[DRAFT] GP Connect (Patient Facing) User Permissions API

This guidance is under active development by NHS Digital and content may be added or updated on a regular basis.

Patient using online services for the first time

When a patient accesses online services for the first time at a GP practice they need to have online access activated.

GP system suppliers using the GP System Integration called IM1 achieve this through a feature called linkage keys which are handled as part of the NHS login process.

GP Connect PFS has simplified the process and does not require linkage keys. When a patient is authenticated through NHS login to a high level verification (P9) and makes a request to the PFS APIs they will have online access enabled by the GP supplier system if they do not already. The details of how that happens are visualised in the following sequence diagram.

patient-validation-sequence

The diagram shows how a patient facing application (e.g. the NHS App) uses NHS login as the identity provider for a patient and communicates with the Foundation System's PFS APIs via the API Management platform (APIM).

When the request from APIM arrives at the Foundation System the first action is for the Foundation System's authorisation server to validate the NHS login ID token with NHS login (ensuring the token is valid and for a P9 verified patient) and return an access token for that patient to APIM. APIM will then continue to make the request it was originally called with to the PFS API using the Foundation System's access token. This process should happen for every PFS API, effectively providing APIM with an access token for each API.

Currently there are four APIs:

When the API to get a patient's permissions is called the Foundation System should run through the following logic and activities:

patient-validation-flow

  • validate the patient exists in the GP system
  • check if the patient has online access enabled
    • if they do - return the patient's existing permissions
    • if they do not - check if the patient is flagged as 'at risk'
      • if they are - set the patient's permissions as appropriate for an at risk patient (determined by the practice), enable online access and return the patient's permissions
      • if they are not - set the patient's default permissions (using the practice's default permissions), enable online access and return the patient's permissions

Note on request sequencing

A consumer application must call the get permissions API before it calls any other API. This is to ensure that the Foundation System enables online access for the patient (if the patient does not already have online access enabled). If a request is made to another PFS API and the patient doesn't have online access enabled the API will respond with an appropriate response such as Not Found to which the consumer application should deal with as appropriate.

System interactions

The interactions between the different systems are visualised in the following diagram.

nme-new-user-system-interactions

GP Foundation System requirements

GP Foundation Systems that do not use IM1 linkage keys as a means to activate a patient's online access must activate it by other means. A consumer application will make a request to the get permissions API, during this request the GP Foundation System must check if the patient has online access enabled. If the patient does not have online access enabled it must be enabled and the patient's permissions set as per the GP practice's defaults.

Permissions

Default permissions

When a patient has online access activated they should have the default permissions applied as defined by the GP practice. If the practice has Accelerated Access turned on then the patient should receive full access to their current medical record. Access to the historical medical record will continue to be the same level of access as set in the patient record. This is often the summary view of the medical record.

The act of activating online access for a patient does not determine the permissions they receive. The permissions available to a patient are determined by the practice's defaults. The practice is in control of the permissions a patient has.

back to top