The assurance for access to Spine APIs varies depending on the type of API being accessed, and the nature of the data it provides. Refer to individual API specifications for details for a particular API, but in general, most FHIR access to FHIR APIs follows a process which centres around a workbook called the “Target Operating Model” (TOM). This includes a set of requirements and is filled in by both the supplier of the integrating system, and the deploying organisation, and reviewed by NHS Digital prior to any access being granted. This ensures that all integrating systems adhere to a common set of rules to ensure interoperability and compliance with IG rules.
An example description of the TOM process for the Spine PDS Mini Services Provider API can be found here.