Alerts - HL7 V3 API

Use this API to send an alert for the attention of a Privacy Officer - also known as Summary Care Record Governance Person (SGP) in community pharmacies - so they can audit proactively whether access to a patient’s data was appropriate. 

This provides a general alerting mechanism covering, for example, when a user looks up a patient on the Summary Care Record application (SCRa).

This API can only be used where there is a legal basis to do so. Make sure you have a valid use case before you go too far with your development.

You must do this before you can go live (see ‘Onboarding’ below). 

The following APIs are related to this one:

• Summary Care Record - HL7 V3 API - use this API to access a patient's Summary Care Record (SCR) - an electronic record of important patient information, created from GP medical records.
• Legitimate Relationship Service - HL7 V3 API - use this API to access a patient's Legitimate Relationships.

This API is stable.

This API is an HL7 V3 API. 

It uses asynchronous HL7 V3.

For more details, see HL7 V3.

You can access this API via:

• the Health and Social Care Network (HSCN)
• the internet - but note that devices using NHS smartcards do require HSCN access

 For more details, see Network access for APIs.

Authentication

This API is user-restricted, meaning an end user must be present and authenticated to use it.

The end user must be:

• a healthcare worker
• strongly authenticated, using either an NHS smartcard or a modern alternative

We support the following security patterns:

• user-restricted HL7 V3 API, using NHS Care Identity Service 2 (NHS CIS2)
• user-restricted HL7 V3 API, using CIS

For more details see user-restricted APIs.

Authorisation

For some activities, the end user must be authorised to perform that activity.

The API itself does not perform any authorisation checks. Rather, the calling system is expected to perform them. The authorisation rules are specified in our national Role Based Access Control (RBAC) database.

For more details see our national Role Based Access Control (RBAC) database on the registration authorities and smartcards page.

You can test this API using our Path to Live environments.

You must get your software onboarded before it can go live.

As part of onboarding, this API uses the Common Assurance Process (CAP), which is tailored for each NHS service. For more details, contact us.

For a full list of interactions for this API, see the 'Alerts' domain in the Spine Message Implementation Manual (MIM).

For details on the general structure of the interactions, see HL7 V3.