Skip to main content
Approved authentication tokens privacy notice and terms and conditions for NHS Care Identity Service 2 (NHS CIS2) and Care Identity Service (CIS) users

These terms and conditions cover all access to the NHS Spine applications.

CIS2 sits alongside CIS providing a service of authentication and access to patient information systems using new authentication methods and tokens over the internet.

Privacy notice

Version 2.4 – published 26 April 2021

The following terms have the following meanings in this privacy notice:

  • Authorised Devices1” means an alternative to smartcards, a device as approved by FIDO 2 Consortium that provides Assured Level 3 Authentication.
  • Authentication Token” means Physical Smartcards, Virtual Smartcards, Authorised Devices and iPad Devices which enable healthcare professionals to access clinical and personal information appropriate to their role and the type of Authentication Token.
  • CIS” is the existing system which supports NHS Smartcards over the Health and Social Care Network (HSCN).
  • CIS2” (formerly NHS Identity) supports new authentication methods and tokens available over the internet.
  • iPad Device” means a tablet computer developed by Apple.
  • Physical Smartcards” means an approved physical card. Physical Smartcards are supplied by the authorised supplier(s) of cards to NHS Digital and are similar to chip and PIN bank cards. 
  • Registration Authority (RA)” means NHS Digital as the single national Registration Authority and all other organisations that provide local Registration Authority services on a delegated authority basis from NHS Digital. 
  • Virtual Smartcards” means a solution approved for use by NHS Digital that provides access functionality, but the card itself may be stored on a device.

1These additional authentication methods must meet the National Institute of Systems and Technology (NIST SP800 – 63 Digital Identity Guidelines. This describes the cryptographic strength of authentication methods that is required to access sensitive information. In addition, devices and authentication methods need to meet FIDO 2 standards for how devices utilise the required cryptography and must be accredited by the FIDO alliance.

1. Who we are

NHS Digital was set up by the Department of Health and Social Care in April 2013 and is an executive non-departmental public body that provides national information, data and IT systems for health and care services. We exist to help patients, clinicians, commissioners, analysts and researchers. Our goal is to improve health and social care in England by making better use of technology, data and information.

NHS Digital is the single national RA (as per public key infrastructure (PKI) terms) - local RAs are organisations that run registration authority services on a delegated authority basis from NHS Digital.

Find out more about NHS Digital

Local RAs are organisations (that are usually part of the NHS and with a remit beyond running RA services), that carry out the identity checks of applicants to create their national verified digital identity and assign access permissions as approved by the employing organisation’s policy. Find your local RA.

Every RA must adhere to the NHS RA Policy at all times. The NHS RA Policy is subject to revision from time to time.

Mentions of "us" and "we" mean NHS Digital and all local RAs and "you" means anyone using the NHS Spine.

This privacy notice details the personal data processed in relation to CIS2 and CIS. In relation to this processing NHS Digital and local RAs are joint controllers (alongside the Secretary of State as detailed below). 

Both NHS Digital and local RAs may also process data about you in connection with provision of other services, you can find details about these on NHS Digital’s and local RAs’ websites.


2. What personal information we collect about you and why

We provide Care Identity Service 2 (CIS2) and Care Identity Service (CIS) as separate related services which interact. CIS2 is aimed at new authentication methods and tokens accessed over the internet. CIS supports NHS Smartcards over HSCN. In time, there are plans to provide NHS Smartcard authentication over the Internet. Both CIS2 and CIS will continue to run interacting with each other. The expectation is that CIS will eventually be retired.

We will collect your personal data, some of which you provide in your application to this service, some of which is collected by cookies when you access NHS Spine applications and some of which we generate. 

The personal data we collect from you or your access is:

  • title
  • names
  • date of birth (DoB)
  • 1 or more ID evidence document numbers and date of issue
  • address identification evidence source and date of issue
  • photo image

The personal data we generate is the access profile(s) assigned to you by your local RA, based upon your role and responsibilities and as approved by your employing organisation’s policy.

