Introduction

The GP Connect (Patient Facing) User Permissions API is used to enable Patient Facing Solutions to access the permissions held within the GP Foundation Supplier Solution for Patients relating to the Prescription Ordering and View Record Citizen Services.

Requirements

Compliance, Assurance and Testing

Suppliers will be onboarded and assured via a Tailored Assurance Approach:

• Assurance through automated test packs for technical API conformance and also through manual test packs for areas which are not covered in the automated test packs, such as data content checking to verify that the data being sent in the APIs matches what is recorded for the Patient in the GP Connect PFS API Provider Solution and redacted data is not sent across in the API

• Assurance through the end-to-end integration testing (NHS App, NHS Login, APIM and the GP Connect PFS API Provider Solution) using the end to end test scenarios.

• Assurance of the GP Connect PFS API Provider Solution will follow the Solution Assurance (SA) risk-based assurance approach. Suppliers will be provided in advance of onboarding for assurance, a SA Risk log listing risk items for the technical Interoperability, functional, non-functional, clinical, Information Governance and Security areas pertaining to their implementation of the GP Connect (Patient Facing) User Permissions API. The SA Risk log will also explicitly state for each of the risk items in the risk log as to what are the risk mitigations expected from an onboarding GP Solution Supplier from a testing perspective.

Documentation

• GP Connect (Patient Facing) User Permissions Implementation Guide

Dependencies

Creating a compliant implementation requires implementing the following dependent interface Standards:

Roadmap