EHR / EMR Systems

SystmOne (TPP) Integration

SystmOne, developed by TPP, is one of the most widely used clinical systems in NHS primary and community care. Integrating with SystmOne is essential for any product targeting NHS GP practices, community services, or connected care settings. NHS integrations follow specific national frameworks — including the IM1 interface mechanism and increasingly FHIR-based standards — and sit firmly under UK GDPR and the NHS Data Security and Protection Toolkit. This guide covers the practical path.

How SystmOne integration works

Integration with SystmOne in the NHS typically runs through approved national mechanisms. The IM1 (Interface Mechanism) pairing framework lets third-party systems read from and write to SystmOne under controlled, NHS-governed agreements. NHS England's national FHIR APIs (such as those exposed via the NHS API platform and shared records standards) increasingly complement this for specific data flows. Unlike registering directly with a private vendor, NHS integration involves national approvals, information governance, and assurance processes that are part of the path to production.

NHS approvals and information governance

Building on SystmOne means engaging with NHS frameworks: securing the appropriate IM1 partner agreement with TPP, completing the NHS Data Security and Protection Toolkit, and satisfying clinical safety standards (DCB0129/DCB0160). Information governance and a clear lawful basis for processing patient data are central, not optional. These processes can be lengthy, so they should be planned for from the outset of any NHS-facing product.

Compliance and clinical safety

SystmOne integrations handle patient data under UK GDPR and the Data Protection Act 2018, with the NHS DSP Toolkit as the security yardstick and DCB clinical safety standards governing risk. Encryption, access control, audit logging, and documented clinical risk management are required. Demonstrating this maturity is what allows an NHS organisation to connect your product to live patient records.

How to integrate with SystmOne

  1. 1

    Define the data flows and lawful basis

    Specify exactly what data you need to read or write and establish the lawful basis and information governance for it.

  2. 2

    Secure an IM1 partner agreement

    Engage TPP and the NHS to obtain the appropriate IM1 pairing agreement for SystmOne access.

  3. 3

    Complete the NHS DSP Toolkit

    Achieve a satisfactory NHS Data Security and Protection Toolkit status to evidence your security posture.

  4. 4

    Meet clinical safety standards

    Produce DCB0129/DCB0160 clinical safety documentation with a named Clinical Safety Officer where applicable.

  5. 5

    Test and enable with the organisation

    Validate the integration in a controlled environment and coordinate go-live with the practice or NHS body.

Common use cases

  • Patient-facing apps for booking, triage, and messaging connected to GP records
  • Population health and risk stratification across NHS primary care data
  • Workflow automation for referrals, recalls, and documentation in community care
  • AI tools surfacing summaries from the GP record with appropriate governance

Workflow example

Online triage feeding the GP record

  1. A patient completes an online triage assessment in your app.
  2. The structured outcome is written to SystmOne via the IM1 interface under the agreed scope.
  3. The triage result lands in the practice workflow for clinician review and action.
  4. All access and writes are logged for audit and information-governance assurance.

Frequently asked questions

What is IM1?

IM1 (Interface Mechanism 1) is an NHS framework that lets approved third-party systems integrate with GP clinical systems like SystmOne and EMIS, with read and/or write access governed by partner agreements and information governance.

Do I need the NHS DSP Toolkit to integrate with SystmOne?

Effectively yes. NHS organisations require suppliers handling patient data to evidence security through the NHS Data Security and Protection Toolkit, and it is a standard part of the assurance needed to connect to NHS clinical systems.

Are clinical safety standards required?

For software used in NHS care, the DCB0129 (manufacturer) and DCB0160 (deploying organisation) clinical safety standards typically apply, requiring documented clinical risk management and a Clinical Safety Officer.

Connecting a product to SystmOne and the NHS? We navigate IM1, DSP Toolkit, and clinical safety end to end. Book a discovery call.

Book a Discovery CallExplore our services

Related integrations

Related glossary terms

NHS Data Security and Protection Toolkit (DSPT)Electronic Health Record (EHR)Healthcare InteroperabilityHL7 FHIR (FHIR)