Skip to main content

Summary Care Record - HL7 V3 API

Access patients' summary care records using our HL7 V3 API.


Use this API to access a patient's Summary Care Record (SCR) - an electronic record of important patient information, created from GP medical records. SCRs can be seen and used by authorised staff in other areas of the health and care system involved in the patient's direct care.

Also use this API to access the Access Control Service (ACS) - which manages consent to share information for SCR. GP systems must check consent to share before sharing a patient's Summary Care Record.

You can:

  • create or add to a patient's Summary Care Record - if you are a GP system
  • retrieve a patient's Summary Care Record
  • set and check consent to share information - via the Access Control Service (ACS)

You cannot use this API to update GP medical records.

Legal use

This API can only be used where there is a legal basis to do so. Make sure you have a valid use case before you go too far with your development.

You must do this before you can go live (see ‘Onboarding’ below).

Related APIs

The following APIs are related to this one:

API status

This API is stable.

We are working on a Summary Care Record FHIR API to provide an easier integration.


This API is an HL7 V3 API. It is a mixture of:

  • synchronous interactions, using HL7 V3 SOAP web services
  • asynchronous interactions, using HL7 V3 ebXML messaging

The synchronous pattern is used for interactions which need an immediate response and run quickly, for example:

  • PSIS Document List Data Request
  • PSIS Document Data Request

The asynchronous pattern is used for interactions which either don’t require an immediate response or might take longer, for example:

  • Initial GP Summary
  • GP Summary (add to an existing GP summary)

For more details, see HL7 V3.

Network access

You can access this API via:

For more details, see Network access for APIs.

Security and authorisation


This API is user-restricted, meaning an end user must be present and authenticated to use it.

The end user must be:

  • a healthcare professional
  • strongly authenticated, using either an NHS smartcard or a modern alternative

We support the following security patterns:

  • user-restricted HL7 V3 API, using NHS Identity
  • user-restricted HL7 V3 API, using CIS

For more details see user-restricted APIs.


For some activities, the end user must be authorised to perform that activity.

The API itself does not perform any authorisation checks. Rather, the calling system is expected to perform them. The authorisation rules are specified in our national Role Based Access Control (RBAC) database.

For more details see our national Role Based Access Control (RBAC) database on the registration authorities and smartcards page.


You can test this API using our Path to Live environments.


You must get your software onboarded before it can go live.

As part of onboarding, this API uses the Common Assurance Process (CAP), which is tailored for each NHS service. For more details, contact us.


For details of interactions for this API:

For details on the general structure of the interactions, see HL7 V3.

Last edited: 7 January 2021 2:48 pm