Privacy notice to smartcard/authorised device users on the use of your personal data

These terms and conditions cover all access to the NHS Care Records Service applications.

Page contents

Definitions:

In Public Key Infrastructure (PKI) terms there is a single Registration Authority (that is, NHS Digital). All organisations that run a local Registration Authority (RA) do so on a delegated authority basis from NHS Digital.

The local RA function carries out identity checks of an applicant(s) to create their national verified digital identity. Secure tokens are then issued to users in the form of Smartcards or other authorised devices utilising strong two factor authentication. Appropriate access permissions are assigned to the health professional’s user profile as approved by the employing organisation’s policy.

Agreement means the terms and conditions found on this page.

NHS Smartcards means an approved physical card, supplied by the authorised supplier(s) of cards to NHS Digital, are similar-to chip and PIN bank cards and enable healthcare professionals to access clinical and personal information appropriate to their role. A smartcard used in conjunction with a passcode, known only to the smartcard holder, gives secure and auditable access to national and local Spine enabled health record systems.

Authorised Devices means an alternative to smartcards, a device as approved by FIDO 2 Consortium that provides Assured Level 3 Authentication.

These additional authentication methods must meet the National Institute of Standards and Technology (NIST) SP800 – 63 Digital Identity Guidelines. This describes the cryptographic strength of authentication methods required to access sensitive data. In addition, devices and authentication methods need to meet FIDO 2 standards for how devices utilise the required cryptography and must be accredited by the FIDO alliance.

NHS Digital will collect personal data on you, some of which you provide in your application, and some of which is collected by cookies when you access NHS Care Records Service applications.

NHS Digital is the data controller for this data, under powers arising from Directions.

NHS Care Records Service applications include EPS, GP to GP, GPES, GPSoC, e-RS, SCR, SUS+, Spine CIS and Spine NHS Identity.

Directions mean “the Health and Social Care Information Centre (Spine Services) (No.2) Directions 2014”, and the “Novation of Information and Technology Contracts from DH to NHS Digital: Electronic Prescription Service, Health and Social Care Network, N3, NHS Choices, NHS e-Referral Service, Secondary Uses Service (SUS), Spine (Named Programmes) Directions 2016”.

This data will be processed by local and other Registration Authorities for the purposes of validating your identity, managing your smartcard/authorised device and ensuring that you are given appropriate access to NHS Care Records Service applications, or applications that utilise the NHS Care Records Service authentication. Every organisation that has a Registration Authority must adhere to the NHS Registration Authority Policy at all times. The National Registration Authority Policy is subject to revision from time to time.

This data will be processed:

by NHS Digital to record your use of the NHS Care Records Service applications
in accordance with General Data Protection Regulation (GDPR) data protection law.
for disclosure and auditing of access to systems as part of our commitment to patients within the Care Record Guarantee, such as to the Summary Care Record (SCR) and in accordance with any complaint, investigation or as required by appropriate legislation

Your data will:

be held throughout your time as an active user and will be retained for up to 40 years after your smartcard/Authorised Device user profile has been closed, at which point it will be subject to review
not be transferred out of the European Economic Area
not be used for any automated decision making

The above describes the personal data processed in relation to the NHS Digital Smartcard/other Authorised Device registration itself. For details of how other NHS Digital programmes use data (that you may access using your smartcard/other Authorised Device) please see how NHS Digital looks after your information.

Your rights

You have the right to access your data. As an active smartcard/Authorised Device holder, you can view your data in My Profile within Care Identity Service (CIS). If you can no longer access CIS for any reason, please contact your local Registration Authority. Once you are no longer working in healthcare, you can make a subject access request to NHS Digital.

You have the right to rectify inaccuracies in your data. You should update your own contact details within My Profile in CIS. In case of difficulties, if your personal details have changed or you need to make other amendments please contact your local Registration Authority.

You have the right to complain (see the contact details below).

You do not have the right to:

erase your data
object to it being recorded
transport it elsewhere
withdraw consent to its capture or use
restrict its processing.

This is because the capture and processing of this data is necessary for a statutory requirement and the provision of the service. NHS Digital is also legally bound to record this data. Once you leave health and social care, your local Registration Authority will close your user profile. This may be reopened if you return to working within health and social care.

Contacts

For all operational enquiries, including smartcard/other Authorised Device and access assignment, always contact your local Registration Authority.

See how NHS Digital looks after your information.

