We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Smartcards to access clinical systems
Find out about the services for smartcard users and registration authorities being delivered during the coronavirus pandemic.
We are making it easier for NHS bodies to bring new starters on board.
With thousands of professionals returning to practice, and more entering practice for the first time, it is important that they have access to the critical systems that they need to deliver safe and effective patient care.
We're also supporting clinicians working in the independent sector to get access to the systems they need as they step up to support the NHS.
Smartcards for new starters
We're making it easy for new starters to get the NHS smartcard they need to use NHS clinical systems.
We’ve changed the advice on how registration authorities can verify the identity of the person the card is being issued to, simplifying the process whilst remaining secure and trusted.
We’ve also introduced new virtual smartcards in addition to physical smartcards, which means getting a new smartcard should be a simpler and speedier process to support remote working and verification.
Understanding how smartcards work
The smartcard is a unique card assigned to a specific user so they can access the systems they need to fulfil their role. It is allocated by a Registration Authority Manager and each card contains an electronic security certificate (the private key) which is unique to the user.
A physical smartcard is a piece of plastic with a smartcard chip built in. Similar to a credit card, it has its own secure enclave.
The user inserts the card into a smartcard reader when they want to access a system and enters their secret PIN to unlock the smartcard. The smartcard reader then uses software on the PC in order to confirm the smartcard is valid and the user has the authority to access the system.
The virtual smartcard is a digital form of the card and can be stored on a smartphone, in the cloud or on another physical device such as a secure USB key.
Virtual smartcards work in basically the same way as physical smartcards but the secure enclave can reside in other (non-physical smartcard) settings, such as the secure enclave of a mobile phone, a cloud based hardware security module (HSM), or a modern Trusted Platform Module (TPM).
We have provided some frequently asked questions about smartcard secure access and authentication.
Both physical and virtual smartcards store a digital credential for a person.
Whether you use a physical or virtual smartcard, each time a person logs on to a system a smartcard must be present. Authentication methods for different types of digital credential are diverse, can be communicated via Bluetooth or over the internet, and can include biometrics, such as a fingerprint or face recognition.
In certain cases, one form of digital credential may be preferable to another. For example, biometric authentication, such as a fingerprint, may be impractical when wearing PPE but may work well in other scenarios such as those being piloted by the London Ambulance Service who are using digital credentials on an iPad (assigned to specific individuals using fingerprint biometrics) to access the patient’s Summary Care Record.
Each of the virtual smartcard solutions may have different constraints and capabilities but all meet the same strict security requirements.
Getting access to a smartcard
As the numbers of people returning to NHS service and new recruits increase it is envisaged that some organisations may need additional support to print large volumes of smartcards in a short space of time.
Our physical smartcard printing service provides rapid printing of cards and a courier service to the destination.
The cards are printed locked and the local Registration Authority (RA) can unlock them and assign to users with relevant access.
We also have a stock of smart card printers we can provide to RAs to increase local printing capacity. Should you wish to print your own temporary access cards, we are able to allocate you temporary access card profiles (UUIDs) that have been centrally created that you are able to use to print against.
We have a stock of blank smartcards and readers that can be ordered here.
Entrust virtual smartcards
NHS Digital has centrally procured and integrated a virtual smartcard solution provided by Entrust with the NHS Digital Identity Agent client, Care Identity Service (CIS) and Card Management Service infrastructure (CMS). Entrust virtual smartcards work through an Entrust application that can be downloaded and installed on a user’s mobile device. This service is available immediately and funded centrally until March 2023.
Development and assurance update for an Advanced Electronic Signature (EPS signing)
NHS Digital is currently working with end systems suppliers and the Electronic Prescription Service (EPS) to ensure that the virtual smartcard solution can be used with their products to authenticate and provide an Advanced Electronic Signature that meets NHS Digitals requirements.
We will regularly review and update this page to provide progress.
This table will show the solutions and systems that have integrated successfully.
|Virtual Smartcard Solution Provider||System suppliers||Development||Assurance||Pilot||Live|
|NHS Digital with Entrust||EMIS||Complete||Ongoing||To be confirmed||To be confirmed|
|NHS Digital with Entrust||One Advanced||Complete||Ongoing||Late September (planned)||October (planned)|
Update on Isosec solution
In early April, we procured a virtual smartcard solution from Isosec to support the NHS coronavirus (COVID-19) response. The solution was initially accepted on the basis that further development would be carried out in order to fully satisfy NHS Digital’s requirements.
NHS Digital and Isosec have been working collaboratively for several months to establish an acceptable design for Isosec’s solution that fully meets NHS Digital’s requirements for authentication and an Advanced Electronic Signature for use with NHS national systems.
Isosec have presented a revised solution design that meets NHS Digital’s requirements and also supports an Advanced Electronic Signature and are now working to deliver the changes outlined in that design. When the changes to the solution have been made, NHS Digital will work with Isosec to confirm that the updated solution has satisfactorily met all requirements.
Once NHS Digital are satisfied that the new solution fully meets our requirements we will again make the licenses purchased under our agreement available for use and deployment across the NHS.
Isosec have also shared a letter of intent to move all their existing customers to the revised solution when the new enhanced solution has been delivered.
As a reminder Customers who deployed Isosec under the NHS Digital contract must use the solution with 2FA mode switched on if accessing national systems. Isosec also expect that the next product release of their solution will meet and exceed NHS Digital’s requirements for Advanced Electronic Signature and as such will then be eligible for use with EPS. The use for EPS will form part of the NHS Digital assurance assessment.
For further information, please contact email@example.com
Temporary access cards for local printing
Other smartcard queries
We want to ensure our processes are optimised so the large numbers of new and returning health and care workers can quickly and easily obtain smartcards and access patient information.