Skip to main content

Discovery

Find out what you need to prepare and plan for your integration.

 

What you need to do
  • Decide what level of verification and authentication you need
  • Develop a proof of concept in the sandpit
  • Review our forms and documents library
  • Review your resources, required expertise, and the development work needed
  • Decide if you want to proceed and integrate with NHS login
  • Complete the Product Demonstration Call Checklist and send it to us

Decide what level of verification and authentication  you need

NHS login supports three levels of identity verification. For more information read How NHS login works.  For example, reading generic condition information may only require a P0, whereas viewing a medical record to order a repeat prescription will require a P9.

NHS login can support different types of authentication.  For more information see the EIS (External Interface Specification).

The combination of verification and authentication is referred to as the Vector of Trust.

If your web or native app offers your own method of verification and authentication, and this is to be used alongside NHS login, you need to map this to the appropriate level in DCB3051.

If your own (in-house or other) method gives access to the same data as using NHS login will then you need to have the same Vector of Trust.

Please note that NHS login cannot be used just to obtain GP credentials, like linkage keys. It can only be used in conjunction with the verification and authentication of patients.


NHS login User Journey Visuals presentation

This presentation shows the user journeys through NHS login, all of which start with the NHS login button on your website or app. The presentation includes the identity verification (proofing) levels available and the claim data that can be returned to you, i.e. the information you need back about your users. For more information on scopes and claims, see the Scopes and Claims webpage. 

Please note that the NHS login user journeys cannot be changed or customised.


Develop a proof of concept in the sandpit

Technical teams can find step-by-step information on setting up the connection to NHS login in our NHS login developer documentation.
NHS login offers sandpit and integration test environments. Find out more about the environments and how you can make use of them at our 'Compare NHS login environments' webpage.   

In the Discovery phase, you must develop a proof of concept in the sandpit environment.  The sandpit is a copy of our production code environment. Building a proof of concept in the sandpit will help you learn how to integrate with NHS login, and understand where it will fit within your service. To get set up in the sandpit, complete and submit the Sandpit Environment Request Form

Your test data to use in the sandpit  will be sent to you when your test account is set up.

At the end of the discovery phase, you will be demonstrating your proof of concept as a live demo or a video at your Preparation call and then at your Product Demonstration call.

If you have prepared a video or recording, ensure you still have access to your live environment during the call so that you can demonstrate any additional requests.

 

The live demo or video using  an NHS login from your test data set supplied will need to show:

  • User account creation for your product that does not agree (consent) to share their data from NHS login with you

  • User account creation for your product that consents to share their data with you

  • Existing account holder signing in using their NHS login

  • Where applicable, a demonstration of your native (in-house or other such as Google or Facebook) sign up and sign in flow

 

The NHS login button

Before you begin the integration process it is essential to understand how the NHS login button fits within your service. 

To help you decide how and where in your user journey to add the  NHS login button and avoid any delays to your integration caused by incorrect use, it is mandatory that you adhere to our button guidelines.

 

Technical information and support

Technical teams can find step-by-step information in our NHS login developer documentation.

Sign up to use our developer support slack channel.

For any other support, please email [email protected].


Review our forms and documents library

Review our forms and documents library to get an understanding of the documents that we will ask you to complete in the Integrate stage. The documents include how you will evidence our assurance and legal requirements.


Review your resources, required expertise, and the development work needed

Partners have, on average, taken 3 to 4 months to go live with NHS login. This does not mean 4 months of continuous effort and some partners have gone live within 6 weeks. 

The expertise you will need to call upon to be successful is:

  • Developer
  • Testing
  • Project management
  • Technical Architecture
  • Data Security and Information Governance
  • Commercial / Legal / Contract advice

Decide if you want to proceed and integrate with NHS login

We recognise that organisations are often managing multiple projects and other priorities and that you may need time to decide when it is best to begin your integration with NHS login.

If you decide that NHS login may not be for you at this time, contact us at [email protected]. You can re-apply for NHS login at any time.


Prepare for your Product Demonstration Call

Complete the 'Prepare for your Product Demonstration Call' and 'Declare Data Security and Information Security' sections in the DOS. Ensure you answer every question and provide the documents requested. It will make sure you have everything in place that you need to begin integration. You must be prepared to talk about all of your answers on the Product Demonstration Call.
If your product has a dependency on the IM1 PFS API (to display data in your user interface from the GP record), and you are working with the IM1 team or a 3rd party supplier to connect to the API (you are not live), do not apply for a Product Demonstration call until your application has been approved by the GP IT suppliers.

 

Architecture, Data Flow Diagram and User Journey requirements

To successfully complete the product demonstration checklist you will need to provide an architecture diagram, a data flow diagram and user journeys. 

NHS login user journeys

Example of a data flow diagram

The Architecture diagram should include:

  • where your users start - for example: NHS App, web portal, mobile app
  • how to sign up and how to log in - for example: NHS login, Facebook, Google, Apple/Android
  • access points for different cohorts - for example: the public, healthcare staff, support and helpdesk staff, developers
  • external dependencies - for example: any external services or APIs such as SMS, IM1, PDS FHIR, Salesforce, other payment solutions
  • hosting status and location, including whether the service is hosted on the Cloud or on-premise data centre and the location of where it is hosted - for example: if using the Cloud, AWS EU-West2 (London), or for the data centre, UK or elsewhere.

Please note: NHS login partners that have more than one Client ID will need to provide an architecture diagram for each one. 


If there are any areas you are unsure about, contact us and we can support you to complete the section before submitting it to us. Don't wait until the Product Demonstration Call if you are unsure of anything.

We will contact you to arrange the call. We may decide that you are not ready to integrate with NHS login. In this case, we will tell you what the next steps are.


What happens next

The next step is to attend the to attend Preparation and Product Demonstration calls and then move to the integrate stage.

Last edited: 16 February 2024 9:58 am