Written by Technical Team | Last updated 02.08.2025 | 9 minute read
The Electronic Prescription Service (EPS) is one of the most significant digital transformations within the NHS.
Designed to replace paper prescriptions with a secure electronic alternative, EPS streamlines the process of prescribing, dispensing and reimbursing medicines across England. It not only reduces administrative burden but also minimises errors, supports efficient stock control for pharmacies, and improves patient convenience.
At its core, EPS connects prescribers, dispensers and NHS services via the NHS Spine, the central messaging and data platform of the NHS. The integration of EPS into healthcare software relies heavily on robust APIs, careful adherence to data security standards, and a technical workflow that ensures patient safety and service continuity. Understanding how each component interacts—from authentication to dispensing—is essential for system suppliers, pharmacies and healthcare organisations looking to implement or optimise EPS‑enabled systems.
The workflow itself is highly structured. It begins with authentication and authorisation, ensuring that only approved systems and users can access the EPS. Next, patient details are verified and dispenser nomination confirmed. Prescriptions are prepared in compliance with national drug dictionaries and digitally signed for integrity before being submitted to the Spine. On the dispensing side, pharmacies download prescriptions, record supply, and submit claims for reimbursement. At every stage, technical and regulatory safeguards ensure the service functions smoothly while protecting sensitive patient information.
Before any prescription can be created or retrieved, systems must establish a secure identity within the NHS digital ecosystem. This involves two interlinked concepts: authentication (proving identity) and authorisation (determining access rights).
NHS EPS API integration requires each supplier system to obtain credentials through a rigorous onboarding process. These credentials may include client IDs and secrets for application‑restricted flows, or integration with user authentication frameworks such as NHS Login for user‑restricted flows. The exact approach depends on the use case: for example, a prescribing system may need to authenticate individual clinicians, whereas a dispensing system might authenticate the pharmacy system itself.
All EPS transactions must be secured using modern standards, typically OAuth2 with JSON Web Tokens (JWTs). Tokens are short‑lived, requiring systems to refresh them regularly. Developers must design their systems to gracefully handle token expiry and ensure uninterrupted access to EPS services. In addition, every message transmitted through the EPS FHIR APIs must include a set of mandated headers, such as Accredited System ID (ASID), correlation identifiers, timestamps and digital signatures. These ensure accountability, traceability and non‑repudiation of actions carried out via the API.
Because EPS interfaces with sensitive health data, compliance is not optional. Systems must meet Data Security and Protection Toolkit (DSPT) requirements, demonstrate adherence to General Data Protection Regulation (GDPR), and pass clinical safety standards such as DCB0129. Only once these assurances are complete does the NHS permit a supplier system to interact with the EPS APIs in a live environment.
Once authenticated, the next step in the EPS workflow is identifying the patient for whom a prescription will be created. This process relies on integration with the Personal Demographics Service (PDS), which maintains the master record of NHS numbers and core patient information across England.
A prescribing system will typically query PDS to confirm the patient’s identity, cross‑checking demographic details such as date of birth, name and address. Matching accuracy is critical. An incorrect match can result in a prescription being issued to the wrong patient, with potentially serious clinical consequences. Developers must therefore implement robust matching logic and ensure that clinicians can verify the patient identity before proceeding.
Alongside identity verification, the system retrieves nomination information. A nomination specifies the patient’s preferred dispenser, such as a community pharmacy or an appliance contractor. Nominations are classified into different types, allowing for default dispensers or one‑off pharmacy choices. Presenting the most up‑to‑date nomination to the prescriber ensures that prescriptions are delivered to the correct dispenser with minimal manual intervention.
If the patient has no nomination, the prescribing system may provide a search facility to locate an appropriate dispenser. This is achieved through integration with the NHS Directory of Services, which lists EPS‑enabled pharmacies and appliance contractors. A well‑designed user interface allows prescribers to search by location, name or service type, ensuring patients can access a pharmacy convenient to them.
By carefully orchestrating patient lookup and nomination checks, systems minimise prescription errors and enhance the patient experience. This phase of the workflow is often invisible to patients, yet it underpins the safety and reliability of the entire EPS process.
With patient and dispenser details confirmed, the system must prepare the electronic prescription for submission. Prescriptions are constructed in accordance with the NHS Dictionary of Medicines and Devices (dm+d), ensuring consistent coding and interpretation of medicines, appliances and dosage instructions across the NHS.
The preparation step involves assembling a FHIR R4 message that contains all required details:
Once assembled, the prescription message is sent to a designated API endpoint for validation. At this stage, the system may receive warnings or errors if the message does not conform to EPS requirements. Error handling must be precise; invalid prescriptions cannot be processed further, and clinicians should be alerted immediately to make corrections.
