Addressing the challenges

This updated Operating Model continues to address six contemporary challenges.

Challenge 1: Keeping general practice and patients safe

A strong emphasis on security and safety of digital technologies used in general practice

Risks to general practice

General practices have a critical operational dependence on digital systems to operate routinely on a daily basis. Practices are at risk from:

  • significant system failure which may severely disrupt or close Essential Services in a practice with almost immediate effect. Workarounds may be limited depending on the nature and extent of the system failure
  • the loss of data (patient records) or loss of access to data, whether arising from failure of digital systems or of infrastructure will present high impact risks to the practice in (i) operational continuity (ii) patient safety (iii) corporate criminal liability (iv) potential regulatory action from the (Information Commissioner’s Office (ICO) including fines
  • errors, faults or algorithmic based outputs from embedded logic and knowledge bases in software which processes patient information may lead to clinically unsafe recommendations or decisions.

Minimising risks

General practices as independent organisations have certain legal and regulatory responsibilities relevant to data protection and security and business continuity.

Understanding these responsibilities at a senior level within practices and within clinical commissioning groups (CCGs) and providing practices with access to specialist support and advice forms the foundation of minimising these risks.

The CCGs are required to provide practices with access to specialist advice to support practices discharge these responsibilities. This includes:

  • information governance, including advice and support for the practice designated Data Protection Officer (DPO)
  • Cyber Security management and oversight
  • Clinical Safety Assurance advice and support
  • digital systems procurement advice.

These are complemented by the wide range of GP IT Enabling Requirements described in Appendix A which underpin a safe digital operating environment for practices.

Information governance

As data controllers and public authorities general practices have specific regulatory, legal and contractual responsibilities and are lawfully required to designate a DPO.

Practices will have access to an information governance support service providing specific areas of support including advice to the practice designated DPO on Data Protection and Information Governance matters. CCGs are required to provide a DPO service offering a named DPO to practices (which can be shared between practices). Individual practices are entitled to appoint an alternative DPO of their choice although CCGs are not expected to fund this if a DPO function has already been offered.

Individual practices must complete and submit the NHS GP Data Security Protection Toolkit (DPST) as a requirement under the CCG Practice Agreement.

Patient safety and medical devices

As a core and mandated GP IT Enabling Requirement CCGs should ensure they and their practices have access to a Clinical Safety Assurance Service when procuring and deploying clinical systems and system modules:

Where CCGs or individual practices procure clinical software from routes other than  the Digital Care Services (DCS) catalogue steps should be taken by the procuring authority (namely CCG or General Practice) during procurement to ensure the supplier has applied DCB0129: Clinical Risk Management: its Application in the Manufacture of Health IT Systems  in the development and manufacture of the software.

CCGs and individual practices should apply DCB0160: Clinical Risk Management: Its Application in the Deployment and Use of Health IT Systems when implementing clinical systems and should apply DCB0160 in the regular review of business and clinical process. This will ensure safety is not put at risk by operational work rounds. This is the responsibility of the procuring authority (i.e. CCG or General Practice).

All practices should register with the Medicines and Healthcare products Regulatory Agency (MRHA) Central Alerting System (CAS) for both email and mobile phone text alerts. This is a web-based national cascading system for issuing patient safety alerts, important public health messages and other safety critical information and guidance to the NHS and others.

Where CCGs or individual practices procure clinical software or medical devices which interact with the clinical software and patient record from routes other than the DCS Catalogue assurances should be sought that the supplier has applied if applicable to the product current medical device regulations: Medical Devices (Amendment etc.) (EU Exit) Regulations 2020: and the Medicines and Medical Devices Act 2021. Users of such software and medical devices should follow manufacturer’s instruction for use (IFU). Any change of use needs to be properly assured with the manufacturer’s knowledge/permission as any “off label” use will mean that the user has taken on the responsibilities/liabilities of the manufacturer/developer.

