IT policies (PSNC summaries)

Published on: 10th December 2018 | Updated on: 25th March 2022

Many policies influence the development of NHS IT within the community pharmacy sector. This webpage sets out selected IT policies summarised by Community Pharmacy England.

See also: Full list of IT policies (all)

Reshaping how health and care data is used
The future of healthcare (DHSC)

In October 2018, the Government published a policy paper The future of healthcare: our vision for digital, data and technology in health and care; this set out the Government’s ambitions for the use of technology, digital and data within health and care. This new approach includes setting clear standards for the use of technology in health and care.

The main announcements within the policy paper were:

  • The introduction of a ‘healthtech regulatory sandbox’ to work in cooperation with the Information Commissioner’s Office (ICO), the National Data Guardian (NDG), National Institute for Health and Care Excellence (NICE) and other regulators. The objective of the ‘healthtech regulatory sandbox’ is to allow private organisations to test, iterate and de-risk innovations under the regulators’ supervision;
  • NHS Digital has published a draft NHS digital, data and technology standards framework setting out their latest thinking on the use of data, interoperability, design and IT commercial standards within the NHS;
  • Infrastructure is a key priority – the ambition is to put in place a framework that will allow interoperability of patient records so that the patients will not have to repeat their medical history. Records will be shared between hospitals, GPs, community pharmacies and care providers; and
  • The Healthtech Advisory Board, chaired by Ben Goldacre, will report to Matt Hancock and will include technology experts, clinicians and academics. The Advisory Board will be an ideas hub for how the NHS is transformed to improve patient outcomes and patient experience, and to make the lives of NHS staff easier.

Further information on the contents of the document is set out within the sections below:

Guiding principles

The document contains the following guiding principles:

  • User need: every service must be designed around user needs, whether the needs of the public, clinicians or other staff;
  • Privacy and security: the digital architecture of the health and care system must be underpinned by clear and commonly understood data and cyber security standards, mandated across the NHS, to ensure that they are secure by default and that the penalties for data breaches are effective in protecting patients’ privacy;
  • Interoperability and openness: the data and technology standards must be open so that anyone can see them and anyone writing codes for use in the NHS knows what the standards are before they start. Adhering and agreeing to clinical data standards will give much better and more granular detail with which to fight disease and prevent and treat illness; and
  • Inclusion: health and care services are for everyone. There is a need to design for, and with, people with different physical, mental health, social, cultural and learning needs, and for people with low digital literacy or those less able to access technology.

Architectural principles

The document contains the following architectural principles:

  • Put our tools in modern browsers: making all digital services available in the browser;
  • Internet first: adopting internet standards and protocols for the networks and digital services. However, the health and care system will never be a centralised service because it services the citizens of an entire nation, and so should its infrastructure not be centralised. But the Government’s view was that appropriate access to data from any part of it is an important part of delivering care and staying healthy;
  • Public cloud first: the starting point is that all our services should run in the public cloud with no more locally managed servers. This is in line with the Cloud guidance published by NHS Digital;
  • Building a data layer with registers and APIs: data should be stored once and made available where appropriate by building registers of data and making them accessible over Application programming interfaces (APIs);
  • Adopting the best cyber security standards: adopting the best cyber security standards of the industry, including keeping the software, networks, and systems up-to-date; and
  • Separate the layers of our patient record stack (hosting, data and digital services): separate contracts and separate approaches for hosting, data and digital services to improve and upgrade each layer and ensure better value contracts.


The government has identified four priority areas: infrastructure, digital services, innovation and skills:

  1. Putting in place the right infrastructure:
  • Building the existing safeguards in legislation, security standards, toolkits and independent advisory bodies, and ensuring that data is shared across the system in a safe, secure and legal way;
  • Setting national open standards for data, interoperability, privacy and confidentiality, real-data access, cyber security and access rules. These standards will be mandated throughout the NHS;
  • Creating clarity on how the standards address the user needs of people who use health and care services, carers and families, as well as care professionals and commissioners; and
  • All IT systems purchased by the NHS will be required to meet the standards as set out by the government. Furthermore, existing services will need to be upgraded to meet these standards.
  1. Ensuring that digital services meet people’s needs:
  • All the services should start with user needs; and
  • Building nationally those services that the market can’t provide.
  1. Enabling health tech and innovations:
  • Putting in place a framework that allows researchers, innovators and technology companies to thrive quickly, gives them access to support and guidance, and helps them to develop products that meet user needs;
  • Creating a competitive marketplace for innovation where any tech company can compete and have an equal opportunity to deliver by establishing clear rules;
  • Putting collaboration and co-development at the heart of innovation in health and care; and
  • Increasing opportunities for real-world testing and iteration by creating safe spaces for innovators and clinicians to develop and test products, services, and business models and delivery mechanisms.
  1. Developing the right skills and capabilities:
  • Recruiting and retaining specialist non-clinical professions, such as highly skilled and well-resourced data science and analytics work force to make the best use of all the data;
  • Ensuring board-level understanding of how data and technology drives the NHS services and strategies by encouraging leadership in these areas; and
  • Building an open culture.


Further info

This webpage is not comprehensive but a wider list is here. If you have queries on this webpage, or you would like to make a request for an addition to one of the lists, or you require more information please contact To share and hear views about digital developments with like-minded pharmacy team members, join the CP Digital email group today.



Return to the Pharmacy IT hub page; Full list of IT policies (all); or IT a-z index

For more information on this topic please email

Latest Digital & Technology news

View more Digital & Technology newsSee all