Digital signatures

Clinicians sign many documents and records, paper and electronic, during their working day. Their signature is unique and legally significant. Where the legality of the signature has a direct impact on patient care and clinical reputation, NHS England offers technical solutions that system suppliers can develop as part of their wider offering.

Currently, the only supported use case is the signing of prescriptions within the Electronic Prescription Service. To request use of the signature service outside of the Electronic Prescription Service, email [email protected]

In the past, NHS England has offered smartcards as a convenient means of authenticating to the Spine and clinical applications. With the migration of system applications to CIS2 Authentication and expansion into new care settings, health and care professionals can log into clinical systems in a variety of ways. As the role of the clinician evolves, smartcards are no longer the most convenient authenticator for some care settings and scenarios.

Technology that makes use of biometrics, like facial recognition, is increasingly important in reducing the login burden for health and care professionals.

In a CIS2 Authentication and NHSmail authenticated world, health and care professionals will be able to log in with an authenticator that suits their way of working.

Legacy system suppliers often have their own method of creating an electronic signature. NHS England supports and maintains a limited set of tools for generating signatures.  

A signature is generated when the system can uniquely identify that the health and care professional, who has logged into the application, is the same as the one requesting the signature. To do this, a re-authentication takes place. This is vital to meeting non-repudiation requirements for EPS, where the clinician takes responsibility for the signing of the medication and confirms the prescription content is correct.

The supported methods for creating a signature are:

• Vendor Agnostic Signing API (legacy solution)
• Digital Signature Service (strategic solution)
• Signing JavaScript Library (interim solution)

The Vendor Agnostic Signing API was developed for legacy system suppliers to integrate directly to desktop applications. The solution enables the prescribing system to interact with a smartcard. In context of the API, ‘Vendor Agnostic’ refers to the Smartcard vendor, as the API removes the complexity from switching between Gemalto and Oberthur smartcard estates.  

The only planned development changes are to enable prescription signing to use a SHA-256 hash.  

As the API is supported for a limited group of legacy system suppliers, and as there are many versions of this API, it is not available and will eventually be retired.

A prescribing system supplier uses Signing Gateway API and appropriate backend services in the Digital Signature Service to generate the signature.  

The Signing Gateway API in the Digital Signature Service operates as a logical gateway for the prescribing system supplier. As such, the API is designed to enable prescribing applications to utilise new authenticators and a reauthentication flow without additional and ongoing bespoke development.  

For example, health and care professionals who have logged into the prescribing application using Windows Hello will need to reauthenticate only using their face. Health and care professionals who have logged into the prescribing application with their physical smartcard will need to reauthenticate by entering their passcode on NHS Credential Management for signing.  

The above behaviour is possible because the prescribing application shares an authentication token with NHS England by virtue of the Signing Gateway API. For those using a smartcard, the key material required to uniquely link the prescribing clinician to the prescription is present on the smartcard itself. For other non-smartcard CIS2 authenticators, the key material is accessible via a Remote Signing backend. 

To get started with the Digital Signature Service, please see the documentation in our API catalogue.

The library solution is available for a limited period of time while we review the integration pattern. The library is currently only available for signing with smartcards.  

The repository is published via NPM as an NHS repo and is maintained as open-source code. Prescribing system suppliers using this repo will eventually need to offer additional non-smartcard authenticators via the Digital Signature Service.