Version 2.3 – published 8 July 2020
The following terms have the following meanings in this privacy notice:
- “Authorised Devices(1) ” means an alternative to smartcards, a device as approved by FIDO 2 Consortium that provides Assured Level 3 Authentication.
- “Authentication Token” means Physical Smartcards, Virtual Smartcards, Authorised Devices and iPad Devices which enable healthcare professionals to access clinical and personal information appropriate to their role and the type of Authentication Token.
- “iPad Device” means a tablet computer developed by Apple.
- “Physical Smartcards” means an approved physical card. Physical Smartcards are supplied by the authorised supplier(s) of cards to NHS Digital and are similar to chip and PIN bank cards.
- "Registration Authority (RA)” means NHS Digital as the single national Registration Authority and all other organisations that provide local Registration Authority services on a delegated authority basis from NHS Digital.
- “Virtual Smartcards” means a solution approved for use by NHS Digital that provides access functionality, but the card itself may be stored on a device.
1. These additional authentication methods must meet the National Institute of Systems and Technology (NIST SP800 – 63 Digital Identity Guidelines, available at https://pages.nist.gov/800-63-3/ ), this describes the cryptographic strength of authentication methods that is required to access sensitive information. In addition, devices and authentication methods need to meet FIDO 2 standards for how devices utilise the required cryptography (available at https://fidoalliance.org/) and must be accredited by the FIDO alliance.