{"openapi":"3.0.0","info":{"version":"v1.0.323-alpha","title":"GP Connect - Patient Permissions","contact":{"name":"GP Connect - Patient Permissions API Support","url":"https://digital.nhs.uk/developer/help-and-support","email":"api.management@nhs.net"},"description":"## Overview\n\n![GP Connect Patient Facing User Permissions API Overview](https://raw.githubusercontent.com/NHSDigital/gp-connect-user-permissions/master/specification/diagrams/overview.svg)\n\nUse this API to list and manage the permissions a patient has to their\nmedical record and a selection of services provided at their GP practice.\n\nYou can:\n\n- get a patient's permissions\n- request to update a patient's permissions to a higher level\n\nYou cannot:\n\n- request to update a patient's permissions to a lower level\n\nTo use this API, the end user must be a patient who is:\n\n- registered with the GP practice\n- registered with NHS login to P9 identity verification level\n\nThis API allows you to manage the permissions for:\n\n- appointments\n- prescriptions\n- medical record\n\nThis API is designed to respect the policy changes made in order to\nallow patients to access their future medical record entries.\nFor more details, see\n[access to patient records through the NHS App](https://digital.nhs.uk/services/nhs-app/nhs-app-guidance-for-gp-practices/guidance-on-nhs-app-features/accelerating-patient-access-to-their-record).\n\n## Who can use this API\n\nThis API:\n\n- is only for use by patient-facing applications\n- can only be used where there is a legal basis to do so\n\nMake sure you have a valid use case before you go too far with your\ndevelopment. To do this, [contact us](https://digital.nhs.uk/developer/help-and-support).\n\nYou must do this before you can go live (see\n[Onboarding](#api-description__onboarding) below).\n\n## Related APIs\n\nThe GP Connect suite of APIs include the following related APIs:\n\n- [GP Connect Access Document - FHIR API](https://digital.nhs.uk/developer/api-catalogue/gp-connect-access-document-fhir) - retrieve unstructured documents from a patient's GP practice record.\n- [GP Connect Access Record: HTML - FHIR API](https://digital.nhs.uk/developer/api-catalogue/gp-connect-access-record-html-fhir) - view a patient's GP practice record, with read-only access.\n- [GP Connect Access Record: Structured - FHIR API](https://digital.nhs.uk/developer/api-catalogue/gp-connect-access-record-structured-fhir) - retrieve structured information from a patient's GP practice record.\n- [GP Connect Appointment Management - FHIR API](https://digital.nhs.uk/developer/api-catalogue/gp-connect-appointment-management-fhir) - manage GP practice appointments between different systems.\n- [GP Connect Send Document - FHIR API](https://digital.nhs.uk/developer/api-catalogue/gp-connect-send-document-fhir) - send a PDF consultation summary to a registered GP practice.\n- [GP Connect (Patient Facing) Access Record - FHIR API](https://digital.nhs.uk/developer/api-catalogue/gp-connect-patient-facing-access-record-fhir) - access a patient's GP records with the GP Connect (patient facing) Access Record - FHIR API.\n- [GP Connect (Patient Facing) Appointment Management - FHIR API](https://digital.nhs.uk/developer/api-catalogue/gp-connect-patient-facing-appointment-management-fhir) - manage a patient's GP appointments using the GP Connect (patient facing) Appointment Management - FHIR API.\n- [GP Connect (Patient Facing) Prescriptions - FHIR API](https://digital.nhs.uk/developer/api-catalogue/gp-connect-patient-facing-prescriptions-fhir) - manage a patient's prescriptions using the GP Connect (patient facing) Prescriptions - FHIR API.\n\n## API status and roadmap\n\nThis API is [in production](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#statuses).\n\n## Service level\n\nThis API is a silver service, meaning it is operational 24 hours a day, 365 days a year but\nonly supported during business hours (8am to 6pm), Monday to Friday\nexcluding bank holidays.\n\nFor more details, see [service levels](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#service-levels).\n\n## Technology\n\nThis API is\n[RESTful](https://digital.nhs.uk/developer/guides-and-documentation/our-api-technologies#basic-rest).\n\n### Resources\n\nUse the [GP Connect User Management Implementation Guide](https://simplifier.net/guide/GP-Connect-Patient-Facing-User-Management/Home?version=current) to assit with your integration.\n\n## Network access\n\nThis API is available on the internet and, indirectly, on the\n[Health and Social Care Network (HSCN)](https://digital.nhs.uk/services/health-and-social-care-network).\n\nFor more details, see [Network access for APIs](https://digital.nhs.uk/developer/guides-and-documentation/network-access-for-apis).\n\n## Security and authorisation\n\nThis API is\n[user-restricted](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis),\nmeaning an end user must be present and authenticated to use it.\n\nThe end user must be:\n\n- a patient\n- authenticated with NHS login to P9 identity verification level\n\nThe API uses Open ID Connect to authenticate the end user and OAuth 2.0 to\nauthorise the calling system. It supports the following security pattern\nusing NHS login:\n\n- [User-restricted RESTful APIs - NHS login separate authentication and authorisation](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation/user-restricted-restful-apis-nhs-login-separate-authentication-and-authorisation)\n\n## Environments and testing\n\n| Purpose | URL |\n| ------- | --- |\n| Sandbox | `https://sandbox.api.service.nhs.uk/gp-connect/patient-facing/user-permissions` |\n| Integration test | Not yet available |\n| Production | Not yet available |\n\n### Sandbox testing\n\nOur [sandbox environment](https://digital.nhs.uk/developer/guides-and-documentation/testing#sandbox-testing):\n\n- is for early developer testing\n- only covers a limited set of scenarios\n- is stateless, so it does not store data\n- is open access, so does not allow you to test authorisation\n\nFor more details on sandbox testing, or to try out the sandbox using our\n\"Try this API\" feature, see the documentation for each endpoint.\n\nAlternatively, you can try out the sandbox using our Postman collection:\n\n[![Run in Postman](https://run.pstmn.io/button.svg)](https://app.getpostman.com/run-collection/34036044-57060177-4760-4184-8af5-fd3d7c268327?action=collection%2Ffork&source=rip_markdown&collection-url=entityId%3D34036044-57060177-4760-4184-8af5-fd3d7c268327%26entityType%3Dcollection%26workspaceId%3Dbad72f85-20d6-41c3-bd55-f30bf83f8c63)\n\n### Integration testing (not yet available)\n\nOur [integration test environment](https://digital.nhs.uk/developer/guides-and-documentation/testing#integration-testing):\n\n- is for formal integration testing\n- is stateful, so it does persist data\n- includes authorisation\n\nFor more details see\n [integration testing with our RESTful APIs](https://digital.nhs.uk/developer/guides-and-documentation/testing#integration-testing-with-our-restful-apis).\n\n## Onboarding\n\nThe GP Connect Patient Facing APIs are currently only available for New Market Entrant suppliers as data providers, and are in use with the NHS App as the consumer.\n\nAt the time of writing (July 2025), we are not onboarding any additional consumer suppliers to use these APIs.\n\n## Errors\n\nWe use standard HTTP status codes to show whether an API request succeeded\nor not. They are usually in the range:\n\n- 200 to 299 if it succeeded, including code 202 if it was accepted by an\n API that needs to wait for further action\n\n- 400 to 499 if it failed because of a client error by your application\n\n- 500 to 599 if it failed because of an error on our server\n\nErrors specific to each API are shown in the Endpoints section, under\nResponse. See our\n[reference guide](https://digital.nhs.uk/developer/guides-and-documentation/reference-guide#http-status-codes)\nfor more on errors.\n"},"servers":[{"url":"https://sandbox.api.service.nhs.uk/gp-connect/patient-facing/user-permissions","description":"Sandbox environment"}],"paths":{"/Patient/{id}":{"parameters":[{"in":"path","name":"id","description":"The patient's NHS number. The primary identifier of a patient, unique\nwithin NHS England and Wales. Always 10 digits and must be a\n[valid NHS number](https://www.datadictionary.nhs.uk/attributes/nhs_number.html).