NHS e-Referral Service FHIR API - Audit Logging Requirements
Requirements for audit logging when integrating with the e-RS FHIR API.
All partners integrating with the e-RS FHIR API must ensure that audit logs are created and maintained in their application.
It is the responsibility of the partner to provide an adequate level of auditing. This is in order for you to meet subject access requests under GDPR, or for incident triage.
Audit logs should be held for a period of time in compliance with GDPR and your information governance policy.
The table below provides example attributes the integrated application may need to store in your audit log.
This is not an exhaustive list and is for illustration purposes only. Your use case should define which attributes you need.
| ID | Field name | Description | Examples |
|---|---|---|---|
| 1 | X-Request-ID |
When present in the response headers, the X-Request-ID will be returned to you and is unique to each transaction. Having this field allows us to join your logs with the e-RS application logs, assisting in cases such as incident investigation. |
58621d65-d5ad-4c3a-959f-0438e355990e-1 |
| 2 | X-Correlation-ID |
This is a client provided identifier that should be unique for each transaction. If provided, this should be logged to allow tracing through the client and e-RS application. |
11C46F5F-CDEF-4865-94B2-0EE0EDCC26DA |
| 3 | Event Date and Time | The date and time on which the auditable event occurred. All dates must be stored in Coordinated Universal Time (UTC). | yyyy-MM-dd HH:mm:ss.SSS |
| 4 | Unique Booking Reference Number (UBRN) |
The UBRN of the request that is the subject of the auditable event. This field is not required for endpoints which don't use a single referral in-context, for example:
|
0000 4961 4844 |
| 5 | NHS Number |
The NHS number of the patient that is the subject of the auditable event. This field is not required for endpoints which don't use a patient in-context, for example:
|
946 264 030 0 |
| 6 | End user ID |
As a data processor you have an obligation under UK GDPR 'Right of access' to inform users what information you have on a citizen, how you are using it and where you got it from. This could include which individuals have accessed that data. In order to fulfill this requirement, we ask you to audit the end user who accessed the data. User-restricted access mode A record of the users identity who performed the auditable event. This is the 12-digit NHS Smartcard ID of the user. Application-restricted access mode A record of the users identity who performed the auditable event. This could be an internal authoritative ID. Please note that the end user required here is not the senior responsible person linked to all interactions for the application-restricted, unattended access mode. This field is not required for endpoints which retrieve reference data and is not associated with a patient or referral, for example:
|
123456789012 jbloggs3470 |
| 7 | On-Behalf Of (OBO) UUID |
User-restricted access mode A record of the identity of the user performing the auditable event on-behalf-of the recorded user. This is applicable to situations where an Service Provider Clinician Admin (SPCA) must log into e-RS on behalf of an Service Provider Clinician (SPC). This field is only required if you are using an OBO user and/or the 'Retrieve e-RS-specific practitioner information (A040)' endpoint. |
123456789013 |
Last edited: 19 July 2024 10:42 am