Building an app

APPeal · 18 December 2024 17:32

Hi,

I am a GP considering building an app and I am a little confused about when and how to run a pilot in a GP - Do I get DTAC first? Do I need a DSPT from the outset? Who do I notify that I am running a pilot (or whose permission do I require?). Things around the topic do not seem very clear. Any help about the intricacies would be much appreciated.

navin.bose · 3 January 2025 10:20

Hi

Apologies for the delayed response to your query.

Building an APP and running a pilot in a GP setting involves understanding and planning around frameworks such as DTAC and the DSP Toolkit, both of which ensure that digital solutions meet NHS England’s standards for clinical safety, data protection, security, interoperability, and usability.

While a fully signed-off DTAC is not always required before a small-scale pilot, App developers should show that they can meet its criteria and ensure robust data governance, particularly if real patient data is used. This means aligning early with the DSP Toolkit, conducting a DPIA (Data Protection Impact Assessment) if necessary, and following clinical risk management standards (DCB0129 and DCB0160) if the app influences patient care or clinical decisions. More details at : https://digital.nhs.uk/services/clinical-safety/clinical-risk-management-standards

Before launching a pilot, it is essential to secure agreements with the GP practice or practices involved, check with local and regional bodies such as the ICB and NHS England (especially if the pilot requires use of national infrastructure), and document all aspects of clinical safety, risk management, and data protection.

The GP leadership team and local IG or DPO resources should be consulted for any necessary permissions, data-sharing agreements, or formal approvals. Successful pilots require clear scoping of the app’s functionality and scale, proper technical setup, and robust documentation of outcomes, risks, and security measures, enabling smoother progression toward full DTAC approval and wider rollout.

Some additional resources to support your work can be found here:
https://digital.nhs.uk/developer/guides-and-documentation/building-healthcare-software/general-practice
https://digital.nhs.uk/developer/getting-started

You might also want to take a look at our introduction to healthcare technology and our building healthcare software guides

Thanks,

NHS England API Platform team

Please note: The API Platform team can only address queries relevant to the NHS England API platform, including security, rate limiting, logging, monitoring and alerting. For any API specific queries, please reach out the relevant API teams.

hegartyt · 8 January 2025 16:07

Hi @navin.bose
I am a university student nurse with a background in Computer Science and Cyber Security for NHSE partners/trusts. I am looking at also building an application as part of a research project that at the moment seems to work and is using AI & ML for diagnosis and pateint communication for decreased waiting times to be used at a medical setting, I was wanting to know if you would be able to give me guidance on where to go for testing and APIs. I have submitted a request for the API but wanted to check that was correct.
Kindest Regards
Thomas Hegarty

navin.bose · 9 January 2025 14:57

Hi Thomas,

Thanks for getting in touch. Great to know that you are building an application aiming to improve patient wait times.

I assume you have already reviewed our API & Integration catalogue to find the API that you want to use. Submitting a request to the API team was a good first step.

Here’s some additional guidance on testing and accessing the appropriate resources for your application:

1. Testing Your Application

Sandbox Environments: Most NHS England APIs offer sandbox or test environments. These are isolated from live data and allow you to test your application’s functionality safely. Ensure that your API request includes access to test environments.
Test Data: Use anonymised or synthetic patient data for testing, especially for AI/ML training, to ensure compliance with GDPR and NHS data security standards.
Validation Tools: Explore tools that validate FHIR (Fast Healthcare Interoperability Resources) compliance if your application uses these standards. This will help ensure interoperability with NHS systems.

2. APIs and Resources

NHS England API Platform: Since you’ve submitted a request to the API team, you should receive access details and documentation. Make sure you follow their onboarding process and explore publicly available NHS APIs, such as those for patient demographics or appointment management. If your application needs to integrate with specific electronic health record (EHR) systems like EMIS or SystmOne, contact these providers directly for API access.
FHIR Standards: If you’re working with FHIR, review resources like NHS England FHIR UK Core - https://digital.nhs.uk/services/fhir-uk-core the HL7 UK website for implementation guides.

3. Further Support:

If you need help setting up a sandbox or have questions about FHIR or other interoperability standards, please consult our **Developer and Integration Hub ** to know more about APIs and the technologies we use, and how to make the most of our developer resources.

Please note:

Before you attempt to onboard with an API, ensure your application meets the requirements for clinical safety, conforms to NHS Data Security and Protection Toolkit (DSPT) and if your application uses LIVE data, you may need ethical approval from your university or a relevant NHS ethics board.

Hope the above helps.