What is ITK?

The acronym ‘ITK’ gets used a lot within the healthcare technology world.

It stands for Interoperability Toolkit, and the official NHS Digital page about ITK can be found at (https://digital.nhs.uk/interoperability-toolkit)

What is ITK?

The Interoperability Toolkit (ITK) is a set of common specifications, frameworks and implementation guides that support interoperability.

It is essentially an umbrella term / brand name.

What isn’t ITK?

ITK is not a specific specification or standard. It is not a ‘badge’ that is issued to system suppliers.

A system with ‘ITK interfaces’ or ‘ITK support’ does not necessarily have the ability to talk to other systems with ‘ITK interfaces’ – it depends completely on which of the ITK specifications or standards the system provider has implemented.

When system providers have developed their product to support ITK specifications and standards, they can go through an accreditation process to have this formally tested and recognised by NHS Digital.

If a system provider tells you that the system supports ‘ITK’ you should ask for precise detail on which elements of ITK they support.

What is ITK accreditation?

Also known as ‘ITK conformance’, a system provider being issued with ITK accreditation means that they have implemented against at least one of the specifications within the ITK collection.

An ITK Conformance certificate is issued to a system provider upon completion of the accreditation process – it means that NHS Digital are satisified that the system meets the requirements in the specification you have chosen to support.

Note: You do not require ITK accreditation in order to start development – it is issued right at the end of the development process.

NHS Digital maintains an online catalogue of suppliers who have been formally accredited as ‘ITK Conformant’ – if the supplier is not in this list, it means they have not been issued with an ITK accreditation by the NHS Digital ITK team.

You will notice that the catalogue specifically lists the Catalogue category and System type against which a system provider has been issued accreditation.

As a purchaser / user of systems this is the most important part of the cataloge – it will tell you exactly which capability a system provider can support.

For example, a supplier listed under the Catalogue category of “Hospital Admission, Discharge and Transfers” can’t necessarily communicate with a system under the category of “NHS 111”.

The cataloge also lists the System Version ID against which an accreditation has been issued. This means that in order for you to make use of the ITK functionality, your system will need to be on that minimum version; it is often the case that all versions after the one listed will continue to support the functionality but you should always ask your the system provider about this.

What is the process for ITK accreditation / conformance?

The ITK team at NHS Digital will guide you through the process, and so you should enage with that team as early in the process as possible. You need to know which of the ITK specifications you would like to develop against, as the requirements can vary significantly, and the exact process may involve different teams and additional business requirements.

You can find more details about initiating contact with the ITK team here: (https://developer.nhs.uk/testcentre/itk-accreditation/)

A a system provider, an overview of the process is:

  1. You identify the ITK specifications against which they would like to develop your software.
  2. You make contact with ITK Accreditation team at NHS Digital to initiate the process.
  3. You download the relevant technical specifications to support the specific technical capability you are building against.

    Most specifications can be found on the TRUD (Terminology and Reference data Update Distribution) portal – you will have to sign up for an account, but this is free.

    You will also need to download the development support tools that are provided to help you with the process.

    You should ask the ITK team for guidance on which specifications and tools you need to use if in doubt.

  4. Once accepted into the process, the ITK team will issue you with a tailored “requirements catalogue” – it will list all of the documented functional and non-functional requirements you need to meet. It will also detail any tests you need to complete as part of the process.

  5. As you develop your product, you should complete the requirements catalogue and try and use the specified tests as a guide for your development. Many leave the compliance parts to the end, and this is guarranteed to be more painful for you!

  6. Once all development is complete, you submit your completed requirements cataloge along with all necessary test evidence that is required.

  7. When the ITK team are satisfed with your submission, they will confirm conformance and issue you with a certificate. This is the point at which you will be added to the online ITK Accreditiation Catalogue.

The NHS, Public Cloud, and N3

This week, NHS Digital have released new guidance around the hosting and off-shoring of NHS and Social Care data.

The guidance on “off-shoring and the use of public cloud” clarifies a couple of important factors:

  • NHS and Social Care data is to be treated as OFFICIAL data which is the lowest of the Governement Security Classifications [(there are only three classifications: OFFICIAL, SECRET, and TOP SECRET). The significance of this is that it means we don’t need to buy NHS-specific hosting any more – OFFICIAL means good enterprise security and compliance with recognised data security standards.
  • Data can be hosted within the UK – European Economic Area (EEA), a country deemed adequate by the European Commission, or in the US where covered by Privacy Shield. This is a significant change from the previous restriction which required data to be kept in England for NHS England remit services, for instance.