To ask any question or make a complaint about how your data is used, you can contact NHS Digital on 0300 303 5678 (9am to 5pm Monday to Friday excluding bank holidays) or email enquiries@nhsdigital.nhs.uk

You can also write to:

Data Protection Officer
NHS Digital
1 Trevelyan Square
Boar Lane
Leeds
LS1 6AE

If you have concerns or complaints about NHS Digital’s information rights practices, you can report them to the Information Commissioner’s Office on 0303 123 1133 (9am to 5pm Monday to Friday excluding bank holidays) or use their live chat.

You can also write to:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

By accepting these terms and conditions, you the applicant confirm that you:

Understand and accept that your personal data will be used as described in the “Notice to smartcard/Authorised Device users on the use of your personal data” above. Furthermore, you agree to provide any additional information and documentation required by the Registration Authority to verify your identity. Each user must have their identity assured and verified to the relevant standard applicable at the time of registration. This requirement may be refreshed from time to time.

Good Practice Guide GPG45 (or recognised successor) on the identity proofing and verification of an individual to a minimum of Level 3.
Confirm that the information which you provide in the process of your application is accurate. You agree to notify your local Registration Authority immediately of any changes to this information.
Understand and accept that the smartcard/Authorised Devices issued to you is the property of the NHS Digital, and you agree to use it only in the normal course of your employment or contract arrangement.
Agree that you will check the operation of your smartcard/Authorised Device promptly after you receive it. This will ensure that you have been granted the correct access profiles. You also agree to notify your local Registration Authority promptly if you become aware of any problem with your smartcard/Authorised Device or your access profiles.
Agree that you will keep your smartcard/Authorised Device private and secure and that you will not permit anybody else to use it or to establish any session with the NHS Care Records Service applications. You will not share your passcode with any other user. You will not write your passcode down, nor use any kind of electronic storage (media or otherwise) to store it, for example by using a programmable function key on a keyboard. You will take all reasonable steps to ensure that you always leave your workstation secure when you are not using it by removing your smartcard or locking your Authorised Device. If you lose your smartcard/Authorised Device or if you suspect that it has been stolen or used by a third party, you will report this to your local Registration Authority as soon as possible.
Agree that you will only access the NHS Care Records Service application by using a smartcard or Authorised Device. You agree that you will only use your smartcard/Authorised Device, the NHS Care Records Service applications and all patient data in accordance with the NHS Confidentiality Code of Practice and (where applicable) in accordance with your contract of employment or contract of provision for service (whichever is appropriate) and with any instructions relating to the NHS Care Records Service applications which are notified to you.
Agree not to maliciously alter, neutralise, circumvent, tamper with or manipulate your smartcard/Authorised Device, NHS Care Records Service applications components or any access profiles given to you.
Agree not to deliberately corrupt, invalidate, deface, damage or otherwise misuse any NHS Care Records Service applications or information stored by them. This includes, but is not limited to, the introduction of computer viruses or other malicious software that may cause disruption to the services or breaches in confidentiality.
Understand and accept that your smartcard/Authorised Device may be revoked, or your access profiles changed at any time without notice if you breach this Agreement; if you breach any guidance or instructions notified to you for the use of the NHS Care Records Service applications or if such revocation or change is necessary as a security precaution. You also understand and accept that if you breach this Agreement this may be brought to the attention of your employer (or governing body in relation to independent contractors) who may then take appropriate action (including disciplinary proceedings and/or criminal prosecution).
Understand and accept that the Registration Authority’s sole responsibility is for the administration of access profiles and the issue of smartcard/Authorised Device for the NHS Care Records Service applications. The Registration Authority is not responsible for the availability of the NHS Care Records Service applications or applications which use NHS Care Records Service authentication or the accuracy of any patient data.
Understand and accept that you, or your employer, shall notify your local Registration Authority at any time should either wish to terminate this Agreement and to have your smartcard/Authorised Device revoked. For example, on cessation of your employment or contractual arrangement with health care organisations or other relevant change in your job role.
Understand and accept that NHS Digital may unilaterally change the terms of this Agreement from time to time, and unless otherwise stated these will be effective from publication.
Understand and accept that these terms and conditions form a binding Agreement between yourself and those organisations who have sponsored your role(s). You also understand and accept that this Agreement is governed by English law and that the English courts shall settle any dispute under this Agreement.

Last edited: 14 November 2019 1:25 pm