schedule 5: nhs information management & …
TRANSCRIPT
1M-3371821-2
SCHEDULE 5: NHS INFORMATION MANAGEMENT & TECHNOLOGY REQUIREMENTS AND
TECHNICAL GUIDANCE
NHS Information Management & Technology Requirements and Technical Guidance
Part 1: NHS Information Management & Technology Requirements
In this Schedule 5, words shall have the meaning set out in the main body of this Agreement and in
particular Schedule 1 (Definitions) and as set out in this Schedule 5.
1 IM&T Due Diligence
1.1 The Provider acknowledges and agrees that prior to the date of this Agreement:
1.1.1 it has carried out all necessary due diligence including in respect of
the PCT’s Systems, including Hardware where appropriate, in order
to provide the IM&T Services with effect from the Full Services
Commencement Date;
1.1.2 it is fully aware of the National Programme for IT (NPfIT) both
through documents and information which are in the public domain
and through documents and materials provided or made available to
the Provider by the PCT or its representatives prior to the date of this
Agreement, and acknowledges that it shall participate in the
operation of elements of NPfIT without limitation in relation to:
1.1.2.1 Choose and Book (EBS);
1.1.2.2 Electronic Transfer of Prescriptions (ETP);
1.1.2.3 Patient Demographics Service (PDS);
1.1.2.4 NHS Care Records Services (NCRS);
1.1.2.5 Secondary Use Service (SUS);
1.1.2.6 GP2GP;
1.1.2.7 New National Network (N3);
1.1.2.8 Quality Management and Analysis System (QMAS); and
1.1.2.9 NHS Mail.
2M-3371821-2
1.2 Without prejudice to paragraph 1.1 of this Schedule 5 Part 1, the Provider shall as
part of the IM&T Services conduct all necessary due diligence and reporting in
accordance with paragraphs 1.3 and 1.4 of this Schedule 5 Part 1 in respect of any
Statement of IM&T Services issued during the term of this Agreement.
1.3 The Provider shall conduct due diligence in respect of the PCT’s Systems and shall
identify any requirements necessary for a Statement of IM&T Services and the
provision of the IM&T Services which allow the Provider's Systems to interface with
the PCT’s Systems in a manner which allows provision of the Services efficiently
and cost-effectively, including but not limited to factors relating to interfacing of
systems for:
1.3.1 network infrastructure and connection requirements for local and
wide area network services;
1.3.2 physical infrastructure and hardware;
1.3.3 where required by the PCT remote access to, or integration or
interface with, parts of the PCT's Systems and any information held
therein including NpfIT systems;
1.3.4 links to local social services systems in line with NPfIT development
and organisation integration;
1.3.5 data flows of clinical records in accordance with paragraph 26, Part 1
of Schedule 2 (Service Requirements); and
1.3.6 any systems or services which the PCT is or shall be providing to the
Provider.
1.4 As reasonably requested, the Provider shall, on completion of any due diligence
carried out in accordance with paragraphs 1.1 to 1.3 of this Schedule 5 Part 1,
supply to the PCT or its authorised representative a detailed due diligence report
which shall include a full report of the findings of such due diligence.
1.5 The Provider shall not be entitled to recover any costs from the PCT which arise
from, or be relieved from any of its obligations as a result of, any information of
3M-3371821-2
which it is deemed to be aware and/or failure to carry out the due diligence
requirements set out in paragraphs 1.1 to 1.3 of this Schedule 5 Part 1.
2 Provision of IM&T Practice Systems, IM&T Training and IM&T Support and
Management
2.1 The PCT shall at its own cost (or in conjunction with an appropriate third party, e.g
NHS Connecting for Health) be solely responsible for providing or procuring the
provision of the IM&T Practice Systems, IM&T Training and IM&T Support to
facilitate the IM&T Services.
2.2 IM&T Practice Systems shall include but shall not be limited to supply, maintenance
and future upgrades of core clinical software (initially GPSoc Level 2 compliant) and
associated applications and licences for Read Codes and SNOMED CT (UK edition
when available), drug databases, [dispensing system and stock control system],
patient registration and pathology messaging, ordering and receipt of pathology,
radiology and other diagnostic procedure results and reports, knowledge bases,
appointment system, core office applications and email systems, and the clinical
system servers and administrative servers (or hosted/managed services as
appropriate) for the IM&T Practice Systems.
2.3 IM&T Training shall include training in the use of IM&T Practice Systems, as
described by paragraph 13 of this Schedule 5 Part 1 and the IM&T Training Plan.
The Provider shall be responsible individual needs analysis for practice staff, and for
maintaining a detailed record of all training received by each of its staff.
2.4 IM&T Support and Management shall include:
2.4.1 backup of all data in a manner so that it can be retrieved easily and
economically;
2.4.2 supply and regular updates of virus protection software for each
server and workstation such that all data exchanged from or via the
IM&T Practice Systems are subject to regular Virus checking
procedures;
4M-3371821-2
2.4.3 provision of a support, fault resolution and maintenance service via a
single helpdesk under agreed service levels for IM&T Practice
Systems and IM&T Infrastructure; and
2.4.4 prompt handling of system configuration changes required by the
arrival, change and departure of staff including user account
maintenance, via the systems supplies service where possible.
3 Provision of IM&T Infrastructure
3.1 The PCT shall, subject to 3.2 below, at its own cost be solely responsible for
providing or procuring the provision and maintenance of the IM&T Infrastructure to
facilitate the IM&T Practice Systems. IM&T Infrastructure shall include clinical
system servers, administrative servers, workstations, printers, network infrastructure
(including N3 access, internet access and a LAN).
3.2 The Provider shall at its own cost be solely responsible for providing or procuring
the provision of the IM&T Infrastructure where changes to the Infrastructure are due
to internal, business driven moves rather than due to PCT or NPfIT initiatives.
4 Provision of IM&T Services
4.1 The Provider shall at its own cost, be solely responsible for providing (or procuring
the provision by Provider Parties of) the IM&T Services as described at Part 2 of this
Schedule 5 in accordance with the provisions of this Agreement, which shall include
developing IM&T Materials in order to implement Statement(s) of IM&T Services
during the term of this Agreement.
4.2 The Provider shall, at no additional cost to the PCT, be responsible for providing
any services, functions and responsibilities, which are necessary for and incidental
to the proper performance by the Provider of the IM&T Services, [save for those
provided by the PCT as expressly described at paragraphs 2 and 3 of this Schedule
5 Part 1.
4.3 The Provider shall produce a Disaster Recovery Plan as part of the IM&T Services
in accordance with the Transition Plan (and provide a copy to each IM&T Project
Manager for review and, if applicable, comment) on or before the Full Service
5M-3371821-2
Commencement Date. The Provider shall maintain the Disaster Recovery Plan (at
its cost) at all times and amend as necessary in order to minimise the effect of the
Force Majeure Event affecting the provision of the Service.
4.4 The Provider shall provide reasonable cooperation, coordination and liaison with the
PCT or its authorised representative, CFH, NISPs, NASPs and LSPs where relevant
in respect of issues concerning NPfIT, disaster recovery and business continuity.
4.5 The Provider acknowledges and agrees that any changes to the IM&T Services will
not be subject to the Change Request Procedure unless such required changes
constitute IM&T Changes.