We collect this personal data from you to enable you to use the CIS2 and CIS service to prove your identity and be issued with an Authentication Token. This will allow you to access NHS Spine with appropriate role-based access to systems and data.

NHS Spine applications include: EPS, GP to GP, GPES, GPITF, NHS e-RS, SCR, SUS+, Spine CIS, Spine CIS2.  Find these in our Services A-Z.

Collecting this information also allows us to manage our service, so that we can:

  • manage and improve the service
  • provide data in support of the service

4. How we process your personal information

This data will be processed by:

  • local RA’s for the purposes of validating your identity, managing your Authentication Token and ensuring that you are given appropriate access to NHS Spine applications, or applications that utilise the NHS Spine authentication
  • NHS Digital to record your use of the NHS Spine applications
  • NHS Digital for disclosure and auditing of access to systems as part of our commitment to patients within the Care Record Guarantee, such as to the Summary Care Record (SCR) and in accordance with any complaint, investigation or as required by appropriate legislation

5. Sharing your information

Local RA’s will exchange details with your employing organisation about your access profile (such as what systems you have access to) in order to provide the RA service.

How your employing organisation uses your personal data will be detailed in their own privacy notice. You should read this so that you are clear on how your personal information is managed.

If you use some Approved Authentication Tokens the suppliers of these will register (or de-register) you as a user in their system, acting as a processor for NHS Digital. In order to do this we will share the UUID, first name, last name and work email address that you have already provided to us as part of the basic user registration process you underwent to establish an NHS nationally verified digital identity.

In addition, such suppliers may also collect and process personal data about your usage, acting as independent controllers. How such suppliers use your personal data will be detailed in their own privacy notice, no personal data is shared back to us. You should read this privacy policy so that you are clear on how your personal data is managed.

If you use Virtual Smartcards:

Entrust: The RA will register (or de-register) you as a user in Entrust’s Cloud-based Multi-Factor Authentication platform Intellitrust, with Entrust acting as a processor for NHS Digital. In order to do this we will share the UUID, first name, last name and work email address that you have already provided to us as part of the basic user registration process you underwent to establish an NHS nationally verified digital identity. 

To form the basis for the virtual smartcard, you must download and register the Entrust Datacard IdentityGuard Mobile Smart Credential (Entrust App) on your smartphone. Then Entrust’s ‘Intellitrust‘ platform downloads a certificate onto your smartphone which completes the process. The Entrust App itself does not collect, use, save, or have access to any of your personal information when you download or use it.

We may need to share your personal data if we are required to do so by law.


6. How we protect your personal information

We take the security of your personal information very seriously. We have set up security measures, policies and procedures to make sure your personal information is protected.

We protect your personal information by:

  • training staff to understand data and security protection
  • ensuring security and confidentiality policies are in place for our staff who have access to personal information
  • monitoring our service
  • following good practice guidance provided by the National Cyber Security Centre
  • using legally binding agreements with all organisations that we appoint to process your personal information

7. How long and where we store your personal information

We store your personal information for as long as is reasonably necessary and legally justifiable. The length of time we store your information for will depend on legal, regulatory or technical requirements. In any event, we follow the Records Management Code of Practice for Health and Social Care (2016). The retention periods are explained here.

Your data will:

  • be held throughout your time as an active user and will be retained for up to 40 years after your NHS verified digital identity has been closed, at which point it will be subject to review
  • not be transferred out of the European Economic Area
  • not be used for any automated decision making

8. Your rights

You have the right to access your data. As an active Authentication Token holder, you can view your data in My Profile within CIS2 and CIS. If you can no longer access CIS2 and CIS for any reason, please contact your local RA. Once you are no longer working in healthcare, you can make a subject access request to NHS Digital (see contact details below).

You have the right to rectify inaccuracies in your data. You should update your own contact details within My Profile in CIS2 and CIS. In case of difficulties, if your personal details have changed or you need to make other amendments please contact your local RA.

You have the right to complain (see the contact details below).