\n","required":true,"schema":{"type":"string","example":"9000000009"}},{"in":"header","name":"Authorization","description":"An\n[OAuth 2.0 bearer token](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis)\nfrom NHS login.\n","required":true,"schema":{"type":"string","format":"^Bearer\\ [[:ascii:]]+$","example":"Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM"}},{"in":"header","name":"X-Correlation-ID","description":"An optional ID which you can use to track transactions across multiple\nsystems. It can take any value, but we recommend avoiding `.`\ncharacters.\n\nMirrored back in a response header.\n","schema":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA","description":"The X-Correlation-ID from the request header, if supplied, mirrored back.\n"}},{"in":"header","name":"X-Request-ID","description":"A globally unique identifier (GUID) for the request, which we use to\nde-duplicate repeated requests and to trace the request if you contact\nour helpdesk.\n\nMust be a universally unique identifier (UUID) (ideally version 4).\nMirrored back in a response header.\nIf you re-send a failed request, use the same value in this header.\n","schema":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"60E0B220-8136-4CA5-AE46-1D97EF59D068","description":"The X-Request-ID from the request header, if supplied, mirrored back.\n"}}],"get":{"operationId":"getPatientPermissions","summary":"Get a patient's permissions","description":"## Overview\n\nGet a patient's permissions. The permissions describe the level of\naccess the patient has to their medical record, the appointments\nservice and the prescriptions service provided at their GP practice.\n\nThe medical record permission includes the access level the patient\nhas to both their current and their historical medical record.\nThe appointments and prescriptions service permissions represent the\npatient's current access level.\n\n## Use cases\n\nUse cases covered by this endpoint include:\n\n* building a UI so only the elements the patient has access to are\n available\n* presenting permissions to the patient so they can see what they do\n and do not have access to\n* presenting permissions to the patient so they can request additional\n permissions\n\n## Maximum allowable permissions\n\nNot all patients are able to request the highest level of\npermission available. The maximum level each patient can request is\nincluded within the response. This can be used to prevent patients\nrequesting additional permissions that would not be granted.\n\n## Pending requests\n\nIt is possible for a patient to request to change permissions and\nthose requests to not be actioned immediately. When this happens\nthere is a need to inform the patient of any pending requests. This\ncan be done using the `requests` property.\n","responses":{"200":{"description":"Successful response","headers":{"X-Correlation-ID":{"schema":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA","description":"The X-Correlation-ID from the request header, if supplied, mirrored back.\n"}},"X-Request-ID":{"schema":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"60E0B220-8136-4CA5-AE46-1D97EF59D068","description":"The X-Request-ID from the request header, if supplied, mirrored back.\n"}}},"content":{"application/json":{"schema":{"type":"object","description":"Contains the permissions the patient has to their medical record and the\nappointments and prescriptions services.\n\nEach permission has two properties, an `accessLevel` and an\n`accessLevelMax`.\n\n`accessLevel` describes the current level of permission\nthe patient has.\n\n`accessLevelMax` describes the maximum level of permission the patient\nmay request. This _can_ be different than the absolute maximum level of\npermission possible. For example, if a patient has an `accessLevel` of\n`summary` and an `accessLevelMax` of `detailed` for their current\nmedical record they can make a request to increase their level of\naccess to `detailed` but not `documents` or `full`.\n\nMedical record access levels are split into `current` and\n`historical` with an `effectiveDate` for when the current\naccess level started. This is to account for allowing patients to access\ntheir future medical record entries. For more details, see\n[access to patient records through the NHS App](https://digital.nhs.uk/services/nhs-app/nhs-app-guidance-for-gp-practices/guidance-on-nhs-app-features/accelerating-patient-access-to-their-record).\n\nAn optional array of `requests` may be included to contain information about\nany pending requests. This is information that should be displayed to the\npatient to help them understand the status of their requests.\n","required":["medicalRecord","appointments","prescriptions"],"properties":{"medicalRecord":{"type":"object","description":"Contains the access level the patient has to the medical record. This\nis split into `current.accessLevel` and `historical.accessLevel` with\nan `effectiveDate`, representing the date when the current level of\naccess started.\n\nAlongside `accessLevel` is `accessLevelMax` which represents the\nhighest level of permission that could be requested.\n","required":["current","effectiveDate"],"properties":{"effectiveDate":{"type":"string","description":"The date when the `current` permissions started. This must not be in the\nfuture.\n","format":"date","example":"2022-11-01"},"current":{"type":"object","description":"An object representing the level of permission a patient has to the\ncurrent medical record along with the maximum level of access that\ncould be requested.\n\nThe current medical record is anything at or after the `effectiveDate`.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nmedical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"}}},"historical":{"type":"object","description":"An object representing the level of permission a patient has to the\nhistorical medical record along with the maximum level of access that\ncould be requested.\n\nThe historical medical record is anything before the `effectiveDate`.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nmedical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"}}}}},"appointments":{"type":"object","description":"An object representing the level of permission a patient has to the\nappointments service along with the maximum level of access that\ncould be requested.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nappointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}},"prescriptions":{"type":"object","description":"An object representing the level of permission a patient has to the\nprescriptions service along with the maximum level of access that\ncould be requested.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nprescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}},"requests":{"type":"array","description":"List of requests that have been made to update permissions but have\nyet to be processed.\n","items":{"description":"A request could be for the medical record, appointments service\nor prescriptions service.\n","anyOf":[{"type":"object","description":"An object containing information about any pending\nrequests for changes to the medical record permissions.\n","allOf":[{"type":"object","required":["permissionType","medicalRecordType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Medical record permission type.","enum":["medicalRecord"]},"medicalRecordType":{"type":"string","description":"The type of the medical record.","enum":["current","historical"],"example":"current"},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"}}},{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}}]},{"type":"object","description":"An object containing information about any pending\nrequests for changes to the appointments service permissions.\n","allOf":[{"type":"object","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Appointments permission type.","enum":["appointments"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}},{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}}]},{"type":"object","description":"An object containing information about any pending\nrequests for changes to the prescriptions service permissions.