4.6 The Provider shall implement, as part of the IM&T Services:
4.6.1 any Statement of IM&T Services identified in Part 1 and Part 2 of this
Schedule 5; and
4.6.2 any Statement of IM&T Services issued from time to time during the
term of this Agreement;
4.7 The Provider shall perform the IM&T Services so as to co ordinate with and not
interfere with the operations of CFH, the PCT, NASPs, NISPs, LSPs and any other
relevant Health Service Body.
4.8 The PCT shall, and shall procure that Provider Parties shall, carry out acceptance
tests for IM&T Deliverables in accordance with the acceptance test requirements set
out in the Transition Plan to demonstrate that the IM&T Deliverables work and are
ready for use, comply with the IM&T Services Specification and comply with
paragraph 4.10.4 of this Schedule 5 Part 1.
4.9 The Provider shall (and shall procure that the Provider Parties shall) provide the
IM&T Services in accordance with:
4.9.1 the IM&T Service Levels;
4.9.2 Good Industry Practice;
6M-3371821-2
4.9.3 all applicable laws (including but not limited to the Computer Misuse
Act 1990, the Copyright Designs and Patents Act 1988, the
Regulation of Investigatory Powers Act 2000, Data Protection
legislation and the Freedom of Information Act 2000);
4.9.4 any reasonable policies or directions of the PCT notified to the
Provider from time to time;
4.9.5 the Transition Plan;
4.9.6 the common law duty of confidence;
4.9.7 the provisions of this Agreement;
4.9.8 Access to Health and Records Act 1990, and
4.9.9 National Health Service Act 2006.
4.10 The Provider and the PCT shall, in respect of the IM&T Services, take all necessary
measures to ensure that, and procure that the Provider Parties and PCT shall take
measures to ensure that:
4.10.1 the staff who carry out the IM&T Services are suitably skilled,
experienced and qualified to carry out the IM&T Services for which
they are, or will be, deployed;
4.10.2 the IM&T Services are provided in a timely and efficient manner in
accordance with the Transition Plan;
4.10.3 the IM&T Deliverables to be developed and provided by the Provider
in carrying out the IM&T Services shall meet in all material respects
the requirements and specifications set out in any Statement of IM&T
Services and IM&T Services Specification; and
4.10.4 adequate and appropriate maintenance and support services and
service level agreements are available and in place for all systems,
7M-3371821-2
infrastructure, Hardware and software used in the delivery of the
IM&T Services, including but not limited to helpdesk support.
4.11 The Provider shall notify each IM&T Project Manager in writing as soon as
reasonably practicable if it considers that there will be, or may be, a delay in
providing the IM&T Services, in accordance with the Transition Plan giving the
details of the causes for and potential impact of any such delay.
4.12 Notwithstanding any provision in this Agreement to the contrary, following any IM&T
Failure, the PCT or its authorised representative may refer the IM&T Failure to the
Contract Managers on reasonable notice who shall consider the IM&T Failure and
the PCT shall in consultation with the Provider determine an appropriate IM&T
Rectification Plan to be adopted by the Provider in respect of such IM&T Failure.
4.13 The Provider shall make information in relation to the Services (and other relevant
information at the PCT or its authorised representative's reasonable request)
available to the public, through the NHS Website (or other media to be specified by
the PCT) subject to the PCT’s prior written consent.
4.14 The parties agree that any dispute in respect of the provision of IM&T Services shall
be referred to the Dispute Resolution Procedure.
5 IM&T Project Management
5.1 The Provider, and the PCT representative shall each appoint an IM&T Project
Manager in support of the implementation of IM&T Services, IM&T Practice
Systems, IM&T Training and IM&T Infrastructure, and who shall devote sufficient
time to ensure that they are properly managed. The PCT representative shall not
unreasonably withhold his approval of the person nominated by the Provider as an
IM&T Project Manager.
5.2 The Provider's IM&T Project Manager will report the following project management
activities at project management meetings to be held as reasonably required to
meet the IM&T Service Level reporting and agreed with the PCT or its authorised
representative:
5.2.1 IM&T Service Level reviews;
8M-3371821-2
5.2.2 systems development management; and
5.2.3 Services implementation management.
5.3 The PCT shall nominate a technical architect (the “Technical Architect”) who shall
be the design authority for the IM&T Practice Systems and IM&T Infrastructure
within seven (7) days of the date of signature of this Agreement. The PCT or its
authorised representative shall have the right to review the qualifications of the
proposed Technical Architect. The Technical Architect shall attend IM&T project
management meetings upon request by the PCT or its authorised representative.
6 Rights to use PCT’s Systems and obtaining Required Consents
6.1 The Provider shall obtain any Required Consents. Where the PCT’s consent is
required, this shall not be unreasonably withheld or delayed.
6.2 The Provider shall notify the PCT or its authorised representative forthwith of any
failure or delay in acquiring the Required Consents and the impact of such failure or
delay.
6.3 The Provider shall not and shall procure that the Provider Parties shall not access,
use, copy, modify or develop the PCT’s Systems unless permitted to do so in writing
by the PCT.
6.4 Without prejudice to any other provision of this Agreement, if the Required Consents
cannot be obtained by the Commencement Date, then the Provider, and the PCT
shall work together to achieve an alternative solution (approved by the PCT)
including but not limited to making modifications or enhancements to the PCT’s
Systems in order to allow such interfacing.
7 Surveys
7.1 The Provider shall cooperate with the PCT in respect of the intermittent collection of
data or information for the purposes of sharing and spreading best practice through
the NHS (“Surveys”). Such data collection may include but not be limited to:
9M-3371821-2
7.1.1 collecting information on subjective Patient health outcomes;
7.1.2 collecting information to allow benchmarks to be developed against
which to judge the productivity of primary medical care providers
(and other NHS providers);
7.1.3 distributing and collecting NHS standardised Patient questionnaires;
and
7.1.4 administering such data collection through existing systems or by
distribution and collection of questionnaires.
7.2 The PCT shall own the Intellectual Property rights in any data, information or results
collected as a result of Surveys.
7.3 The Provider shall provide any information relating to the Services or to Patients
that the PCT reasonably requires in a form reasonably required by the PCT from
time to time.
8 IM&T Licences
8.1 In variation of Clause 59 in relation to that portion of Provider Background
Intellectual Property which is IM&T Materials and Third Party Software:
8.1.1 the Provider shall grant royalty-free, non-exclusive, irrevocable
licences to the PCT in respect of IM&T Materials in accordance with
Clause 59 of this Agreement ;
8.1.2 in relation to Third Party Software (excluding readily available off the
shelf non-clinical administration and office productivity products) if
the PCT exercises the right to step in pursuant to Clause 51A then
the Provider shall grant a royalty-free, non exclusive, irrevocable
licence for 3 months from the date that the PCT actually steps in to
use such Third Party Software to provide the Services and/or to
sublicence another party to provide the Services or services similar
to the Services; and
10M-3371821-2
9 National Programme for IT
9.1 The Provider shall, as part of the IM&T Services:
9.1.1 fully cooperate, liaise and work in good faith with the PCT, CFH,
NASPs, NISPs and LSPs responsible for implementing the NPfiT in
respect of any Statement of IM&T Services and in order to develop
the Transition Plan;
9.1.2 work with the PCT to implement interfaces to NPfIT Services
sufficient to meet the requirements of the PCT for the delivery of the
Services including, but not limited to, the following NPfIT Services:
9.1.2.1 Choose and Book;
9.1.2.2 CRS Spine;
9.1.2.3 Electronic Transfer of Prescriptions;
9.1.2.4 N3 connectivity;
9.1.2.5 GP2GP;
9.1.2.6 Patient Demographic Service (PDS);
9.1.2.7 Secondary Uses Service;
9.1.2.8 Quality Management and Analysis System (QMAS); and
9.1.2.9 Summary Care Record.
9.1.3 provide feedback and consultation on any technical or functional
specifications being developed by the NASPs, CFH, NISPs and
LSPs as may be required from time to time;
9.1.4 work with the PCT to implement the requirements for the NPfIT in
accordance with the milestones for the NPfIT; and
9.1.5 support training for staff performing the Services as a result of any
necessary transition or migration to new systems by the Provider to
comply with NPfIT.
