Retrieve a patient's document
Use case
Retrieve a patient’s documents from a GP practice.
Security
- GP Connect utilises TLS Mutual Authentication for system level authorization
- GP Connect utilises JSON Web Tokens (JWT) to transmit clinical audit and provenance details
Prerequisites
Consumer
The consumer system:
- MUST have previously resolved the organisation’s FHIR endpoint base URL through the Spine Directory Service
- MUST have previously traced the patient’s NHS Number using the Personal Demographics Service or an equivalent service
API usage
Interaction diagram
Request
FHIR® relative request
Get /Binary/[id]
FHIR® absolute request
POST https://[proxy_server]/https://[provider_server]/[fhir_base]/Binary/[id]
Request headers
Consumers MUST include the following additional HTTP request headers:
| Header | Value |
|---|---|
Ssp-TraceID |
Consumer’s Trace ID (a GUID or UUID) |
Ssp-From |
Consumer’s ASID |
Ssp-To |
Provider’s ASID |
Ssp-InteractionID |
urn:nhs:names:services:gpconnect:documents:fhir:rest:read:binary-1 |
Example HTTP request headers:
Accept: application/fhir+json;charset=utf-8
Content-Type: application/fhir+json;charset=utf-8
Ssp-TraceID: 629ea9ba-a077-4d99-b289-7a9b19fd4e03
Ssp-From: 200000000115
Ssp-To: 200000000116
Ssp-InteractionID: urn:nhs:names:services:gpconnect:documents:fhir:rest:read:binary-1
Payload request body
N/A
Error handling
Provider systems:
- SHALL return a
GPConnect-OperationOutcome-1resource that provides additional detail when one or more data fields are corrupt or a specific business rule/constraint is breached.
Examples of other scenarios which may result in error being returned:
- Where a logical identifier of the resource is not valid/can’t be found on the server, a 404 HTTP Status code would be returned with the relevant OperationOutcome resource.
Refer to Development - FHIR API Guidance - Error Handling for details of error codes.
Request response
Response headers
Provider systems are not expected to add any specific headers beyond that described in the HTTP and FHIR® standards.
Payload response body
Provider systems MUST:
- return a
200OK HTTP status code to indicate successful execution of the operation - return a
Binaryresource conforming to theBinaryresource definition - include the
versionIdof the current version of theBinaryresource
Payload response examples
Examples of the payload requests and responses can be found here:
