Why NHS Organisations Are Moving External Staffing Partners to Secure APIs
Reducing Risk and Improving Control
NHS organisations increasingly rely on external staffing partners to support workforce delivery. How those partners connect to organisation systems matters.
Where purpose-built APIs are available, NHS guidance is clear: secure system-to-system integration is the preferred model. RLDatix’s Vacancy Duty Management and Bank APIs enable organisations to replace external UI access and fragile automation with a controlled, auditable, and NHS-aligned approach.
This shift is not about technology for its own sake. It is about reducing operational risk, strengthening governance, and improving workforce responsiveness – without giving partners broader access to organisation systems.
NHS Guidance: Secure APIs Over BOTs (RPA’s)
The NHS Transformation Directorate provides clear direction on the use of automation within healthcare systems:
“Screen scraping should be seen as a temporary solution which should be replaced by properly secured APIs once available.”
NHS Transformation Directorate, Guidance for Designing, Delivering and Sustaining RPA within the NHS
Where APIs exist for core workforce processes, they should be used as the primary mechanism for integration and data exchange, rather than external logins or screen-based automation. RLDatix’s Bank and Vacancy Duty Management APIs are designed specifically to support this approach.
Eliminating the Risks of External Bankstaff Access
Historically, some staffing partners required limited user accounts within organisation systems and relied on UI-based automation to support their processes. While functional, this model introduces avoidable risks for organisations.
Challenges with external UI access and screen automation
- External user accounts increase security and access-management overhead
- Automation dependent on screen layouts is fragile and prone to failure
- Limited visibility into which organisation or system initiated actions
- Increased complexity for audit, compliance, and incident investigation
These risks are borne primarily by the organisation, even when the automation is operated externally.
A Safer Alternative: Purpose-Built APIs
RLDatix’s Bank or Vacancy Duty Management APIs provide a clean boundary between organisation systems and external partners.
Instead of logging into organisation applications, partners integrate system-to-system through secure, controlled interfaces that expose only the workflows required to support staffing operations.
Key characteristics
- Secure, encrypted data exchange (HTTPS / TLS 1.2)
- Access scoped to specific workflows and actions
- Full auditability of events and transactions
- No external users accessing organisation UIs
- Centralised, revocable partner access
- Real-time synchronisation of vacancies and bookings
Transforming Worker Onboarding: From Offline Exchange to Controlled Digital Flow
In many organisations, worker onboarding with external partners has historically been handled outside the system.
Previous approach
- Partners sent worker details and personal data via email
- Supporting documentation (CVs, compliance checklists, certificates) were shared as attachments
- Organisation teams manually reviewed submissions
- Worker profiles were manually created in organisation systems
- Data entry and document handling consumed significant administrative time
This approach increased the risk of:
- Inconsistent or incomplete worker records
- Out-of-date personal information
- Duplicate profiles
- Sensitive data being shared and stored outside controlled systems
API-enabled onboarding
With the API, worker onboarding becomes a structured, system-led process.
- Partners create worker profiles directly via the API
- Organisations retain full control over review and approval
- Required documentation is uploaded securely into organisation systems
- No worker becomes active without organisation approval
At the same time, workforce teams are no longer required to manually re-enter data already held by partners.
Improving Data Quality and Workforce Governance
The API enforces stronger data consistency and accountability across organisations and partners.
- Worker data is matched to ensure one worker has one valid profile
- Duplicate or conflicting records are prevented
- Organisations and partners are prompted to maintain up-to-date personal information
- Cleaner, more complete worker profiles are maintained over time
This results in:
- More reliable workforce records
- Better compliance oversight
- Reduced downstream reconciliation and correction work
What Changes for NHS Organisations
Moving partners to API-based integration delivers immediate and tangible benefits for organisations.
External users removed
Organisations no longer need to:
- Create or manage partner user accounts
- Reset passwords or manage credentials
- Offboard users when contracts change
Manual data entry reduced
- Worker profiles are created once, at source
- Supporting documentation is captured digitally
- Workforce teams focus on validation and approval, not re-keying data
Clearer accountability
- Actions are recorded as system-to-system events
- Partner activity is clearly distinguishable from organisation activity
- Improved traceability for audits and investigations
Reduced operational fragility
- No dependency on UI layouts or screen behaviour
- Fewer automation failures and fewer manual workarounds
- Greater reliability for time-critical staffing processes
Greater Control Without Greater Access
APIs provide more precise control than UI permissions, even if that control is exercised differently.
Organisations approve:
- Which data objects are shared (customer authorised information, cost information, finalisation status)
- Which actions partners can perform (cancelling bookings, adding notes)
- Which workflows are enabled (e.g. automatic onboarding of worker profiles, duty bank notes visibility, cost visibility)
This ensures partners have only the access they need, and nothing more, without exposing the full application interface.
Operational Benefits for Workforce Teams
Faster Fill Times
Vacant duties are shared with approved agencies in real time, enabling faster responses and improved fill rates.
Reduced Manual Intervention
Automated updates reduce phone calls, emails, and manual data entry, freeing workforce teams to focus on exception handling and planning.
Improved Data Accuracy
Direct system-to-system updates reduce delays, duplication, and reconciliation errors between organisation and agency systems.
Strengthening Compliance and Audit Readiness
API-based integration supports organisations in meeting their governance and compliance obligations.
- Clear documentation of data flows
- Reduced exposure of unintended data
- Improved third-party access controls
- Easier alignment with NHS Digital and IG requirements
This creates a more defensible position during audits, reviews, and supplier assurance processes.
Designed for NHS Standards and Future Needs
RLDatix’s Vacancy Duty Management and Bank APIs are built in alignment with NHS interoperability, security, and data-protection principles.
They enable organisations to:
- Reduce reliance on unsupported automation approaches
- Standardise how third parties connect to workforce systems
- Scale integrations without reintroducing external logins
In Summary for Organisation Leadership
Approving API-based integration allows NHS organisations to:
- Remove external users from internal systems
- Reduce security, audit, and operational risk
- Eliminate manual re-keying of worker data, improving productivity
- Improve data quality and prevent duplicate worker records
- Maintain full control over worker approval and activation
- Enable faster, more reliable staffing workflows
All while remaining aligned with NHS guidance and best practice.
Next Steps
Transition to a secure, NHS-aligned integration model.
- Download the API Consent Form Template
- Complete and digitally sign the form
- Submit it securely to RLDatix to enable approved API access
Or, book a meeting to learn more about the APIs and the consent process.
By Maja Petreska, Product Specialist – External Staffing API, RLDatix
Driving interoperability and business value across the healthcare workforce ecosystem. She partners with customers and agencies to translate real operational processes into secure, scalable API integrations. Her technical and business expertise in integration platforms helps bridge business requirements with product and technical solutions.
