NHS CIS2 Authentication
NHS CIS2 Authentication is the secure authentication service used by health and care professionals in England to access national clinical information systems.
What is NHS CIS2 Authentication?
NHS CIS2 Authentication is a secure authentication service used by health and care professionals in England to access national clinical information systems.
It opens up new authentication options as alternatives to smartcards, including iPads, security keys, Windows Hello and Microsoft Authenticator.
How it works
CIS2 Authentication follows industry best practices and adheres to OIDC and NIST standards for authentication. Most applications utilising CIS2 Authentication will require the health and care professional to authenticate with one of the CIS2 Authenticators listed below.
We believe that patient data should be protected. With the transition to CIS2 Authentication, clinical information systems are required to expand their protections by upgrading their processes for logging users in and out.
For most CIS2 Authentication applications, removing your smartcard from the reader will no longer log you out. Your session will end safely when either:
- the application using CIS2 Authentication detects that you have been inactive
- you terminate the session using the logout option in your application
Benefits
CIS2 Authentication provides a simple and secure authentication framework for accessing applications.
Health and care professionals benefit from:
- simple and secure login options, where you can authenticate with just your face or fingerprint
- a variety of convenient authenticator options that do not require certificate renewals and are not easily lost or misplaced
- the same login across multiple applications, with no need to remember passwords
Suppliers operating in health and care benefit from:
- the ability to provide high levels of authentication security in line with NHS England’s multi-factor authentication policy
- a standards-based framework that allows health and care organisations to make the most of industry best practice
- simplified code changes to support authentication changes across NHS England systems
- solutions that no longer rely on HSCN
- a Platinum service - supported 24 hours a day, 7 days a week
- Paramedics now have access to patient information whilst en route and at an incident as they can use their biometrics on iPads to access NCRS.
- Dentists are referring patients into the NHS using security keys to access eRS.
- Pharmacists can use Windows Hello on tablets and laptops, supporting them to consult with patients where they're needed and freeing them from being tethered to a desk.
- Social care staff can now view patients' medical records using multi-factor authentication with their mobile phones.
Authenticator options
Users can authenticate using 7 different methods.
A great alternative to smartcards that requires no software installation, certificate renewal or large hardware to carry around.
Log in to applications just by showing your face or fingerprints.
Microsoft Authenticator is currently being used to access National Care Records Service, MESH and e-Referral Service by organisations across health and care settings.
Authenticate by entering your email address, password and a 6-digit security code from the Microsoft Authenticator app on your phone.
An authentication option requiring fewer steps to log in for compatible devices: simply tap with your fingerprint or look into your device's camera to authenticate.
Security keys are typically small physical USB devices that require no software installation or certificate renewal. They're small and convenient enough to be attached to a set of keys or a lanyard.
Simply enter a PIN and physically touch the security key to log in.
The NHS CIS2 iPad app is a great option for users who work in environments that require ultimate mobility. There's no need for a smartcard or reader.
Log in to applications just by showing your face or fingerprints.
Smartcards are credit card-sized ID cards. Users authenticate by inserting their smartcard into a reader and entering their passcode. They require specific software to work.
Connect your NHS.net email address to your Care Identity and log in to systems like the National Summary Care Records Service and Cervical Screening Management System, using the same multi-factor authentication process you use to log in to your email.
Sign in using your email, password and a push notification from an authenticator app.
Services using NHS CIS2 Authentication
Over 40 applications and 730,000 users are benefitting from using NHS CIS2 Authentication. Find out which websites and apps currently use NHS CIS2 Authentication.
You can also see our performance data.
Onboarding
The idea is simple:
-
We provide a secure, reliable authentication service and a standards based (OIDC, WebAuthn, FIDO2), simple API to integrate with.
-
You integrate NHS CIS2 Authentication into your website or app and get it approved by us.
-
Health and care professionals have a convenient way to authenticate and don't have to remember different logins for different systems.
On average, onboarding can take about 3 months, but we've found that this can be made much shorter if you're able to give it more resources and focus.
Start your onboarding journey today
There are only two parts to onboarding successfully:
- Integrate NHS CIS2 Authentication into your software.
- Get your software approved to go live.
Support and troubleshooting
You can get support by going to the NHS Digital Customer Portal or emailing [email protected].
Latest updates
To read about recent new features and what's coming up, go to our release hub.
There are lots of features we are working on and considering for the future and we'd love to hear what you think. To vote on these features, comment or suggest new ideas, email us at [email protected] with 'CIS2 New' as the subject line.
Last edited: 3 July 2025 2:18 pm