Citizen Identity – the evolution of username password security
How do we give the public secure access to their healthcare data and NHS services? Lead Delivery Manager Richard McStay talks about NHS login and the NHS Digital Citizen Identity team’s work to ensure people can prove their identity when signing up for online services.
9 September 2019
Fingerprints, biometrics, retinal scanning, voice recognition and facial mapping – likeness, liveness, authentication and verification. Gaining access to your personal stuff, whether it be your cash, shopping app of choice or healthcare data is a tricky business, often requiring an airport-style, digital security gate to get to what we think as 'ours' in the first place.
Unfortunately, this very necessary evil is likely to continue, and it is the responsibility of those given the task of implementing it to make it as simple and pain-free as possible, while still being completely and rock-solidly secure.
The security aspect of providing a mechanism by which people can verify their identity is a real challenge. Unauthorised access to most other aspects of your personal life such as your social media profile is highly inconvenient, sure, but relatively recoverable and retrievable. Medical information is significantly more personal to us and therefore the security needs to reflect this by being absolutely watertight. It is essential that only the right person has access.
The key for healthcare is the digital link that matches me to my healthcare record and gives applications the confidence that the connections they make to healthcare data stores and services are definitely for the user that has signed up for them. It’s a GP appointment for me, it’s my repeat medication, it’s my healthcare record, it my referral and those are my results from that scan.
Longer term, 'sign-in with your NHS login' has the potential to become the ID verification and authentication product integrated across a wide number of health and social care platforms.
Proving someone’s identity is harder than that though, especially as people don’t always want to go through the process of verifying it. In the same way nobody really wants to complete a passport application or go through airport security, they just want to get straight to the holiday, they want to swiftly access a new app that they’ve seen or that’s been recommended to them.
Despite the challenges some will experience with the above process, the benefit of NHS login is that you only have to do it (successfully) once. The variety and diversity of healthcare apps currently developed or being developed is kickstarting the process of putting the control of healthcare information into the hands of patients.
There’s still work to for us to do and while the version that’s being used now for healthcare tools like the NHS App is simple, safe and secure, the learning we’ve gained will continue to shape our solution in this space.
Using the combinations of user, partner and analytics feedback, we’re constantly evolving our product. In the short term, we need to be able to offer a solution for those unable to use digital identity methods, but still receive the benefits of digital healthcare tools, such as an offline-to-online capability and/or clinical validation. Longer term, “sign-in with your NHS login” has the potential to become the ID verification and authentication product integrated across a wide number of health and social care platforms.
Providing this secure capability for patients to safely use health and care applications supports a growing need for using technology led, innovative ways to access our health data and the services the NHS provides.
Want to provide secure NHS login verification and authentication in your application? Go to NHS login for suppliers and developers for more information
NHS login provides patients with a simple, secure and re-usable way to access multiple digital health and care services.