\n","allOf":[{"type":"object","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Prescriptions permission type.","enum":["prescriptions"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}},{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}}]}]}}}},"examples":{"GetResponsePermissionsFull":{"summary":"The patient has full permission to their current medical record, the\nappointments and prescriptions service and summary permission to their\nhistorical medical record.\n","value":{"medicalRecord":{"effectiveDate":"2022-11-01","current":{"accessLevel":"full","accessLevelMax":"full"},"historical":{"accessLevel":"summary","accessLevelMax":"detailed"}},"appointments":{"accessLevel":"manage","accessLevelMax":"manage"},"prescriptions":{"accessLevel":"manage","accessLevelMax":"manage"}}},"GetResponsePendingRequestDetailed":{"summary":"The patient has a pending request where they requested access to `detailed`\nfor the historical medical record.\n","value":{"medicalRecord":{"effectiveDate":"2022-11-01","current":{"accessLevel":"full","accessLevelMax":"full"},"historical":{"accessLevel":"summary","accessLevelMax":"detailed"}},"appointments":{"accessLevel":"view","accessLevelMax":"manage"},"prescriptions":{"accessLevel":"view","accessLevelMax":"manage"},"requests":[{"status":"pending","createdDateTime":"2022-10-31T23:59:59+00:00","message":"Requires review by a healthcare worker.","accessLevel":"detailed","permissionType":"medicalRecord","medicalRecordType":"historical"}]}},"GetResponsePendingRequestAppointments":{"summary":"The patient has a pending request where they requested `manage` access to the\nappointments service.\n","value":{"medicalRecord":{"effectiveDate":"2022-11-01","current":{"accessLevel":"full","accessLevelMax":"full"},"historical":{"accessLevel":"summary","accessLevelMax":"detailed"}},"appointments":{"accessLevel":"view","accessLevelMax":"manage"},"prescriptions":{"accessLevel":"view","accessLevelMax":"manage"},"requests":[{"status":"pending","createdDateTime":"2022-10-31T23:59:59+00:00","message":"Requires review by a healthcare worker.","accessLevel":"manage","permissionType":"appointments"}]}},"GetResponseMultiplePendingRequests":{"summary":"The patient has multiple pending requests. The first request is to get\n`manage` permissions for the `appointments` service. The second request is\nto get `detailed` permissions to the historical medical record. The final request is \nto get `manage` permissions for the prescriptions service.\n","value":{"medicalRecord":{"effectiveDate":"2022-11-01","current":{"accessLevel":"full","accessLevelMax":"full"},"historical":{"accessLevel":"summary","accessLevelMax":"detailed"}},"appointments":{"accessLevel":"view","accessLevelMax":"manage"},"prescriptions":{"accessLevel":"view","accessLevelMax":"manage"},"requests":[{"status":"pending","createdDateTime":"2022-10-29T23:59:59+00:00","message":"Requires review by a healthcare worker.","permissionType":"appointments","accessLevel":"manage"},{"status":"pending","createdDateTime":"2022-10-31T23:59:59+00:00","message":"Requires review by a healthcare worker.","permissionType":"medicalRecord","medicalRecordType":"historical","accessLevel":"detailed"},{"status":"pending","createdDateTime":"2022-11-01T23:59:59+00:00","message":"Requires review by a healthcare worker.","permissionType":"prescriptions","accessLevel":"manage"}]}}}}}},"4XX":{"description":"An error occurred as follows:\n\n| HTTP status | Error code | Description |\n| ----------- | ---------- | ----------- |\n| 400 | INVALID_RESOURCE_ID | Invalid NHS number.\n| 404 | PATIENT_NOT_FOUND | The patient's NHS number in the provider system is not associated with a NHS number status indicator code of 'Number present and verified' |\n| 404 | PATIENT_NOT_FOUND | The request is for the permissions of a non-Regular/GMS patient (i.e. the patient's registered practice is somewhere else) |\n| 404 | PATIENT_NOT_FOUND | The request is for the permissions of an inactive or deceased patient |\n","content":{"application/fhir+json":{"schema":{"type":"object","description":"Outcome of an operation that does not result in a resource being returned.\n","required":["resourceType","meta","issue"],"properties":{"resourceType":{"type":"string","description":"The type of FHIR resource - primarily used by FHIR clients and used\nin non-FHIR APIs for consistency across the platform.\n","enum":["OperationOutcome"]},"meta":{"type":"object","description":"Object to hold meta information about the error.","required":["lastUpdated"],"properties":{"lastUpdated":{"type":"string","description":"UTC date and time stamp when the error occurred.","example":"2022-11-01T00:00:00+00:00"}}},"issue":{"type":"array","description":"List of issues that have occurred.","minItems":1,"items":{"type":"object","required":["severity","code"],"properties":{"severity":{"type":"string","description":"Severity of the error.","enum":["fatal","error","warning","information"],"example":"error"},"code":{"type":"string","description":"A FHIR error code - primarily used by FHIR clients and used in\nnon-FHIR APIs for consistency across the platform.\n","enum":["business-rule","code-invalid","conflict","deleted","duplicate","exception","expired","extension","forbidden","incomplete","informational","invalid","invariant","lock-error","login","multiple-matches","no-store","not-found","not-supported","processing","required","security","structure","suppressed","throttled","timeout","too-costly","too-long","transient","unknown","value"],"example":"forbidden"},"details":{"type":"object","description":"Internal error code.","properties":{"coding":{"type":"array","items":{"type":"object","properties":{"system":{"type":"string","description":"URI of the coding system specification.","example":"https://fhir.nhs.uk/R4/CodeSystem/Spine-ErrorOrWarningCode"},"version":{"type":"string","description":"Version of the coding system in use.","example":"1"},"code":{"type":"string","description":"Symbol in syntax defined by the system.","example":"INVALID_VALUE"},"display":{"type":"string","description":"Representation defined by the system.","example":"Provided value is invalid."}}}},"text":{"type":"string","description":"Plain text representation of the concept, this should be used in order to display the rejection reason to the user.","example":{"Rejected same or below":"Request rejected due to requested access being {the same as/below} the users current level for {current medicalRecord/historical medicalRecord/appointments/prescriptions}","Rejected above max":"Request rejected due to requested access being above the maximum practice set level for {current medicalRecord/historical medicalRecord/appointments/prescriptions}"}},"diagnostics":{"type":"string","description":"Additional diagnostic information about the issue.\n","example":"(invalid_request) firstName is missing."},"expression":{"type":"array","description":"JSON pointer of element(s) related to the error.","items":{"type":"string","example":"/data/attributes/firstName"}}}}}}}}},"examples":{"InvalidRequestError":{"summary":"Invalid request error response.","value":{"resourceType":"OperationOutcome","meta":{"lastUpdated":"2021-04-14T11:35:00+00:00"},"issue":[{"severity":"error","code":"value","details":{"coding":[{"system":"https://fhir.nhs.uk/CodeSystem/Spine-ErrorOrWarningCode","version":"1","code":"INVALID_VALUE","display":"Provided value is invalid."}],"diagnostics":"(invalid_request) firstName is missing.","expression":["/data/attributes/firstName"]}}]}}}}}}}},"post":{"operationId":"updatePatientPermissions","summary":"Request a change to a patient's permission","description":"## Overview\n\nRequest a change to the permission a patient has for their medical\nrecord or services provided by the GP practice.\n\nOnce you submit a request, it waits in a queue to be processed by a\nhealthcare worker. Exactly when this will happen is unpredictable.\n\nThe response to getting patient permissions contains information on\npending requests. Once the request is processed it is no longer\nincluded in pending requests.