10 IM&T Implementation Plan
11M-3371821-2
10.1 The Provider and PCT shall jointly develop an IM&T Implementation Plan in order
to implement a new Statement of IM&T Services.
10.2 The Provider shall provide a copy of any IM&T Implementation Plan to the PCT's
IM&T Project Manager for review and comment at least one Month prior to
commencement of the work required (unless otherwise agreed in writing between
the Provider and the PCT or its authorised representative).
10.3 The Provider and PCT shall review progress against an IM&T Implementation Plan
at a frequency to be agreed between the parties but not less than once per Contract
Month.
11 IM&T Access and Audit Rights
11.1 On receipt of no less than two (2) Business Days notice (or on twenty-four (24)
hours notice if the PCT or its authorised representative has reasonable cause to
have concern about whether the IM&T Services are being provided in accordance
with this Agreement), the Provider shall provide the PCT or its authorised
representative and any auditors and inspectors notified to the Provider with
reasonable access to the GP Led Health Centre Practice Premises and/or the
Provider's premises from which the IM&T Services are provided (and shall procure
such access to the premises of Provider Parties) for the purposes solely of an IM&T
Audit as defined in paragraph 11.2 of this Schedule 5 Part 1.
11.2 For the purposes of this Agreement an IM&T Audit is any audit or inspection carried
out so as to:
11.2.1 ascertain that the information which has been provided to the PCT or
other bodies as required by this Agreement in respect of IM&T
Services is accurate and in accordance with the requirements set out
in this Schedule 5; and/or
11.2.2 determine whether the Provider has complied with its obligations
under this Agreement in respect of IM&T Services.
11.3 An IM&T Audit may be conducted by either an internal auditor or an independent
auditor.
12M-3371821-2
11.4 The Provider shall comply with any audit recommendations arising from an IM&T
Audit. The Provider shall deliver to the PCT or its authorised representative
Quarterly updates on the status of the implementation of any IM&T Audit
recommendations. The Provider shall establish an effective issue tracking process
to ensure that recommendations are implemented in accordance with agreed
timescales.
12 IM&T Exit Management
12.1 Following execution of this Agreement on or prior to the Commencement Date the
Provider and the PCT shall agree a planned procedure (an “IM&T Exit Management
Plan”) in accordance with the minimum requirements set out in paragraph 12.2 of
this Schedule 5 Part 1 which the parties shall comply with in the event of expiry or
earlier termination of this Agreement (whether in whole or in part) to: (i) enable and
effect a smooth transition of the IM&T Services to an alternative service provider or
in-house; and/or (ii) otherwise bring the relevant IM&T Services, or relevant part of
the IM&T Services, to a satisfactory conclusion.
12.2 Without prejudice to Schedule 13 (Exit Plan), the following sets out the minimum
requirements for an IM&T Exit Management Plan:
12.2.1 an established project methodology to manage the IM&T Exit
Management Plan to be implemented by the Provider including
identification of tasks and milestones;
12.2.2 all files and any other materials or documents held by the Provider or
Provider Parties related to the IM&T Services will be made available
to the PCT or its authorised representative within ten (10) Business
Days of being requested;
12.2.3 data records held by the Provider on any systems used for
administration (or Patient care) shall be made available to the PCT
representative within ten (10) Business Days of request on a
recognised industry standard computer format to be set out in the
IM&T Exit Management Plan;
13M-3371821-2
12.2.4 service sheets fully documenting the high level elements of the IM&T
Services will be produced by the Provider;
12.2.5 any written procedures/process maps which relate to the IM&T
Services shall be submitted to the PCT or its authorised
representative upon request within ten (10) Business Days; and
12.2.6 no additional charge shall be made by the Provider for the transition
of any IM&T Services to a new provider whether pursuant to the
IM&T Exit Management Plan or otherwise, except for training costs,
which shall be limited to those staff who will be directly involved in
the management and delivery of the services by the new provider.
12.3 The Provider shall maintain and review the IM&T Exit Management Plan throughout
the term of this Agreement.
12.4 The Provider shall appoint an IM&T exit management project manager who has
sufficient experience to manage an orderly exit in accordance with the IM&T Exit
Management Plan.
12.5 The provisions of the IM&T Exit Management Plan will become effective as soon as
notice of termination is issued by one party to the other or twelve (12) months prior
to the expiry of the Agreement, whichever occurs first, and end on termination.
12.6 The parties shall ensure that the IM&T Exit Management Plan includes reasonable
steps to mitigate any costs which the PCT may incur as a result of expiry or earlier
termination of this Agreement or any part.
13 Training
13.1 The PCT shall:
13.1.1 supply the Provider or its authorised representative with an IM&T
Training Plan, based on the Provider’s training needs analysis as per
paragraph 2.3 above, detailing the training that will be provided in
respect of the IM&T Practice Systems in accordance with the IM&T
Transition Plan or an IM&T Implementation Plan; and
14M-3371821-2
13.1.2 provide training to the Provider Staff as may reasonably be required
by the Provider in relation to the IM&T Practice Systems and as
necessary to allow integration with the PCT’s Systems and to
accommodate any changes to the IM&T Practice Systems and IM&T
Deliverables, IM&T Services and IM&T Materials to the extent
necessary to ensure that the Services are provided in accordance
with this Agreement.
Part II: IM&T Requirements
1 IM&T Services
1.1 The IM&T Services shall include the following:
Booking, Tracking, Management and Onward Referral of Patients
1.1.1 the booking, tracking, management and onward referral of Patients
service which shall include the following:
1.1.1.1 an electronic appointment booking process;
1.1.1.2 variations to the booking process including cancellations,
appointment changes and non-attendance;
1.1.1.3 recording of Patient consent;
1.1.1.4 maintaining electronic Patient Records;
1.1.1.5 the onward referral and booking process via Choose and Book or
other processes if exceptionally required by particular bodies in
receipt of referrals;
1.1.1.6 supporting the distribution of relevant Patient information; and
15M-3371821-2
1.1.1.7 providing electronic information as set out in Part 1 of Schedule 2
(Service Requirements);
1.1.2 the timeliness of the processes and data content of the system to
support the processes indicated in paragraph 1.1.1 above, shall be
sufficient to support the PCT in the monitoring of Patient throughput
and treatment and to support the submission of all relevant returns;
1.1.3 the Provider shall:
1.1.3.1 in relation to Registered Patients, use the PDS or other means to
furnish NHS numbers for Patients; and
1.1.3.2 communicate with local social services and other agencies as
documented in Part 1 of Schedule 2 (Service Requirements).
