Appendix B – Responsibilities and accountabilities
General responsibilities | General | Financial | Cyber and data security |
NHS England
|
Set national strategic direction
Provide strategic leadership for local commissioners Maintains Primary Care (GP) Digital Services Operating Mode. Delegates GP IT responsibility to CCGs GP IT assurance CCG Assurance |
Issues NHS England Financial Guidelines
Funding Allocation |
Strategic direction for cyber and data security
CCG Assurance |
NHS England regional teams | Oversight of CCG GP IT
Accountabilities and review with the CCGs CCG Practice Agreement assurance and escalation point |
The Regional Director of Finance and Head of Digital Technology provide CCGs with advice and confirm support for capital submissions which meet required criteria | Escalation point for High Severity Incident management |
Department of Health and Social Care | Contracting Authority for Digital Care Services (DCS) Catalogue Frameworks | Contracting Authority for DCS Catalogue Frameworks | |
NHS Digital | DCS Catalogue and Frameworks
Standards Assurance process for DCS Catalogue Assurance, accreditation management Commissions National Digital Services |
Compliance with Standing Financial Instructions | Operate Data Security Centre.
Data Security Protection Toolkit (DSPT) provision and management |
Nationally commissioned providers | Provide digital services to agreed contract, service specifications and standards |
|
DSPT completion
CE + Data processor responsibilities |
CCGs (or successor organisation) | Delegated responsibility for commissioning GP IT Enabling Services for all practices with whom they have a signed CCG Practice Agreement
CCG Practice Agreement compliance Local Digital Strategy Leadership Securing high quality services and VFM Robust and relevant service specification reflecting end user requirements and local strategic needs (intelligent commissioner role) Collaboratively works with practices as “end -users” |
GP IT Futures management of nominal funding allocations.
Compliance with CCG Standing Financial Instructions and procurement legislation. Confirmed support from CCG Chief Finance Officer (CFO) for capital bids. Financial coding as directed in Primary care SDF and GP IT funding guidance 2021/22
|
Commission GP IT enabling services to include cyber security and information governance – providing advice and support on data breach and cyber incident management
Assurance of cyber security responsibilities of all providers including GP IT Delivery Partners. Data processor responsibilities, directly or through NHS commissioned suppliers, on behalf of GP data controllers |
Locally commissioned providers | Provide local digital services to agreed contract, service specifications and standards | Compliance with any CCG Financial protocols in procurement activities on behalf of CCG
Declare any conflicts of interest or potential procurement challenges arising from commissioned work with CCG |
DSPT completion.
CE + Data processor responsibilities. Registration for NHS Cyber Security Alert Service |
General practice contractors | GP Contract compliance
Individual organisational responsibilities including legal, regulatory and contractual obligations CCG Practice Agreement compliance |
Data Controller
GDPR responsibilities, e.g. appointment of DPO. DSPT submission. Register (generic practice) email and mobile phone number for urgent text and email alerts with MHRA CAS |
|
Core and mandated requirements
responsibilities |
Essential Clinical System Capabilities available through Digital Care Services (DCS) Catalogue | National Digital Services | GP IT Enabling Requirements |
NHS England
|
Operating Model determines core and mandated capabilities
Step In Services in exceptional circumstances as described in the GP IT Futures Framework Data Processing Deed |
Operating Model determines Core and Mandated Requirements.
Directs CCGs to commission and provide Assurance |
|
NHS England regional teams | Assuring CCGs meet responsibilities listed below | ||
Department of Health and Social Care | Contracting Authority Digital Care Services (DCS) Catalogue
Step In Services in exceptional circumstances as described in the Data Processing Deed |
||
NHS Digital | DCS Catalogue and Frameworks
Standards Assurance process for DCS catalogue Service management and Performance Step In Services in exceptional circumstances as described in the Data Processing Deed |
Commissions National Digital Services
Publish system utilisation data |
|
Nationally commissioned providers | Onboarding to Digital Care Services (DCS) Catalogue
Service provision to required standards |
Provide contracted services | |
CCGs (or successor organisation) | Order through call off agreements using DCS Catalogue
Management of GP IT Futures nominal funding allocations. Contract management and accountability. Monitor and escalate to NHS. England clinical systems performance issues in relation to the use of services and solutions provided under the CCG Practice Agreement. CCGs may not delegate GP IT Futures Framework call off agreements. Choice of non-Foundation Solutions from DCS catalogue (in collaboration with practices) |
Support deployment
No local choice Alternative (local arrangement) systems should not be offered and should not be funded by CCGs. CCGs will ensure availability of access, infrastructure, training and deployment support for practices |
Commissions
local commissioner choice of solution. CCGs may not delegate HSCN access agreements. Service reviews with individual practices |
Locally commissioned providers | n/a | n/a | Provide contracted services. |
General practice contractors | Choice of Foundation Solution from GP IT Futures Framework | Mandated use if applicable to the organisation /practice.
No local choice. |
See practice responsibilities for individual capability. |
Enhanced requirements
responsibilities |
Capabilities sourced through Digital Care Services (DCS) Catalogue | Capabilities sourced through non-DCS Catalogue | GP IT enabling requirements |
NHS England
|
Operating Model determines enhanced capabilities (non-exclusive list)
Step In Services in exceptional circumstances as described in the Data Processing Deed |
Operating Model determines enhanced capabilities (non-exclusive list) | Operating Model determines enhanced GP IT Enabling Requirements (non-exclusive list) |
NHS England regional teams | |||
Department of Health and Social Care | Contracting Authority for GP IT Futures Framework
Step In Services in exceptional circumstances as described in the Data Processing Deed |
||
NHS Digital | DCS Catalogue Frameworks
Product assurance to catalogue standards Service management and performance Step In Services in exceptional circumstances as described in the Data Processing Deed |
||
Nationally Commissioned Providers | Onboarding to DCS Catalogue
Service provision to required standards |
||
CCGs (or successor organisation) | Order through call off agreements using DCS Catalogue
Management of GP IT Futures nominal funding allocations. Contract management and accountability CCGs may not delegate DCS Catalogue Framework call off agreements Choice of solutions from DCS Catalogue in collaboration with practices |
Local procurement to relevant standard and organisational SFIs | Local procurement to relevant standard and organisational SFIs |
Locally Commissioned Providers | Service provision to required standards | Service provision to required standards | |
General Practice Contractors | No mandated practice choice although practices can also purchase directly from DCS Catalogue | No mandated practice choice but practices can also purchase directly from supplier | No mandated practice choice |
Other Responsibilities | General Practice Business Requirements |
NHS England
|
Operating Model determines Practice responsibilities. |
CCGs (or successor organisation) | CCG may at it’s discretion provide infrastructure and support through the GP IT Enabling Requirements. |
General Practice Contractors | Funds, procures, implements, contract manages.
Complies with standards where appropriate to ensure security, confidentiality, and protection of NHS digital assets and services. |
Guidance contents
- Foreword
- Executive summary
- Introduction
- The CCG practice agreement
- Requirements and capabilities
- Funding
- Commissioning, procurement and contract management
- Assurance
- Addressing the challenges
- Transition arrangements and timescales
- Appendix A – Schedule of GP digital requirements and capabilities
- Appendix B – Responsibilities and accountabilities
- Appendix C – Applicable national frameworks
- Appendix D – Digital primary care maturity assurance tool indicators
- Appendix E – Commissioning GP IT enabling services
- Appendix F – Commissioning advanced GP telephony services
- Appendix G – Procurement checklist
- Appendix H – General practice quick reference
- Appendix I – Glossary of terms