We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
We are making it easier for NHS bodies to bring new starters on board.
With thousands of professionals returning to practice, and more entering practice for the first time, it is important that they have access to the critical systems that they need to deliver safe and effective patient care.
We're also supporting clinicians working in the independent sector to get access to the systems they need as they step up to support the NHS.
Smartcards for new starters
We're making it easy for new starters to get the NHS smartcard they need to use NHS clinical systems.
We’ve changed the advice on how registration authorities can verify the identity of the person the card is being issued to, simplifying the process whilst remaining secure and trusted.
We’ve also introduced new virtual smartcards in addition to physical smartcards, which means getting a new smartcard should be a simpler and speedier process to support remote working and verification.
Understanding how smartcards work
The smartcard is a unique card assigned to a specific user so they can access the systems they need to fulfil their role. It is allocated by a Registration Authority Manager and each card contains an electronic security certificate (the private key) which is unique to the user.
A physical smartcard is a piece of plastic with a smartcard chip built in. Similar to a credit card, it has its own secure enclave.
The user inserts the card into a smartcard reader when they want to access a system and enters their secret PIN to unlock the smartcard. The smartcard reader then uses software on the PC in order to confirm the smartcard is valid and the user has the authority to access the system.
The virtual smartcard is a digital form of the card and can be stored on a smartphone, in the cloud or on another physical device such as a secure USB key.
Virtual smartcards work in basically the same way as physical smartcards but the secure enclave can reside in other (non-physical smartcard) settings, such as the secure enclave of a mobile phone, a cloud based hardware security module (HSM), or a modern Trusted Platform Module (TPM).
We have provided some frequently asked questions about smartcard secure access and authentication.
Both physical and virtual smartcards store a digital credential for a person.
Whether you use a physical or virtual smartcard, each time a person logs on to a system a smartcard must be present. Authentication methods for different types of digital credential are diverse, can be communicated via Bluetooth or over the internet, and can include biometrics, such as a fingerprint or face recognition.
In certain cases, one form of digital credential may be preferable to another. For example, biometric authentication, such as a fingerprint, may be impractical when wearing PPE but may work well in other scenarios such as those being piloted by the London Ambulance Service who are using digital credentials on an iPad (assigned to specific individuals using fingerprint biometrics) to access the patient’s Summary Care Record.
Each of the virtual smartcard solutions may have different constraints and capabilities but all meet the same strict security requirements.
Getting access to a smartcard
As the numbers of people returning to NHS service and new recruits increase it is envisaged that some organisations may need additional support to print large volumes of smartcards in a short space of time.
Our physical smartcard printing service provides rapid printing of cards and a courier service to the destination.
The cards are printed locked and the local Registration Authority (RA) can unlock them and assign to users with relevant access.
We also have a stock of smart card printers we can provide to RAs to increase local printing capacity. Should you wish to print your own temporary access cards, we are able to allocate you temporary access card profiles (UUIDs) that have been centrally created that you are able to use to print against.
We have a stock of blank smartcards and readers that can be ordered here.
Entrust virtual smartcards
NHS Digital has centrally procured and integrated a virtual smartcard solution provided by Entrust with the NHS Digital Identity Agent client, Care Identity Service (CIS) and Card Management Service infrastructure (CMS). Entrust virtual smartcards work through an Entrust application that can be downloaded and installed on a user’s mobile device. This service is available immediately and funded centrally for the first 12 months.
Development and assurance update for an Advanced Electronic Signature (EPS signing)
NHS Digital is currently working with end systems suppliers and the Electronic Prescription Service (EPS) to ensure that the virtual smartcard solution can be used with their products to authenticate and provide an Advanced Electronic Signature that meets NHS Digitals requirements.
We will regularly review and update this page to provide progress.
This table will show the solutions and systems that have integrated successfully.
|Virtual Smartcard Solution Provider||System suppliers||Development||Assurance||Pilot||Live|
|NHS Digital with Entrust||EMIS||Complete||Ongoing||Late September (planned)||October (planned)|
|NHS Digital with Entrust||One Advanced||Complete||Ongoing||Late September (planned)||October (planned)|
Temporary access cards for local printing
Other smartcard queries
We want to ensure our processes are optimised so the large numbers of new and returning health and care workers can quickly and easily obtain smartcards and access patient information.