Skip to main content
Spine Core messaging and applications in the Path to Live environments

Overview of Spine Core messaging and applications in the Path to Live environments.

Spine allows information held in NHS Digital’s national systems to be securely accessed. Access is gained through either:

  • the Spine Core – a dedicated secure messaging interface, the transaction messaging service (TMS), allows customer systems to query and update data held in the national systems 
  • the Spine Care Identity Service (CIS) - a series of user interfaces that control access to the data held in the national systems via Role Based Access Control (RBAC)

Spine endpoints

Customers register message handling systems (MHS), as Spine endpoints, to access the Spine data via the transaction messaging service (TMS). 

Security is maintained by requiring Spine Endpoints to present a certificate and then perform a mutual authentication to Spine. Further security is enforced by restricting the the types of messages a particular endpoint is allowed to send via the registration process.

In the Path to Live environments, endpoints may be set up to send a variety of messages, across many business functions, to meet testing requirements.

Endpoint registration service user guide

The Endpoint registration service user guide describes how to manage an endpoint registration request, end to end, using the endpoint registration service. 

National systems accessed by Spine Core

Demographic service

Sometimes known as the personal/patient demographic service (PDS), this contains the demographic information of every person in England and Wales and, most importantly, their NHS number. Additional data such as GP surgery, preferred pharmacy, migrant payment status and a variety of sensitive data is also stored.

It also generates a large number of notifications such as births, deaths and GP provider changes that are used internally by the other national services and externally by government organisations.

Prescription service

This service contains data related to prescriptions provided by healthcare professionals. Each prescription contains one or more ‘line items’ (the medication).

The prescription service manages the prescription lifecycle from the point of creation to the pharmacy making a claim for payment. 

Clinical service

The clinical service maintains a summary of a patient’s healthcare profile. GP systems regularly create and upload a summary of the patient, which is then uploaded to Spine for access from other healthcare professionals.

Demographic batch service (DBS)

Some customer applications only require a limited amount of data but require it in bulk. The demographic batch service (DBS) allows customers to make bulk retrievals of demographic data.

Customers submit a batch file via a DBS client. The retrievals are processed and returned to the user for download as a batch file using the same client.

Web based applications

Spine Core also supports the following graphical user interface (GUI) based web applications, used by clinicians to access data from the national systems.

Summary Care Record Application (SCRa)

The SCRa allows clinicians to view and change demographic and clinical information held in the national systems without the need of a messaging interface. It also supports other functionality, for example the migrants and visitors function and the female genital mutilation functions. Access to the application is restricted by means of a role based access control mechanism. 

Demographic Spine Applications (DSA)

The DSA service allows users, mainly back-office staff, to view and change demographic data to ensure data integrity. Access to the data is controlled by a Role Based Access Control (RBAC) mechanism. 

Transaction Messaging Event Service (TES) 

This service is used by privacy officers who will receive notifications when restricted patient data has been accessed. Privacy officers will be able to determine whether further action is required based on the alert.  

Access and patient confidentiality

Access to patient data and confidentiality are vital to the data in Spine Core. A strict access control framework is embedded within Spine Core that restricts access to patient data.

Ordinarily, only a person's GP would have the rights to see their records. However, other healthcare professionals may view this information. A privacy officer would be notified in such cases.

A patient's consent status is also maintained within Spine Core which may further restrict access to their data.

Spine Mini Service Provider

The Spine Mini Service Provider (SMSP) is a simpler way for systems to get demographic information from Spine.

The SMSP service allows customers to access a subset of read-only demographic data without the need for a fully compliant messaging service. 

It should not be used as a replacement for a full messaging service.

The service is free and fully supported by NHS Digital.

Spine Secure Proxy

The GP Connect service supports the development of products which will enable different systems to communicate, by means of APIs, so that clinicians in different care settings can:

  • view a patient’s GP practice record
  • manage GP appointments
  • import or download data on a patient’s medicines and allergies

GP connect uses the Spine Secure Proxy to control and protect access to GP systems that will be exposing API interfaces to external systems.

Messaging specifications

Detailed information regarding messaging specifications including the Message Interaction Manual (MiM) is available on the Technology Reference Data Update Distribution (TRUD) 

You will need to create an account.

Common issues experienced in Spine Core messaging applications

Message Exchange for Social Care and Health

The Message Exchange for Social Care and Health (MESH) is a messaging service hosted on the Spine infrastructure which allows health and social care organisations to communicate with each other or transfer data with each other securely. 

Each organisation is assigned a mailbox through which they send and receive messages. End users connect to their MESH mailbox either by using the MESH client, a user interface or through an API. 

Common issues experienced in MESH

Details of common issues experienced in MESH and how to resolve them.

Path to Live environments this service is available in

Spine core messaging and applications can be found in the following environments:






Non-functional testing (NFT)

Last edited: 6 September 2021 10:58 am