Overview
- Consumers and Providers are required to keep an audit trail of requests to and responses from the NRL API interfaces.
- Consumers and Providers are required to keep an audit trail of requests and responses related to the retrieval of records and documents.
- In addition, the NRL and SSP are required to keep an audit trail of requests and responses that flow through these sevices.
Consumers
- Consumers MUST keep an audit trail of the requests to and responses from the NRL.
- Consumers MUST keep an audit trail of the requests they make to retrieve a record or document from a Provider system.
- Consumers MUST keep an audit trail of the responses they recieve from a request to retrieve a record or document from a Provider system.
Audit trails MUST include all details of the HTTP request, including all HTTP Header values.
Providers
- Providers MUST keep an audit trail of the requests to and responses from the NRL.
- Providers MUST keep an audit trail of the requests they receive from Consumers to retrieve a record from their system.
- Providers MUST keep an audit trail of the responses they send in response to requests they receive from Consumers to retrieve a record from their system.
Audit trails MUST include all details of the HTTP request, including all HTTP Header values.
It is not necessary for a Provider to keep an audit trail of the response payload returned to Consumers. However, Providers MUST be able to provide details of the record returned if required for medico-legal purposes.
SSP Trace ID
The SSP Trace ID is a unique identifier for a request that is generated by the Consumer and included in the SSP-TraceID HTTP Header for record retrieval requests. The SSP Trace ID is for the purpose of auditing and support.
Consumers and Providers MUST audit this value to enable an end-to-end audit trail of a retrieval request and the associated response.
Access Tokens (JWT)
Consumers and Providers MUST generate and supply a JWT access token with each request they initiate using the standard HTTP Authorization header. Details of these requirements can be found on the Access Token page.
Any request to the NRL or SSP that does not supply an Authorization header conforming to these requirements will be rejected.
Audit Logs
The following sections detail what information each actor (Consumer/Provider/NRL/SSP) MUST record in their audit logs. For details of each required attribute, see the Audit Log Attribute table below.
Provider Pointer Maintenance
Providers MUST record the following in audit logs for each NRL maintenance interaction (POST, PATCH, DELETE).
For requests to NRL
- ASID
- HTTP Request Body (for POST and PATCH only)
- HTTP Request URL
- HTTP Verb
- ODS Code
- NHS Number
- Request Datetime
- User ID
For responses from NRL
- HTTP Response Body
- HTTP Status Code
- Response Datetime
Provider Document/Record Retrieval
Providers MUST record the following in audit logs for each record retrieval request from a Consumer via the SSP.
For requests from Consumers
- ASID
- HTTP Request URL
- HTTP Status Code
- ODS Code
- Record version or equivalent
- Request Datetime
- Trace ID
- User ID
Consumer Pointer Search/Read
Consumers MUST record the following in audit logs for each NRL search interaction (GET).
For requests to NRL
- ASID
- HTTP Request URL
- HTTP Verb
- ODS Code
- NHS Number
- Request Datetime
- User ID
For responses from NRL
- HTTP Response Body
- HTTP Status Code
- Response Datetime
Consumer Document/Record Retrieval
Consumers MUST record the following in audit logs for each Document/Record retrieval request to a Provider via the SSP.
For requests to Providers
- ASID
- HTTP Request URL
- NHS Number
- ODS Code
- Pointer Logical ID
- Request Datetime
- Trace ID
- User ID
For responses from Providers
- HTTP Response Body (if the request failed)
- HTTP Status Code
- Response Datetime
Audit Log Attributes
The following table details the audit log attributes and the source of the value for the attribute.
| Attribute | Source |
|---|---|
| ASID |
requesting_system from JWT. Only the ASID portion is required, for example, https://fhir.nhs.uk/Id/accredited-system\|[ASID]
|
| HTTP Request Body | HTTP Request Body (where applicable, i.e. POST or PATCH) |
| HTTP Request URL | For example, URL of the NRL service that was called, or the URL used for the record retrieval request, which includes the value of the content.attachment.url property defined on the associated NRL pointer. |
| HTTP Response Body | Response message |
| HTTP Status Code | Describes the response outcome (Success: 2xx | Fail: 4xx or 5xx) |
| HTTP Verb | POST, PATCH, GET or DELETE |
| NHS Number | This is the value used as part of the pointer subject reference (for example, https://demographics.spineservices.nhs.uk/STU3/Patient/[NHS_Number]) which may be an attribute on the pointer or a search query parameter depending on the action being performed. |
| ODS Code |
requesting_organization from JWT. Only the ODSCode portion is required, for example, https://fhir.nhs.uk/Id/ods-organization-code\|[ODSCode]
|
| Pointer Logical ID | The Logical ID of the pointer (generated by the NRL) from which the retrieval request has been made |
| Record version or equivalent | Reference to the version ID (or equivalent) from which the NRL Provider can identity what version of a record was provided |
| Request Datetime | Datetime that audit log was written |
| Response Datetime | Datetime that the response was recieved from NHS Digital service (NRL or SSP) |
| Trace ID | The Consumer-generated ID of the retrieval request. This is only used for requests via the SSP and is for use in the Ssp-TraceID HTTP Request Header. |
| User ID |
requesting_user from JWT. This will be ‘NotProvided’ if requesting_user isn’t available in the JWT.This is not mandatory where the request is completed as a non-interactive process. |
