Search loading...

API Hub

Explore and Make use of Nationally Defined Messaging APIs

 

Auditing

Overview of audit and provenance requirements for data transported over NRL FHIR and SSP interfaces.

Overview

Consumers and Providers are required to keep an audit of requests to and responses from the NRL API interfaces.

Consumers and Providers are required to keep an audit of requests and responses related to the retrieval of records and documents.

In addition to this there is a requirement for the NRL and SSP to keep an audit of requests and responses that flow through these sevices.

Consumers

Consumers MUST keep an audit of the requests to and responses from the NRL.

Consumers MUST keep an audit of the requests they make to retrieve a record or document from a Provider system.

Consumers MUST keep an audit of the responses they recieve from a request to retrieve a record or document from a Provider system.

These MUST include all details of the HTTP request that is made including all HTTP Header values.

Providers

Providers MUST keep an audit of the requests to and responses from the NRL.

Providers MUST keep an audit of the requests they receive from Consumers to retrieve a record or document from their system.

Providers MUST keep an audit of the responses they send in response to requests they receive from Consumers to retrieve a record or document from their system.

This MUST include all details of the HTTP request that is made including all HTTP Header values.

It is not necessary for a Provider to keep an audit trail of the response payload that is returned to Consumers; however Providers MUST be able to provide details of the record returned if required for medico-legal purposes.

SSP Trace ID

The SSP Trace ID is a unique identifier for a request which is generated by the Consumer and included in the SSP-TraceID HTTP Header for record/document retrieval requests. The SSP Trace ID is for the purpose of auditing and support.

Consumers and Providers MUST audit this value to enable an end-to-end audit trail of a retrieval request and the associated response.

Access Tokens (JWT)

Consumers and Providers MUST generate and supply an access token (JWT) with each request they initiate using the standard HTTP Authorization header. Details of these requirements can be found on the Access Token page.

Any request to the NRL or SSP that does not supply an Authorization header that conforms to these requirements will be rejected.

Audit Logs

The following tables detail what information each actor (Consumer/Provider/NRL/SSP) MUST record in their audit logs. For details of each require attribute, see the Audit Log Attribute table below.

Provider Pointer Maintenance

Providers MUST record the following in audit logs for each NRL maintenance interaction (POST, PATCH, DELETE).

For requests to NRL

  • ASID
  • HTTP Request Body (for POST and PATCH only)
  • HTTP Request URL
  • HTTP Verb
  • ODS Code
  • NHS Number
  • Request Datetime
  • User ID

For responses from NRL

  • HTTP Response Body
  • HTTP Status Code
  • Response Datetime

Provider Document/Record Retrieval

Providers MUST record the following in audit logs for each Document/Record retrieval request from a Consumer via the SSP.

For requests from Consumers

  • ASID
  • HTTP Request URL
  • HTTP Status Code
  • ODS Code
  • Record version or equivalent
  • Request Datetime
  • Trace ID
  • User ID

Consumer Pointer Search/Read

Consumers MUST record the following in audit logs for each NRL search interaction (GET).

For requests to NRL

  • ASID
  • HTTP Request URL
  • HTTP Verb
  • ODS Code
  • NHS Number
  • Request Datetime
  • User ID

For responses from NRL

  • HTTP Response Body
  • HTTP Status Code
  • Response Datetime

Consumer Document/Record Retrieval

Consumers MUST record the following in audit logs for each Document/Record retrieval request to a Provider via the SSP.

For requests to Providers

  • ASID
  • HTTP Request URL
  • NHS Number
  • ODS Code
  • Pointer Logical ID
  • Request Datetime
  • Trace ID
  • User ID

For responses from Providers

  • HTTP Response Body (if the request failed)
  • HTTP Status Code
  • Response Datetime

Audit Log Attributes

The following table details the audit log attributes and the source of the value for the attribute.

Attribute Source
ASID requesting_system from JWT. Only the ASID portion is required e.g. https://fhir.nhs.uk/Id/accredited-system|[ASID]
HTTP Request Body HTTP Request Body (where applicable i.e. POST or PATCH)
HTTP Request URL e.g. URL of the NRL service that was called, or the URL used for the document/record retrieval request which includes the value of content.attachment.url property defined on the associated NRL pointer.
HTTP Response Body Response Message
HTTP Status Code Describes the response outcome (Success: 2xx | Fail: 4xx or 5xx)
HTTP Verb POST, PATCH, GET or DELETE
NHS Number This is the value used as part of the pointer subject reference (e.g. https://demographics.spineservices.nhs.uk/STU3/Patient/[NHS_Number]) which may be an attribute on the pointer or a search query parameter depending on the action being performed.
ODS Code requesting_organization from JWT. Only the ODSCode portion is required e.g. https://fhir.nhs.uk/Id/ods-organization-code|[ODSCode]
Pointer Logical ID The Logical ID of the pointer (generated by the NRL) from which the retrieval request has been made
Record version or equivalent Reference to the version ID (or equivalent) from which the NRL Provider can identity what version of a record was provided
Request Datetime Datetime that audit log was written
Response Datetime Datetime that the response was recieved from NHS Digital service (NRL or SSP)
Trace ID The Consumer generated ID of the retrieval request. This is only used for requests via the SSP and is for use in the Ssp-TraceID HTTP Request Header.
User ID requesting_user from JWT. This will be ‘NotProvided’ if requesting_user isn’t available in JWT.
This is not mandatory where the request is completed as a non-interactive process

All content is available under the Open Government Licence v3.0, except where otherwise stated