Following validation, the prescription payload is digitally signed. Signing ensures both authenticity and integrity: the signature proves the prescription originated from an authorised prescriber and guarantees that it has not been altered in transit. Some systems perform signing locally using smartcards or integrated authentication tokens, while others rely on NHS Digital’s signing service.
The signed prescription is then combined with a provenance record and returned as a finalised message ready for submission to the NHS Spine. This stage marks the technical transition from prescriber intent to an authoritative digital prescription within the EPS ecosystem.
Submission is the pivotal point where the prepared and signed prescription enters the EPS infrastructure. The prescribing system transmits the message to the EPS FHIR API using the appropriate process‑message endpoint. The Spine validates the request, stores the prescription, and routes it according to the patient’s nomination or other delivery instructions.
When a nomination exists, the prescription is queued for retrieval by the nominated pharmacy during their next batch download. If no nomination is set, the prescription is available for retrieval by any EPS‑enabled dispenser with the relevant prescription identifier.
The submission process is highly transactional. Each request generates acknowledgements that confirm receipt, acceptance or rejection. In the case of rejections—such as mismatched identifiers or unsupported medication codes—the system must log details and return clear error messages to the prescriber. Reliable retry logic is also vital; transient issues such as network disruptions should trigger controlled retries without risking duplicate submissions.
Prescriptions can also be cancelled via EPS if clinical judgement changes after submission. Cancellations are only effective if the dispenser has not yet downloaded the prescription. Once retrieved, a cancellation request remains pending until the dispenser acknowledges and returns the message to the Spine. This ensures safe handling of prescriptions while maintaining accountability for each action taken.
On the dispensing side, pharmacy systems periodically connect to the EPS to download prescriptions awaiting fulfilment. The downloaded prescriptions are presented to pharmacy staff, who check details against the patient record and prepare the medicines. Systems may also handle staged dispensing, where items are supplied in instalments, particularly for controlled drugs or multi‑part regimens.
Once dispensing is complete, the pharmacy system updates the prescription status via EPS. This may involve marking the prescription as fully dispensed, partially dispensed or returned. Dispense notifications are then transmitted back to the Spine, providing a clear audit trail of the dispensing process.
After dispensing, pharmacies must submit reimbursement claims to NHS Prescription Services. These claims are essential for financial settlement and rely on accurate coding and submission within EPS. Pharmacy systems therefore need to integrate claims management functionality, ensuring that data is complete, accurate and transmitted within prescribed deadlines.
Throughout this process, robust error handling is again essential. Common issues such as incorrect dm+d coding, claim rejection or batch submission failures must be addressed quickly to prevent delays in payment and ensure compliance with NHS policy.
Transparency is a growing priority in EPS workflows. While traditional EPS allowed prescribers limited visibility of prescription status once submitted, new developments are expanding tracking capabilities. Through integration with modern APIs, prescribers and dispensers will soon be able to view real‑time updates on whether a prescription has been downloaded, dispensed or returned.
This functionality improves coordination across the care pathway. Clinicians can confirm that a patient has collected their medication, while pharmacists can anticipate queries regarding prescription availability. Patients also benefit, as systems can provide more accurate updates on the progress of their prescriptions.
Prescription tracking relies on structured data exchanges between EPS, the prescribing system and the dispensing system. Developers integrating these features must design interfaces that clearly present status information without overwhelming the user with technical detail. By prioritising clarity and usability, tracking features enhance patient safety while building trust in digital prescription services.
The technical workflow of EPS integration is underpinned by security at every stage. Patient data is among the most sensitive information handled within the NHS, and systems must be designed to protect it from unauthorised access, tampering or loss. Encryption, secure logging, audit trails and strict access controls are mandatory.
Testing is another non‑negotiable element. Before moving to live deployment, systems must undergo extensive testing in NHS‑supplied sandbox environments. These sandboxes simulate real EPS interactions, allowing developers to validate authentication flows, message construction, error handling and status updates. While test environments cannot fully replicate production data and load, they remain essential for identifying integration issues before patient safety is at stake.
Looking ahead, EPS continues to evolve. Upcoming developments include greater flexibility for staged and instalment dispensing, improved prescription tracking, and potentially decoupling EPS from central Spine infrastructure to reduce complexity and enhance scalability. Developers designing EPS integrations today must anticipate these changes and build systems that are modular, adaptable and ready for continuous improvement.
Is your team looking for help with NHS EPS API integration? Click the button below.
Get in touch