PDS API Patient search returns an OperationOutcome resource under some circumstances

We’re running a test-case for multiple matches against the INT environment using parameters:

  birthdate: '1982-06-08',
  gender: 'male',

The response has status 200 with an OperationOutcome resource containing an issue with code multiple-matches.

FHIR R4 search provides 2 alternative responses.
“If the search succeeds, the server SHALL return a 200 OK HTTP status code and the return content SHALL be a Bundle with type = searchset containing the results of the search as a collection of zero or more resources in a defined order.”

“If the search fails (cannot be executed, not that there are no matches), the return value return value SHALL be a status code 4xx or 5xx with an OperationOutcome.”

We expected the OperationOutcome to be included as an entry of type outcome in the Bundle.

Can I ask what level of access you’re using for these searches?

To potentially pre-empt the answer, if using Application-restricted access:

In this access mode, you only get a single matching patient record, and only if it’s a unique match.

This is documented on Personal Demographics Service - FHIR API - NHS Digital

We are indeed using Application-restricted access and are testing the case where there are multiple matches.

As this is a FHIR search, the API should respond with one of the combinations of HTTP status and FHIR resourcetype as outlined above (i.e. 200 Bundle | 4xx/5xx OperationOutcome). The PDS API documentation says the response will be “HTTP status: 200. A completed search. This might contain zero, one or many matching patients, or it might contain a ‘TOO_MANY_MATCHES’ error.” We therefore expected HTTP status 200 and a FHIR Bundle containing an OperationOutcome as an entry.

PDS API is responding with HTTP status 200 and a FHIR OperationOutcome. This is consistent with the PDS API documentation but isn’t consistent with FHIR (requiring workarounds to be applied in the client).

Is this as intended?

I get what you mean.

Wouldn’t it be better with a 422 and OperationOutcome?
The search has not been performed and 200 at a basic level indicates all is ok (but it isn’t)

I think a case can be made for both 200 and 4xx responses (e.g. 422) - either could be made to work.

As the search is a valid one that the server has processed (in order to determine that there are multiple matches) it seems a little harsh to class this as a Client Error. The only way a client application could avoid this error would be if it already had a priori information allowing it to uniquely identify a single individual within the UK!

From memory (when we designed this bit) we went back and forth on what response code to return. I was the product owner at the time and was a but uneasy about returning a 200 with an OperationOutcome but as you say it seemed the most appropriate response since the search had indeed been processed - 4xx typically implies some sort of mistake on the caller’s part, whereas in this scenario there’s nothing wrong with the request.

1 Like

NHS API Management team let me know that there is currently no intention to change the API behaviour to conform to the FHIR standard.