Written by Technical Team | Last updated 25.09.2025 | 10 minute read
Digital health products rarely exist in isolation. Whether they support clinical care, public health, or research, they must communicate seamlessly with other NHS systems. The Message Exchange for Social Care and Health (MESH) platform is the backbone of this secure and reliable data sharing. Managed by NHS England, MESH enables files and messages to move between organisations across the health and social care ecosystem, from GP practices and pharmacies to large NHS trusts and public health bodies.
MESH has grown to become a trusted tool because it offers a consistent and highly secure method for transferring sensitive patient and operational data. For developers and technical teams, it is an essential integration point when building new digital services. Yet, understanding how to configure MESH properly is not always straightforward. One of the most important technical elements in this process is the use of workflow groups and workflow IDs. These determine what types of messages can be sent and received, and they form the ruleset that ensures data flows to the right destinations.
At its core, MESH functions like a postal system with strict delivery instructions. Mailboxes exist to send and receive data, but those mailboxes are only allowed to exchange specific message types. Workflow groups and IDs act as the labels and categories that define those message types. For digital health teams, getting this configuration right is crucial to avoid integration delays, data delivery failures, and compliance risks.
A workflow group is essentially a defined use case for MESH messaging. Each group represents a specific business process or clinical data exchange scenario. For instance, one group might be used to send immunisation records from pharmacies to GP practices, while another supports cancer screening reports moving from a trust to a central analytics service. By clearly segmenting these processes into named groups, MESH ensures that each mailbox is only involved in exchanges it is authorised to handle.
In practice, a mailbox will usually belong to just one workflow group. This simplifies security and governance by limiting the types of data any single endpoint can handle. An exception is GP practices, which often require multiple groups because they interact with a wide variety of other services. For example, a single GP mailbox might handle flu vaccination messages, pathology reports, and screening invitations, each tied to a distinct workflow group.
The names of workflow groups are deliberately descriptive, helping technical teams identify their purpose. Groups such as “Ambulance Data Set,” “VaccineX Outcome Report,” or “AAA DATA” (Abdominal Aortic Aneurysm) immediately signal the kind of information being exchanged. These groups are defined and managed centrally, ensuring consistency across the NHS and reducing the risk of confusion when different organisations interact.
Another important point is that workflow groups are not static. As new digital health initiatives emerge, new groups can be requested and created. When a novel data flow is needed — perhaps for a new screening programme or research registry — NHS England can approve and define a fresh group, ensuring it fits within the broader governance and security model of MESH.
| Workflow Group | Group Description | Initiator ID | Responder ID |
|---|---|---|---|
| AAA DATA | NEC Abdominal Aortic Aneurysm SMaRT data | AAA_DATA | AAA_DATA_ACK |
| ADS Data | Ambulance Data Set | ADS_DSCRO, ADS_ECDS | ADS_DSCRO, ADS_ECDS |
| AMBULANCE DATASET TRANSFERS | Ambulance Dataset Error Message Transfers from NHSD | AMB_DATASET_ERRORS | AMB_DATASET_ERROR_ACK |
| ASCEND PLUS | ASCEND PLUS trial data from University of Oxford | ASCEND_PLUS_COHORT_DATA, ASCEND_PLUS_CRITERIA_TEMPLATE, ASCEND_PLUS_GUID_DATA | |
| Adult Social Care | Adult Social Care Data Quality | ASC_DQ | |
| BLOODSPOTTESTOUTCOME | NEMS Blood Spot Test Outcome | BLOODSPOTTESTOUTCOME_1 | BLOODSPOTTESTOUTCOME_1 |
| BSA EHIC | Business Services Authority EHIC applicants for SPINE Home Office status check | SPINE_BSA_EHIC_EXTRACT | SPINE_BSA_EHIC_EXTRACT_ACK |
| BSA OHS PATIENT VERIFICATION | Integration Test Data Service for Overseas Health (OHS) Patient Verification Data | BSA_OHS_PAT_VER | BSA_OHS_PAT_VER_ACK |
| BSA Payment Extracts | Payment extracts from DPS to BSA | BSA_VACCS_PAYMENT_EXTRACT | |
| BSA SPL FLAG | Business Services Authority to DMS feed to supply Shielded Patients List flag | BSA_SPL_UPDATE | BSA_SPL_UPDATE_ACK |
| BSS DtoS Extract | BS-Select Digital Transformation of Screening extracts | BSS_DTOS_EXTRACT_PARA1, BSS_DTOS_EXTRACT_SI | |
| Burden Reduction | Burden Reduction | AACC_SUBMISSION, AACC_TEST, CHC_SUBMISSION, CHC_TEST, ONLINE_AND_VIDEO_CONSULTATION, ONLINE_CONSULTATION, VIDEO_CONSULTATION | CHC_SUBMISSION_ACK, CHC_TEST_ACK, ONLINE_AND_VIDEO_CONSULTATION_ACK, ONLINE_CONSULTATION_ACK, VIDEO_CONSULTATION_ACK |
| CAAS CPS | CaaS Cohort Processing System | CAAS_BREAST_SCREENING_COHORT, CAAS_CPS_VACCINATIONS_COHORT_RESULTS_DELTAS, CAAS_CPS_VACCINATIONS_COHORT_RESULTS_FULL, CAAS_CPS_VACCINATIONS_COHORT_RESULTS_LABELS, CAAS_CPS_VACCINATIONS_COHORT_RESULTS_RULES, CAAS_CPS_VACCINATIONS_COHORT_RUN_METADATA, CAAS_LATENT_TB_COHORT | |
| CCG Data Flow | Local mental health data flow | CAMHS_DATA_FLOW, LOC_MNTL_HLTH_DATA_FLOW | CAMHS_DATA_FLOW_ACK, LOC_MNTL_HLTH_DATA_FLOW_ACK |
| CHANGEOFADDRESS | Child Health CHANGEOFADDRESS | CHANGEOFADDRESS_1 | CHANGEOFADDRESS_1_ACK |
| CLINICAL AUDIT DATA | Clinical Audit data that is requested by an outside agency such as NCEPOD for National audits | CLINICAL_AUDIT_DATA_EXTERNALLY_REQUESTED | CLINICAL_AUDIT_DATA_EXTERNALLY_REQUESTED_ACK |
Within each workflow group are one or more workflow IDs. These are the unique technical labels that identify specific message flows. If the workflow group is the category, the workflow IDs are the individual delivery instructions. IDs are essential for MESH to know how to route messages correctly and whether a given mailbox has permission to send or receive them.