Prescribing and Dispensing
1.1.4 the prescribing and dispensing service shall include the following:
1.1.4.1 the supply, administration and recording of medications prescribed
under the Patient Group Directions once Patient medical history and
current medication has been determined by a Health Care
Professional;
1.1.4.2 the electronic transmission of prescriptions issued to the Prescription
Pricing Authority (PPA) in line with the NPfIT ETP programme; and
1.1.4.3 details of medicines administered under the Patient Group Directions
to be transferred following consent to registered General
Practitioners.
Clinical Information Systems
1.1.5 the clinical information systems services shall include the:
16M-3371821-2
1.1.5.1 processing and storing of information relating to Patient records
and/or Patient Confidential Information which shall be kept up to date
by the Provider in response to information received or produced by
the Provider; and
1.1.5.2 support of sub processes described in the IM&T Services
Specification annexed to this Schedule 5 as Annex 1; and
Patient Records
1.1.6 the Provider shall keep Patient records as set out in Clause 29 and
ensure that:
1.1.6.1 all Registered Patient referrals are made via Choose & Book or other
processes if exceptionally required by particular bodies in receipt of
referrals;
1.1.6.2 Patient health records are electronic;
1.1.6.3 Patient records are transferred electronically between GP practices
utilising the NPfiT GP2GP service or NHS Care Records Service,
where appropriate;
1.1.6.4 all Patients receive Electronic Prescriptions where available, except
for Registered Patients receiving home visits whose prescription
details shall be recorded on the system once the GP has returned to
the GP Led Health Centre Practice Premises; and
1.1.6.5 NHS Numbers are used for appropriately secure communications
with the PCT and other healthcare providers for Patients if the NHS
Number is known.
1.1.7 the Provider shall:
1.1.7.1 ensure that comprehensive Patient records are kept in a form
compatible with the NPfIT NHS Care Records Service and in
accordance with NHS standards; and
17M-3371821-2
1.1.7.2 develop and implement new protocols and forms as required to
support changes to the information recording standards.
Clinical Data Set Information
1.1.8 The Provider shall verifiably collect accurate data for and submit the
following clinical data sets as required:
1.1.8.1 Reports to PRIMIS;
1.1.8.2 Local Development Plan Data; and
1.1.8.3 A&E Commissioning Dataset as specified by the Department of
Health;
1.1.8.4 Clinical data sets required by any relevant National Service
Framework;
1.1.8.5 Other clinical data sets required by this Agreement; and
1.1.8.6 any others as reasonably required by the PCT.
Central Management Information
1.1.9 the Provider shall verifiably collect accurate data for and:
1.1.9.1 submit information to the Healthcare-associated Infection and
Antimicrobial Resistance (HCAI & AMR) Department of the
Communicable Disease Surveillance Centre (CDSC) at the Health
Protection Agency (HPA) in Colindale;
1.1.9.2 support the PCT in relation to NHS reporting required by the
Department of Health’s current:
1.1.9.2.1 weekly, monthly and quarterly returns as follows:
1) weekly SITREP reports;
18M-3371821-2
2) monthly Activity Reports; and
3) quarterly QMAE returns.
1.1.9.2.2 Annual returns to include:
1) complaints received from or on behalf of NHS patients (see
form KO41 (A) for present NHS trust requirements which may
require amendment for the GP Led Health Centre Practice
Premises);
2) immunisation programmes;
3) colposcopy clinic referrals and activity;
4) occupational therapy services;
5) physiotherapy services; and
6) speech and language therapy services;
1.1.9.3 submit nil returns (where appropriate) for some of the quarterly and
annual returns to reflect the nature of the Services;
1.1.9.4 contribute (where appropriate) to a number of regular surveys and
censuses including:
1.1.9.4.1 the annual NHS medical workforce census, non-medical workforce
census and NHS vacancy survey (available on
http://www.publications.doh.gov.uk/public/work-workforce.htm);
1.1.9.4.2 the annual NHS patient satisfaction surveys (available on
http://nhssurveys.org/); and
1.1.9.4.3 ad hoc surveys issued by the "National Confidential Enquiry into
Patient Outcome and Death" (NCEPOD) group, where relevant to the
clinical services provided (available on http://www.ncepod.org.uk/).
1.1.9.5 submit Quality and Outcomes Framework (QOF) data via the Quality
Management and Analysis System (QMAS);
1.1.9.6 Other management data sets required by this Agreement; and
19M-3371821-2
1.1.9.7 any others as reasonably required by the PCT.
Information Governance
1.1.10 the Provider shall:
1.1.10.1 ensure that the IM&T Services conform to the:
1.1.10.1.1 NHS Confidentiality Code of Practice November 2003; and
1.1.10.1.2 the Caldicott Principles as defined in: “Protecting and Using Patient
Information – A Manual for Caldicott Guardians”, catalogue number
15279, March 1999;
1.1.11 submit policy documents defining how they will meet the information
governance requirements, including:
1.1.11.1 technical and procedural details of how the proposed solution
complies with standards and policies as described in this Schedule 5,
and measures required by CfH (such as penetration testing);
1.1.11.2 the role of all partners and sub-contractors involved in the delivery of
the Services, and the IM&T Services, including inter alia third-party
disaster recovery service providers and data centre providers;
1.1.11.3 an incident management system including all incidents impacting
information confidentiality, integrity and availability, and allowing for
the identification, impact assessment and reporting of all actual or
suspected incidents to the PCT;
1.1.11.4 use of the NHS Information Governance Toolkit;
1.1.11.5 completion of the Information Governance Statement of Compliance
(IGSoC);
1.1.11.6 formal reliability and recruitment checking of its staff or contractors
who may access and use NHS Patient data, whether as part of the
20M-3371821-2
Services or the administration and maintenance of the IM&T
Services, including a criminal records check of the individuals;
1.1.11.7 procedures for maintaining all systems up to date in line with any
security-related patches and advice from their suppliers;
1.1.11.8 procedures for any transfer or storage of NHS Patient data according
to CfH-approved cryptographic standards (including transfers over
N3);
1.1.11.9 the maintenance of a full audit trail (in accordance with "NHS
Records Management Code of Practice", Gateway Reference 6295),
including systems support and maintenance activities;”
1.1.11.10 procedures for risk assessment of particular risks to information
security, and the agreement of and completion of mitigation works
within agreed timescales.
1.1.12 conform to any changes to the NHS Confidentiality Code of Practice
or any other Information Governance standards defined by the
Department of Health from time to time
1.1.13 conform to any additional local service level agreements in relation to
Information Governance that has been negotiated with the PCT.
Security
1.1.14 the Provider shall:
1.1.14.1 ensure that the GP Led Health Centre Practice Premises comply with
BS ISO/IEC 17799-2005 (Code of Practice for Information Security
Management) and ISO 27001:2005 (Information Security
Management Systems - Requirements) for all systems used to
provide IM&T Services unless otherwise agreed with the PCT; and
1.1.14.2 provide written evidence of an independent BS ISO 27001:2005 audit
for the GP Led Health Centre Practice Premises to the PCT
representative within three (3) months of the Commencement Date
21M-3371821-2
or later if agreed by both parties and conduct an ongoing ISO
27001:2005 audit and provide written evidence of such audit on an
annual basis in respect of the GP Led Health Centre Practice
Premises during the term of this Agreement.
