Error handling

Operation outcome usage

In the event of an error, provider systems SHALL respond by providing an OperationOutcome resource

The OperationOutcome:

• SHALL contain a definition of severity in the OperationOutcome.issue.severity field providing a value from the valueset-issue-severity value set. The cases described below will specify the value to use for each outcome.
• SHALL contain a definition of the type of error in the OperationOutcome.issue.code element, providing a value from the issue-type value set.
• SHALL contain details of the Spine error code in the OperationOutcome.issue.details.coding.code and OperationOutcome.issue.details.coding.display fields. These shall be taken from the standard set of NHS Spine error codes as defined in the spine-error-or-warning-code-1 value set. The Spine error and warning codes provide a greater degree of error handling granularity, and also ensure a standardised error handling approach across NHS APIs.
• SHOULD provide additional diagnostic details of the error in OperationOutcome.diagnostics property where such securely provides additional error context for consumer applications.

NOTE: OperationOutcome resources returned by Spine will always have an ID element, which can be used by the Spine team if necessary during testing to trace the error and troubleshoot why it occurred. Errors returned from external systems (e.g. brokered calls into GP systems) MAY also contain an ID element.

The specific errors that can be returned will depend on the API being called, and the individual API specifications will provide additional details about likely error conditions. The sections below provide general guidance on the error details that can come back from national FHIR APIs, and those brokered nationally.

Identity validation errors

Example: Invalid NHS number supplied

If an invalid NHS number value is supplied to the GP Connect $gpc.getcarerecord operation, the following error details would be returned:

{
	"resourceType": "OperationOutcome",
	"meta": {
		"profile": ["https://fhir.nhs.uk/STU3/StructureDefinition/Spine-OperationOutcome-1"]
	},
	"issue": [{
		"severity": "error",
		"code": "value",
		"details": {
			"coding": [{
				"system": "https://fhir.nhs.uk/STU3/ValueSet/Spine-ErrorOrWarningCode-1",
				"code": "INVALID_NHS_NUMBER",
				"dispay": "Invalid NHS number"
			}]
		}
	}]
}

Example: Patient not found

For example, if a valid NHS number value is supplied to the GP Connect $gpc.getcarerecord Operation but no GP record exists for that patient, then the following error details would be returned:

{
	"resourceType": "OperationOutcome",
	"meta": {
		"profile": ["https://fhir.nhs.uk/STU3/StructureDefinition/Spine-OperationOutcome-1"]
	},
	"issue": [{
		"severity": "error",
		"code": "not-found",
		"details": {
			"coding": [{
				"system": "https://fhir.nhs.uk/STU3/ValueSet/Spine-ErrorOrWarningCode-1",
				"code": "PATIENT_NOT_FOUND",
				"display": "Patient not found"
			}]
		}
	}]
}

Example: Resource not found

This is a catch-all where a request for a resource instance cannot be found at the FHIR server, where more specific Spine error codes (such as PATIENT_NOT_FOUND) cannot be used.

{
	"resourceType": "OperationOutcome",
	"issue": [{
		"severity": "error",
		"code": "not-found",
		"details": {
			"coding": [{
				"system": "https://fhir.nhs.uk/STU3/ValueSet/Spine-ErrorOrWarningCode-1",
				"code": "NO_RECORD_FOUND",
				"display": "No record found"
			}]
		}
	}]
}

Security validation errors

Example: No patient consent to share

For example, if the patient has requested that their record should not be shared then the following error details would be returned:

{
	"resourceType": "OperationOutcome",
	"meta": {
		"profile": ["https://fhir.nhs.uk/STU3/StructureDefinition/Spine-OperationOutcome-1"]
	},
	"issue": [{
		"severity": "error",
		"code": "forbidden",
		"details": {
			"coding": [{
				"system": "https://fhir.nhs.uk/STU3/ValueSet/Spine-ErrorOrWarningCode-1",
				"code": "NO_PATIENT_CONSENT",
				"display": "Patient has not provided consent to share data" 
			}]
		}
	}]
}

Resource validation errors

INVALID_PARAMETER would be used in the following, or similar, scenarios:

• Unexpected parameter value for an custom operation. For example, a lowercase value is supplied to the recordSection parameter of the $gpc.getcarerecord operation.
• An invalid date/time value specified in a custom operaion parameter. For example, a invalid timePeriod defined in the timePeriod input parameter to the $gpc.getcarerecord operation.

INVALID_RESOURCE would be used in situations such as the following:

• Resource does to validate against StructureDefinition

REFERENCE_NOT_FOUND describes a scenario where a consumer POSTs a FHIR resource which contains a FHIR reference which are cannot be found.

