Data Landing Portal reuse by non-DFSC projects

I am of the understanding that it is not permitted for non-DSCRO organisations to utilise the same Data Landing Portal (DLP) platform for other projects. (I suspect this is because it would require NHS England to be acting as the processor of the data in question passing through the DLP thereby introducing complex governance arrangements.)

I wondered if an alternative might be to publish the code/repo behind the DLP such that local NHS organisations can clone and deploy their own version of the service to operate as a Local Data Landing Portal, editing as necessary to clarify that it is not the same service, but acknowledging that it is built upon the same codebase

Is the codebase for the Data Landing Portal accessible to NHS staff?

5 Likes

You are the good idea of the topic now a day.
As I know for GOV.UK are using with NodeJs for your application concept.
But we most focus for the data privacy and security.

You idea are very good for the future,
for example run with an flask / npx / docker apps etc.
As I see IHS are using MS-Exchange Server for this access API, to defense the un-permit, request.

Their method are very security for the reasons why to control to opened out going data. If not, my first idea was use the XSS attack to fish the personal info. So why their API need to care under the complicated.

But your idea are not bad also, I agree to break out the application access permission by keeping in IHS register, My idea was break out the app request and single token for accomplish login,
So when Developer Application start on Local Devices.
It need like the SSO call back to login with online data.

Ones your funny question :slight_smile:
For Developer Dream we want to make the local app finish all the jobs and after sync into backend process with a final button.
But more the more project, tell me that is not possible.
I’m not IHS staff but I due agree your topic.

Hi William,

The standard Data Landing Portal (DLP) is an NHS England-provided service specifically designed for DSCRO organisations to receive data safely and securely. As a result, direct access to the DLP codebase is not generally made publicly available or outside NHS England.

NHS England typically retains control over the service itself and the governance arrangements needed to meet national data processing standards, which likely prevents sharing the code directly or repurposing it for other projects.

If there is a specific local requirement to stand up an equivalent platform, it is advisable to contact the NHS England - DLP team (You can raise a request via National Service Desk: Telephone: 0300 303 5035
Email: ssd.nationalservicedesk@nhs.net ) or consult with data governance leads to explore whether any arrangements exist that would allow an approved local version or similar platform, and whether guidance or technical documentation can be provided.

In most cases, replicating the DLP—especially under the NHS England name—would require additional legal, governance, and technical approvals beyond simply sharing the code.

More details at: https://digital.nhs.uk/services/data-landing-portal#top

Hope the above helps.

Thanks,

NHS England API Platform team

Please note: The API Platform team can only address queries relevant to the NHS England API platform, including security, rate limiting, logging, monitoring and alerting. For any API specific queries, please reach out the relevant API teams.