Understanding the NHS Supplier Conformance Assessment List (SCAL)

A duty to protect the public, sensitive patient data, technical safety concerns, and being able to guarantee digital products are fit for purpose – these are just some of the reasons why technology in healthcare is so closely monitored and regulated.

Without these regulations in place, healthcare organisations run the risk of putting patients and their health in danger.

To ensure all new digital health technology meets stringent regulations required by law, and technology suppliers meet NHS standards, the NHS introduced the Supplier Conformance Assessment List (SCAL) as a required process for many NHS Digital APIs.

The SCAL is a technical document designed to streamline the supplier procurement process, ensuring all existing and new technology applications meet standards around information government, clinical safety, functional testing and SMSP-PDS requirements.

As a reputable technical partner to various organisations within the NHS network, we’re able to provide technical guidance and support on everything, from the initial onboarding process right through to ongoing maintenance and support to ensure your solution remains compliant throughout its lifetime.

Here’s how it works…

Purpose and use of SCAL

To properly understand what SCAL is and how it will impact end users, suppliers and the NHS more broadly, we first need to understand its purpose and why it was introduced in the first place.

In the UK, the NHS is the backbone of our healthcare system. However, as it continues to battle chronic underfunding, as well as a growing and ageing population, there is a real and obvious need to leverage technology to meet ever changing and complex population needs.

By using technology to deliver a more effective and efficient healthcare service, as well as explore alternative models of care such as telemedicine and consumer wearables to monitor diseases more closely, the NHS can establish a model of care that’s fit for patients now and in the future.

However, any technology solution that is integrated into an NHS system must be fully vetted first to ensure it is safe, compliant and secure – and this is where SCAL comes in.

SCAL was introduced to assist with the NHS Digital API onboarding process, ensuring every supplier and their solution is compliant with NHS standards around security, patient data, and above all else, patient safety.

The SCAL has to be completed by any supplier wishing to integrate with either:

  • an NHS Digital Service API and thus potentially interface with a Spine Service
  • an NHS Digital defined or curated standard and associated technical specifications

The process

With hundreds of thousands of pounds worth of contracts and patients’ lives at stake, the process of achieving supplier conformance can be a daunting one.

Naturally, the cost of not meeting conformity will be a concern for suppliers, end users and the NHS alike. Suppliers will worry about missing out on valuable contracts if their solutions aren’t suitable, while end users and the NHS will be concerned about the detrimental effect any such solution could have on patient outcomes or incurring fines for non-compliance.

Luckily for you, regardless of what part of the process you’re involved in, we at 6B have the technical knowledge and practical expertise to guide you through the entire process.

Our first port of call as your technical partner will be to ask you to complete a prerequisites online application form to receive the latest copy of SCAL, which will then advise on the specific type of API you need to use and overall feasibility of the project.

Once this section has been completed, we can begin to examine how your proposed solution will work across various provider test environments, helping us to develop your bespoke integration solution.

Following development, NHS Digital will conduct a series of witness testing to ensure their internal assurance process has been met, and the live product will then be ready to launch.

Following development, the product goes through witness testing with the providers along with an assurance process managed by NHS Digital.

When the technical conformance process has been completed, the SCAL will be provided to the end user organisation via the ‘portal’ for the NHS Digital Service API. This will enable the end user organisation to evaluate the solution alongside local risk assessment information outlined in the SCAL.

Roles and responsibilities

The Supplier Conformance checklist is a comprehensive assessment that will determine the compatibility of any existing or new technology solution that needs to be, or has been previously integrated with NHS systems.

However, the key responsibilities for those completing or reviewing the assessment will vary depending on whether they are an end user organisation, supplier or NHS Digital themselves.

End user organisation: the organisation that will deploy the supplier solution or product for use in direct patient care e.g.  a hospital. They will be responsible for reviewing the content of the SCAL and undertaking local assurance, risk management and acceptance protocols.

Supplier: the organisation responsible for developing the solution or product that will be integrated with NHS systems and be used by the end user organisation, demonstrating how they and the technology they are providing is compliant.

NHS Digital: the organisation responsible for reviewing the supplier response to the Supplier Conformance Assessment List, providing guidance to the supplier where necessary and certification upon successful completion.

6B: IM1 integration experts

As an experienced integration partner, 6B works with healthcare technology suppliers and organisations of all sizes to ensure their systems can be integrated with NHS clinical systems through an interface mechanism.

The IM1 interface mechanism is essentially a set of API standards to support the integration of software or an app. Currently, there are three existing suppliers which offer interfaces for systems to integrate with, which include Emis, Vision and SystmOne.

Interface mechanisms enable unrelated systems to do three things:

  1. read patient information
  2. extract patient data in bulk
  3. enter data into other systems


6B will partner with your organisation, collaborating with you to build and develop your product in accordance with the guidance and documentation required for Emis, Vision or SystmOne.

Ready to accelerate your technology project?

Chat to our team of experts and let's see how we can help you.