\n\nIf you like, you can share this information with the patient to help\nset their expectations.\n\n## Use cases\n\nUse cases covered by this endpoint include the patient requesting:\n\n* additional access to the appointments\n* additional access to the prescriptions\n* additional access to their current medical record\n* detailed coded record access to their historical medical record\n\n## Request workflow\n\nWhen a request is made, if it is accepted, it is added to the GP\nsystem's workflow and processed at some point in the future. Responses\nto these requests have a state of pending.\n\nRejected requests are not added to the GP system's\nworkflow. The text included in the response to a rejected request\nexplains the reason for the rejection, this should be under details.text in the OperationOutcome. This should be displayed to\nthe patient.\n\n## Request handling\n\nIf a request is a duplicate, it is deduplicated by\nthe GP system, with the original request being preserved.\n\nIf multiple requests are made (and accepted) they are combined\nwithin the workflow and reviewed together by a healthcare worker.\n","requestBody":{"description":"Object containing information about the permission to update along with\nthe `accessLevel` to update to.\n","required":true,"content":{"application/json":{"schema":{"description":"A request could be for the medical record, appointments service\nor prescriptions service.\n","oneOf":[{"type":"object","description":"Object containing information about the request to update the\npermission to the medical record.\n","required":["permissionType","accessLevel","medicalRecordType"],"properties":{"permissionType":{"type":"string","description":"Medical record permission type.","enum":["medicalRecord"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"medicalRecordType":{"type":"string","description":"The type of the medical record.","enum":["current","historical"],"example":"current"}}},{"type":"object","description":"Object containing the `accessLevel` to update the appointments service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Appointments permission type.","enum":["appointments"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}},{"type":"object","description":"Object containing the `accessLevel` to update the prescriptions service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Prescriptions permission type.","enum":["prescriptions"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}}],"discriminator":{"propertyName":"id","mapping":{"medicalRecord":"../schemas/MedicalRecordPermissionUpdate.yaml","appointments":"../schemas/AppointmentsPermissionUpdate.yaml","prescriptions":"../schemas/PrescriptionsPermissionUpdate.yaml"}}},"examples":{"PostRequestBodyAppointments":{"summary":"Request manage access to appointments service.","value":{"permissionType":"appointments","accessLevel":"manage"}},"PostRequestBodyPrescriptions":{"summary":"Request manage access to prescriptions service.","value":{"permissionType":"prescriptions","accessLevel":"manage"}},"PostRequestBodyCurrentFull":{"summary":"Request full access for current medical record.","value":{"permissionType":"medicalRecord","medicalRecordType":"current","accessLevel":"full"}},"PostRequestBodyHistoricalDetailed":{"summary":"Request detailed access for historical medical record.","value":{"permissionType":"medicalRecord","medicalRecordType":"historical","accessLevel":"detailed"}}}}}},"responses":{"200":{"description":"Successful response","headers":{"X-Correlation-ID":{"schema":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA","description":"The X-Correlation-ID from the request header, if supplied, mirrored back.\n"}},"X-Request-ID":{"schema":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"60E0B220-8136-4CA5-AE46-1D97EF59D068","description":"The X-Request-ID from the request header, if supplied, mirrored back.\n"}}},"content":{"application/json":{"schema":{"type":"object","description":"A response could be for the medical record, appointments service\nor prescriptions service depending on the request made. The response\nalways corresponds to the request.\n","oneOf":[{"type":"object","allOf":[{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}},{"type":"object","description":"Object containing information about the request to update the\npermission to the medical record.\n","required":["permissionType","accessLevel","medicalRecordType"],"properties":{"permissionType":{"type":"string","description":"Medical record permission type.","enum":["medicalRecord"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"medicalRecordType":{"type":"string","description":"The type of the medical record.","enum":["current","historical"],"example":"current"}}}]},{"type":"object","allOf":[{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}},{"type":"object","description":"Object containing the `accessLevel` to update the appointments service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Appointments permission type.","enum":["appointments"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}}]},{"type":"object","allOf":[{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}},{"type":"object","description":"Object containing the `accessLevel` to update the prescriptions service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Prescriptions permission type.","enum":["prescriptions"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}}]}],"discriminator":{"propertyName":"id","mapping":{"medicalRecord":"MedicalRecordPermissionUpdateResponse.yaml","appointments":"AppointmentsPermissionUpdateResponse.yaml","prescriptions":"PrescriptionsPermissionUpdateResponse.yaml"}}},"examples":{"PostResponsePendingHistoricalDetailed":{"summary":"Pending request for detailed access to historical medical record.","value":{"permissionType":"medicalRecord","medicalRecordType":"historical","accessLevel":"detailed","status":"pending","message":"Request received to update historical medical record access to detailed.","createdDateTime":"2022-11-01T00:00:00+00:00"}}}}}},"4XX":{"description":"An error occurred as follows:\n\n| HTTP status | Error code | Description |\n| ----------- | ---------- | ----------- |\n| 400 | INVALID_NHS_NUMBER | Invalid NHS number. |\n| 400 | INVALID_UPDATE | Malformed request. |\n| 400 | VALIDATION_ERROR | This is the \"default\" error thrown when no others are applicable. |\n| 400 | UNSUPPORTED_CHARACTERS_IN_FIELD | Invalid value in body of patch request. For details, see the `diagnostics` field. |\n| 400 | ADDITIONAL_PROPERTIES | The user sent additional properties within the dictionary. |\n| 400 | UNSUPPORTED_VALUE | There was an unsupported value in the request. For example sending a request and attempting to set a permission for an unknown permission type such as `communications`. |\n| 403 | FORBIDDEN_UPDATE | The user is not permitted to make certain requests. For example, no user can request access beyond the level of access denoted by `accessLevelMax`, or send a request for lower or the same access they currently have. |\n| 404 | PATIENT_NOT_FOUND | The patient's NHS number in the provider system is not associated with a NHS number status indicator code of 'Number present and verified' |\n| 404 | PATIENT_NOT_FOUND | The request is for the permissions of a non-Regular/GMS patient (i.e. the patient's registered practice is somewhere else) |\n| 404 | PATIENT_NOT_FOUND | The request is for the permissions of an inactive or deceased patient |\n","content":{"application/fhir+json":{"schema":{"type":"object","description":"Outcome of an operation that does not result in a resource being returned.\n","required":["resourceType","meta","issue"],"properties":{"resourceType":{"type":"string","description":"The type of FHIR resource - primarily used by FHIR clients and used\nin non-FHIR APIs for consistency across the platform.