The Digital Technology Assurance Criteria (DTAC) will be helpful in securing these assurances.

Continuity of general practice records

The following areas identified as risks to the continuity of patient records continue to be worked on by NHS England, NHS Digital and relevant suppliers.

Issue: The transfer of records between systems can result in record integrity and continuity issues.
Action: NHS England and NHS Digital will continue working with system suppliers to address and resolve this.

Issue: Where general practices close or patients move out of NHS general practice care (or cross Home Nations borders within the UK) record continuity and integrity issues can arise.
Action: NHS England and NHS Digital will continue to work with the professional bodies to address and resolve this whilst ensuring compliance with data controller responsibilities.

Issue: The persistence of paper patient records in general practice can result in record continuity and integrity issues and is resource intensive.
Action: NHS England will continue to work with stakeholders and professional bodies to develop national standards leading to the commissioning of approved digitisation services. CCGs are advised to defer further commissioning of GP records digitisation until such standards and national guidance become available.

Locally procured digital systems and technologies

Systems and technologies procured locally, for example by practices or PCNs, continue to represent a security and safety risk within the GP IT estate. These may include diagnostic equipment which use desktop computers or which interface with the clinical systems.

The functionality available from such systems is often invaluable to the operation and efficiency of a busy general practice.

To support practices, make safe procurements and utilise digital systems and technologies with confidence this Operating Model puts in place the following:

  • practices, CCGs and GP IT delivery providers should meet the capabilities and standards described in this Operating Model including those related to hardware, infrastructure and procurement. CCGs and practices will have access to specialist advice on procurement of digital services and systems:
  • CCGs, practices and PCNs should make full use of the DCS Catalogue and other applicable Frameworks (see Appendix C) to procure solutions which meet necessary standards
  • a simple checklist for CCG and practices considering local procurement where a framework is not applicable has been provided in this Operating Model (Appendix E). This includes utilising the Digital Technology Assessment Criteria (DTAC)
  • software, browsers and operating systems not supported or maintained by the supplier must not be used on NHS managed infrastructure
  • the contract holder (namely original purchaser) is responsible for ensuring systems, applications and hardware remain supported (by the original supplier or their agent)
  • practices as data controllers should ensure where applicable that responsibilities of the digital service supplier as data processor are contractually recognised and the agreed data flows are documented.

Note: This does not include personal devices and applications owned by practice staff (see Remote Access and Bring Your Own Device (BYOD)).

Remote access

Remote access to practice clinical systems and Managed GP IT Infrastructure is required to support mobile and remote working for practice staff during normal business operations and as a key part of practice business continuity plans offering resilience and flexibility.  A remote access service is now a core and mandated service which must be offered to practices. Remote access services offered to practices should have the capability of supporting at least 60% of normal operational capacity.

Remote access solutions must not be used which bypass or otherwise reduce the effectiveness of security measures, including authentication using NHS Smartcard (or an approved alternative/replacement) or the NHS Care Identity Service 2, service, within the GP IT Futures Framework solutions, National Digital Services or the Managed GP IT Infrastructure.

Operating a GP clinical system without the proper use of an NHS Smartcard, or an approved alternative which supports secure authentication and an ‘advanced electronic signature’, may compromise the legal status of e-prescribing. Those signing a prescription need to be able to demonstrate that they were in sole control of the signing capability at the point of signing. Once approved (through NHS Digital) alternative solutions to NHS Smartcards can be integrated by suppliers into the Accredited Foundation Clinical Systems.

Approved remote access solutions include:

  • issuing of an NHS managed laptop (or other endpoint) and means of secure VPN access

or:

  • use of a secure Virtual Desktop Infrastructure (VDI) solution.

Remote access to practice clinical systems will be more effective if remote access to practice telephony systems is also available to staff for example by using an advanced voice over internet protocol (VoIP) telephony solution.