All of this is strongly predicated on the fact that appropriate controls, risk assessments, and security measures are applied regardless of where data is processed and stored – the novel part is that this guidance acknowledges that acceptable levels of security can be achieved within the off-shore areas mentioned above.

For the avoidance of doubt, this new guidance does not mean that it is automatically safe to store NHS and Social Care personal data within these wider regions – the same level of design and scrutiny needs to be applied in line with the necessary security principles.

N3 / HSCN applications in public cloud

The above guidance is a massive step forward, and it hopefully signals a new focus from NHS Digital on fulfilling its purpose as a foundation for technology within the NHS, and on remaining a technologically-relevant organisation within the such a fast-paced industry.

The guidance alone isn’t quite enough, though. For many, the knowledge needed to design a public cloud infrastructure with the ability to communicate within the N3 / HSCN networks is a mere myth.

Black Pear, a health software supplier with a focus on interoperability are one of the few who have actually achieved this and Dunmail Hodkinson, CTO, shared some of his top tips on the OpenHealthHub community forum. He kindly agreed that I could collect them together here for easy reference.

The below information is shared in the hope that it will at least help you get started with designing your use of public cloud, and we are grateful to Dunmail and Black Pear for sharing this openly.

It should go without saying that this is by no means an exhaustive set of guidance and that you are completely responsible for your own implementations.

Designing the infrastructure

The design used by Black Pear is relatively simple:

  • AWS DirectConnect (https://aws.amazon.com/directconnect/) is used to securely route traffic from N3/HSCN to the Gateway VPC on AWS. (The Gateway VPC is then effectively a little bubble of N3 running on AWS)

  • Host proxy servers for both inbound and outbound traffic in the Gateway VPC. Choose your favourite software! (Black Pear runs Ubuntu + haproxy/nginx/squid/postfix).

  • Create a second VPC on AWS – this is the Private VPC and must not be routable from the internet

  • The Private VPC is used to host your application servers

  • Finally, VPC peering (https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-peering.html) is configured to route traffic between the Gateway VPC and Private VPCs.

  • Supporting guidance

    AWS have published a helpful set of guidance describing Cloud architectures for UK-OFFICIAL workloads:

    This includes a candidate architecture that can quickly be adapted to NHS requirements. You can try these out on any AWS account…

    N3 Connectivity

    Black Pear uses Redcentric to provide N3 connectivity for their production services on AWS (http://www.redcentricplc.com/services/networks/hscn-connectivity/hscn-public-cloud-connectivity/).

    This is straightforward, but there are some pre-requisites for connecting to N3:

    • Design documentation (the Logical Connection Architecture) is used to show that the connection will be safe, secure and comply with NHS requirements.
  • The Information Governance Toolkit (https://www.igt.hscic.gov.uk/) is used to show that your organisation has a robust information governance framework in place.

  • Once the agreement and necessary documentation was in place, the actual setup of the connection took less than a day.

    Some top tips…

    • Start the IGToolkit and Logical Connection Architecture early. You can then make design decisions that make it easy to meet the requirements.
  • Use the Infrastructure as Code practice, for example AWS CloudFormation (https://aws.amazon.com/cloudformation/). Use this to build and deploy a development environment that matches the production environment exactly – including network configuration, firewall rules and virtual machine images.

  • Remember that not all AWS services run in all regions (e.g. Kinesis Firehose) and some must be internet connected (e.g. ApiGateway). Check that you’ll be able to use the service when you deploy to production.

  • Ensure you establish contact with the NHS Digital DNS team and help them understand what you are doing – you may need their help to configure some non-standard DNS records (e.g. a CNAME record on N3 DNS servers that points to a CNAME record on internet DNS servers that points to the CNAME record of a private load balancer on AWS DNS servers, that finally resolves to A records describing IP addresses in the Gateway VPC).

  • Links

    Black Pear is a provider of healthcare interoperable clinical applications.

    Redcentric is a managed services provider.

    NHS Digital – NHS and social care data: off-shoring and the use of public cloud services

    Information Governance Tool Kit

    Government Security Classifications

    AWS Guidance on UK-OFFICIAL workloads

    NHS Hack Day – What is a pitch, and who should do one?

    This is a shadow copy of the blog post published on (NHSHackDay.com): (http://nhshackday.com/blog/posts/2018/01/17/everything-you-ever-wanted-to-know-about-pitching)

    If you’re new to NHS Hack Day (and even if you’re not), the thought of pitching your idea to an entire room of people is quite daunting.