Workflow IDs come in two main types: initiator and responder. An initiator ID is used by the system that starts a conversation. For example, a pharmacy system sending a flu vaccination record to a GP would use an initiator workflow ID. A responder ID, by contrast, is used by the receiving system if it needs to send back an acknowledgment or follow-up message.
Some workflows are one-way only, meaning they only have an initiator ID. A good example would be a hospital sending periodic outcome reports to a national registry. In this case, there is no expectation of a reply, so the mailbox just needs the initiator ID. The recipient’s mailbox would have the corresponding responder ID but would not use it to send data — it merely signals that it can accept that message type.
Other workflows are two-way and require both initiator and responder IDs. This is common when confirmation is needed that data has been processed. A typical scenario is when a pharmacy sends a flu vaccination notification to a GP and the GP’s system replies with an acknowledgment (often using an “ACK” suffix in the ID). The pharmacy needs to know the message was received and actioned, while the GP benefits from automated updates to its records.
Understanding which type of workflow applies to your use case is critical when integrating MESH. Assigning only an initiator ID when your process requires a response could lead to lost confirmations and data integrity issues. Conversely, adding responder capabilities unnecessarily could complicate your mailbox configuration and security review.
For technical teams integrating with MESH, one of the first practical tasks is configuring the MESH mailbox correctly. Each mailbox is essentially an endpoint managed within the MESH network. The mailbox must be associated with the correct workflow groups and have the right initiator or responder IDs applied.
When requesting a new mailbox, or modifying an existing one, teams are required to specify the workflow groups and IDs they need. This information is vital because it defines what messages the mailbox can send and receive. Without the right IDs in place, messages will fail or be rejected by MESH.
In some cases, the available workflow groups and IDs will already cover your intended use case. NHS England provides a published list — regularly updated — that includes all active groups and their associated IDs. Reviewing this list should be a standard step for any developer before submitting a request. If a suitable group and IDs exist, the process is straightforward: you can simply ask for your mailbox to be associated with them.
However, innovation in digital health often means encountering new data sharing needs. If no existing workflow matches your use case, you can request a new one. This requires completing a dedicated form and working with the MESH service team to ensure the new workflow is justified and secure. Requests are typically reviewed by service management and DevOps specialists to maintain integrity and prevent unnecessary duplication.
When designing a new workflow, technical clarity is essential. Teams should define the data payload, identify the initiator and responder roles, and consider whether an acknowledgment is needed. They must also ensure naming conventions are clear and descriptive. Following these best practices will speed up the approval process and reduce potential rework.
Best practices for requesting workflows:
Integrating with MESH is more than a simple technical task; it requires planning for operational reliability, data security, and long-term scalability. Digital health companies designing MESH-enabled features should consider several factors that go beyond simply selecting a workflow ID.
Firstly, message integrity and traceability are paramount. Because MESH often carries sensitive patient data, each message’s journey should be logged and auditable. Developers should ensure their applications can record send and receive events, track acknowledgments where applicable, and handle failure cases gracefully.
Secondly, message size and frequency matter. While MESH supports large file transfers, excessive or poorly batched messages can cause bottlenecks or delays. Planning for efficient payloads and considering how your system will handle retries or errors is a sign of mature integration.
Another key consideration is version control. Over time, business processes change — new message formats, updated data standards, or revised reporting requirements may lead to new workflow IDs. Build your system to accommodate these updates without major refactoring, and maintain clear documentation of which workflows you support.
Security is also central. Each mailbox has strict access controls, and misuse can lead to compliance breaches. Implement robust authentication, protect credentials, and monitor for any unexpected message activity. Remember that each workflow ID effectively opens a defined communication channel; only enable what your product genuinely needs.
Finally, collaboration with the receiving organisations is crucial. A MESH integration does not exist in isolation — it requires another party with the corresponding responder or initiator setup. Ensure your partners are aligned on workflows, message structures, and testing before going live. This collaborative approach reduces the risk of production issues and builds trust in your digital health solution.
Integration success factors to keep in mind:
MESH is a vital piece of the UK’s digital health infrastructure, and workflow groups and workflow IDs are at the heart of how it operates. For technical professionals building products that connect to NHS services, understanding these concepts is not optional — it is essential for reliable, secure, and compliant data exchange.
Workflow groups define the business context and boundaries for message exchange, while workflow IDs provide the precise routing instructions that keep data flowing correctly. Whether your integration involves one-way reporting or two-way updates with acknowledgments, getting these details right determines the success of your deployment.
By investing the time to understand the available workflows, planning message flows carefully, and collaborating closely with MESH service teams and partner organisations, digital health developers can build integrations that scale and stand the test of time. The result is faster onboarding to NHS systems, reduced risk of messaging errors, and ultimately better support for clinicians, researchers, and patients alike.
Is your team looking for help with MESH integration? Click the button below.
Get in touch