We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Find out about NHS smartcards, how they work, and how to request and use them for testing in our path to live (PTL) testing environments.
This page explains what NHS smartcards are, how they work, the end user’s smartcard journey and testing with smartcards in our path to live (PTL) environments.
What is an NHS smartcard?
An NHS smartcard is a plastic card containing an electronic chip and is used along with a PIN. It looks like a ‘chip and PIN’ bank card.
A smartcard is personalised by printing the end user's name, photograph and unique user identification number on it. The end users are typically the healthcare workers working for NHS England.
Smartcards were introduced in 2004 and are one of the ways for healthcare workers to strongly authenticate themselves. Once authenticated they can access the clinical and personal information of a patient via our national services such as PDS and EPS.
What are smartcards used for?
The primary purpose of smartcards is to strongly authenticate healthcare workers before they can access patient information.
They can also be used to:
sign in to a Windows desktop, for example at an NHS trust
identify themselves as NHS staff, for example at a pharmacy
A smartcard combined with a PIN helps to protect a patient’s clinical and personal information securely. Smartcards are the most widely used means of access control for patient information.
Healthcare worker’s smartcard journey
The suppliers of the healthcare application or an IT support function within an NHS organisation are likely to be responsible for setting up the healthcare worker’s computer. They download the NHS Identity Agent (IA) and the NHS Credential Management Software (CMS) from NHS Digital downloads (only available over HSCN connection). These software components are responsible for initiating the healthcare workers authentication process and interactions with the server-side components.
Once the computer is set up there are 4 stages in a healthcare worker’s smartcard journey.
Applying for a smartcard
Once a healthcare worker is employed by an NHS organisation, they need to provide their proof of identity to get a smartcard. Each NHS organisation has a person who is responsible for handling this, and they are known as the Registration Authority (RA) for that organisation. The RA carries out the identity checks of smartcard users and assigns an appropriate access profile to the healthcare worker.