Remote access to practice business systems is a practice responsibility but any solution must comply with standards in this document if the Managed GP IT Infrastructure is used or accessed in any way.

High severity cyber incident management, business continuity and disaster recovery

All parties namely individual practices, CCGs, GP IT Delivery Partners, NHS England and NHS Digital have a responsibility to:

  • take measures including technical, planning and organisational policies and operating procedures to minimise the risk of cyber incidents
  • identify, report, manage and mitigate high severity cyber incidents whenever they occur

Responsibilities and accountabilities are summarised in Appendix B.

In the event of a national cyber incident being formally declared (for example by the NHS Digital Data Security Centre) all parties will fully cooperate and support the actions required by the Emergency Preparedness, Resilience and Response (EPRR), NHS Digital, NHS England, or any other party with delegated authority. This may include providing urgent out of hours contacts and communication routes as well as access to practice premises and digital systems and equipment outside normal working hours.

The CCG and its commissioned GP IT Delivery Partners will ensure full cooperation in high severity cyber incident management and cyber related business continuity and disaster recovery planning with any nationally commissioned organisation with geographical responsibility for coordination and management of high severity cyber incidents, as and when such a service is commissioned.

High Severity Service Incidents (HSSI) initiated by third parties (for example providers of clinical systems, infrastructure services, national digital systems) will be reported to the NHS Digital Service Desk. Higher severity incidents (levels 1 and 2) and incidents identified as a Crisis will be coordinated by and managed by the NHS Digital Service Bridge, in conjunction with the third party.

Data breaches

As data controllers and public authorities, general practices have specific regulatory, legal and contractual responsibilities but they do need to be supported with access to specialist services who can provide expert advice and guidance in the event of a data breach.

As data controllers and public authorities general practices are required in accordance with General Data Protection Regulation (GDPR) Article 33 (refer to Recitals 85, 86, 87 and 88), to report personal data security breaches where there is a risk to the rights and freedoms of individuals to the Information Commissioner’s Office (ICO) without undue delay and where feasible within 72 (actual) hours. To note:

  • NHS Digital have written guidance on reporting data breaches. This can be accessed through the Data Security and Protection Toolkit (DSPT)
  • data breaches may occur without loss of data or loss of access to data, and therefore without a serious business continuity risk
  • data breaches must be assessed and if applicable reported by the practice (as data controller) through the incident reporting tool within the DSPT and if applicable to the ICO (see above)
  • CCGs, GP IT providers and practices must be aware of the legal responsibilities for data processors and data controllers.
  • All parties namely individual practices, CCGs, GP IT providers, NHS England and NHS Digital will have responsibilities to identify, report, manage and mitigate data breaches and near misses whenever they occur. See Appendix B.

Patient safety incidents

All NHS funded organisations in England have a role to play in reporting and responding appropriately to patient safety incidents in to support improvement in patient safety. Patient safety incidents which meet the definition of a Serious Incident (SI) as described by the Serious Incident Framework should continue to be reported by the CCG (or by the GP IT Provider where they have direct access) to the Strategic Executive Information System (StEIS) or any successor reporting system. General Practices can report patient safety incident using the General Practice Patient Safety Incident Report Form.

Any adverse Medical Device incident should be reported by healthcare professionals or patients via the MHRA Yellow Card System.

NHS England operates the EPRR framework providing strategic national response to meet incidents or emergencies that could affect health or patient care.

Loss of access to patient records

The total loss of access to patient records may represent a patient safety and information governance incident. This may be due to a number of possible causes for example host system failure, network failure, power failure, premises disruption, system configuration fault denying permissions.  Each practice will maintain a Business Continuity Plan (BCP) approved by the CCG which will include as well as response to threats to data security a response to loss of access to patient records. This should be activated as necessary.

As more systems become securely hosted externally and fewer are located within individual practice premises the role of a practice Disaster Recovery (DR) Plan becomes less relevant, although business continuity planning remains essential. Assurances are required however that third parties, providing infrastructure and/or data processing services have robust DR Plans.