Data Accreditation
1.1.15 The Provider shall implement the steps required to achieve Data
Accreditation under the terms of the IM&T DES; including
establishing “paper light” status, and submitting
1.1.15.1 evidence of adherence to the Good Practice Guidelines;
1.1.15.2 summary protocols of prompt updates to clinical records;
1.1.15.3 IM&T Disaster Recovery Plan;
1.1.15.4 evidence of use of electronic records to support telephone and home
visit consultations;
1.1.15.5 protocols for assistance of locums in data entry and consultations;
1.1.15.6 log of training undertaken by each member of the GP Led Health
Centre Practice team against individual needs assessments; and
1.1.15.7 evidence of the completion of an Information Governance Toolkit
self-assessment for the GP Led Health Centre Practice.
1.1.16 The Provider shall work with PRIMIS+ and the PCT to compare data
quality with best practice.
IM&T Documentation
1.1.17 the Provider shall produce and maintain up-to-date the following
documentation as IM&T Deliverables throughout the term of this
Agreement and in accordance with the IM&T Transition Plan, and
22M-3371821-2
shall be in place on signature of this Agreement, or later if agreed by
both parties:
1.1.17.1 IM&T due diligence report(s) in accordance with the requirements set
out in paragraph 1 (IM&T Due Diligence) of this Schedule 5 Part 1;
1.1.17.2 IM&T Services Specification;
1.1.17.3 IM&T Interface Specification;
1.1.17.4 a Disaster Recovery Plan; and
1.1.17.5 Any other documentation set out in the IM&T Services Specification.
1.1.18 the PCT shall produce and maintain up-to-date the following
documentation as IM&T Deliverables throughout the term of this
Agreement and in accordance with the Transition Plan, and shall be
in place on signature of this Agreement, or later if agreed by both
parties:
1.1.18.1 a training plan in accordance with paragraph 13 of this Schedule 5
Part 1;
1.1.18.2 testing documentation;
1.1.18.3 acceptance reports in accordance paragraph 1.3.1.2.4 of this
Schedule 5 Part 2;
IM&T Specifications and Implementation Plans
1.1.19 the Provider shall develop within one (1) month of signature of this
Agreement an IM&T Services Specification in accordance with Annex
1 of this Schedule 5, an IM&T Interfaces Specification in accordance
with Annex 2 of this Schedule 5 and an IM&T Phasing Plan in
accordance with Annex 3 of this Schedule 5;
23M-3371821-2
1.1.20 within the constraints of the PCT’s third party provider service level
agreements, as amended or updated from time to time, the PCT shall
work with the Provider to the:
1.1.20.1 “Primary Care Procurement [•] Phasing Plan version [•] dated [•]
annexed to this Schedule 5 as annex 3.
IM&T Interface Specification
1.1.21 the Provider shall:
1.1.21.1 implement the following interfaces as IM&T Deliverables in
accordance with the IM&T Interface Specification;
1.1.21.2 develop and implement all interfaces to systems necessary to
provide the Statement of IM&T Services including the following:
1.1.21.3 physical interface to N3 or alternatively a local primary care
Community Of Interest Network (COIN) if available;
1.1.21.4 interface to SUS;
1.1.21.5 interface to other returning bodies as defined in the IM&T Services
Specification document referred to in paragraph 1.1.16 of this
Schedule 5 Part 2 and as required in this Agreement; and
1.1.21.6 Interfaces as required to support the NPfIT as detailed in sub-
paragraph 9.1.2 of Part 1 of this Schedule 5; and
1.1.21.7 implement interfaces over N3 or primary care COIN;
1.1.22 unless otherwise agreed the PCT shall be responsible for
modifications to the PCT Systems necessary to achieve the
interfaces set out in this paragraph 1 of this Schedule 5 Part 2 and
the IM&T Services Specification annexed to this Schedule 5 as
Annex 1.
24M-3371821-2
1.2 IM&T Service Levels:
1.2.1 the Provider shall provide the IM&T Services in accordance with the
IM&T Service Levels set out in the IM&T Services Specification
outlined in the Transition Plan.
1.3 IM&T Acceptance:
1.3.1 the Provider shall:
1.3.1.1 in deploying the initial systems for service launch and ongoing
operations, design and implement IM&T testing processes to verify,
to the satisfaction of the PCT, that the systems fulfil the requirements
of the IM&T Services;
1.3.1.2 submit to the PCT:
1.3.1.2.1 notice of tests (one (1) week prior to testing commencement or as
otherwise agreed between the parties);
1.3.1.2.2 testing documentation (one (1) week prior to testing commencement
or as otherwise agreed between the parties);
1.3.1.2.3 test results within a reasonable time agreed by both the Provider and
the PCT prior to commencement of the testing; and
1.3.1.2.4 acceptance reports within a reasonable time agreed by both the
Provider and the PCT prior to commencement of the testing; and
1.3.1.3 where possible generate test data for the execution of tests and liaise
with the PCT to access representative live systems data to support a
range of service tests. The Provider shall be responsible for the
processing of live data from the PCT required to initialise testing
processes.
25M-3371821-2
1.3.2 the PCT or its authorised representative will provide a person who
will witness and record acceptance of tests results ("Test Acceptance
Manager").
1.4 NHS IM&T Standards.
The Provider shall:
1.4.1 comply with the latest versions of standards and procedures relating
to the implementation and use of the following during the term of this
Agreement:
1.4.1.1 Choose and Book;
1.4.1.2 GP2GP; and
1.4.1.3 Electronic Transfer of Prescriptions;
1.4.1.4 Patient Demographics Service (PDS);
1.4.1.5 NHS Care Records Services (NCRS);
1.4.1.6 Secondary Use Service (SUS);
1.4.1.7 New National Network (N3);
1.4.1.8 Primary care Community Of Interest Network (COIN) where
available;
1.4.1.9 Quality Management and Analysis System (QMAS);
1.4.1.10 GP Systems of Choice (GPSoC);
1.4.1.11 The 2006/2007 Directed Enhanced Service for Data Accreditation;
1.4.1.12 The 2007/2008 IM&T Directed Enhanced Service;
26M-3371821-2
1.4.1.13 Future Directed Enhanced Service requirements relating to IM&T;
1.4.1.14 The 2007/2008 Choose and Book Directed Enhanced Service; and
1.4.1.15 others as may reasonably be determined by the PCT.
