Sign the National Data Sharing Arrangement

What is the National Data Sharing Arrangement?

The National Data Sharing Arrangement (NDSA) is a signed contract detailing the acceptable use of data by GP Connect users.

GP Connect is a way for healthcare providers to securely share GP patient records between GP Connect products, which are used in patient care. This makes it easier and faster for patients to get healthcare services and gives them insight into how their data is being shared.

If you represent an organisation that wants to use GP Connect for the first time you must accept the terms of the NDSA.

Once you have read and agreed to the NDSA you must register your organisation's compliance using the steps below.

Start application

To sign the National Data Sharing Arrangement, you will need to confirm the following on your organisation's behalf:

You will be asked to confirm that:

  1. you have read and understood the terms of the National Data Sharing Arrangement and accept them in their entirety in relation to your organisation's usage of GP Connect
  2. your organisation has a current Data Security and Protection Toolkit (DSPT) submission of, as a minimum, 'Standards Met'
  3. your organisation will adhere to Data Protection legislation and Common Law Duty of Confidentiality when using GP Connect products, including ensuring that all documentation and records of processing are updated to include this usage - Data Protection Impact Assessment (DPIA), privacy notice and transparency documentation
  4. your organisation's usage of GP Connect functionality will only be for direct care purposes, and that you understand that any usages beyond direct care are prohibited
  5. you have authority as or by either the Caldicott Guardian, Senior Information Risk Officer or Data Protection Officer to sign this on your organisation's behalf
  6. your organisation is Care Quality Commission (CQC) registered (community pharmacies providing pharmaceutical services are not currently required to register with CQC and are regulated by the GPhC. If pharmacies provide medical services too they must register with CQC)

What's required:

  1. The name of your organisation's GP Connect software.
  2. Your organisation's ODS code.
  3. The reason your organisation uses the GP Connect software.
  4. You may be asked to provide the website address to your organisation's patient privacy information which may include your DPIA and your privacy notice. Note that if you are responding on behalf of shared care record access this requirement is mandatory.
  5. Confirmation of agreement to the National Data Sharing Arrangement.
  6. The name, role (Caldicott Guardian, Senior Information Risk Officer or Data Protection Officer) and email of the signatory of the arrangement.

If you have this information, it should take less than 10 minutes to complete the application.

By using this service you are agreeing to our terms of use and privacy policy.