-
Notifications
You must be signed in to change notification settings - Fork 4
Assurance process overview
For each of the GP Connect products, there is an assurance approach tailored to ensure that the APIs are safe for use by NHS healthcare staff. Click on the links below to find the assurance approach for the products you are developing.
-
Access Record: Structured assurance (External link)
-
Access Document assurance (External link)
Prior to starting any of the assurance processes or development of the products, it is essential that you read and understand the following information.
It is important to develop your product in accordance with the relevant GP Connect product specification. Supporting materials are available with our specifications.
As our products evolve, our specifications may change to reflect this. Please ensure that you're always developing to the latest GP Connect specifications as not doing so may affect the ability to achieve technical conformance.
GP Connect doesn't mandate the use of smartcards, although these can be used if required.
However, GP Connect does require suppliers to implement local role-based access control (RBAC) to ensure that only appropriate individuals are able to access patient information.
The documents below give further information on this requirement:
The GP Connect Consumer Supplier Test Assurance for achieving Technical Conformance document sets out the different assurance requirements you will need to follow based on the GP Connect prerequisites (for example, PDS) that you may or may not have in place.
The intended audience for this document is the technical development team who would need details of the test tools, test environments, and the test routes for achieving technical conformance.
It's really important at this stage that you familiarise yourself with the document and identify which test route to follow.
GP Connect API is an FHIR® based API for communicating with GP IT systems. To help you develop your consumer system, GP Connect has a demonstrator for each capability. There is a maximum of three testing environments that consumers will need to test in to achieve technical conformance. Each gate of the process has a different environment to test different requirements. Further information is included under each gate.
For further information, please see Path to Live environments.
As you develop your consumer supplier system it is important to consider how your consumer system will interact with GP Connect. The specification pages below contain important information on consumer topologies and explain which organisations need ASIDS and party keys. Please review this information before you develop your product.
Note: GP Connect consumer supplier systems must have a unique ASID per organisation using the consumer system. Where GP Connect consumer applications are hosted or provisioned by another organisation, the ASID sent in the Ssp-From header and the requesting_organization resource sent in the JWT must reflect the organisation from where the request originated, rather than the hosting organisation.
The SCAL is the document that contains all of the functional and non-functional requirements that need to be met in order to achieve technical conformance. The SCAL is used to onboard many NHS England products, so you may already have a working SCAL from another integration.
The SCAL is used throughout the whole of the assurance process and certain requirements need to be met at certain Gates. This is identified in the SCAL.
Against each requirement in the SCAL, we will expect an explanation of compliance or submission of supporting evidence. For evidence, consumers will be expected to run the relevant test script which will enable them to demonstrate this. Evidence should be submitted in the form of screenshots and/or requests and responses. The SCAL and evidence will be subject to review and sign-off by Solutions Assurance and any relevant subject matter experts (SMEs) before you can progress to the next Gate.
The SCAL is subject to a 10 working day review SLA. However, this may increase if we're experiencing a large number of SCALs being submitted. It is important to complete the document correctly and with as much detail as you can, as this will help reduce the number of reviews required for each Gate.
A copy of the SCAL and further guidance on how to complete it will be provided by a member of the GP Connect Assurance Team.
For the SCAL requirements, there is an associated test patient and test script accompanied with a test ID which then can be referenced from the test scripts below:
As part of accepting the consumer supplier system, the consumer organisation must comply with clinical risk management standards DCB0129 and DCB0160, and assess the system's clinical safety. As part of the obligation to comply with DCB0129 and DCB0160, the consumer organisation should appoint a clinical safety officer (CSO) who must:
- review the consumer supplier's clinical safety case report and hazard log and have accepted and mitigated any relevant clinical risks
- establish their own clinical safety case report and hazard log in readiness for the implementation of GP Connect, making sure any relevant clinical risks and mitigations passed from the supplier have been included
Read more about clinical safety and the hazard log.