\n","enum":["OperationOutcome"]},"meta":{"type":"object","description":"Object to hold meta information about the error.","required":["lastUpdated"],"properties":{"lastUpdated":{"type":"string","description":"UTC date and time stamp when the error occurred.","example":"2022-11-01T00:00:00+00:00"}}},"issue":{"type":"array","description":"List of issues that have occurred.","minItems":1,"items":{"type":"object","required":["severity","code"],"properties":{"severity":{"type":"string","description":"Severity of the error.","enum":["fatal","error","warning","information"],"example":"error"},"code":{"type":"string","description":"A FHIR error code - primarily used by FHIR clients and used in\nnon-FHIR APIs for consistency across the platform.\n","enum":["business-rule","code-invalid","conflict","deleted","duplicate","exception","expired","extension","forbidden","incomplete","informational","invalid","invariant","lock-error","login","multiple-matches","no-store","not-found","not-supported","processing","required","security","structure","suppressed","throttled","timeout","too-costly","too-long","transient","unknown","value"],"example":"forbidden"},"details":{"type":"object","description":"Internal error code.","properties":{"coding":{"type":"array","items":{"type":"object","properties":{"system":{"type":"string","description":"URI of the coding system specification.","example":"https://fhir.nhs.uk/R4/CodeSystem/Spine-ErrorOrWarningCode"},"version":{"type":"string","description":"Version of the coding system in use.","example":"1"},"code":{"type":"string","description":"Symbol in syntax defined by the system.","example":"INVALID_VALUE"},"display":{"type":"string","description":"Representation defined by the system.","example":"Provided value is invalid."}}}},"text":{"type":"string","description":"Plain text representation of the concept, this should be used in order to display the rejection reason to the user.","example":{"Rejected same or below":"Request rejected due to requested access being {the same as/below} the users current level for {current medicalRecord/historical medicalRecord/appointments/prescriptions}","Rejected above max":"Request rejected due to requested access being above the maximum practice set level for {current medicalRecord/historical medicalRecord/appointments/prescriptions}"}},"diagnostics":{"type":"string","description":"Additional diagnostic information about the issue.\n","example":"(invalid_request) firstName is missing."},"expression":{"type":"array","description":"JSON pointer of element(s) related to the error.","items":{"type":"string","example":"/data/attributes/firstName"}}}}}}}}},"examples":{"InvalidRequestError":{"summary":"Invalid request error response.","value":{"resourceType":"OperationOutcome","meta":{"lastUpdated":"2021-04-14T11:35:00+00:00"},"issue":[{"severity":"error","code":"value","details":{"coding":[{"system":"https://fhir.nhs.uk/CodeSystem/Spine-ErrorOrWarningCode","version":"1","code":"INVALID_VALUE","display":"Provided value is invalid."}],"diagnostics":"(invalid_request) firstName is missing.","expression":["/data/attributes/firstName"]}}]}},"RejectedRequestError":{"summary":"A rejected error response","value":{"resourceType":"OperationOutcome","meta":{"lastUpdated":"2022-05-14T11:35:00+00:00"},"issue":[{"severity":"error","code":"value","details":{"coding":[{"system":"https://fhir.nhs.uk/CodeSystem/Spine-ErrorOrWarningCode","version":"1","code":"INVALID_UPDATE","display":"Update is invalid"}],"text":"Request rejected due to requested access being below the users current level for prescriptions."}}]}}}}}}}}}},"components":{"headers":{"X-Correlation-ID":{"schema":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA","description":"The X-Correlation-ID from the request header, if supplied, mirrored back.\n"}},"X-Request-ID":{"schema":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"60E0B220-8136-4CA5-AE46-1D97EF59D068","description":"The X-Request-ID from the request header, if supplied, mirrored back.\n"}}},"parameters":{"BearerAuthorization":{"in":"header","name":"Authorization","description":"An\n[OAuth 2.0 bearer token](https://digital.nhs.uk/developer/guides-and-documentation/security-and-authorisation#user-restricted-apis)\nfrom NHS login.\n","required":true,"schema":{"type":"string","format":"^Bearer\\ [[:ascii:]]+$","example":"Bearer g1112R_ccQ1Ebbb4gtHBP1aaaNM"}},"CorrelationID":{"in":"header","name":"X-Correlation-ID","description":"An optional ID which you can use to track transactions across multiple\nsystems. It can take any value, but we recommend avoiding `.`\ncharacters.\n\nMirrored back in a response header.\n","schema":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA","description":"The X-Correlation-ID from the request header, if supplied, mirrored back.\n"}},"Id":{"in":"path","name":"id","description":"The patient's NHS number. The primary identifier of a patient, unique\nwithin NHS England and Wales. Always 10 digits and must be a\n[valid NHS number](https://www.datadictionary.nhs.uk/attributes/nhs_number.html).\n","required":true,"schema":{"type":"string","example":"9000000009"}},"RequestID":{"in":"header","name":"X-Request-ID","description":"A globally unique identifier (GUID) for the request, which we use to\nde-duplicate repeated requests and to trace the request if you contact\nour helpdesk.\n\nMust be a universally unique identifier (UUID) (ideally version 4).\nMirrored back in a response header.\nIf you re-send a failed request, use the same value in this header.\n","schema":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"60E0B220-8136-4CA5-AE46-1D97EF59D068","description":"The X-Request-ID from the request header, if supplied, mirrored back.\n"}}},"schemas":{"AppointmentsAccessLevelEnum":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"},"AppointmentsAccessLevelMaxEnum":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nappointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"},"AppointmentsPermission":{"type":"object","description":"An object representing the level of permission a patient has to the\nappointments service along with the maximum level of access that\ncould be requested.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nappointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}},"AppointmentsPermissionTypeEnum":{"type":"string","description":"Appointments permission type.","enum":["appointments"]},"AppointmentsPermissionRequest":{"type":"object","description":"An object containing information about any pending\nrequests for changes to the appointments service permissions.\n","allOf":[{"type":"object","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Appointments permission type.","enum":["appointments"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}},{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}}]},"AppointmentsPermissionUpdate":{"type":"object","description":"Object containing the `accessLevel` to update the appointments service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Appointments permission type.","enum":["appointments"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}},"AppointmentsPermissionUpdateResponse":{"type":"object","allOf":[{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}},{"type":"object","description":"Object containing the `accessLevel` to update the appointments service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Appointments permission type.","enum":["appointments"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}}]},"BaseRequest":{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}},"CorrelationID":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA","description":"The X-Correlation-ID from the request header, if supplied, mirrored back.\n"},"ErrorResponse":{"type":"object","description":"Outcome of an operation that does not result in a resource being returned.\n","required":["resourceType","meta","issue"],"properties":{"resourceType":{"type":"string","description":"The type of FHIR resource - primarily used by FHIR clients and used\nin non-FHIR APIs for consistency across the platform.\n","enum":["OperationOutcome"]},"meta":{"type":"object","description":"Object to hold meta information about the error.","required":["lastUpdated"],"properties":{"lastUpdated":{"type":"string","description":"UTC date and time stamp when the error occurred.","example":"2022-11-01T00:00:00+00:00"}}},"issue":{"type":"array","description":"List of issues that have occurred.","minItems":1,"items":{"type":"object","required":["severity","code"],"properties":{"severity":{"type":"string","description":"Severity of the error.","enum":["fatal","error","warning","information"],"example":"error"},"code":{"type":"string","description":"A FHIR error code - primarily used by FHIR clients and used in\nnon-FHIR APIs for consistency across the platform.