Introduction

The GP Connect 0.5.2 release contains SDS changes that affect all providers and consumers. The information on the JWT page has been rewritten to be more informative, and to address the timing validation issue.

Please see below for further details.

0.5.2 changes

Migrate core changes from 1.2.3 into 0.5.2 and 0.7.2

Affects:  Core

Description:

• Grouping of Git issues raised to contain all the necessary changes required in 0.5.2 to align with changes made in 1.2.3, listed below:

Minimise likelihood of rejected tokens due to clock skew

Tickets:  #640

Affects:  Core

Description:

• When determining validity of the JWT token, clock skew between consumer and provider may cause a token to be rejected.

• The following addition has been made:

  • Providers and consumers must synchronise their system clocks with NTP time servers

• The following related clause has been added as was not previously explicitly stated:

  • Providers must reject tokens that have expired (validate the exp element)

• Please note: iat should not be validated by providers

Pages changed:

• Cross organisation audit and provenance

---

Clarify ASID requirements and topologies for “aggregators”

Tickets:  #616

Affects:  Core

Description:

• Clarify that GP Connect consumer systems must have a unique ASID per organisation using the consumer system
• Where GP Connect consumer applications are hosted or provisioned by another organisation, the ASID sent in the Ssp-From header, and the requesting_organization resource sent in the JWT must reflect the organisation from where the request originated, rather than the hosting organisation

Pages changed:

• System topologies
• Spine Secure Proxy
• Cross organisation audit and provenance

---

SDS query changes to support multiple consumers at a site

Tickets:  #638

Affects:  Core

Description:

• Update SDS queries used by a consumer to locate a provider’s FHIR service root URL

  • Instead of querying the AS record first, query the MHS record first

  • Only provider systems hold GP Connect interaction IDs on their MHS record, this enables the new queries to return the providers endpoint deterministically

• Adding information where a consumer system wants to lookup its own ASID

• Please see the new queries on Overview and querying SDS for more information

Pages changed:

• Overview and querying SDS
  • Rewrite and change of queries
• Spine integration illustrated
  • Change order of SDS queries
• Registering systems in SDS
  • Expand information to include requirement for consumer system registration

---

Consumer shall not amend the Provider service root URL as retrieved from SDS

Tickets:  #652

Affects:  Core

Description:

• When a consumer systems construct a full URL to be sent to the SSP, they must not amend any part of the provider service root URL, except for prefixing with the SSP URL, and suffixing with the FHIR request path

• The following examples will cause the SSP to reject the request:

  • Changing the provider’s hostname to an IP address
  • Adding an explicit :443 port declaration where none exists in SDS

Pages changed:

• Overview and querying SDS
• Spine Secure Proxy

---

Improve clarity of JWT population page for new consumers (cosmetic)

Tickets:  #634

Affects:  Core

Description:

• Clarifications to JWT population guidance for consumers
• Improved formatting and layout

Pages changed:

• Cross organisation audit and provenance

---

Change spec name of “GP Connect” to “GP Connect API” (cosmetic)

Tickets:  #616

Affects:  Core

Description:

• Specification name has changed from GP Connect to GP Connect API to maintain consistency with release of GP Connect Messaging specification

Pages changed:

• Introduction
• Getting started
• Capabilities
• Release notes

---

Foundations

Update Conformance Profile version

Tickets:  #653

Affects:  Foundations, Access Record HTML

Description:

• Update version number in Conformance Statement to 0.5.2

Pages changed:

• Get the FHIR conformance statement
• Retrieve a care record section

---

Access Record HTML

Provider variance - EMIS content banner message change

Tickets:  #656

Affects:  Access Record HTML

Description:

EMIS have removed the medications content banner message “Medication Max Issues are not shared currently” following a change to populate the Max Issues column.

The change for the Current Medication Issues means the entry for the medication business rules is no longer required, so remove “Repeat medication issues are included as current whilst the repeat course is current (meaning, has not been stopped/expired)”

Pages changed:

• Provider variance

---

Provider Variance - Minor wording changes

Tickets:  #635

Affects:  Access Record HTML

Description:

Some of the content banner messages shown on the Provider Variance page are not as currently presented in responses from Vision. Details as follows:

Clinical Items The section content banner differs from the documented one. The banner message in the current Vision response is “Contains clinical items including, but not limited to, Procedures, Diagnoses, Symptoms, Conditions; may include items included in other sections such as Linked Problems”

Problems and Issues The subsection content banner for Active Problems and Issues has additional content to the documented one. The full banner message in the current Vision response is “All problems included in Active Section. Problem related details are included in other sections.”

Pages changed:

• Provider variance

---