Skip to main content
Personal Demographics Service - SMSP API standards

Become a Spine Mini Service Provider giving access to patients' personal information, such as name, address, date of birth, related people, registered GP and NHS number, using our Spine Mini Service Provider (SMSP) API standards.

Overview

This page describes our PDS SMSP API standards.

For our own NHS Digital operated PDS SMSP API service, see Personal Demographics Service - SMSP API.

Become a Spine Mini Service Provider giving access to the Personal Demographics Service (PDS), using our Spine Mini Service Provider (SMSP) API standards. PDS is the national electronic database of NHS patient details such as name, address, date of birth, related people, registered GP and NHS number.

Your commercially available Spine Mini Service Providers (SMSP) product will give access to PDS for your SMSP clients. We will list your SMSP provider service along with other conforming software products in our Conformance Catalogue.

Before you begin any development work using these API standards, contact us to discuss your best options.

Your SMSP clients can:

  • verify a patient's NHS number
  • retrieve a patient's details
  • search for patient details

Your SMSP clients cannot:

These API standards:

  • do not require the SMSP client end user to be strongly authenticated with a smartcard
  • only return a result from a search if there is a single, unique match - it does not return multiple matches

Who can use this API

These API standards can only be used where there is a legal basis to do so. Make sure you have a valid use case before you go too far with your development.  To do this, make a PDS access request

You must do this before you can go live (see ‘Onboarding’ below). 


API status

These API standards are stable.


Technology

These API standards are based on our Personal Demographics Service - HL7 V3 API but with a simplified read-only model. All interactions are synchronous.

For more details, see HL7 V3.


Network access

You need a Health and Social Care Network (HSCN) connection to use these API standards.

For more details, see Network access for APIs.


Security and authorisation

These API standards are application-restricted, meaning:

  • the calling SMSP client application is authenticated - we do care who it is
  • the SMSP client end user is not authenticated - we do not verify who it is or whether they are present

In particular, these API standards use TLS-MA authentication.

In addition, we require SMSP client calling applications to:

  • authenticate end users locally with a minimum of user ID and password
  • use role-based access control (RBAC) locally to control end user access to the patient data
  • keep an audit trail locally of all accesses to patient data by end users

Environments and testing

You can test these API standards using our Path to Live environments.


Onboarding

You must get your software onboarded before it can go live.

As part of onboarding, these API standards use the Target Operating Model (TOM) process, which is simpler than the traditional Common Assurance Process (CAP).

Note that SMSP provider software assurance is required but we do not need to assure your SMSP clients.

For more details, and to get a copy of the latest TOM forms to complete, contact the interoperability conformance team on itkconformance@nhs.net.


Interactions

For details of SMSP provider interactions, see the following downloads:

  • SMSP Common Provider Requirements V1.1 - 23/09/2014 PDF
  • PDS SMSP Provider Requirements V1.1 - 23/09/2014 PDF

For details of SMSP client interactions, to share with your clients, see the following downloads:

  • SMSP Common Client Requirements - 23/09/2014 PDF
  • PDS SMSP Client Requirements V1.1 - 18/12/2014 PDF

Both SMSP providers and SMSP clients need the same response codes:

  • SMSP Response Codes - 24/07/2014 XLS

Downloads

These are PDF and Microsoft Excel files. To request a different format, contact us.

Last edited: 18 November 2021 4:55 pm