Documents and records can be retrieved directly from the Providers that hold the documents/records. This is achieved by using the location information (record URL/endpoint) stored on a pointer (obtained from a pointer search) and sending a request to this location over HTTP(S) via the Spine Secure Proxy (SSP).
The process of retrieving a document or record from a provider in this way may be manually triggered by the end user. Retrieval could also be an automated process triggered after a successful patient match from PDS, for example. The latter example would be transparent to the end user.
Spine Secure Proxy (SSP)
The SSP is a content agnostic forward proxy, which is used to control and protect access to health systems. It provides a single security point for both authentication and authorisation for systems. See the SSP specification for further detail.
Retrieval Solution End-to-End
The diagram below describes how record retrieval is facilitated through the SSP using the Record URL stored on the pointer.
To view the diagram detail, open the image in a new tab.
As the diagram depicts, the step by step process end-to-end for retrieving a record or document is as follows:
- Consumer [system] searches/queries the NRL to see if any Pointers exist for the patient under their care
- Consumer [system] finds a Pointer that references a document/record which could be of value for the provision of care
Consumer [system] takes the URL property value (see Pointer Data Model for more details) from the Pointer that was found during search and uses this value to create a request to the Provider system that holds the document/record.
An example URL property value:
The URL property in this example is pre-fixed with the URL to the SSP which will ensure that the request goes via the SSP and that all necessary security checks are performed on the request. The SSP base url pre-fix is added by the Consumer system. For further detail, see the Retrieval Read interaction page.
- Consumer [system] sends the request to the Provider system.
- Request sent by the Consumer goes through the SSP where security checks are performed
- Request is then sent onto the Provider system that holds the document/record once security checks are passed
- Provider system receives and validates the request
- Provider system sends the requested document/record back to the Consumer, via the SSP
- Consumer [system] receives the document/record and processes this in readiness for display back to the end user
For further detail on requirements for facilitating retrieval, see the Retrieval Read Interaction.