Digital infrastructure, equipment and systems performance

The end user’s experience of digital systems can be variable and subject to a number of factors including, but not limited to:

  • network bandwidth, latency and contention
  • hosted system performance
  • local equipment and infrastructure age, specification, concurrent applications and configuration
  • external threats

Where the digital system performance for the practice is impacted to the extent that it obstructs ongoing efficient and effective access to the digital patient record and its supporting capabilities then the practice should consider whether this represents a patient safety issue in which case they should escalate to the CCG requesting that it is processed as a High Severity Incident. The CCG should lead the resolution using methodologies applicable to potentially complex, multi-factor and multiple party problem solving.

Business continuity plans

Practices are required to maintain a business continuity plan (BCP) which should include loss of access to relevant IT services which the practice requires to maintain Essential Services. These should be reviewed and updated as necessary to reflect the lessons learned from the 2020-21 COVID-19 response. CCGs must review all practice BCPs by 31 July 2022.

^ Back to top

Challenge 2: Supporting general practice deliver their contracted services

IT infrastructure provided to a standard which allows the practice to efficiently and effectively use the capabilities identified in this Operating Model

Under the terms of the CCG Practice Agreement practices are eligible to receive NHS funded services to meet the digital capabilities described in this Operating Model. Where a CCG-Practice Agreement is in place the CCG will offer these services as described in this Operating Model to the practice. This provides a single reference point identifying practices receiving GP Digital Services as well as formalising the responsibilities of the respective parties in providing and using these services.

The arrangements to address the previous challenge are a pre-requisite to the NHS being able to meet this challenge.  

A number of requirements are defined as core and mandated. These require solutions to be provided (by the NHS) and to be used (by the practice) in order to meet the CCG-Practice Agreement obligations.

Clinical systems are defined through clinical digital capabilities. A number of these capabilities are categorised as core and mandated and referred to in this document as Essential Clinical System Capabilities.

These include six Foundation Capabilities which must be met using a Foundation Solution which is:

  • accredited through the GP IT Futures Framework
  • funded by the NHS for eligible practices with a signed CCG-Practice Agreement
  • chosen by the individual practice from the GP IT Futures Framework
  • procured through the GP IT Futures Framework.

For those Essential Clinical System Capabilities which are not Foundation Capabilities solutions will be provided which:

  • are funded by the NHS for eligible practices with a signed CCG-Practice Agreement
  • must meet any standards referenced in this Operating Model, using the Digital Care Services (DCS) Catalogue or other applicable framework contract (see Appendix C)
  • are selected by the commissioning CCG in collaboration with local practices.

Note: Certain non-Foundation Capabilities may be provided as an embedded part of the Foundation Solution at the individual supplier’s discretion. CCGs should determine with their practices which non-Foundation Capabilities are still required once Foundation Solutions have been selected. Additional solutions for these capabilities may still be available and may be procured as enhanced items if they offer a greater level of functionality and more appropriately meet local needs.

All capabilities in the DCS Catalogue have relevant standards assigned. System suppliers must meet these standards with their solutions to be “onboarded” to the catalogue. These standards can be accessed through the GP IT Futures Framework and include critical areas such as SNOMED CT, interoperability, clinical safety and cyber security.

Details on the funding arrangements for GP IT Futures Framework are given in section 5.

All digital capabilities where defined have standards attributed to these capabilities.

The CCG-Practice agreement requires that:

  • practices have annual IT reviews with their CCG (or a party delegated on the CCG’s behalf)
  • there is an agreed escalation process which can be accessed where there are unresolved system or service performance issues
  • there is an agreed dispute resolution process.

From 31 March 2021 local hosting of GP clinical systems is no longer supported. Where legacy local clinical system servers are still in place CCGs and practices must work with the system suppliers and the GP IT Futures Framework to replace these with accredited hosted clinical systems by 31 August 2022. For details on how such legacy servers should be supported until then refer to the previous Operating Model.