\n","enum":["business-rule","code-invalid","conflict","deleted","duplicate","exception","expired","extension","forbidden","incomplete","informational","invalid","invariant","lock-error","login","multiple-matches","no-store","not-found","not-supported","processing","required","security","structure","suppressed","throttled","timeout","too-costly","too-long","transient","unknown","value"],"example":"forbidden"},"details":{"type":"object","description":"Internal error code.","properties":{"coding":{"type":"array","items":{"type":"object","properties":{"system":{"type":"string","description":"URI of the coding system specification.","example":"https://fhir.nhs.uk/R4/CodeSystem/Spine-ErrorOrWarningCode"},"version":{"type":"string","description":"Version of the coding system in use.","example":"1"},"code":{"type":"string","description":"Symbol in syntax defined by the system.","example":"INVALID_VALUE"},"display":{"type":"string","description":"Representation defined by the system.","example":"Provided value is invalid."}}}},"text":{"type":"string","description":"Plain text representation of the concept, this should be used in order to display the rejection reason to the user.","example":{"Rejected same or below":"Request rejected due to requested access being {the same as/below} the users current level for {current medicalRecord/historical medicalRecord/appointments/prescriptions}","Rejected above max":"Request rejected due to requested access being above the maximum practice set level for {current medicalRecord/historical medicalRecord/appointments/prescriptions}"}},"diagnostics":{"type":"string","description":"Additional diagnostic information about the issue.\n","example":"(invalid_request) firstName is missing."},"expression":{"type":"array","description":"JSON pointer of element(s) related to the error.","items":{"type":"string","example":"/data/attributes/firstName"}}}}}}}}},"MedicalRecordAccessLevelEnum":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"MedicalRecordAccessLevelMaxEnum":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nmedical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"MedicalRecordCurrentPermissionItem":{"type":"object","description":"An object representing the level of permission a patient has to the\ncurrent medical record along with the maximum level of access that\ncould be requested.\n\nThe current medical record is anything at or after the `effectiveDate`.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nmedical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"}}},"MedicalRecordHistoricalPermissionItem":{"type":"object","description":"An object representing the level of permission a patient has to the\nhistorical medical record along with the maximum level of access that\ncould be requested.\n\nThe historical medical record is anything before the `effectiveDate`.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nmedical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"}}},"MedicalRecordPermission":{"type":"object","description":"Contains the access level the patient has to the medical record. This\nis split into `current.accessLevel` and `historical.accessLevel` with\nan `effectiveDate`, representing the date when the current level of\naccess started.\n\nAlongside `accessLevel` is `accessLevelMax` which represents the\nhighest level of permission that could be requested.\n","required":["current","effectiveDate"],"properties":{"effectiveDate":{"type":"string","description":"The date when the `current` permissions started. This must not be in the\nfuture.\n","format":"date","example":"2022-11-01"},"current":{"type":"object","description":"An object representing the level of permission a patient has to the\ncurrent medical record along with the maximum level of access that\ncould be requested.\n\nThe current medical record is anything at or after the `effectiveDate`.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nmedical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"}}},"historical":{"type":"object","description":"An object representing the level of permission a patient has to the\nhistorical medical record along with the maximum level of access that\ncould be requested.\n\nThe historical medical record is anything before the `effectiveDate`.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nmedical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"}}}}},"MedicalRecordPermissionRequest":{"type":"object","description":"An object containing information about any pending\nrequests for changes to the medical record permissions.\n","allOf":[{"type":"object","required":["permissionType","medicalRecordType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Medical record permission type.","enum":["medicalRecord"]},"medicalRecordType":{"type":"string","description":"The type of the medical record.","enum":["current","historical"],"example":"current"},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"}}},{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}}]},"MedicalRecordPermissionTypeEnum":{"type":"string","description":"Medical record permission type.","enum":["medicalRecord"]},"MedicalRecordPermissionUpdate":{"type":"object","description":"Object containing information about the request to update the\npermission to the medical record.\n","required":["permissionType","accessLevel","medicalRecordType"],"properties":{"permissionType":{"type":"string","description":"Medical record permission type.","enum":["medicalRecord"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"medicalRecordType":{"type":"string","description":"The type of the medical record.","enum":["current","historical"],"example":"current"}}},"MedicalRecordPermissionUpdateResponse":{"type":"object","allOf":[{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}},{"type":"object","description":"Object containing information about the request to update the\npermission to the medical record.\n","required":["permissionType","accessLevel","medicalRecordType"],"properties":{"permissionType":{"type":"string","description":"Medical record permission type.","enum":["medicalRecord"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"medicalRecordType":{"type":"string","description":"The type of the medical record.","enum":["current","historical"],"example":"current"}}}]},"MedicalRecordTypeEnum":{"type":"string","description":"The type of the medical record.","enum":["current","historical"],"example":"current"},"PatientPermission":{"type":"object","description":"Contains the permissions the patient has to their medical record and the\nappointments and prescriptions services.\n\nEach permission has two properties, an `accessLevel` and an\n`accessLevelMax`.\n\n`accessLevel` describes the current level of permission\nthe patient has.\n\n`accessLevelMax` describes the maximum level of permission the patient\nmay request. This _can_ be different than the absolute maximum level of\npermission possible. For example, if a patient has an `accessLevel` of\n`summary` and an `accessLevelMax` of `detailed` for their current\nmedical record they can make a request to increase their level of\naccess to `detailed` but not `documents` or `full`.\n\nMedical record access levels are split into `current` and\n`historical` with an `effectiveDate` for when the current\naccess level started. This is to account for allowing patients to access\ntheir future medical record entries. For more details, see\n[access to patient records through the NHS App](https://digital.nhs.uk/services/nhs-app/nhs-app-guidance-for-gp-practices/guidance-on-nhs-app-features/accelerating-patient-access-to-their-record).\n\nAn optional array of `requests` may be included to contain information about\nany pending requests. This is information that should be displayed to the\npatient to help them understand the status of their requests.