact [email protected].

Last edited: 13 August 2025 3:44 pm