Infrastructure

IT infrastructure should be provided to a standard which allows the practice to efficiently and effectively operate the capabilities provided locally to practices through this Operating Model.  The cost of providing an enhanced capability therefore should include any associated IT infrastructure necessary to operate the capability. IT infrastructure cost should include any required operating system and software licencing costs.

The CCG is required to maintain a local warranted environment specification (WES). This should ensure hardware specifications meet the above requirements and should include the locally agreed infrastructure lifecycle to facilitate a systematic refresh and replacement programme.

GP IT capital and other sources of non-recurrent funds can be used to provide and refresh the necessary IT infrastructure.

IT infrastructure requirements created through the expansion and development of the GP Estate should be factored into the business planning process for the estate development. Growth of workforce and practice activity should also be allowed for. Appropriate NHS capital sources such as Estates and Technology Transformation Fund (ETTF) whilst available may be used to support these developments.

Individual practice IT reviews should include discussions on possible practice service and estate developments which may increase demands on the existing IT infrastructure.

IT hardware may also attract recurrent costs which are likely to align with the volume of the IT hardware estate for example operating system and anti-virus licences, GP IT support contracts. Whenever possible GP IT Support contracts should include a tolerance which allows for organic growth of the GP IT estate without the requirement to renegotiate support costs.

^ Back to top

Challenge 3: Enabling service improvement, transformation and digital innovation

Digital Technology to improve efficiency and enable transformation

Supporting GPs, PCNs and CCGs locally prioritise and invest in technologies which improve practice efficiency and enable local service transformation. Those capabilities described in this Operating Model as Core and Mandatory must be first priority to provide through the use of local allocations of funds as these capabilities are essential for general practice contractors to meet their GP contract obligations.

There are a number of digital capabilities described in this Operating Model as enhanced which enable general practice service improvement, efficiency and transformed care. This does not mean these capabilities are of less importance. Local investment in the right digital enablers for service improvement can improve patient outcomes and experience within a stable and efficient service.

Digital technologies and systems when commissioned for practices should whenever possible be accompanied by the availability of regular utilisation data.

Supporting the commitment to deliver a Net Zero NHS

The Delivering a ‘Net Zero’ NHS report published in October 2020 sets out ambitions to respond to climate change and improve the health of the nation, by becoming the world’s first ‘net zero carbon’ national healthcare system. Two clear targets have been set, with short-term ambitions:

  • for the emissions we control directly (the NHS Carbon Footprint), net zero by 2040, with an ambition to reach an 80% reduction by 2028 to 2032
  • for the emissions we can influence (our NHS Carbon Footprint Plus), net zero by 2045, with an ambition to reach an 80% reduction by 2036 to 2039

NHS England will publish an updated Green Plan Guidance document in 2021, detailing the framework and approach to help guide the creation and updating of these plans.

This Operating Model supports this commitment. The NHS Net Zero report includes a number of early priorities for carbon reduction, including for primary care services:

  • use digital technology to reduce carbon emissions in general practice including:
    • reducing staff and patient travel with digital consultations and monitoring
    • rationalising estate requirements/usage (approximately 9,000 buildings)
    • continuing progress to a paper free environment for patient records and transactions
    • increased use of digital tools for peer-to-peer communications
  • invest in and deploy GP IT infrastructure which minimises energy usage including (i) power saving on IT devices (ii) optimizing equipment life cycle (for example with Virtual Desktop Indicator (VDI)) to reduce manufacturing energy costs
  • ensure adherence to policy advice which will be issued to ensure NHS data centres and companies providing these services as part of the Managed GP IT Infrastructure minimise their environmental impact and support the drive to reach Net Zero

As the NHS progresses along a net zero trajectory specific targets and requirements will develop which future Operating Model releases will reflect.