1.4.2 ensure that all IM&T Services falling within the e-Government
Interoperability Framework (eGIF) mandate conform to the prevailing
e-GIF standards (currently version 6.1). (Information on RFCs are
available from the RFC pages of the IETF (Internet Engineering)
Task Force) (www.ietf.org). Details of how it applies to the NHS can
be found in “The e-GIF and the NHS - a policy statement”, a DH
policy available at:
http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/Public
ationsPolicyAndGuidance/DH_4130864;
1.4.3 NPfIT
ensure that all IM&T Practice Systems, which are part of or are
required to be compliant with NPfIT, meet the requirements of the
prevailing Connecting for Health standards which at the date of this
Agreement, are described in, but not limited to:
1.4.3.1 the Messaging Implementation Manual Version;
1.4.3.2 the External Interface Specification (EIS);
1.4.3.3 Statement of Compliance;
1.4.3.4 Technical Authority to Deploy;
1.4.3.5 Clinical Authority to Deploy (where required);
1.4.3.6 Service Management Acceptance;
1.4.3.7 First of Type Deployment Approval;
1.4.3.8 Full Deployment Approval; and
27M-3371821-2
1.4.3.9 Authority to Proceed;
1.4.4 comply with British standards including
1.4.4.1 BS ISO/IEC 17799:2005 Code of Practice for Information Security
Management;
1.4.4.2 BS ISO/IEC 27001:2005 Information Security Management Systems;
1.4.4.3 BS EN ISO 9241:2000 Ergonomic requirements for office work with
visual display terminals (VDTs); and
1.4.4.4 BS ISO/IEC 20000:2005 Information Technology Service
Management;
1.4.5 comply with Department of Health and Government Publications,
including:
1.4.5.1 the NHS Confidentiality Code of Practice;
1.4.5.2 Protecting and Using Patient Information -A Manual for Caldicott
Guardians;
1.4.5.3 HSC 1999/012: Caldicott Guardians including the appointment of a
Caldicott Guardian; and
1.4.5.4 Independent Healthcare National Minimum Standards Regulations
February 2002.
1.4.6 comply with NHS Publications, including:
1.4.6.1 NHS Information Governance Toolkit;
1.4.6.2 NHS Data Dictionary (including any related Data Set Change
Notices;
28M-3371821-2
1.4.6.3 NHS Commissioning Data Set Manual (including any related Data
Set Change Notices);
1.4.6.4 Health Service Circular (HSC) 1999/053 – ‘For the Record’; and
1.4.6.5 NHS The Care Records Guarantee – “Our Guarantee for NHS Care
Records in England”;
1.4.7 comply with NHS terminology, classifications and groupings,
including:
1.4.7.1 SNOMED CT (UK Edition);
1.4.7.2 read codes (4 byte, version 2 and Clinical Terms Version 3);
1.4.7.3 the NHS Dictionary of Medicines and Devices (dm+d);
1.4.8 comply with NHS Classifications, including:
1.4.8.1 OPCS-4.3 (Office of Population Census and Surveys Version 4);
1.4.8.2 The National Intervention Classification Service (NIC);
1.4.8.3 ICD-10 (International Classification of Diseases);
1.4.8.4 HRGs Version 4.0; and
1.4.8.5 HRG Version 3.56 for all commissioned data submitted for the
financial year 2006/07 onwards
1.4.9 comply with other Standards, including:
1.4.9.1 ensuring that all Personal Data is secured in transit using the TLS
(Transport Layer Security) Protocol. Where TLS cannot be utilised
the use of SSL (Secure Socket Layer) Protocol may be acceptable
by agreement with the PCT;
29M-3371821-2
1.4.9.2 utilising DICOM Version 3 (Digital Imaging & Communications in
Medicine) (and all DICOM Systems must be accompanied by a
DICOM Conformance Statement);
1.4.9.3 utilising HL7 (Health Level Seven) and ensuring any HL7 Version 2
messages conform to HL72UKA.2 Standard;
1.4.9.4 ensuring messages conform to the message definitions approved by
the Information Standards Board;
1.4.9.5 where used, adhere to FTP (File Transfer Protocol), and ensuring
that all systems support FTP restart and recovery;
1.4.9.6 adhering to W3C Accessibility Guidelines and Standards published
by the World Wide Web Consortium (W3C);
1.4.9.7 adhering to IEEE 1073 Medical Device Communication Standard
(Institute of Electrical and Electronics Engineers);
1.4.9.8 ensuring that where workflow information is to be exchanged, it shall
be prepared to adhere to the WfMC standard (Workflow
Management Coalition Standard described at www.wfmc.org). The
Provider acknowledges that this workflow standard is under review
for e-GIF;
1.4.9.9 ensuring that all systems used to support pathology testing carry
interfacing capability which meets the NCCLS CIC Consortium
standard set out at:
1.4.9.10 http://www.clsi.org/Content/NavigationMenu/orders/Current_Catalog/
CatalogSupplement2005.pdf; and
1.4.9.11 integrating the Healthcare Enterprise (IHE) standards as required.
Where there is any ambiguity or conflict with regard to which standards or
specifications apply for a specific IM&T Service, at the request of the Provider the
PCT will identify the appropriate standard or specifications to be used.
30M-3371821-2
1.5 IM&T Disaster Recovery Plan
1.5.1 the Provider shall produce a Disaster Recovery Plan in accordance
with the Transition Plan. The minimum requirements for a Disaster
Recovery Plan include sufficient measures in accordance with Good
Industry Practice to ensure continued operation of the IM&T Services
and details of timescales and parameters within which the Provider
will aim to ensure that IM&T Services are reinstated following a
disaster or Force Majeure Event to, including the following (as
appropriate):
1.5.1.1 business continuity including:
1.5.1.1.1 compliance with the relevant provisions of BS ISO/IEC 17799:2005,
BS ISO/IEC27001: 2005 and BS ISO/IEC 20000:2005;
1.5.1.1.2 alternative processes, including business processes, options and
responsibilities;
1.5.1.1.3 invocation procedures;
1.5.1.1.4 communication strategy;
1.5.1.1.5 risk analysis including:
1) failure scenarios and assessments;
2) identification of any single points of failure within the IM&T
Service, Services and processes for managing the risks
arising;
3) identification of risks arising from the interaction of the IM&T
Service with the Services, any services provided by the PCT,
CFH NASPs, NISPs and LSPs;
4) estimates of frequency of occurrence; and
31M-3371821-2
5) business impact analysis (impact on staff and business
procedures);
1.5.1.1.6 documentation of processes, including business processes, and
procedures;
1.5.1.1.7 key contact details (including roles and responsibilities) for the
Provider and for the PCT;
1.5.1.1.8 procedures for reverting to "normal service";
1.5.1.1.9 method(s) of recovering or updating data collected (or which ought to
have been collected) during a failure or disruption to the IM&T
Service and Services to ensure that there is no loss of data and
preserve data integrity;
1.5.1.1.10 any third party dependencies with respect to business continuity; and
1.5.1.1.11 steps to be taken by the Provider upon resumption of the IM&T
Services and/or Services in order to address any prevailing service
level failure;
1.5.1.2 disaster recovery including:
1.5.1.2.1 site audits;
1.5.1.2.2 backup methodology;
1.5.1.2.3 data verification procedures;
1.5.1.2.4 identification of all potential disaster scenarios;
1.5.1.2.5 risk analysis;
1.5.1.2.6 documentation of processes and procedures;
1.5.1.2.7 hardware configuration details;
1.5.1.2.8 network planning;
1.5.1.2.9 invocation rules;
1.5.1.2.10 key contact details;
1.5.1.2.11 service recovery procedures including procedures for reverting to
"normal service";
1.5.1.2.12 any third party dependencies in respect of disaster recovery; and
32M-3371821-2
1.5.1.2.13 steps to be taken by the Provider upon resumption of the IM&T
Services and/or Services to address any prevailing effect of the
disaster or Force Majeure Event.
