NHS Care Identity Service 2

NHS CIS2, formerly known as NHS Identity, makes use of current technology to provide a number of ways for health and care professionals in England to authenticate their identity when accessing national clinical information systems.

This will help to transform the way mobile workers can securely access clinical information at the point of need using a range of devices.

All of our solutions will make use of multifactor authentication, which currently provides the most secure model of authentication. This incorporates the principles of "something the user has" in their possession, for example a Smartcard, an approved device, and "something the user knows or is", for example a pin code or biometrics.

Smartcard authentication needs a Health and Social Care Network (HSCN) connection, previously known as N3. The other aspects of secure authentication happen over the Internet, without the need for a HSCN connection.

NHS CIS2 has a number of main aims:

1. Allow the use of new authentication methods where a smartcard may not be appropriate.
2. Simplify the effort needed to integrate an application with the authentication service.
3. Remove the need for outdated technology like IE11 or Java applets.
4. Allow the use of the latest operating systems and browsers.

To enable these aims NHS Identity is providing an OpenID Connect (OIDC) solution. OIDC is an Internet Engineering Task Force (IETF) standard that defines a protocol for applications to request a user authentication from an Identity Provider (IdP) such as NHS Identity.

NHS CIS2 provides benefits in the following areas:

Multifactor authentication

Using a device that is associated with the user allows them to authenticate with biometrics (fingerprint and facial recognition) and smartcards. In the future there will be additional ways to be able to prove identity, using the latest secure technologies.

Supports modern health and care

Users can securely access clinical information at the point of need using a range of devices, for example tablets and laptops. This supports modern and mobile ways of working within health and care.

Easy integration

Uses OpenID Connect, the leading standard for single sign-on and identification on the internet.

Secure

NHS Identity uses the Open ID Connect and OAuth2.0 protocols, along with FIDO (Fast Identity Online) UAF specification, which allows for biometric authentication. It also works with modern browser technology, making systems more secure and less vulnerable to malware and other malicious attacks.