Introduction

The GP Connect (Patient Facing) Access Record - FHIR API is used to access structured and coded information from a Patient's GP Practice Electronic Patient Record (EPR) to be used in a Patient facing Solution. The API accesses GP Foundation Supplier Solutions and provides a consistent interface and data model.

Requirements

Compliance, Assurance and Testing

Suppliers will be onboarded and assured via a Tailored Assurance Approach:

• Assurance through automated test packs for technical API conformance and also through manual test packs for areas which are not covered in the automated test packs, such as data content checking to verify that the data being sent in the APIs matches what is recorded for the Patient in the GP Connect PFS API Provider Solution and redacted data is not sent across in the API

• Assurance through the end-to-end integration testing (NHS App, NHS Login, APIM and the GP Connect PFS API Provider Solution) using the end to end test scenarios.

• Assurance of the GP Connect PFS API Provider Solution will follow the Solution Assurance (SA) risk-based assurance approach. Suppliers will be provided in advance of onboarding for assurance, a SA Risk log listing risk items for the technical Interoperability, functional, non-functional, clinical, Information Governance and Security areas pertaining to their implementation of the GP Connect (Patient Facing) Access Record - FHIR API. The SA Risk log will also explicitly state for each of the risk items in the risk log as to what are the risk mitigations expected from an onboarding GP Solution Supplier from a testing perspective.

Documentation

• GP Connect (Patient Facing) Access Record Implementation Guide

Dependencies

Creating a compliant implementation requires implementing the following dependent interface Standards:

Roadmap