\n","required":["medicalRecord","appointments","prescriptions"],"properties":{"medicalRecord":{"type":"object","description":"Contains the access level the patient has to the medical record. This\nis split into `current.accessLevel` and `historical.accessLevel` with\nan `effectiveDate`, representing the date when the current level of\naccess started.\n\nAlongside `accessLevel` is `accessLevelMax` which represents the\nhighest level of permission that could be requested.\n","required":["current","effectiveDate"],"properties":{"effectiveDate":{"type":"string","description":"The date when the `current` permissions started. This must not be in the\nfuture.\n","format":"date","example":"2022-11-01"},"current":{"type":"object","description":"An object representing the level of permission a patient has to the\ncurrent medical record along with the maximum level of access that\ncould be requested.\n\nThe current medical record is anything at or after the `effectiveDate`.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nmedical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"}}},"historical":{"type":"object","description":"An object representing the level of permission a patient has to the\nhistorical medical record along with the maximum level of access that\ncould be requested.\n\nThe historical medical record is anything before the `effectiveDate`.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nmedical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"}}}}},"appointments":{"type":"object","description":"An object representing the level of permission a patient has to the\nappointments service along with the maximum level of access that\ncould be requested.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nappointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}},"prescriptions":{"type":"object","description":"An object representing the level of permission a patient has to the\nprescriptions service along with the maximum level of access that\ncould be requested.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nprescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}},"requests":{"type":"array","description":"List of requests that have been made to update permissions but have\nyet to be processed.\n","items":{"description":"A request could be for the medical record, appointments service\nor prescriptions service.\n","anyOf":[{"type":"object","description":"An object containing information about any pending\nrequests for changes to the medical record permissions.\n","allOf":[{"type":"object","required":["permissionType","medicalRecordType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Medical record permission type.","enum":["medicalRecord"]},"medicalRecordType":{"type":"string","description":"The type of the medical record.","enum":["current","historical"],"example":"current"},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"}}},{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}}]},{"type":"object","description":"An object containing information about any pending\nrequests for changes to the appointments service permissions.\n","allOf":[{"type":"object","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Appointments permission type.","enum":["appointments"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}},{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}}]},{"type":"object","description":"An object containing information about any pending\nrequests for changes to the prescriptions service permissions.\n","allOf":[{"type":"object","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Prescriptions permission type.","enum":["prescriptions"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}},{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}}]}]}}}},"PermissionUpdateResponse":{"type":"object","description":"A response could be for the medical record, appointments service\nor prescriptions service depending on the request made. The response\nalways corresponds to the request.\n","oneOf":[{"type":"object","allOf":[{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}},{"type":"object","description":"Object containing information about the request to update the\npermission to the medical record.\n","required":["permissionType","accessLevel","medicalRecordType"],"properties":{"permissionType":{"type":"string","description":"Medical record permission type.","enum":["medicalRecord"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"medicalRecordType":{"type":"string","description":"The type of the medical record.","enum":["current","historical"],"example":"current"}}}]},{"type":"object","allOf":[{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}},{"type":"object","description":"Object containing the `accessLevel` to update the appointments service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Appointments permission type.","enum":["appointments"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}}]},{"type":"object","allOf":[{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}},{"type":"object","description":"Object containing the `accessLevel` to update the prescriptions service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Prescriptions permission type.","enum":["prescriptions"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}}]}],"discriminator":{"propertyName":"id","mapping":{"medicalRecord":"MedicalRecordPermissionUpdateResponse.yaml","appointments":"AppointmentsPermissionUpdateResponse.yaml","prescriptions":"PrescriptionsPermissionUpdateResponse.yaml"}}},"PrescriptionsAccessLevelEnum":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"},"PrescriptionsAccessLevelMaxEnum":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nprescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"},"PrescriptionsPermission":{"type":"object","description":"An object representing the level of permission a patient has to the\nprescriptions service along with the maximum level of access that\ncould be requested.\n","required":["accessLevel","accessLevelMax"],"properties":{"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"},"accessLevelMax":{"type":"string","description":"Indicates the maximum level of access the patient could request to the\nprescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}},"PrescriptionsPermissionRequest":{"type":"object","description":"An object containing information about any pending\nrequests for changes to the prescriptions service permissions.\n","allOf":[{"type":"object","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Prescriptions permission type.","enum":["prescriptions"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}},{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}}]},"PrescriptionsPermissionUpdate":{"type":"object","description":"Object containing the `accessLevel` to update the prescriptions service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Prescriptions permission type.","enum":["prescriptions"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}},"PrescriptionsPermissionUpdateResponse":{"type":"object","allOf":[{"type":"object","description":"An object containing information about requests to change permissions.\n","required":["status","createdDateTime","message"],"properties":{"createdDateTime":{"type":"string","description":"The date-time when the request for change was created.","format":"date-time","example":"2022-11-01T23:59:59+00:00"},"message":{"type":"string","description":"A message about the request and its status.","example":"Request requires review by a healthcare worker."},"status":{"type":"string","description":"The status of the request.","enum":["pending"],"example":"pending"}}},{"type":"object","description":"Object containing the `accessLevel` to update the prescriptions service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Prescriptions permission type.","enum":["prescriptions"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}}]},"PrescriptionsPermissionTypeEnum":{"type":"string","description":"Prescriptions permission type.","enum":["prescriptions"]},"RequestID":{"type":"string","pattern":"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$","example":"60E0B220-8136-4CA5-AE46-1D97EF59D068","description":"The X-Request-ID from the request header, if supplied, mirrored back.