End User Organisation responsibilities for accessing the e-Referral Service via an application-restricted access mode

In application-restricted, unattended mode, access is restricted to applications, and authentication is performed by the calling application instead of the end user. This allows integrated software to carry out unattended workflows, improving operational efficiency and creating cost savings.

The application-restricted, unattended access mode in e-RS is designed to deliver information at an organisational level, such as an NHS Trust.

Because of this unique access, EUO have additional information governance responsibilities for both read and write API actions, where clinical and/or administrative data flows between systems.

In this content, the EUO is an NHS or NHS commissioned body delivering health care, who has contracted with an IT supplier for products and services to support the delivery of health care, and the ‘Connecting Party’ is the IT supplier. These are the terms used in the ‘Connection Agreement’ which governs IT suppliers’ connection to national services such as e-RS.

In order for an EUO to connect and remain connected to e-RS via a connecting party (using the application-restricted, unattended access mode), the EUO must comply with the following.

1.11 The EUO's Chief Information Officer (CIO) must provide written authority (by means of completion of the initial connection approval form, linked below) for the connecting party to download all clinical and/or administrative information on behalf of the EUO.

1.12 The EUO's CIO must identify a ‘senior responsible person’¹ who has a current profile on the NHS Spine and holds a role at the EUO.

1.13 The nominated senior responsible person must maintain a current NHS Spine profile with a role at the EUO. If the profile expires or the person has the role removed (for example due to them having left the EUO) the connection will fail, and clinical and/or administrative information will cease to flow to the EUO via the e-RS application-restricted, unattended API. Clinical and/or administrative information will remain available to individuals who hold e-RS roles at the EUO.

1.14 It is the EUO's responsibility to provide 4 weeks’ notice to the e-RS team if the senior responsible person is due to leave the EUO or cease to hold a valid NHS Spine profile. At this time, the EUO must identify a new senior responsible person (by means of completion of the senior responsible person change form, linked below) so that the e-RS team can take the necessary action to ensure that the flow of clinical and/or administrative information to the EUO continues uninterrupted via this method. Clinical and/or administrative information will remain available to individuals who hold e-RS roles at the EUO.

1.15 The EUO must accept that all transactions between the Connecting Party and e-RS via the application-restricted, unattended API will be recorded in the e-RS audit logs and will reference the Connecting Party’s system ID and the senior responsible person.

1.16 The EUO must ensure the e-RS team is made aware of any planned changes to the EUO's ODS code so that the impact of any change can be assessed, and appropriate action taken as required. Failure to do so may result in the cessation of the flow of clinical and/or administrative information via the e-RS application-restricted, unattended API.

Use of the application-restricted write functionality includes the read-only criteria above, as well as additional responsibilities.

1.21 The EUO business process must not include clinical decision making. It must be an automated administrative action which does not require clinical intervention by an end user.

1.22 The EUO must ensure that the application-restricted API endpoint will be recorded in system audit logs as an automated system response, and will reference the Connecting Party’s system ID and the senior responsible person.

1.23 Agreement to the automated process must be obtained from the EUO's CIO and Caldicott Guardian (CG).

This table summarises the responsibilities of the Connecting Party and EUO in respect of connection to e-RS via application-restricted, unattended API.