Skip to main content

Identity and Access Management roadmap

Find out what we are working on now and what we plan to achieve in the future with NHS Identity and Access Management services.

Care Identity Service 2 (CIS2): Care identity management

Care Identity Management is a new service used to create and manage health and care staff identities and give access to national clinical information systems. It ensures staff have secure access to the clinical information they need, when and where they need it, to improve patient outcomes.

Delivered

We've delivered:

  • limited pilot for approximately 300 users
  • search, view and create user profiles
  • assign positions
  • issue, print and service smartcards
Up next

We will be delivering:

  • access to all ‘RA Manager', 'Agent' and 'Advanced Agent' roles
  • view removed positions
  • service notifications banner
  • view non-smartcard authenticators
Later

In the future, we will be delivering:

  • open access to other non-RA roles
  • organisation search
  • issue non-smartcard authenticators
Exploring

We're exploring:

  • integration with Electronic Staff Record (ESR)
  • reporting discovery and design

Care Identity Service 2 (CIS2): Care Identity Authentication

Care Identity Authentication is a new, secure authentication service used by health and care professionals in England to access national clinical information systems.

Delivered

We've delivered scaled authentication infrastructure to support NHS Mail smartcard access (NHS Mail roll-out pending).

 

Up next

We will be delivering:

  • smartcard access to NHSmail roll-out
  • pilot of Identity Agent that works over the internet (without HSCN)
  • multi-factor authenticator access to National Care Record Service (pilot with social care providers)
  • improved role selection for iOS
Later

In the future, we will be delivering:

  • internet Identity Agent wider roll-out
  • multi-factor authentication wider roll-out
Exploring

We're exploring:

  • better support for native applications
  • API Management Developer Hub integration
  • identity federation for Active Directory
  • multi-factor authentication push notifications
  • Care Identity Authentication support for Windows 11
  • iOS 16 support – including passkey

Apply for Care ID (AfCID)

NHS Digital are creating a new self-service registration service called Apply for Care ID, that enables health and care staff to carry out their identity checks online, before they are provided with access to national clinical information and services.

Delivered

We've delivered:

  • workforce managers can invite their staff to prove their identity
  • self-service identity proving by new staff
  • duplicate checking with self-created care identities
  • provision of delivery address, positions and authenticator required to RA’s
  • prototyping and demo systems to involve organisations in the development of the service
Up next

We will be delivering:

  • automated identity checking of common Identity document profile
  • extend support for additional ID documentation type
  • entry to private beta
Later

In the future, we will be delivering:

  • entry to public beta and scale up the reach of the service
  • integration with existing Care Identity Service to allow RAs to fully manage self-created care identities
  • integration with HM Passport Office for document validity
Exploring

To be confirmed.

Get involved

Email IAMPlatforms@nhs.net to:

  • send feedback about any part of our service - whether it’s a problem with the existing system, or a suggestion
  • ask to be contacted by our researchers to book an hour’s usability testing session

Our Digital Smartcard

A smartcard product that enables users to authenticate securely using an app on their mobile device using Bluetooth technology, to gain access to health and care systems and services.

Delivered

We've delivered:

  • working service proven to authenticate and sign prescriptions with EMIS Web
  • working Service that supports authentication to a wide range of national and local systems
  • available to NHS users at scale
Up next

We will be delivering:

  • SystmOne and Adastra integration for signing of prescriptions
  • revised product that supports Out of Band authentication moves into pilot
  • Out of Band, which removes the Bluetooth requirement as part of authentication, will be made available at scale
Later

We will continue to refine the product.


Smartcard procurement

We can provide users with new series smartcards that use modern technologies.

Delivered

We've delivered:

  • smartcard provider identified
  • smartcard proven to work in live environment
Up next

We will be delivering:

  • specifications for all functions for the card to be finalised ahead of procuring initial batches of smartcards
  • finalising changes for ordering portal 
Later

In the future, we will be delivering:

  • supplier delivery of ordering portal
  • procurement of future batches of cards
Exploring

We're exploring working with remaining suppliers to ensure that they can utilise new smartcard standards.


Review of policy and standards

Review of policies and standards we must adhere to, ensuring correct level of assurance and consistency across all products and platforms.

Delivered

We've rewritten RA policy to reflect recommended actions and standards.

Up next

We will review changes required as a result of retirement of the COPI notice.

Later

In the future, we will feed any system changes required to support the policy changes into the Care Identity Management, Internet Identity Agent and Apply for Care ID backlogs.


System supplier onboarding to CIS2

System suppliers should be able to integrate with NHS Digital’s authentication service easily.

Delivered

We've delivered:

  • streamlined onboarding process
  • Credential Management deployed to over 80% of the estate
  • significant number of system suppliers have achieved conformance to use CIS2 - Care Identity Authentication: Live with us - NHS Digital
Up next

We will:

  • continue deprecation of old smartcards and IAs
  • continued engagement with, and onboarding of suppliers to support CIS Auth deprecation date of 30 September 2023
Later

In the future, we will:

  • continue engagement with, and onboarding of suppliers
  • continue to support credential management roll out
  • continue deprecation of old smartcards and IAs
Exploring

We will be explore how to simplify onboarding with more self-service options for system implementers 


Support for Care Identity Service (CIS)

Existing smartcard users will be able to continue to use and rely on the Care Identity Service (CIS) until they can migrate to NHS CIS2.

Delivered

We've delivered:

  • moved CIS from physical hardware to cloud-based hosting
  • hardware decommissioned 
  • underpinning software components upgraded
  • improved Incident and Service Request triage processes
  • continual improvement of Identity Agent software
  • ability to register additional authenticators to smartcards
Up next

We will:

  • depreciate older versions of Identity Agent
  • promote the depreciation date for the existing CIS authentication service
Later

In the future, we will:

  • migrate system vendors and their users to NHS CIS2
  • decommission the existing Care Identity Service
Exploring

To be confirmed.


Virtual smartcard assurance framework

Developing a framework to allow us to assess 3rd party ‘virtual’ smartcard services meet our security and information governance standards for use with national services.

Delivered

A framework has been developed and suppliers are moving through assessment.

Up next

We will be delivering:

  • revisions to framework
  • assess suppliers moving through process.
Later

To be confirmed

Exploring

To be confirmed


Remote Signing Service (RSS)

An API-based service for suppliers to enable electronic signatures on a wide range of applications and devices.

Delivered

We've delivered:

  • use cases definition
  • architectural design approved
  • API specification approved
Up next

We will be delivering:

  • private beta in secondary care setting with Electronic Prescription Service (EPS) use case and iPad as an authenticator
  • automating creation and management of signing certificates
  • signature verification for dispensers
Later

In the future, we will be delivering:

  • bulk signing capability
  • platform review for economic scalability
Exploring

We are exploring:

  • scaling private beta (prescriptions)
  • smartcard user compatibility
  • public beta (prescriptions)
Find out more

Email IAMPlatforms@nhs.net to:

  • ask questions about the Remote Signing Service
  • get more information about the wider Electronic Prescription Service (EPS)

Last edited: 12 September 2022 8:33 am