You do not have the right to erase your data, object to it being recorded, transport it elsewhere, withdraw consent to its capture or use, or restrict its processing. This is because the capture and processing of this data is necessary for a statutory requirement and the provision of the service. NHS Digital is also legally bound to record this data. Once you leave health and social care, your local RA will close your user profile. This may be reopened if you return to working within health and social care.


9. Contacts

For all operational enquiries, including Authentication Token and access assignment, always contact your local RA.

See how NHS Digital looks after your information

To ask any question or make a complaint about how your data is used, you can contact NHS Digital on 0300 303 5678 (9am to 5pm Monday to Friday excluding bank holidays) or email enquiries@nhsdigital.nhs.uk.

You can also write to:

Data Protection Officer
NHS Digital
The Leeds Government Hub
7&8 Wellington place
Leeds
LS1 4AP

If you have concerns or complaints about our information rights practices, you can report them to the Information Commissioner’s Office on 0303 123 1133 (9am to 5pm Monday to Friday excluding bank holidays) or use live chat at ico: Make a complaint

You can also write to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF


10. Changes to our privacy notice

Our privacy notice may change. The latest version of our privacy notice is available on our website and through your CIS2/CIS account. We will inform you through your CIS2/CIS account if we make any material changes to our privacy notice, and will also send an email notification to all RA managers.


Terms and conditions

Version 2.4 – Published 26 April 2021

These terms and conditions cover your use of Care Identity Service 2 (CIS2) and Care Identity Service (CIS). See the terms applicable to the use of the website on which these terms are hosted.

The following terms have the following meanings in these terms and conditions:

  • Authorised Devices2” means an alternative to smartcards, a device as approved by FIDO 2 Consortium that provides Assured Level 3 Authentication.
  • Authentication Token” means Physical Smartcards, Virtual Smartcards, Authorised Devices and iPad Devices which enable healthcare professionals to access clinical and personal information appropriate to their role and the type of identity solution.
  • CIS” is the existing system which supports NHS Smartcards over the Health and Social Care Network (HSCN).
  • CIS2” (formerly NHS Identity) supports new authentication methods and tokens available over the internet.
  • iPad Device” means a tablet computer developed by Apple.
  • Physical Smartcards” means an approved physical card. Physical Smartcards are supplied by the authorised supplier(s) of cards to NHS Digital and are similar to chip and PIN bank cards. 
  • Registration Authority (RA)” means NHS Digital as the single national Registration Authority and all other organisations that provide local Registration Authority services on a delegated authority basis from NHS Digital.
  • Virtual Smartcards” means a solution that provides access functionality, but the card itself may be stored on a device, approved for use by NHS Digital and or its partners.

NHS Digital is the single national RA (as per public key infrastructure (PKI) terms), local RA’s are organisations that run Registration Authority services on a delegated authority basis from NHS Digital.

Find out more about NHS Digital.

Local RAs are organisations (that are usually part of the NHS and with a remit beyond running RA services), that carry out the identity checks of applicants to create their national verified digital identity and assign access permissions as approved by the employing organisation’s policy. Find your local RA.

Every RA must adhere to the NHS RA Policy at all times. The NHS RA Policy is subject to revision from time to time.

These terms and conditions are between you and all Registration Authorities who provide Registration Authority services to you.  

Mentions of "us" and "we" mean NHS Digital and all local RAs and "you" means anyone using the NHS Spine.

By clicking on the ‘Accept Terms and Conditions’ button at the bottom of this declaration, you the applicant confirm the following:

  1. You understand and accept that your personal data will be used by us as described in the privacy notice for users of CIS2 and CIS. Each user must have their identity assured and verified to the relevant standard applicable at the time of registration. This is currently Good Practice Guide GPG45 (or recognised successor) on the identity proofing and verification of an individual to a minimum of Level 3. This requirement may be refreshed from time to time.
  2. You confirm that the information which you provide in the process of your application is accurate. You agree to notify your local Registration Authority immediately of any changes to this information.
  3. You understand and accept that the Authentication Token, (with the exception of personal devices) issued to you is the property of/licensed to the health and social care bodies providing it to you, and you agree to use it only in the normal course of your employment or contract arrangement.
  4. You agree that you will check the operation of your Authentication Token promptly after you receive it. This will ensure that you have been granted the correct access profiles. You also agree to notify your local Registration Authority promptly if you become aware of any problem with your Authentication Token or your access profiles.
  5. You understand that the suppliers of some Virtual Smartcards/other Approved Authentication Tokens may process personal data about you as an independent Controller, and may have applicable privacy policies and terms and conditions. You will be presented with these as part of download/registration and are responsible for reviewing and abiding by these.
  6. You agree that you will keep your Authentication Token private and secure and that you will not permit anybody else to use it or to establish any session with the NHS Spine applications. You will not share your Passcode with any other user. You will not write your Passcode down, nor use any kind of electronic storage (media or otherwise) to store it, for example by using a programmable function key on a keyboard. You will take all reasonable steps to ensure that you always leave your workstation secure when you are not using it by removing your physical Smartcard, ensuring your virtual Smartcard has disconnected or locking your Authorised Device or iPad Device. If you lose your Smartcard, Authorised Device or iPad Device or if you suspect that your Authentication Token has been stolen or used by a third party, you will report this to your local Registration Authority as soon as possible.
  7. You agree that you will only access the NHS Spine application by using an Authentication Token approved by NHS Digital. You agree that your use of the Authentication Token, the NHS Spine applications and all patient data shall be in accordance with the NHS Confidentiality Code of Practice and (where applicable) in accordance with your contract of employment or contract of provision for service (whichever is appropriate) and with any instructions relating to the NHS Spine applications which are notified to you.
  8. You agree not to maliciously alter, neutralise, circumvent, tamper with or manipulate your Authentication Token, NHS Spine applications components or any access profiles given to you.
  9. You agree not to deliberately corrupt, invalidate, deface, damage or otherwise misuse any NHS Spine applications or information stored by them. This includes, but is not limited to, the introduction of computer viruses or other malicious software that may cause disruption to the services or breaches in confidentiality.
  10. You acknowledge that your access may be audited. You understand and accept that your Authentication Token may be revoked, or your access profiles changed at any time without notice if you breach this Agreement; if you breach any guidance or instructions notified to you for the use of the NHS Spine applications or if such revocation or change is necessary as a security precaution. You also understand and accept that if you breach this Agreement this may be brought to the attention of your employer (or governing body in relation to independent contractors) who may then take appropriate action (including disciplinary proceedings and/or criminal prosecution).
  11. You understand and accept that the Registration Authority’s sole responsibility is for the administration of access profiles and the issue of Authentication Token for the NHS Spine applications. The Registration Authority is not responsible for the availability of the NHS Spine applications or applications which use NHS Spine authentication or the accuracy of any patient data.
  12. You understand and accept that you, or your employer, shall notify your local Registration Authority at any time should either wish to terminate this Agreement and to have your Authentication Token revoked, such as on cessation of your employment or contractual arrangement with health care organisations or other relevant change in your job role.
  13. You understand and accept that we may unilaterally change these terms and conditions from time to time, and unless otherwise stated these will be effective from publication. The latest version of our privacy notice is available on our website and through your CIS2/CIS account. We will inform you through your CIS2/CIS account if we make any material changes to these terms and conditions, and will also send an email notification to all RA managers.
  14. You understand and accept that these terms and conditions form a binding Agreement between yourself and all Registration Authorities who provide Registration Authority services to you. Non-compliance may also be treated as a disciplinary matter by your employer.
  15. You understand and accept that this Agreement is governed by English law and that the English courts shall settle any dispute under this Agreement.

2These additional authentication methods must meet the National Institute of Systems and Technology (NIST SP800 – 63 Digital Identity Guidelines. This describes the cryptographic strength of authentication methods that is required to access sensitive information. In addition, devices and authentication methods need to meet FIDO 2 standards for how devices utilise the required cryptography and must be accredited by the FIDO alliance.

Last edited: 23 June 2021 1:06 pm