^ Back to top

Challenge 4: Supporting new models of care and contracts

Support for the Primary care networks (PCN) Direct Enhanced Service (DES) and integrated care systems

The CCG Practice Agreement provides clarity on eligibility and assurance to both parties on the requirements for the provision of and use of digital services provided to general practices under this Operating Model.

Primary Care Networks (PCN)

The five-year framework for GP contract reform to implement The NHS Long Term Plan introduced PCNs through a Direct Enhanced Service (DES). PCN Staff as part of the contracted delivery will be supported under this Operating Model. It is expected that the PCN staff will continue to use the Foundation Digital Capabilities for general practice provided under the GP IT Futures Framework although new (enhanced) capabilities may develop as these services become established. GP IT Enabling Requirements will support PCN staff in the same way as existing practice staff. PCN IT requirements should be treated and managed in alignment with the management of GP IT services. Funding for PCN staff IT needs are now incorporated within core GP IT revenue and GP IT business as usual capital funding. Where PCN services are provided through a commissioned third party provider the requirements for sub-contracting of services by practices must be met.

Sub-contracting of services by practices

Practices will be eligible for receipt of NHS funded digital services as described in this Operating Model where they hold a GP Contract and have signed a CCG Practice Agreement. Some practices may choose to sub-contract certain services to specialist providers, providing the conditions for sub-contracting of clinical matters under the GP Contract are met. Examples include:

  • GP Federations and similar collaborative organisational arrangements set up as discrete organisational forms to provide services to general practice contractors
  • specialist private providers contracted to deliver online digital services to the practice
  • PCN services provided by a third party organisation

Note: this does not apply to a contract for services with a healthcare professional for the provision of clinical services personally by that professional.

In all cases it is the practice as the contractor and not the sub-contracted provider who is eligible to receive NHS GP digital services and the CCG is not obliged to provide such services to the sub-contracted provider. GP IT funds are not directly available to sub-contracted providers. Sub-contracting of services may however enable practices to innovate and achieve significant efficiencies.

The practice may inform the CCG that its sub-contracted provider requires access to use certain services provided to the practice under this Operating Model. The CCG may agree, not to be unreasonably withheld, to provide this access. In doing so the CCG should secure assurance that the cost of providing the services to this practice is proportionate to other similar GP Contracts they support (based on a cost per registered patient basis) and that controls are in place to ensure compliance with relevant standards as required in this Operating Model including those relating to patient  safety, data quality, information governance and cyber security.

Where the sub-contracted provider uses digital systems to provide services to the practice, whether these are provided by the CCG, the practice or the provider directly,

the practice must take reasonable steps (contractually if possible) to ensure relevant standards as described in this Operating Model are applied particularly in respect of patient safety, data quality, information governance and cyber security.

The sub-contracted provider may use their own digital systems and IT infrastructure providing:

  • the practice as GP Contract holder complies with the CCG-Practice Agreement and with its GP Contract obligations, including use of an accredited clinical records system and use of certain National Digital Services
  • no digital system or IT equipment owned or managed by the sub-contracted provider is connected to the Managed GP IT Infrastructure in the practice without explicit approval from the CCG
  • the systems and infrastructure meet the standards required in this Operating Model. Use of the Digital Care Services (DCS) Catalogue and other applicable frameworks (see Appendix C), is recommended

Appropriate data processing agreements which comply with GDPR (article 28) must also be in place between the practice as Controller and the sub-contracted provider as Processor.

The GP contract gives clear direction on restrictions on advertising and hosting private GP services. These restrictions apply to the use of digital services provided by the NHS to practices under this Operating Model.

Where a provider is a sub-contractor for a number of individual general practices with these practices commissioned by different CCGs and the relevant CCGs have agreed with their practices to support this provider (as described above) with access to the practice digital services, the CCGs involved are advised to consider, if appropriate, a collaborative approach (for example through a lead CCG) to ensure efficiency and effectiveness in the service and avoid duplication of funding. CCGs must ensure in such circumstances that other practices, for which the CCG has IT responsibilities, are not disadvantaged.

