The Purpose of IM1
The IM1 interface mechanism serves as a standardised gateway for third-party applications to access and interact with NHS clinical data. Its primary role is to enable interoperability, allowing separate systems to read patient information, extract data in bulk, and write back into clinical systems securely and efficiently. By enabling integration with principal systems like EMIS Web and SystmOne, the IM1 Patient API supports a wide range of functionalities, from clinical decision support to patient-facing services like booking appointments or requesting prescriptions.
IM1 Patient API Integration Process
Integration with the IM1 Patient API follows a structured process, ensuring that third-party applications meet stringent technical, clinical, and information governance standards.
- Prerequisites and SCAL: Before development begins, organisations must complete the IM1 Clinical and Information Governance prerequisites form. If approved, the IM1 team issues a Supplier Conformance Assessment List (SCAL), which evaluates compatibility with provider APIs and ensures compliance with NHS standards.
- Model Interface License: Approved developers execute a Model Interface License with each provider, granting access to the provider’s API test environment. This enables development and testing in a controlled setting.
- Testing Phases: Integration undergoes two testing phases. During the unsupported test phase, developers use a Pairing and Integration Pack (PIP) to build and refine their solution. In the supported test phase, providers and developers collaborate to conduct assurance tests, ensuring functionality, security, and compliance.
- Go-Live: Once all requirements are met, NHS England issues a “Recommended to Connect” status, and the product is rolled out to live environments. Subsequent updates or changes to functionality require approval via a Request for Change (RFC) process.
Key Functionalities of the IM1 Patient API
1. Appointment Management
The API supports comprehensive appointment functionalities, allowing users to search for available slots, book, view, and cancel appointments. In EMIS, functions like GetAvailableAppointments and BookAppointment enable precise scheduling, while SystmOne’s ListSlots and BookAppointment provide similar capabilities. Practices can enforce restrictions, such as limiting the number of active bookings, to ensure operational efficiency.
2. Prescription Handling
Prescription management is another critical feature. The APIs enable retrieval of repeat and acute medication lists (ListRepeatMedication in SystmOne and GetMedicationCourses in EMIS) and support requests for prescription refills. Both systems allow cancellation of prescription requests (CancelPrescriptionRequest), though the process varies slightly in terms of error handling and schema.
3. Patient Records Access
Accessing patient medical records is central to many healthcare applications. Both EMIS and SystmOne APIs offer robust functionality for retrieving data such as medical history, test results, immunizations, and consultations. EMIS provides the GetMedicalRecordData call, which delivers structured summaries or detailed entries based on configurable permissions. Similarly, SystmOne’s RequestPatientRecord supports granular record retrieval.
4. Secure Messaging
Both systems include secure messaging functionalities to facilitate patient-clinician communication. EMIS offers commands like SendMessage and GetMessages, while SystmOne supports similar operations through its MessagesView and MessageCreate endpoints. Practices retain control over whether messages can include attachments or direct clinician targeting.
Security and Authentication
A standout feature of the IM1 Patient API is its strong emphasis on security. Both EMIS and SystmOne APIs use encryption, session tokens, and multi-step authentication protocols.
- EMIS: The authentication flow revolves around creating a secure “Patient Session” using session keys, tokens, and hashed sequences. This prevents replay attacks and ensures secure, incremental communication.
- SystmOne: Authentication involves a three-step process: LinkAccount, Authenticate, and PatientSelected. Each session requires a unique SUID, ensuring session integrity and protecting patient data.
Both APIs require developers to manage keys and credentials responsibly, ensuring compliance with NHS security standards.
For your end users (patients) using your digital health product, they must be authenticated using NHS Login in order to integrate with the NHS IM1 Patient API. See more about NHS Login here – https://digital.nhs.uk/developer/api-catalogue/nhs-login.
Testing and Development Environments
Access to dedicated test environments is a critical aspect of integrating with the IM1 Patient API. Both EMIS and SystmOne provide sandboxed environments where developers can simulate real-world scenarios without affecting live patient data. These environments support mock endpoints, example payloads, and error simulation, enabling thorough pre-deployment testing.
For SystmOne, the CheckVersion call helps developers verify the supported API version in their test environment. Similarly, EMIS offers a GetClinicalVersionInformation call to ensure compatibility with the target practice’s API schema.
Error Handling and Diagnostics
Both APIs include detailed error codes and structured responses to guide developers in diagnosing and resolving issues. For instance, EMIS distinguishes between session errors (e.g., session_timeout) and clinical errors (e.g., general_clinical_error). Similarly, SystmOne’s response schema includes user-friendly and technical messages, ensuring clear communication of issues.
Benefits of Integrating with IM1
- Seamless NHS Interoperability: Integration with IM1 provides access to two of the most widely used clinical systems in the UK, offering significant reach and impact for third-party solutions.
- Comprehensive Functionality: The APIs cover a wide range of patient-facing services, making it possible to create end-to-end digital health solutions.
- Robust Security: IM1’s rigorous security protocols ensure compliance with NHS standards and safeguard sensitive patient data.
- Future-Ready Design: The IM1 Patient API supports versioning, allowing for enhancements without disrupting existing integrations. While the long-term future of IM1 is under review, its current design ensures adaptability to evolving NHS requirements.
Challenges and Considerations
Despite its benefits, integrating with the IM1 Patient API comes with challenges. The onboarding process is rigorous, requiring substantial compliance documentation and testing. Additionally, both APIs have unique schemas and operational nuances, demanding a thorough understanding of their respective architectures.
Conclusion
For digital health innovators, integrating with the IM1 Patient API is a powerful opportunity to enhance NHS interoperability and deliver patient-centric solutions. By offering access to critical functionalities like appointment booking, prescription management, and medical record retrieval, the IM1 Patient API serves as a cornerstone for developing impactful digital health applications. With robust security measures and comprehensive support for patient-facing services, it provides a solid foundation for innovation in healthcare technology.
By understanding the detailed integration process and technical specifications of the IM1 Patient API, developers can navigate the complexities of NHS systems and unlock the potential to transform patient care. For those ready to embark on this journey, the IM1 Patient API offers a gateway to creating solutions that make a meaningful difference in the lives of patients and providers alike.
