DAPB3051 (previously DCB3051): Identity Verification and Authentication Standard for Digital Health and Care Services

NHS England, in collaboration with and other partners, has developed a number of digital services that will put patients/service users in charge of their own health and care. This will enable them to manage aspects of their own care, to contribute to the care process and reduce pressure on frontline NHS and social care services.

These digital services contain personal information and as such it is essential that only the correct person has access. At present, most health and care services repeatedly require a means of verifying and authenticating an individual’s identity:

• NHS login, a national citizen identity platform from NHS England, enables people to prove their identity once, in a manner which is convenient to them, and they can then use their NHS login in digital services. In doing this, NHS England can build public confidence in, and encourage greater use of, local and national digital health and care services.
• A fundamental requirement of NHS login is a nationally agreed approach to identity management for health and care, conformant with identify assurance principles endorsed by the government.

This information standard sets out this agreed approach.

This information standard is published under section 250 of the Health and Social Care Act 2012. An Information Standards Notice (see below) provides an overview of scope and implementation timescales, and the other documents provide further detail for those who must implement the information standard

DAPB3051 (previously DCB3051): Identity Verification and Authentication Standard for Digital Health and Care Services

This information standard provides for a consistent approach to identity management, for digital health and care services, covering verification and authentication.

This provides the basis to ensure that all digital services and apps, which offer patients, service users, those involved in your direct care, and/or those with approved authority to act on your behalf, access to your health and care information follow agreed controls, standards, and principles, reducing the need for multiple logins by users without compromising the security of such information.

Where local digital services and apps want to offer access via NHS login, NHS England will assure the conformance of these local services to this standard before authorising and enabling access.

Previous release