1. Clinical Safety Documentation
Searching...

Clinical Safety Documentation

Clinical Safety Context – NHS Secure Boundary

NHS Secure Boundary is a national infrastructure and security service that provides protective boundary controls to enable secure connectivity and controlled information exchange between health and care systems across organisational and network boundaries. The service enforces national security policies through mechanisms such as traffic inspection, routing, filtering, and access control to protect NHS systems and data.

NHS Secure Boundary does not provide clinical functionality, does not generate, modify, or interpret clinical information. However, it performs a critical enabling and protective role for digital systems that are relied upon in the delivery of patient care. The safe and reliable operation of the NHS Secure Boundary is therefore an important dependency for clinically enabled systems.

Indirect Clinical Risk

Failures, degradation, misconfiguration, or misuse of the NHS Secure Boundary may give rise to indirect clinical risks, including:

  • Loss or degradation of network connectivity affecting access to clinical systems
  • Delayed or interrupted transmission of time-critical clinical information
  • Data integrity issues arising from disrupted, incomplete, or misrouted data flows
  • Inappropriate access to sensitive health and care data due to failures in boundary security controls

The operation of security inspection, routing, filtering, and traffic management controls at the NHS Secure Boundary may also result in false positive or false negative outcomes, for example:

  • Legitimate clinical or operational traffic being incorrectly blocked, throttled, or delayed
  • Unauthorised or malicious traffic not being detected or adequately contained

Such scenarios may adversely affect the availability, confidentiality, or integrity of information relied upon by clinicians and care professionals, with the potential to impact clinical workflows, clinical decision-making, and the timely delivery of care.

Applicability of DCB0129

Although the NHS Secure Boundary is an infrastructure and security service rather than a clinical system, failures, degradation, or unintended behaviour could reasonably foreseeably contribute to patient harm through adverse impacts on dependent clinical systems, including effects on the availability, integrity, or confidentiality of information used to support care delivery. The service is therefore subject to DCB0129: Clinical Risk Management – its Application in the Manufacture of Health IT Systems, and clinical safety assurance is required to demonstrate that potential clinical risks associated with the service have been systematically identified, assessed, and controlled in a manner proportionate to its role as a national security and boundary service.

Clinical Safety Assurance

Clinical safety assurance for the NHS Secure Boundary demonstrates that the service has been designed, developed, and is operated with due consideration of its indirect clinical safety impacts, including:

  • Dependencies between the secure boundary and clinically enabled systems
  • The potential effects of boundary enforcement on the availability and timeliness of clinical information
  • Clear articulation of assumptions, constraints, and limitations associated with security controls
  • Identification, mitigation, and acceptance of residual clinical risks

This assurance supports the safe integration of the NHS Secure Boundary with dependent systems and provides transparency to stakeholders regarding how clinical safety risks are managed at a national level.

Clinical Safety Documentation
Clinical Safety Case Report

The Clinical Safety Case Report forms part of the national clinical safety assurance for the NHS Secure Boundary and demonstrates compliance with DCB0129.

The report sets out the clinical safety argument for the service, describing how clinical safety risks associated with secure boundary operation, traffic control, and security enforcement are identified, assessed, and controlled throughout the design, development, and operation of the service. It defines:

  • System scope, boundaries, and intended use
  • Key assumptions and dependencies on connected systems
  • Identified clinical safety hazards arising from boundary operation
  • Implemented technical, operational, and governance risk controls
  • National clinical safety roles and governance arrangements
Hazard Log

The Hazard Log provides a structured and auditable record of identified clinical safety hazards relevant to the NHS Secure Boundary. It documents:

  • Hazard causes and contributing factors
  • Potential clinical impacts
  • Initial and residual risk assessments
  • Implemented mitigations and controls
  • Hazard ownership and current status

The Hazard Log is maintained as a living document to support the ongoing management of clinical safety risks as the service evolves, including changes to architecture, policy, or operational use.

Relationship to Local Clinical Safety Responsibilities

These documents support national clinical safety assurance of the NHS Secure Boundary under DCB0129. Organisations deploying or operating systems that depend on the NHS Secure Boundary remain responsible for meeting their own clinical safety obligations under DCB0160, including:

  • Assessment of local dependency and implementation risks
  • Consideration of local workflows, contingencies, and failure modes
  • Operation of appropriate local clinical safety governance

National assurance does not remove the need for local clinical safety assessment.

Access to Documentation

The Clinical Safety Case Report and Hazard Log for the NHS Secure Boundary are available via the Accenture Trust Centre.

 

Back To Top