33M-3371821-2
SCHEDULE 5: DEFINITIONS
"A&E Commissioning Dataset” or “A&E CDS”
means the basic structure used for the exchange of commissioning data between providers
and commissioners (and other users), currently via the NWCS and when operable, the
Secondary uses Service (SUS). The A&E CDS specifies a set of fields which must be
transmitted to NWCS and when operable, SUS;
"Choose and Book” (EBS)
means the national service that will allow Registered Patients to choose the date, time and
location for their initial outpatient appointment and to book it either immediately at the GP
Led Health Centre Practice or at a later date over the phone (via the booking management
service) or internet;
"Connecting for Health”
means the Department of Health agency which came into operation on April 1st 2005 and
whose purpose is to deliver the National Programme for IT, and to maintain the national
critical business systems previously provided by the former NHS Information Authority;
"Disaster Recovery Plan”
means the business continuity and disaster recovery plan which sets out the procedures
and actions which will facilitate the Provider, as far as reasonably practicable, to continue
the provision of IM&T Services in the event of an event of Force Majeure or similar event
which might otherwise prevent the same;
"Electronic Prescription Form”
means a Prescription Form, which falls within paragraph (b) of the definition of Prescription
Form (as defined in Schedule 1 (Definitions));
"Electronic Prescriptions”
means an Electronic Prescription Form or an Electronic Repeatable Prescription;
"Electronic Repeatable Prescription”
has the meaning in Schedule 1 (Definitions) of this Agreement;
"Electronic Transfer of Prescriptions (ETP)”
34M-3371821-2
means the programme to create and implement Electronic Prescriptions and to integrate
this with the NHS Care Records Service. It will allow prescriptions (including for repeat
dispensing) generated by GPs and other prescribers to be transferred electronically
between prescribers, dispensers and the reimbursement agency, currently the Prescription
Pricing Authority;
“Good Practice Guidelines”
means the “Good practice guidelines for general practice electronic patient records”,
version 3.1 (2005), gateway reference 5098 or later, available at
http://www.dh.gov.uk/en/Publicationsandstatistics/Publications/PublicationsPolicyAndGuida
nce/DH_4008657;
“GP2GP”
means the General Practice to General Practice patient health record transfer solution to
support the electronic component of a general practice patient health record transfer to a
new practice when a patient registers with a new practice for primary health care;
"Hardware”
means:
(a) computer and computer equipment;
(b) telecommunications equipment;
(c) cabling and network systems;
(d) any part of the technical infrastructure which is used in the operations of, or
connected to, (a), (b) or (c) above (including all firmware and operating software
which is shipped as an integral part of (a), (b) or (c) above and all data and other
information that is embedded in (a), (b) or (c) above); and
(e) any asset which relies in any way on (a), (b), (c) or (d) above or other information
technology;
“IM&T Audit”
has the meaning given in paragraph 11.2 of Schedule 5 Part 1;
"IM&T Change”
means:
(a) any change in relation to the IM&T Services; or
35M-3371821-2
(b) the requirements of a Statement of IM&T Services issued during the term of the
Agreement;
which
(a) is not reasonably included within the scope of this Agreement at the time of
signature;
(b) results in the Provider incurring expenditure in respect of such IM&T Change which
when taken together with the expenditure in respect of other changes in relation to
the IM&T Services required pursuant to this Agreement after acceptance of the
IM&T Services by the PCT after the Commencement Date or the requirements of a
Statement of IM&T Services issued during the term of this Agreement equals to or
exceeds ten thousand pounds sterling (£10,000) per Contract Year (subject to the
Provider providing verifiable estimate and/or receipts) and;
(c) which requires the Provider to make a change to the Provider’s Systems or is
otherwise a change in relation to the IM&T Services;
“IM&T DES”
means an IM&T Directed Enhanced Service;
“IM&T Deliverable(s)”
means the specific item(s) of work that are required to be undertaken or performed by the
Provider as part of the IM&T Services in order to comply with the requirements of a
Statement of IM&T Services;
“IM&T Exit Management Plan”
has the meaning given in paragraph 12.1 of Schedule 5 Part 1;
“IM&T Failure”
means any failure by the Provider to provide the IM&T Services and/or IM&T Deliverables;
“IM&T Implementation Plan”
means the written documentation developed by the Provider, setting out information
describing how the Provider will develop, install and implement Statements of IM&T
Services including IM&T Deliverables and shall include, without limitation, work plans
activity forecast plans (e.g. Gantt chart) timetables, milestones, interim milestones,
resource forecast, statements of issues, risk and constraints, technical approach, testing,
IM&T Training, approvals process, PCT required input and impact on Services;
36M-3371821-2
“IM&T Infrastructure”
means the collection of Hardware and networking services described in paragraph 3, Part 1
of this Schedule 5, forming part of the PCT Systems;
“IM&T Materials”
means any IM&T functional and/or technical specifications, documents, drawings, models,
samples, prototypes, technical information, data, reports, materials, work, interfaces and
any other tangible and intangible products and works (excluding Third Party Software) and
the like prepared by or for the PCT and/or the Provider and which relates to IM&T Services
and Deliverables;
“IM&T Interface Specification”
means the written document developed by the Provider that describes the interfaces
between the Provider’s Systems and the PCT’s Systems and any other systems necessary
to provide the IM&T Services. The IM&T Interfaces Specification developed by the Provider
in response to the Statement of IM&T Services issued as at the date of this Agreement to
develop interfaces on or before the Commencement Date is the document referred to at
paragraph 1.1.16.3 of this Schedule 5 Part 2;
“IM&T Phasing Plan”
means the written documentation prepared by the Provider at the date of this Agreement
and which the Provider will update during the term of this Agreement (with input from the
PCT) describing known phases of the IM&T Services that are planned to occur during the
term of this Agreement and detailing how such phases will impact on the Provider’s
Systems and IM&T Practise Systems. The IM&T Phasing Plan at the date of this
Agreement is the version referred to at paragraph 1.1.18 of Schedule 5 Part 2;
“IM&T Practice Systems”
means the collection of clinical and administrative systems described in paragraph 2.2 of
Part 1 of this Schedule 5, forming part of the PCT Systems;
“IM&T Project Manager”
means the persons appointed pursuant to paragraph 5.1 of Schedule 5 Part 1;
"“IM&T Rectification Plan”
means a plan for the rectification of a particular IM&T Failure which shall include:
37M-3371821-2
(a) the Provider’s recommendation for correcting or minimising the impact of any delay
notified to the PCT or the PCT representative from time to time; and/or
(b) details of the steps the Provider intends to take and the timescales or milestones
within which the Provider intends to take such steps
aimed at the elimination of the relevant IM&T Failure and the probability of it recurring,
provided that where the IM&T Rectification Plan includes a Change, the provisions of
Schedule 8 (Change Schedule)) shall apply;
“IM&T Services”
means all services in connection with IM&T necessary to ensure the delivery by the
Provider of Services pursuant to this Agreement, including but not limited to those more
particularly described in Schedule 5 Part 2 and any Statement of IM&T Services;
“IM&T Services Specification”
means the written functional and technical specification documents developed by the
Provider describing how each of the IM&T Services including IM&T Deliverables will be
provided, including systems to be used, procedures to be followed, maintenance and
support arrangements, disaster recovery and business continuity arrangements. The IM&T
Services Specification at the date of this Agreement is the version as set out in Annex 1 of
this Schedule 5;
“IM&T Service Levels”
means the agreed levels of service for measuring the Provider’s delivery of the IM&T
Services which the Provider must attain in carrying out the IM&T Services as defined in
accordance with paragraph 1.2 of Schedule 5 Part 2 and the IM&T Services Specification;