^ Back to top

Challenge 5: Supporting general practice meet patients’ digital expectations

Focus on the GP Contract patient facing digital commitments

Patient facing digital capabilities

Practices are required to offer a number of patient facing digital capabilities:

  • repeat prescription requesting
  • appointment requesting
  • viewing patient record
  • update patient record
  • update patient details
  • online consultations (patient-practice)
  • video consultations (patient-practice)
  • two way secure written (text) communications (patient-practice)

These capabilities, which are core and mandated under this Operating Model, will be available through either accredited solutions from the Digital Care Services (DCS) Catalogue (including the GP IT Futures and DFOCVC Frameworks) or the NHS App and other accredited solutions. Foundation Solution suppliers may choose to embed these capabilities in their Foundation Solution. Additional solutions to meet these capabilities may also be commissioned centrally and made available directly to practice patients subject to accredited interoperability with the practice choice of Foundation Solution.

GP online and video consultation capabilities are now a core and mandated capability (to align with the GP Contract).

Additional Patient Facing digital capabilities may be provided for practices as Enhanced Services to meet local needs.

Practices are encouraged to use Advanced Telephony Services, a significant benefit of which is an improved patient experience particularly during peak demand periods for telephone access. A template specification to assist practices (and supporting CCGs) to procure advanced telephony services is attached to Appendix E.

^ Back to top

Challenge 6: Building on success and learning lessons

Recognising and building on success of GP Systems, GPSOC Framework and previous Operating Models.

In updating the Operating Model NHS England has, with the support of the profession, considered the following:

  • The GP Systems of Choice (GPSoC) Framework, the previous Operating Models and their preceding arrangements have, with strong clinical engagement and contractual levers, been successful in developing highly digitised general practice with a large percentage of paper free processes. We must build on this success.
  • the GP Contract continues to make a number of obligations and recommendations regarding digital services on the NHS and GP contractors
  • general practice leads the NHS in the adoption of patient facing digital systems.

The approach taken has therefore been to:

  • continue to retain much of the preceding Operating Model principles and approach – streamlining and enhancing to make it easier to use, more comprehensive and more relevant.
  • utilise standards to ensure the benefits of consistency from a single national framework are retained
  • retain and build on functional capability-based requirements categorised by digital maturity and “must do” or “enhanced” provision.
  • build on existing key controls (contracts, agreements, standards, directives, guidance, assurance)
  • reflect on and adapt to significant national events and changes and trends in service improvement and transformation.

COVID-19 pandemic response lessons learned

Just as the previous Operating Model incorporated lessons learned from the Wannacry global cyber incident in 2017, this Operating Model takes account of the significant lessons learned from the Covid-19 response during 2020-21. To date these include

  • the need for greater resilience in supporting flexible working practices in particular secure remote and home working
  • the success of alternative to face-to-face channels for triage and consultation including online, telephone, video. An RCGP snapshot survey (July 2020) indicated an increase in telephone and video consultations during this period and a recognition from respondents of the efficiency benefits of telephone, video and digital triage and consultation:
    • a capability to rapidly scale up any patient/public communication channel as determined by circumstances (for example text messaging).
    • using technology to manage peaks in demand on practices, for example using online solutions and advanced telephony
    • a capability to rapidly exploit national patient facing services such as NHS App and NHS login
    • the value of wider clinical access to appropriate content in the primary care patient record through the enhanced Summary Care Record (with additional information) and the use of GP Connect Products is now recognised and evidenced
  • a requirement for effective tracking of NHS IT assets when supporting remote, outreach and home working.

^ Back to top

Guidance contents

Download a PDF copy of ‘Securing Excellence in Primary Care (GP) Digital Services: The Primary Care (GP) Digital Services Operating Model 2021-2023’