Skip to main content

Streamlining authentication services for clinicians

Approach to identity verification and smartcard issuance when face to face contact is not an option

The challenge and principles

Challenges

  1. identity verification and smartcard issuance is a face to face process and requires a considerable amount of personal information to be provided
  2. either the Registration Authority or clinician will not be able to attend face to face due to working remotely but clinician urgently needs access.

Principles

  1. urgent access to clinical systems for staff is the priority
  2. local organisations need to put in place workable arrangements which can be rectified post crisis – as a result this guidance should be read as such, it is guidance only
  3. provided principle 2 is followed, there will be no sanctions in the current situation for deviations from this guidance

Proposed approach

Step 1

Clinician to schedule a video meeting with Local Registration Authority using applications such as Microsoft Teams, Slack, Webex, Zoom or Skype

Step 2

Clinician to provide the following via email prior to the meeting, as per the government's Good Practice Guide (GPG) 45

  • name
  • date of birth
  • National Insurance number
  • scan of passport or driving license (or photo of same)
  • passport photo
  • mobile phone number
  • address

In the unlikely event that a user does not have photographic identity, a judgement should be made by the Registration Authority as to which document from the NHS Employers options, for users with no photographic ID, should be asked for.

Step 3

On the video interview:

  • Registration Authority will text a set of numbers to the clinician and they will read it out on the video call
  • show the document that the scan/photo is from to the Registration Authority on the video call
  • Registration Authority to capture other necessary details

Step 4

Registration Authority to create the identity in the Care Identity Service for the clinician:

  • enter particular information in registration screen Passport 000000000, non photo ID TAC 1 and TAC 2 (Temporary Access Card) to distinguish these as temp C-19 identities

Step 5

Registration Authority prints the smartcard for the clinician, unlocked with 6 digit passcode, and sends to clinician.

Step 6

Registration Authority texts 6 digit passcode to clinician when they call to say received - this is generated using a random number generator.

Step 7

Registration Authority arranges for delivery of the smartcard to the clinician.

Step 8

Registration Authority assigns access to the system to the clinician as agreed with system supplier.

Additional information

What happens if an existing user locks their card or the certificates expire

Advise users to register for self unlock at: https://uim.national.ncrs.nhs.uk/selfservicewebapp/unlockCardStart

The only other option is to print a new unlocked card as per process above and send to the user – cancel the locked or expired card.

What happens when there's a need to rapidly move pharmacy staff to other pharmacies

It has been agreed that wider use of the Role Based Access Control (RBAC) 'National Locum Pharmacy Agency' code and position (FFFFF) can be used.

However, it is important that Registration Authorities keep a log of users given this access for exceptional reasons so that it can be revoked as appropriate at some point in the future.

What happens if it is impossible to hold a video meeting

Microsoft have made Microsoft Teams available free of charge for all users worldwide but in the unlikely event that it's not possible to hold a video meeting, organisations will need to take pragmatic local decisions.

It is important that processes are in place to track any users created in this way so remedial actions can be taken at the appropriate time.

Last edited: 8 April 2020 7:55 am