Appendix B – Responsibilities and accountabilities

General responsibilities General Financial Cyber and data security
NHS England

 

Set national strategic direction

Provide strategic leadership for local commissioners

Maintains Primary Care (GP) Digital Services Operating Mode.

Delegates GP IT responsibility to CCGs

GP IT assurance

CCG Assurance

Issues NHS England Financial Guidelines

Funding Allocation

Strategic direction for cyber and data security

CCG Assurance

NHS England regional teams Oversight of CCG GP IT

Accountabilities and review with the CCGs

CCG-Practice Agreement assurance and escalation point

The Regional Director of Finance and Head of Digital Technology provide CCGs with advice and confirm support for capital submissions which meet required criteria Escalation point for High Severity Incident management
Department of Health and Social Care Contracting Authority for Digital Care Services (DCS) Catalogue Frameworks Contracting Authority for DCS Catalogue Frameworks
NHS Digital DCS Catalogue and Frameworks

Standards Assurance process for DCS Catalogue

Assurance, accreditation management

Commissions National Digital Services

Commpliance with Standing Financial Instructions Operate Data Security Centre.

Data Security Protection Toolkit (DSPT) provision and management

Nationally commissioned providers Provide digital services to agreed contract, service specifications and standards  

 

DSPT completion

CE +

Data processor responsibilities

CCGs (or successor organisation) Delegated responsibility for commissioning GP IT Enabling Services for all practices with whom they have a signed CCG-Practice Agreement

CCG-Practice Agreement compliance

Local Digital Strategy Leadership

Securing high quality services and VFM

Robust and relevant service specification

reflecting end user requirements and local strategic needs (intelligent commissioner role)

Collaboratively works with practices as “end -users”

GP IT Futures management of nominal funding allocations.

Compliance with CCG Standing Financial Instructions and procurement legislation.

Confirmed support from CCG Chief Finance Officer (CFO) for capital bids.

Financial coding as directed in  Primary care SDF and GP IT funding guidance 2021/22

 

 

Commission GP IT enabling services to include cyber security and information governance – providing advice and support on data breach and cyber incident management

Assurance of cyber security responsibilities of all providers including GP IT Delivery Partners.

Data processor responsibilities, directly or through NHS commissioned suppliers, on behalf of GP data controllers

Locally commissioned providers Provide local digital services to agreed contract, service specifications and standards Compliance with any CCG Financial protocols in procurement activities on behalf of CCG

Declare any conflicts of interest or potential procurement challenges arising from commissioned work with CCG

DSPT completion.

CE +

Data processor responsibilities.

Registration for NHS Cyber Security Alert Service

General practice contractors GP Contract compliance

Individual organisational responsibilities including legal, regulatory and contractual obligations

CCG-Practice Agreement compliance

Data Controller

GDPR responsibilities, e.g. appointment of DPO.

DSPT submission.

Register (generic practice) email and mobile phone number for urgent  text and email alerts with MHRA CAS

Core and mandated requirements  

responsibilities

Essential Clinical System Capabilities available through Digital Care Services (DCS) Catalogue National Digital Services GP IT Enabling Requirements
NHS England

 

Operating Model determines core and mandated capabilities

Step In Services in exceptional circumstances as described in the GP IT Futures Framework Data Processing Deed

Operating Model determines Core and Mandated Requirements.

Directs CCGs to commission and provide

Assurance

NHS England regional teams Assuring CCGs meet responsibilities listed below
Department of Health and Social Care Contracting Authority Digital Care Services (DCS) Catalogue

Step In Services in exceptional circumstances as described in the Data Processing Deed

NHS Digital DCS Catalogue and Frameworks

Standards Assurance process for DCS catalogue

Service management and Performance

Step In Services in exceptional circumstances as described in the Data Processing Deed

Commissions National Digital Services

Publish system utilisation data

Nationally commissioned providers Onboarding to Digital Care Services (DCS) Catalogue

Service provision to required standards

Provide contracted services
CCGs (or successor organisation) Order through call off agreements using DCS Catalogue

Management of GP IT Futures nominal funding allocations.

Contract management and accountability.

Monitor and escalate to NHS. England clinical systems performance issues in relation to the use of services and solutions provided under the CCG-Practice Agreement.

CCGs may not delegate GP IT Futures Framework call off agreements.

Choice of non-Foundation Solutions from DCS catalogue (in collaboration with practices)

Support deployment

No local choice

Alternative (local arrangement) systems should not be offered and should not be funded by CCGs.

CCGs will ensure availability of access, infrastructure, training and deployment support for practices

Commissions

local commissioner choice of solution.

CCGs may not delegate HSCN access agreements.

Service reviews with individual practices

Locally commissioned providers n/a n/a Provide contracted services.
General practice contractors Choice of Foundation Solution from GP IT Futures Framework Mandated use if applicable to the organisation /practice.

No local choice.

See practice responsibilities for individual capability.

 

Enhanced requirements  

responsibilities

Capabilities sourced through Digital Care Services (DCS) Catalogue Capabilities sourced through non-DCS Catalogue GP IT enabling requirements
NHS England

 

Operating Model determines enhanced capabilities (non-exclusive list)

Step In Services in exceptional circumstances as described in the Data Processing Deed

Operating Model determines enhanced capabilities (non-exclusive list) Operating Model determines enhanced GP IT Enabling Requirements (non-exclusive list)
NHS England regional teams
Department of Health and Social Care Contracting Authority for GP IT Futures Framework

Step In Services in exceptional circumstances as described in the Data Processing Deed

NHS Digital DCS Catalogue Frameworks

Product assurance to catalogue standards

Service management and performance

Step In Services in exceptional circumstances as described in the Data Processing Deed

Nationally Commissioned Providers Onboarding to DCS Catalogue

Service provision to required standards

CCGs (or successor organisation) Order through call off agreements using DCS Catalogue

Management of GP IT Futures nominal funding allocations.

Contract management and accountability

CCGs may not delegate DCS Catalogue Framework call off agreements

Choice of solutions from DCS Catalogue in collaboration with practices

Local procurement to relevant standard and organisational SFIs Local procurement to relevant standard and organisational SFIs
Locally Commissioned Providers Service provision to required standards Service provision to required standards
General Practice Contractors No mandated practice choice although practices can also purchase directly from DCS Catalogue No mandated practice choice but practices can also purchase directly from supplier No mandated practice choice

 

Other Responsibilities General Practice Business Requirements
NHS England

 

Operating Model determines Practice responsibilities.
CCGs (or successor organisation) CCG may at it’s discretion provide infrastructure and support through the GP IT Enabling Requirements.
General Practice Contractors Funds, procures, implements, contract manages.

Complies with standards where appropriate to ensure security, confidentiality, and protection of NHS digital assets and services.

Guidance contents

Download a PDF copy of ‘Securing Excellence in Primary Care (GP) Digital Services: The Primary Care (GP) Digital Services Operating Model 2021-2023’