Skip to main content

How NHS login works

An overview of how NHS login works with a partner service or product.

How it works

NHS login allows users access to your website or app using their NHS login account details.

The user will be:

  1. sent from your service to NHS login via the NHS login button
  2. authenticated and their ID will be verified if they are a new user
  3. returned back to your service with the data you requested

The user must consent to sharing this data with your service. If a user does not consent to share their data with your service, NHS login will return them to you with the appropriate code so you know why. You will need to consider a response to the user. The response can be agreed as part of your integration journey.

The tasks they will be able to perform in your service will depend on what levels of authentication and verification are required.
Users need to authenticate to setup their NHS login account and register a device. They need to prove who they are in order to access their health or personal information.

Rules of use

To be eligible for NHS login, your service must serve users that are registered at a GP practice in England or receiving NHS services in England.

Your service must:

  • be patient facing
  • offer a health or social care benefit
  • be commissioned, contracted, or sponsored by an NHS organisation
  • be free at the point of delivery

Sponsored services are only eligible for NHS login if they are start-up projects without an established customer base or a Local Authority commissioned supplier.

Age restriction

You must set any controls in regard to age restriction. This will be a consideration based on your product’s risk assessment.

NHS login does not apply age restriction to services that require low or medium level verification. However, users must be over 11 years of age to pass the highest level of verification and gain access to their personal or health information.

The NHS login button

It is essential to understand how the NHS login button fits within your service. It must always be visible and up front, and is available in a variety of different formats.

The button must adhere to our button guidelines. It is not customisable, and must have the same visibility as any other login mechanism if present.

What you need to decide

You need to request the level of verification and authentication required for your service. You must decide what combination is needed to allow access to your website or app. This combination of required authentication and verification is known as vectors of trust.

Level of authentication

We currently support 3 types of authentication.

Email address and password

The user is asked to provide their email address and a password. A One Time Password (OTP) will be sent by text message to the phone number registered to the user’s NHS login. They must enter this security code to log in. 

Registered device

The user is in possession of a device that has been associated with their NHS login. The association can be made with a One Time Password (OTP) text message, or a remembered browser. This allows users to log in without the need to enter a security code.

Biometric data

The user is in possession of a device that has been associated with their NHS login. The delivery or use of the device is by cryptographic proof of key possession using asymmetric key, like a FIDO-compliant device. This allows app users to authenticate with biometric data, such as fingerprint or facial recognition.

Level of verification

We currently offer 3 levels of user identity verification.

Low level verification

The user has verified ownership of an email address and mobile phone number. They have not proven who they are or provided any other personal details.

Medium level verification

The user has provided some additional information, which has been checked to correspond to a record on the NHS Personal Demographics Service (PDS).

This information may include:

  • date of birth
  • NHS number
  • name
  • postcode

Medium level verification can allow users to do things like contact their GP or receive notifications. It does not provide access to health records or personal information.

High level verification

The user must prove who they are in order to gain access to health records or personal information. To be verified to the highest level, a user must have completed an online or offline identity verification process, where physical comparison between photo ID and the user has been made.

To do this, a user has 4 options:

Fast-track ID check

If the user has registered to use their GP online services, the setup of their NHS login can be fast-tracked. This will only work if the mobile phone number they use for NHS login is the same number their GP surgery holds. Users do not need to have their ID re-checked and the process is much quicker.

Photo ID and a face scan

The user will be asked to submit a photo of their ID and take an automated scan of their face, using the camera on their device. The scan will then be used to match their face with their photo ID.

The accepted types of photo ID are:

  • passport
  • UK driving licence (full or provisional)
  • Biometric Residence Permit (BRP), UK Residence Card, or EEA Biometric Residence Card (BRC)
  • European driving licence (full)
  • European national identity card
Photo ID and a video

Instead of using the face scan the user can record a short video of their face. They will be shown 4 randomly generated numbers beforehand and asked to repeat them on the video. These will be checked by our ID checking team and can take up to 24 hours to be verified.

GP surgery online services registration details

The user provides the 3 registration details for their GP surgery’s online services. These are automatically checked with the GP surgery’s system, along with their name and date of birth. A physical comparison between photo ID and the user will have been made by their GP surgery.

The 3 registration details are:

  • a Linkage Key (which could be called a Passphrase)
  • an ODS Code (which could be called an Organisation Code or Surgery ID)
  • an Account ID

GP System Integration (IM1)

NHS login can look up or create a linkage key for users that prove who they are with photo I.D. and a video submission. This is a benefit to your service if it uses the GP System Integration (IM1) service to access patient facing services. It means users do not need to visit their GP for a  linkage key to access these services.

This feature is intended for use in conjunction with NHS login user authentication, and cannot be used as a one-time linkage key retrieval tool.

User data available for your service

You need to decide what data you want back about the user. User information is requested by you in the form of a Scope. Requested information is made available as Claim values when making an authentication request. Some of the scopes that you request are dependent on the vectors of trust, which is the combination of your requested authentication type and verification level.

See more information on scopes and claims.

Checking the NHS Personal Demographics Service (PDS)

NHS login is designed to be used repeatedly and offers more value than a one-off identity verification tool. It does not replace or provide an alternative to PDS.

Each time a user logs in, a PDS check is carried out to ensure their registered GP surgery’s O.D.S. code is up to date within NHS login. This should be helpful if, for example, a user changes GP surgery. The check also makes sure other information is up to date, like GP surgery linkage keys. It also blocks access to any NHS login accounts belonging to users marked as deceased in PDS.

Until a user logs in and these checks are done, information returned by NHS login may not represent the most current information held in PDS or the GP clinical system. Users will need to use NHS login on a repeat basis for the PDS checks to be effective.

Contact information

Contact information held in NHS login, like email addresses and mobile phone numbers, is not currently linked to contact information in PDS or GP clinical systems. This is so users can choose any email address and mobile phone number to secure access to their NHS login. The same mobile phone number can also be used on more than one NHS login.

We are currently working on a feature that will allow users to update their contact information in PDS via NHS login.

Last edited: 20 May 2022 10:46 am