Skip to main content
BETA A NHS service powered by standards. Feedbackopens in a new window will help us improve.

Identity Verification and Authentication Standard for Digital Health and Care Services

Provide a consistent approach to identity management across digital health and care services, covering verification, authentication and clinical authorisation.

Contents

Documentation
View documentation for this standard

About this standard

Publisher
NHS England
Reference code
DCB3051 Amd 7/2020
Publication date
13 March 2020
Publication version
2.0.0
Status
Active
Show definitions of statuses

Active. Active standards are stable, maintained and have been approved, assured or endorsed for use by qualified bodies.

Deprecated Deprecated standards are available for use and are maintained, but are being phased out, so new functionality will not be added.

Retired standards Retired standards are not being maintained or supported and should not be used.

Standard type
Information standards
Show definitions of standard types

Collections. A Collection is a systematic gathering of a specified selection of data or information for a particular stated purpose from existing records held within health and care systems and electronic devices.

Extractions. An extraction is a type of collection that is pulled from an operational system by the data controller and transmitted to the receiver without additional processing or transcription by the sender.

Information standards. Information standards are agreed ways of doing something, written down as a set of precise criteria so they can be used as rules, guidelines, or definitions.

Technical Standards and specifications. Technical standards and specifications specify how to make information available technically including how the data is structured and transported.

Contact point

enquiries@nhsdigital.nhs.uk

Using this standard

Applies to
All health and care organisations implementing digital services and offering patient/service user online access to these services
Impacts on
Companies or authorities providing identity services on behalf of the above providers; alignment with this standard will be essential for such organisations once the national citizen identify platform is established. Systems suppliers providing systems to the above providers; suppliers should work with their customers to determine necessary changes.
Associated medias
Conformance date
31 August 2020
Effective from
13 March 2020

Topics and care settings

Topic
  • Access to records
  • Authentication
  • Demographics
  • Information codes of practice
  • Information governance
  • Patient communication
  • Security
Care setting
  • Community health
  • Hospital
  • Maternity
  • Mental health
  • Pharmacy
  • Social care
  • Urgent and Emergency Care

Review Information

Scope
Health Services; NHS Services; Adult Social Care
Sponsor

Kristen Allin, Head of Digital Product Strategy, NHSX

Senior Responsible Officer

Polly Bishop, Acting Director of Digital Experience, NHSX

Business Lead
Chrissie Yewman, Delivery Officer for NHS login, NHS Digital
Approval date
10 March 2020
Post Implementation review Date
28 February 2021
Technical Committee

Data Co-ordination Board (DCB)

Legal basis and endorsements

Legal authority

Section 250 of the Health and Social Care Act 2012

This information standard is published under section 250 of the Health and Social Care Act 2012

More information

Ensures that all digital services and apps which offer patients/service users access to their own information follow agreed standards and principles, reducing the need for multiple logins by end users without compromising the security of such information.

Where local digital services and apps want to offer patient access via NHS login, NHS Digital will assure the conformance of these local services to this standard before authorising and enabling integration.

About this change

This change is being made to ensure continued alignment with Good Practice Guide 45 (GPG45) which was updated in December 2019. Following this update of GPG45, NHS Digital has received feedback that the mis-alignment has caused confusion for stakeholders and partners. The opportunity has also been taken to address stakeholder concerns and as a result: • there has been a change in the photo ID requirements that means users no longer need to provide additional proof of address if their ID document does not display address details • more detail around delegated access has been provided. In addition, updated guidance in relation to pharmacy services and sexual and reproductive health services has been included.

Page last updated: 20 June 2024