Example: Reference not found

For example, when using a ‘Book an appointment’ API, a consumer includes a reference to a slot which does not exist at the server. The following error details would be returned:

{
	"resourceType": "OperationOutcome",
	"meta": {
		"profile": ["https://fhir.nhs.uk/STU3/StructureDefinition/Spine-OperationOutcome-1"]
	},
	"issue": [{
		"severity": "error",
		"code": "invalid",
		"details": {
			"coding": [{
				"system": "https://fhir.nhs.uk/STU3/ValueSet/Spine-ErrorOrWarningCode-1",
				"code": "REFERENCE_NOT_FOUND",
				"display": "FHIR reference not found"
			}]
		},
	    "diagnostics": "Reference to Slot/6 - no such slot exists at the server"
		"location": "/f:Slot/f:6"
	}]
}

Malformed request errors

When the server cannot or will not process a request due to an apparent client error then the following BAD_REQUEST error SHALL be used to return debug details.

MISSING_OR_INVALID_HEADER Spine error codes should be used in the following types of scenario:

• JSON Web Tokens (JWT) claims information is not valid JSON, is null, or has an invalid value
• invalid content in JWT claim (for example, patient identifier when practitioner expected)
• JWT requested_record claim does not match request
• an expected header (for example, interaction ID header) is missing or invalid
• InteractionID header does not match request

BAD_REQUEST Spine error codes should be used in the following types of scenario:

• malformed JSON or XML content in request body
• invalid HTTP verb used (for example, using POST to read a patient)

Example: Malformed JSON claim in request

For example, if the request contained a null aud claim in the JWT, then the following error details would be returned:

 {
	"resourceType": "OperationOutcome",
	"meta": {
		"profile": ["https://fhir.nhs.uk/STU3/StructureDefinition/Spine-OperationOutcome-1"]
	},
	"issue": [{
		"severity": "error",
		"code": "invalid",
		"details": {
			"coding": [{
				"system": "https://fhir.nhs.uk/STU3/ValueSet/Spine-ErrorOrWarningCode-1",
				"code": "MISSING_OR_INVALID_HEADER",
				"display": "There is a required header missing or invalid."
			}]
		},
		"diagnostics": "Empty JWT aud claim"
	}]
}

Internal server errors

When the FHIR server has received an request for an operation or FHIR resource which is not (yet) implemented, then the NOT_IMPLEMENTED Spine error code SHALL be used.

When the error is unexpected and the server can’t be more specific on the exact nature of the problem then the INTERNAL_SERVER_ERROR Spine error code SHALL be used, and diagnostics SHALL be included to provide detail of the error.

Example: Unexpected exception

For example, an unexpected internal exception is thrown by either an Operation or RESTful API, then the following error details would be returned:

 {
	"resourceType": "OperationOutcome",
	"meta": {
		"profile": ["https://fhir.nhs.uk/STU3/StructureDefinition/Spine-OperationOutcome-1"]
	},
	"issue": [{
		"severity": "error",
		"code": "exception",
		"details": {
			"coding": [{
				"system": "https://fhir.nhs.uk/STU3/ValueSet/Spine-ErrorOrWarningCode-1",
				"code": "INTERNAL_SERVER_ERROR",
				"display": "Internal server error"
			}]
		},
		"diagnostics": "Any further internal debug details i.e. stack trace details etc."
	}]
}

Spine Security Proxy (SSP) errors

When the Spine security proxy cannot or will not process a request then one of the following errors SHALL be used to return debug details:

SSP error example: ASID check failed

{
	"resourceType": "OperationOutcome",
	"id": "eb9e0b95-4eea-4654-ab2d-d6ef9e86cc3a",
	"issue": [{
		"severity": "error",
		"code": "forbidden",
		"diagnostics": "Any further internal debug details i.e. stack trace details etc."
	}]
}

SSP error example: method not allowed

{
	"resourceType": "OperationOutcome",
	"id": "eb9e0b95-4eea-4654-ab2d-d6ef9e86cc3a",
	"issue": [{
		"severity": "error",
		"code": "not-supported",
		"diagnostics": "Any further internal debug details i.e. stack trace details etc."
	}]
}

SSP error example: unsupported media type

{
	"resourceType": "OperationOutcome",
	"id": "eb9e0b95-4eea-4654-ab2d-d6ef9e86cc3a",
	"issue": [{
		"severity": "error",
		"code": "not-supported",
		"diagnostics": "Any further internal debug details i.e. stack trace details etc."
	}]
}

SSP error example: bad gateway

{
	"resourceType": "OperationOutcome",
	"id": "eb9e0b95-4eea-4654-ab2d-d6ef9e86cc3a",
	"issue": [{
		"severity": "error",
		"code": "transient",
		"diagnostics": "Any further internal debug details i.e. stack trace details etc."
	}]
}

SSP error example: gateway timeout

{
	"resourceType": "OperationOutcome",
	"id": "eb9e0b95-4eea-4654-ab2d-d6ef9e86cc3a",
	"issue": [{
		"severity": "error",
		"code": "transient",
		"diagnostics": "Any further internal debug details i.e. stack trace details etc."
	}]
}

Positive / Informational Outcome codes

In addition to errors, in some cases, an OperationOutcome might include a positive outcome or general informational code:

National Event Management Service (NEMS) will provide informational codes about Event Message type lifecycle when a Publisher system publishes an event: