[DRAFT] GP Connect (Patient Facing) Access Record - FHIR API

This guidance is under active development by NHS Digital and content may be added or updated on a regular basis.

Permission Levels

The level of detail returned is in accordance with the patient's permission level that is set at their GP practice.

These are outlined in accordance with GP IT Futures requirements surrounding access level, which can be found here.

It is the providers responsibility to ensure that the correct level of data is returned.

There are certain elements to a patient's medical record that the providers must ensure are not surfaced as part of a patient facing request due to them being deemed clinically unsafe, no matter the patient's access level.

Provider must ensure the following are never returned as part of PFS:

  • consultations with draft status (i.e. an Encounter with status unknown)

  • diary entries

  • unfiled test results

  • any section of the Patient's record flagged not to share via PFS or redacted, further guidance can be found here.

  • unreviewed documents

There are four levels of access available:

  • Summary level

  • Detail coded

  • Full access

  • Full access + documents

permission-levels-medical-record

The same information from the image in table format:

Level Information available
None No access
Summary Demographics, Medications, Allergies
Detailed Everything from Summary + All read/clinical codes, Immunistations, Health conditions, Test results, Consultations, Referrals
Documents Everything from Detailed + Documents
Full Everything from Documents + Free text

Summary Level

At Summary level a patient only has access to their Demographics, Medication and Allergy sections of their record.

Therefore at this stage, as more than this is stored on the GP systems record the provider must ensure that anything else on the patient's record (Immunizations, Health Conditions, Test results, Consultations, Referrals, Documents are NOT returned as part of the response).

Following that means that the provider MUST reject any request for other parts of the record from consumers that does not align with the patients permission level.

For example if the patient only has summary access, however the providing system receives a request in error from the consumer for health conditions and referrals this must be rejected.

At this access level, the only resources eligible to be surfaced by the request are: Patient, Organization, Practitioner, PractitionerRole, Medication, MedicationStatement, MedicationRequest and AllergyIntolerance.

Any linked references that are a resource not listed above MUST not be included in the response.

Detail Coded Level

This access level is everything from Summary + All read/clinical codes, Immunistations, Health conditions, Test results, Consultations, Referrals.

That means, any free text elements and documents must not be returned.

In order to ensure no free text from consultations are not returned, the provider needs to ensure where text is entered freely into a consultation without being associated with a clinical code is not returned to a patient of this access level.

In the clinical facing Access Record these are returned in an Observation with the SNOMED code 37331000000100 Comment note. At this access level, providers must not return an Observation with the Comment note code.

Providers also must ensure that specimen.note is not returned at this level.

To ensure no documents are returned, the provider must reject any requests to the document endpoint where the patient does not have sufficient access.

Document Level

Since it's a cumulative permissions model, the document permissions includes everything from Summary, Detail coded plus the ability to access the patients documents.

The provider must check the patients access level and only return documents if the patient has the correct permissions.

Full access Level

At this permissions level, the patient has access to all aspects of their clinical record including free text annotations on consultations and documents.

Providers must validate the permission level and ensure they have full access before returning everything.

back to top