\n"}},"examples":{"InvalidRequestError":{"summary":"Invalid request error response.","value":{"resourceType":"OperationOutcome","meta":{"lastUpdated":"2021-04-14T11:35:00+00:00"},"issue":[{"severity":"error","code":"value","details":{"coding":[{"system":"https://fhir.nhs.uk/CodeSystem/Spine-ErrorOrWarningCode","version":"1","code":"INVALID_VALUE","display":"Provided value is invalid."}],"diagnostics":"(invalid_request) firstName is missing.","expression":["/data/attributes/firstName"]}}]}},"GetResponsePermissionsFull":{"summary":"The patient has full permission to their current medical record, the\nappointments and prescriptions service and summary permission to their\nhistorical medical record.\n","value":{"medicalRecord":{"effectiveDate":"2022-11-01","current":{"accessLevel":"full","accessLevelMax":"full"},"historical":{"accessLevel":"summary","accessLevelMax":"detailed"}},"appointments":{"accessLevel":"manage","accessLevelMax":"manage"},"prescriptions":{"accessLevel":"manage","accessLevelMax":"manage"}}},"GetResponseMultiplePendingRequests":{"summary":"The patient has multiple pending requests. The first request is to get\n`manage` permissions for the `appointments` service. The second request is\nto get `detailed` permissions to the historical medical record. The final request is \nto get `manage` permissions for the prescriptions service.\n","value":{"medicalRecord":{"effectiveDate":"2022-11-01","current":{"accessLevel":"full","accessLevelMax":"full"},"historical":{"accessLevel":"summary","accessLevelMax":"detailed"}},"appointments":{"accessLevel":"view","accessLevelMax":"manage"},"prescriptions":{"accessLevel":"view","accessLevelMax":"manage"},"requests":[{"status":"pending","createdDateTime":"2022-10-29T23:59:59+00:00","message":"Requires review by a healthcare worker.","permissionType":"appointments","accessLevel":"manage"},{"status":"pending","createdDateTime":"2022-10-31T23:59:59+00:00","message":"Requires review by a healthcare worker.","permissionType":"medicalRecord","medicalRecordType":"historical","accessLevel":"detailed"},{"status":"pending","createdDateTime":"2022-11-01T23:59:59+00:00","message":"Requires review by a healthcare worker.","permissionType":"prescriptions","accessLevel":"manage"}]}},"GetResponsePendingRequestDetailed":{"summary":"The patient has a pending request where they requested access to `detailed`\nfor the historical medical record.\n","value":{"medicalRecord":{"effectiveDate":"2022-11-01","current":{"accessLevel":"full","accessLevelMax":"full"},"historical":{"accessLevel":"summary","accessLevelMax":"detailed"}},"appointments":{"accessLevel":"view","accessLevelMax":"manage"},"prescriptions":{"accessLevel":"view","accessLevelMax":"manage"},"requests":[{"status":"pending","createdDateTime":"2022-10-31T23:59:59+00:00","message":"Requires review by a healthcare worker.","accessLevel":"detailed","permissionType":"medicalRecord","medicalRecordType":"historical"}]}},"GetResponsePendingRequestAppointments":{"summary":"The patient has a pending request where they requested `manage` access to the\nappointments service.\n","value":{"medicalRecord":{"effectiveDate":"2022-11-01","current":{"accessLevel":"full","accessLevelMax":"full"},"historical":{"accessLevel":"summary","accessLevelMax":"detailed"}},"appointments":{"accessLevel":"view","accessLevelMax":"manage"},"prescriptions":{"accessLevel":"view","accessLevelMax":"manage"},"requests":[{"status":"pending","createdDateTime":"2022-10-31T23:59:59+00:00","message":"Requires review by a healthcare worker.","accessLevel":"manage","permissionType":"appointments"}]}},"PostResponsePendingHistoricalDetailed":{"summary":"Pending request for detailed access to historical medical record.","value":{"permissionType":"medicalRecord","medicalRecordType":"historical","accessLevel":"detailed","status":"pending","message":"Request received to update historical medical record access to detailed.","createdDateTime":"2022-11-01T00:00:00+00:00"}},"PostRequestBodyAppointments":{"summary":"Request manage access to appointments service.","value":{"permissionType":"appointments","accessLevel":"manage"}},"PostRequestBodyHistoricalDetailed":{"summary":"Request detailed access for historical medical record.","value":{"permissionType":"medicalRecord","medicalRecordType":"historical","accessLevel":"detailed"}},"PostRequestBodyPrescriptions":{"summary":"Request manage access to prescriptions service.","value":{"permissionType":"prescriptions","accessLevel":"manage"}},"RejectedRequestError":{"summary":"A rejected error response","value":{"resourceType":"OperationOutcome","meta":{"lastUpdated":"2022-05-14T11:35:00+00:00"},"issue":[{"severity":"error","code":"value","details":{"coding":[{"system":"https://fhir.nhs.uk/CodeSystem/Spine-ErrorOrWarningCode","version":"1","code":"INVALID_UPDATE","display":"Update is invalid"}],"text":"Request rejected due to requested access being below the users current level for prescriptions."}}]}}},"requestBodies":{"UpdatePermission":{"description":"Object containing information about the permission to update along with\nthe `accessLevel` to update to.\n","required":true,"content":{"application/json":{"schema":{"description":"A request could be for the medical record, appointments service\nor prescriptions service.\n","oneOf":[{"type":"object","description":"Object containing information about the request to update the\npermission to the medical record.\n","required":["permissionType","accessLevel","medicalRecordType"],"properties":{"permissionType":{"type":"string","description":"Medical record permission type.","enum":["medicalRecord"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the medical record.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| summary | summary record access |\n| detailed | detailed coded record access |\n| documents | documents access |\n| full | full access |\n","enum":["none","summary","detailed","documents","full"],"example":"detailed"},"medicalRecordType":{"type":"string","description":"The type of the medical record.","enum":["current","historical"],"example":"current"}}},{"type":"object","description":"Object containing the `accessLevel` to update the appointments service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Appointments permission type.","enum":["appointments"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the appointments service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, book, amend & cancel existing appointments |\n","enum":["none","view","manage"],"example":"manage"}}},{"type":"object","description":"Object containing the `accessLevel` to update the prescriptions service to.\n","required":["permissionType","accessLevel"],"properties":{"permissionType":{"type":"string","description":"Prescriptions permission type.","enum":["prescriptions"]},"accessLevel":{"type":"string","description":"Indicates the level of access the patient has to the prescriptions service.\n\n| level | description |\n| ----- | ----------- |\n| none | no access |\n| view | view only |\n| manage | view, order, amend & cancel existing prescriptions |\n","enum":["none","view","manage"],"example":"manage"}}}],"discriminator":{"propertyName":"id","mapping":{"medicalRecord":"../schemas/MedicalRecordPermissionUpdate.yaml","appointments":"../schemas/AppointmentsPermissionUpdate.yaml","prescriptions":"../schemas/PrescriptionsPermissionUpdate.yaml"}}},"examples":{"PostRequestBodyAppointments":{"summary":"Request manage access to appointments service.","value":{"permissionType":"appointments","accessLevel":"manage"}},"PostRequestBodyPrescriptions":{"summary":"Request manage access to prescriptions service.","value":{"permissionType":"prescriptions","accessLevel":"manage"}},"PostRequestBodyCurrentFull":{"summary":"Request full access for current medical record.","value":{"permissionType":"medicalRecord","medicalRecordType":"current","accessLevel":"full"}},"PostRequestBodyHistoricalDetailed":{"summary":"Request detailed access for historical medical record.","value":{"permissionType":"medicalRecord","medicalRecordType":"historical","accessLevel":"detailed"}}}}}}}}}