Apperta Foundation & Code4Health initiative drive open source
compliance across digital products.

NHS Digital
AB EHR Digital
Source Code Control

• Public health services providers
• Technology partners

• Lack of open source experience with 3rd party software
• Different licensing models than traditional proprietary software
• Overcoming lack of trust and perceived adoption risk

• Organization training based on the OpenChain curriculum
• Pilot programme for OpenChain Specification

• Open source license compliance that is predictable, understandable, and efficient
• Open source experience and leadership

“Open Source software is the foundation of modern business, research and connected technology. The NHS has taken a leadership position in European healthcare with its approach to adoption.”

Shane Coughlan
OpenChain Project Director

“We have been supporting Code4Health for a number of years to manage their open source supply chain. The OpenChain specification
has enabled us to validate the processes meet industry best practice and that the solutions being promoted to NHS are best of breed and
this can be transparently demonstrated.”

Martin Callinan
Director, Source Code Control Ltd.

“This is another important step to bring yet further assurance to the health and care system by evidencing good governance and best practice in the development and use of open source solutions.”

Peter Coates
Head of Ecosystem Development, and leader
of NHS Digital’s support of Code4Health

NHS England is the public health services provider in England that treats more than 1.4 million patients every 24 hours. NHS Digital is the national provider of information, data and IT systems for the public health system in the UK. Via the Code4Health initiative, they partnered to seek sustainable digital solutions for healthcare and selected Source Code Control, a system training and integrator, to provide guidance around Open Source code governance. AB EHR is an open source solution provider who supports training initiatives at NHS.

Open source software is actively used across multiple market segments and is a proven model for enterprise level software. Open source uses different licensing models to traditional proprietary software, and requires a certain amount of institutional learning for effective use and adherence to compliance requirements. Open source compliance fundamentally relies on understanding how third party software is distributed and under what terms. NHS England and NHS Digital required a baseline for effective compliance across their digital projects.

One of the goals of Code4Health is to create a library of open source assets that can be leveraged across the NHS without fear of vendor lock in. Understanding open source licensing is critical to maintaining accessibility
to non-proprietary solutions.

Source Code Control proposed adopting the OpenChain specification from the Linux Foundation to address the NHS’s open source software compliance requirements. OpenEyes, an open source electronic medical record (EMR) application for ophthalmology implemented by AB EHR Digital, was selected for an OpenChain specification conformance pilot programme.

The open source training program — developed using the OpenChain curriculum — provided a simple but comprehensive introduction to the licensing and governance models involved. Expanding this training into practical OpenChain conformance allowed institutional knowledge to become codified into practical processes that help manage inbound software, internal usage, and potential further distribution to partners and suppliers as required.

The adoption of OpenChain materials can be understood as a three-step programme: 1. Initial training and education, 2. Conformance analysis, 3. Confirmation that all the required processes exist. Due to the open nature of the materials and the cross-organisational communication inherently facilitated by open source, these three steps were completed in a relatively short time frame.

The OpenChain project provides a foundation for quality assurance and transparency in software development. OpenChain builds trust in open source by making open source license compliance simpler and more consistent through defining a core set of requirements which every quality compliance program must satisfy. The OpenChain curriculum provides the educational foundation for open source processes and solutions, whilst meeting a key requirement of the OpenChain specification. Through OpenChain Conformance, Code4Health solutions can transparently demonstrate conformance across all the third-party open source components. The result is that open source licensing compliance becomes more predictable, understandable, and efficient for participants of the software supply chain.

For NHS, this marks the first step in a broader deployment plan across multiple projects and providers in the coming months and years. Code4Health will use OpenChain across further projects in its community supply chain, leveraging the solution as an assurance of quality in professional re-usable software solutions that can only be accomplished using open source software.