Skip to main content


Transfer patients' electronic health records, securely and quickly, between their old and new practices when they change GPs.


Use this API to transfer patients' electronic health records between old and new practices when they change GPs.

You can:

  • include large records and those with many attachments
  • reduce paper printing when patients leave a practice
  • integrate (file) the electronic health record for returning patients
  • log issues easily with easy-to-understand and more informative error messages
  • monitor in real time the processes to track issues and performance

For more details, see GP2GP.

Who can use this API

This API can only be used where there is a legal basis to do so. Make sure you have a valid use case before you go too far with your development.

You must do this before you can go live (see ‘Onboarding’ below). 

API status

This API is stable.

Service level

This API is a silver service, meaning it is operational 24 x 7 x 365 but only supported during business hours (8am to 6pm), Monday to Friday excluding bank holidays.

For more details, see service levels.


This API is an HL7 V3 API.

For more details, see HL7 V3.

Message Handling System (MHS) adaptor

To remove the complexity of building your own Message Handling System, we offer a pre-assured, client side MHS adaptor that you can integrate into your own infrastructure.

It makes it easier to connect to the NHS Spine and perform business operations by exposing a RESTful API that confirms to the HL7 V3 standard

Network access

You need a Health and Social Care Network (HSCN) connection to use this API.

For more details, see Network access for APIs.

Security and authorisation


This API is user-restricted, meaning an end user must be present and authenticated to use it.

The end user must be:

  • a healthcare worker
  • strongly authenticated using an NHS smartcard

For more details see user-restricted APIs.


For some activities, the end user must be authorised to perform that activity.

The API itself does not perform any authorisation checks. Rather, the calling system is expected to perform them. The authorisation rules are specified in our national Role Based Access Control (RBAC) database.

For more details see our national Role Based Access Control (RBAC) database on the registration authorities and smartcards page.


You can test this API using our Path to Live environments.


You must get your software onboarded before it can go live.

Contact us before onboarding with this API. It uses the Common Assurance Process (CAP) which is tailored for each NHS service.


For a full list of interactions for this API, see the GP2GP domain in the Spine Message Implementation Manual (MIM).

For details on the general structure of the interactions, see HL7 V3.

Additional guidance

For more details about requirements and specifications of the record transfer mechanism, see the GP2GP section in the GP IT Futures Capabilities and Standards guidance.

Last edited: 26 May 2022 4:17 pm