“IM&T Support and Management”
means the IM&T support and management services described in paragraph 2.4 of this Part
1 of Schedule 5;
“IM&T Training”
means the IM&T training to be supplied by the PCT in accordance with paragraph 2, Part 1
of Schedule 5;
“IM&T Training Plan”
means the training plan provided by the Provider in respect of the software, Hardware and
systems supplied by the Provider or its agents or sub-contractors;
38M-3371821-2
“Information Governance”
means a framework which allows organisations and individuals to ensure that personal
information is dealt with legally, securely, efficiently and effectively, in order to deliver the
best possible care. It brings together all of the requirements, standards and best practice
that apply to the handling of information;
“Information Standards Board”
means the independent body responsible for the assurance and sign-off process for
information standards in the NHS in England and those required by the NHS in relating to
other agencies, including social services. The Information Standards Board ensures that
NHS Information Standards are fit for their stated purpose and can effectively integrate and
interoperate across the NHS and in England;
“LAN”
means Local Area Network cabling;
“LSP”
means the local service provider(s) appointed by the National Programme for IT to provide
information technology systems and services in the PCT’s local geographic area;
“NASP”
means the national application service provider(s) appointed by the National Programme
for IT to deliver key national component parts of the National Programme for IT;
“NISP”
means the national infrastructure service provider(s) appointed as part of the National
Programme for IT to deliver key national component parts of the National Programme for IT
relating to physical infrastructure, intelligent network services and demand requirement
analysis;
“NPfIT or National Programme for IT”
means the National Programme for information technology approved by the Department of
Health on 12 June 2002 and called “Delivery 21st Century IT Support for the NHS” National
Strategic Programme which is designed to create a new technology infrastructure for the
NHS, which will involve significant works, upgrades and modernisation to information
39M-3371821-2
technology and administrative systems used by Health Service Bodies at a local and
national level;
"NPfIT ETP”
means the National Programme for IT for electronic transfer of prescriptions;
"NPfIT NHS Care Records Service”
means the National Programme for IT for NHS Care Record Services (as defined in
Schedule 1 (Definitions) of this Agreement);
“New National Network” or “N3”
means the wide area network connecting NHS organisations, managed for the NHS by a
third party service provider which replaced NHSnet in September 2004;
“NHS Confidentiality Code of Practice”
means the document published by the Department of Health available at:
http://www.dh.gov.uk/assetRoot/04/06/92/54/04069254.pdf;
“NHS Information Governance Toolkit”
means the web based application available via the NHS network which has been jointly
developed by the Department of Health and the NHS Information Authority incorporating
initiatives relating to matters such as confidentiality, data protection, freedom of information,
information security, information quality assurance and health records management;
“NHS Website”
means the website located at the URL http://www.nhs.uk or any subsequent URL used by
the NHS from time to time;
“NSTS”
means the NHS Strategic Tracing Service which functions around a central database for
the benefit of those organisations registered to use the database including the NHS
Connecting for Health;
“NWCS/SUS”
means the NHS Wide Clearing Service / Secondary Uses Service;
“PCT Systems”
40M-3371821-2
means the PCTs Hardware and software, including clinical elements (such as the EMIS
System) and the IM&T Practice Systems;
“Patient Demographics Service or (PDS)”
means the central demographics service for the NHS Care Records Service (NHS CRS);
“Prescription Pricing Authority (PPA)”
means the Prescription Pricing Division of the Business Services Authority (Special Health
Authority) which is a national provider of managed services to the NHS. Its main functions
are to calculate and make payments for amounts due to pharmacists and GPs for supplying
drugs and appliances prescribed under the NHS. It also produces information for NHS
organisations and stakeholders about prescribing volumes, trends and costs and manages
a range of health benefits eg the NHS Low Income Scheme;
“Patient Group Directions”
means sets of directions issued by the PCT and notified to the Provider from time to time
relating to pharmaceutical and/or prescribing matters;
“PRIMIS” means the free service to primary care organisations to help them improve
patient care through the effective use of their clinical computer systems;
“Provider’s Systems”
means the Provider’s Hardware and software;
“QMAE”
means the Quarterly Monitoring Accident & Emergency activity return submitted to the
Department of Health;
“Quality Management and Analysis System (QMAS)”
means the on-line data collection tool used in the collection of the primary care Quality and
Outcomes Framework (QOF) data which supports payments to GP practices;
“Read Codes”
means Clinical Terms Version 3, comprising a set of coded clinical concepts (and their
representative clinical terms) in a hierarchical relationship, together with associated cross-
references to the clinical classifications;
41M-3371821-2
“Required Consents”
means any rights, licences, wayleaves, permissions or consents necessary to provide
access to and/or use of or connections to PCT’s Systems, IM&T Systems and/or any other
Third Party Software and systems for the purpose of providing the Services;
“RFCs”
means the form of specification for networking protocols used by the Internet Engineering
Task Force;
“Secondary Uses Service (SUS)”
means the Service which is being delivered as part of the NHS Care Records Service (NHS
CRS) of the National Programme for IT (NPfIT), delivered by NHS Connecting for Health.
The service protects the confidentiality of patients and will provide timely, pseudonymised
patient-based data and information for purposes other than direct clinical care, including
planning, commissioning, public health, clinical audit, benchmarking, performance
improvement, research and clinical governance;
“SITREP”
means the weekly activity monitoring report submitted to deadline to the Department of
Health and which contains a number of activity types;
“SNOMED CT”
means a systemised nomenclature of medicine – clinical terms.
“Statement of IM&T Services”
means a document or notice (in any form) issued from time to time by the PCT or its
authorised representative (or via a NASP, NISP or LSP acting on his or her behalf), which
includes a functional description, specification and other information detailing requirements
for IM&T Services including but not limited to IM&T Deliverables which the Provider is
required to provide in accordance with the terms and conditions of this Agreement and
where relevant pursuant to paragraph 1.2 of Schedule 5 Part 1. The Statements of IM&T
Services issued at the date of this Agreement are set out and referenced in Schedule 5
Part 2;
“Summary Care Record”
means a single, authoritative electronic Patient record.
42M-3371821-2
“Technical Architect”
is the person appointed pursuant to paragraph 5.3 of Schedule 5 Part 1;
“Test Acceptance Manager”
means the person identified in paragraph 1.3.2, Part 2 of this Schedule 5; and
“Third Party Software”
means any software used in relation to the Services in which the Intellectual Property rights
are vested in a third party;
“Virus”
means any code, thing or device which may impair or otherwise adversely affect the
operation of any computer, prevent, disrupt or hinder access to any program or data,
impair, disrupt or interfere with the operation of any program or the reliability or integrity of
any data (whether by re-arranging within the computer or any storage medium or device,
altering or erasing, the program or data in whole or part or otherwise), including viruses,
rojan horses, worms, robots, spiders, logic bombs and other computer viruses and other
forms of malicious code or other similar things.
43M-3371821-2
ANNEX 1
IM&T Services Specification
[To be agreed by the parties and inserted into this Agreement within one (1) month of signature of
this Agreement]
44M-3371821-2
ANNEX 2
IM&T Interfaces Specification
[To be agreed by the parties and inserted into the Agreement within one (1) month of signature of
this Agreement.]
45M-3371821-2
ANNEX 3
Phasing Plan
[To be agreed by the parties and inserted into the Agreement within one (1) month of signature of
this Agreement’.]