    So who should pitch at NHS Hack Day? And what even is a pitch anyway…?

    Let’s cover the what and who bits first.

    What is a pitch?

    A pitch is a short opportunity for a person to share a project idea to tempt others to work on it with them.

    At the start of NHS Hack Day, anyone with a problem or project they think might be interesting to other attendees can speak for up to 60 seconds to explain it to the rest of the group.

    Based on these short pitches, other attendees decide what they’d like to spend time on on during the weekend.

    The pitches are short, and so it is not possible to use slides or to show demos on the projector. This is almost always a good thing — you can focus on making your explanation as clear to as many people as possible.

    If you really need to show something (seriously, you probably don’t), you could hold up a sheet of flipchart paper (we’ll have lots of this) — but try not to over-complicate or over-think it 🙂

    Who should pitch?

    Short answer: Anyone.

    Longer answer: This is an opportunity for anyone with an idea that they’d like to explore, or a problem they have in their day-to-day work, to tell a room full of smart and motivated people about it, with the aim of coming up with a joint solution, or even ‘just’ some more information about the problem.

    The weekend will be a great opportunity for you to learn about what other people in your sector are doing, and how they’re addressing the problems they face; but of course this will work best if everyone buys in.

    I’m still not sure

    Ok, so now you know why you are totally someone who should pitch at NHS Hack Day, but you’re still not sure?

    Here are some common concerns about pitching:

    1. I’m not very good at presenting to audiences

    Firstly, you are probably a whole load better at it than you think you are.

    Secondly, the NHS Hack Day community does not attract polished speakers with years of presentation experience. It attracts people just like you and I, who have the same apprehensions.

    The quick-fire pitching style is actually fun. It’s so different to a formal presentation that people won’t even think about the sort of things you’re worried about.

    And if you’re still not sure: talk to an organiser or hang back down the queue a bit, watch some other people pitch first, and then see how you feel. Every hack event we’ve held has had at least one last minute idea pitched where someone gets inspired by the other pitches.

    Lastly, no one will even notice if you decide not to go ahead. 🙂

    If you think that talking through your pitch with someone might help, do get in touch with our team of volunteers on the event Slack, on Twitter, or at hello@openhealthcare.org.uk and we’ll be happy to try and help you.

    2. My idea is not developed enough to be interesting or useful

    This is just not A Thing!

    The best ideas for an NHS Hack Day are those ones that have plenty of room to be developed. That’s why we’re at NHS Hack Day in the first place, right?

    People come to NHS Hack Day for a number of reasons: to work on an idea or problem they have, to get stuck in helping other people develop their ideas, or just to learn about what’s happening and to meet people.

    In any case, what you have to offer is valuable to the community – we promise.

    Your pitch might be as simple as describing a problem that you’ve encountered, and there will be people in the audience for whom that is enough for them to get problem-solving with you.

    You might have a clear idea, but feel like you haven’t developed the ‘how’ enough yet — that’s great! Tell the audience this, and ask them to help you work out the ‘how’. Again, this will be a really interesting proposition for some people.

    Be careful here not to pitch a solution rather than a problem, see Tip 5 in our first blog (http://nhshackday.com/blog/posts/2017/11/15/top-10-tips-for-awesome-pitches) for more info on this!

    There is no idea too small or too early to pitch – you’ll get a feel for this as soon as you see what other people are pitching.

    3. My idea isn’t interesting enough, or the other ideas will be more interesting

    “Interesting” is a personal thing. You really can’t guess what will or won’t be interesting to other people in our community.

    NHS Hack Day often ends up with only some of the original pitches actually being worked on; this is entirely normal, and is a result of the self-organising that happens at these events.

    It is possible that your pitch won’t make it all the way to the end of the weekend, but this is not a reflection of quality, interest, value, or you. You might even decide that you’d rather work on someone else’s idea (this happens ALL the time).

    Go on, give pitching a go

    Don’t be shy: do consider having a go at pitching. Your friends at NHS Hack Day are the best people you could do this with for sure.

    And lastly, as always, if you have any questions about anything in this post (or indeed about anything else), do get in touch with our team of volunteers on the event Slack, on Twitter, or at hello@openhealthcare.org.uk and we’ll be happy to help.

    My 2018 event schedule

    I only realised in hindsight that I attended a number of tech events, meetups, training, hackathons etc. during 2017.

    To attempt to be a bit more organised, and in case it’s of interest to others, I’m going to keep a live list of my planned events for 2018 here. Give me a shout if you’re interested in any of them and would like to know more!






    • TBC – MindTheProduct Conference, London