We have detected that you are using Internet Explorer to visit this website. Internet Explorer is now being phased out by Microsoft. As a result, NHS Digital no longer supports any version of Internet Explorer for our web-based products, as it involves considerable extra effort and expense, which cannot be justified from public funds. Some features on this site will not work. You should use a modern browser such as Edge, Chrome, Firefox, or Safari. If you have difficulty installing or accessing a different browser, contact your IT support team.
Streamlining authentication services for clinicians
Approach to identity verification and smartcard issuance when face to face contact is not an option
The challenge and principles
- identity verification and smartcard issuance is a face to face process and requires a considerable amount of personal information to be provided
- either the Registration Authority or clinician will not be able to attend face to face due to working remotely but clinician urgently needs access.
- urgent access to clinical systems for staff is the priority
- local organisations need to put in place workable arrangements which can be rectified post crisis – as a result this guidance should be read as such, it is guidance only
- provided principle 2 is followed, there will be no sanctions in the current situation for deviations from this guidance
Clinician to provide the following via email prior to the meeting, as per the government's Good Practice Guide (GPG) 45:
- date of birth
- National Insurance number
- scan of passport or driving license (or photo of same)
- passport photo
- mobile phone number
In the unlikely event that a user does not have photographic identity, a judgement should be made by the Registration Authority as to which document from the NHS Employers options, for users with no photographic ID, should be asked for.
On the video interview:
- Registration Authority will text a set of numbers to the clinician and they will read it out on the video call
- show the document that the scan/photo is from to the Registration Authority on the video call
- Registration Authority to capture other necessary details
Registration Authority to create the identity in the Care Identity Service for the clinician:
- enter particular information in registration screen Passport 000000000, non photo ID TAC 1 and TAC 2 (Temporary Access Card) to distinguish these as temp C-19 identities
Registration Authority prints the smartcard for the clinician, unlocked with 6 digit passcode, and sends to clinician.
Registration Authority texts 6 digit passcode to clinician when they call to say received - this is generated using a random number generator.
Registration Authority arranges for delivery of the smartcard to the clinician.
Registration Authority assigns access to the system to the clinician as agreed with system supplier.
What happens if an existing user locks their card or the certificates expire
Advise users to register for self unlock at: https://uim.national.ncrs.nhs.uk/selfservicewebapp/unlockCardStart
The only other option is to print a new unlocked card as per process above and send to the user – cancel the locked or expired card.
What happens when there's a need to rapidly move pharmacy staff to other pharmacies
It has been agreed that wider use of the Role Based Access Control (RBAC) 'National Locum Pharmacy Agency' code and position (FFFFF) can be used.
However, it is important that Registration Authorities keep a log of users given this access for exceptional reasons so that it can be revoked as appropriate at some point in the future.
What happens if it is impossible to hold a video meeting
Microsoft have made Microsoft Teams available free of charge for all users worldwide but in the unlikely event that it's not possible to hold a video meeting, organisations will need to take pragmatic local decisions.
It is important that processes are in place to track any users created in this way so remedial actions can be taken at the appropriate time.