Skip to main content

How NHS login works

An overview of how NHS login works with a partner service or product.

How it works

NHS login allows users access to your website or app using their NHS login account details.

The user will be:

  1. sent from your service to NHS login via the NHS login button
  2. authenticated and their ID will be verified if they are a new user
  3. returned back to your service with the data you requested

Agree to share information

The user must agree to share the information you have requested from NHS login with your service. We will ask the user for their agreement  the first time they use your product with their NHS login. If a user does not agree to share their data with your service, NHS login will return them to you with the appropriate code. You will need to consider a response to the user.

For more information see: Sharing a user's NHS login information with your service 

Rules of use

To be eligible for NHS login, your service must serve users that are registered at a GP practice in England or receiving NHS services in England.

Check if your service is eligible for NHS login.

Age restriction

You must set controls in regard to age restriction. For example, if your app is only available to users over age 16, you must implement a control to enforce this. This will be a consideration based on your product’s risk assessment.

NHS login does not apply age restriction on low level verification, but users must be 11 plus for medium and high levels.

The NHS login button

It is essential to understand how the NHS login button fits within your service. It must always be visible and up front, and is available in a variety of different formats.

The button must adhere to our button guidelines. It is not customisable, and must have the same visibility as any other login mechanism if present.

Session management

The NHS login platform does not support user session management and user logout functionality.  Both are partner responsibilities, however, connected services that use NHS login must align to the following session management standards.

GP System Integration (IM1)

NHS login can look up or create a linkage key for users that prove who they are with photo I.D. and a video submission. This is a benefit to your service if it uses the GP System Integration (IM1) service to access patient facing services. It means users do not need to visit their GP for a  linkage key to access these services.

A linkage key can be returned to you in conjunction with other claim data as part of the scopes you request. The scope you need is GP surgery information.
You must have an IM1 connection to request this scope.

This feature is intended for use in conjunction with NHS login user authentication. It cannot be used as a one-time linkage key retrieval tool. We will not approve applications that only use NHS login as a linkage key retrieval tool and not for product registration or repeat sign-in/authentication.

Checking the NHS Personal Demographics Service (PDS)

NHS login is designed to be used repeatedly and offers more value than a one-off identity verification tool. It does not replace or provide an alternative to PDS.

Each time a user logs in, a PDS check is carried out to ensure their registered GP surgery’s O.D.S. code is up to date within NHS login. This should be helpful if, for example, a user changes GP surgery. The check also makes sure other information is up to date, like GP surgery linkage keys. It also blocks access to any NHS login accounts belonging to users marked as deceased in PDS.

Until a user logs in and these checks are done, information returned by NHS login may not represent the most current information held in PDS or the GP clinical system. Users will need to use NHS login on a repeat basis for the PDS checks to be effective.

Contact information

Contact information for a user's NHS login (email address and mobile phone or landline number) are not  linked to contact information in PDS or GP clinical systems. This is so users can choose any email address and phone number to secure access to their NHS login. The same phone number can also be used on more than one NHS login.

We have introduced a feature that allows users to update their email address and mobile phone number in PDS via NHS login.

What you need to decide

You need to request the level of verification and authentication required for your service. You must decide what combination is needed to allow access to your website or app. This combination of required authentication and verification is known as a vector of trust.

Level of authentication

We currently support 3 types of authentication.

Email address and password
(also known as Cp on the Developer documentation site; a 'Low' level in DCB3051 Appendix D p23)

The user is asked to provide their email address and a password. 

Registered device
(also known as Cd on the Developer documentation site; a 'Low' level in DCB3051 Appendix D p23)

The user is in possession of a device that has been associated with their NHS login. The association can be made with a One Time Password (OTP) text message, or a remembered browser. This allows users to log in without the need to enter a security code.

Biometric data
(also known as Cm on the Developer documentation site; a 'High' level in DCB3051 Appendix D p23)

The user is in possession of a device that has been associated with their NHS login. The delivery or use of the device is by cryptographic proof of key possession using asymmetric key, like a FIDO-compliant device. This allows app users to authenticate with biometric data, such as fingerprint or facial recognition.

Authentication types can be combined to create a high level of authentication. For example Cp and Cd  on their own are a low level of authentication and when combined in a transaction are a high level of authentication.

A high level of authentication can also be referred to as 2-factor authentication (2FA) or Multi-factor authentication (MFA).

Level of verification

We currently offer 3 levels of user identity verification.

DCB3051 refers to 4 levels of verification and includes 'none'. NHS login does not have a concept (or level) of 'none'.

Low level verification (P0)

The user has verified ownership of an email address and mobile phone number. They have not proven who they are or provided any other personal details.

Medium level verification (P5)

The user has provided some additional information, which has been checked to correspond to a record on the NHS Personal Demographics Service (PDS).

This information may include:

  • date of birth
  • NHS number
  • name
  • postcode

Medium level verification can allow users to do things like contact their GP or receive notifications. It does not provide access to health records or personal information.

High level verification (P9)

The user must prove who they are in order to gain access to health records or personal information. To be verified to the highest level, a user must have completed an online or offline identity verification process, where physical comparison between photo ID and the user has been made.

To do this, a user has 4 options:
The first three options are known as 'Prove your Identity online' (PYI) and using your GP surgery online services is known 'Patient On Line' (POL).

Fast-track ID check (IDVM)

If the user has registered to use their GP online services, the setup of their NHS login can be fast-tracked. This will only work if the mobile phone number they use for NHS login is the same number their GP surgery holds. Users do not need to have their ID re-checked and the process is much quicker.

Photo ID and a face scan

The user will be asked to submit a photo of their ID and take an automated scan of their face, using the camera on their device. The scan will then be used to match their face with their photo ID.

The accepted types of photo ID are:

  • passport
  • UK driving licence (full or provisional)
  • Biometric Residence Permit (BRP), UK Residence Card, or EEA Biometric Residence Card (BRC)
  • European driving licence (full)
  • European national identity card
Photo ID and a video

Instead of using the face scan the user can record a short video of their face. They will be shown 4 randomly generated numbers beforehand and asked to repeat them on the video. These will be checked by our ID checking team and can take up to 24 hours to be verified.

GP surgery online services registration details

The user provides the 3 registration details for their GP surgery’s online services. These are automatically checked with the GP surgery’s system, along with their name and date of birth. A physical comparison between photo ID and the user will have been made by their GP surgery.

The 3 registration details are:

  • a Linkage Key (which could be called a Passphrase)
  • an ODS Code (which could be called an Organisation Code or Surgery ID)
  • an Account ID

How to decide what Vector of Trust (VOT) you need:

  1. Read DCB3501 Specification and Implementation Guidance (Amd 7/2020) and, most importantly, Appendix D
  2. Consider your product features (actual or in development), for example repeat prescription ordering, book appointment, manage/view appointments.
  3. Review Appendix D Transaction examples on pages 24-25 and map your features to the examples. Your features may not match exactly to the examples. If you are unsure, please contact us.
  4. Read across and note your archetype(s) from Appendix D  page 24-25 column 1. This will also indicate your feature (s) verification and authentication levels (the Vector of Trust) combination you need. 
  5. Map your archetype(s)  to the Profile section. This will indicate the Profile(s) you can select for your feature(s). 

User data available for your service

You need to decide what data you want back about the user. User information is requested by you in the form of a Scope. Requested information is made available as Claim values when making an authentication request. Some of the scopes that you request are dependent on the vectors of trust, which is the combination of your requested authentication type and verification level.

You should not ask for more information than you need.

See more information on scopes and claims.

Last edited: 19 February 2024 9:28 am