Overview
Use this API to access a patient's Summary Care Record (SCR) - a national electronic record of important patient information, created from GP summaries of medical records. SCRs can be seen and used by authorised staff in other areas of the health and care system involved in the patient's direct care.
Summary Care Record was previously known as Personal Spine Information Service (PSIS).
Also use this API to access the Access Control Service (ACS) - which manages consent to share information for SCR. GP systems must check consent to share before sharing a patient's Summary Care Record.
You can:
- create or add to a patient's Summary Care Record - as a GP system capable of uploading GP summaries
- retrieve a patient's Summary Care Record
- set and check consent to share information - via the Access Control Service (ACS)
You cannot use this API to update GP medical records.
A healthcare worker must be present and authenticated with an NHS smartcard or a modern alternative to use this API.
Spine Mini Service Provider (SMSP) options
There are also commercially available products which give easier access to SCR, known as Spine Mini Service Providers (SMSPs).
These and other conforming software products are listed in our Conformance Catalogue.
If you are interested in becoming a provider of one of these products, see Summary Care Record - SMSP API standards.
Technology
This API is an HL7 V3 API. It is a mixture of:
- synchronous interactions, using HL7 V3 SOAP web services
- asynchronous interactions, using HL7 V3 ebXML messaging
The synchronous pattern is used for interactions which need an immediate response and run quickly, for example:
- PSIS Document List Data Request
- PSIS Document Data Request
The asynchronous pattern is used for interactions which either do not require an immediate response or might take longer, for example:
- initial upload of a GP Summary
- GP Summary (add to an existing GP summary)
For more details, see HL7 V3.
Message Handling System (MHS) adaptor
To remove the complexity of building your own Message Handling System, we offer a pre-assured, client side MHS adaptor that you can integrate into your own infrastructure.
It makes it easier to connect to the NHS Spine and perform business operations by exposing a RESTful API that conforms to the HL7 V3 standard.
Security and authorisation
Authentication
This API is user-restricted, meaning an end user must be present and authenticated to use it.
The end user must be:
We support the following security patterns:
- user-restricted HL7 V3 API, using NHS Care Identity Service 2 (NHS CIS2)
- user-restricted HL7 V3 API, using CIS
For more details see user-restricted APIs.
Authorisation
For some activities, the end user must be authorised to perform that activity.
The API itself does not perform any authorisation checks. Rather, the calling system is expected to perform them. The authorisation rules are specified in our national Role Based Access Control (RBAC) database.
For more details see our national Role Based Access Control (RBAC) database on the registration authorities and smartcards page.
Last edited: 2 May 2023 11:57 am
