NHS Digital targets late September online identity launch
Initial tranche of health and social care services are expected to begin making use of single solution to ensure secure online access; Verify platform and ‘Patient Online’ still being considered
NHS Digital aims by October to begin offering a single secure identity assurance function to allow the public to access online health and care services with the existing GOV.UK Verify and GP-focused Patient Online service being considered among potential solutions.
According to a recent Board paper outlining ambitions for its Personalised Health and Care 2020 Programmes strategy, NHS Digital intends to agree a solution for citizen identity that will go live for “selected” functions relating to health and care services by September 30.
Work is ongoing to assess the preferred method for implementing an identity assurance solution that can be used by the NHS and local authorities, yet no timeline has been provided by the organisation for when it will formally decide how to manage secure access to services at present.
“We are exploring a number of strategic options for authentication and identity verification for digital health services, including consideration of existing services such as Patient Online and GOV.UK Verify,” said NHS Digital in a statement. “We are taking an incremental approach and we will be publishing updates as we progress through this work.”
Online identity is among a number of key aims for the Personalised Health and Care 2020 Programmes that also intends to tackle the need for tackling digital exclusion among patients, as well as launching the NHS.UK domain to the public, ensuring patient access to personal health records and delivering Wi-Fi to GP surgeries.
At a time where the Government Digital Service (GDS) is intending to expand users of its GOV.UK Verify platform to 25m by 2020 from just under 1.2m people at present, the private sector as well as healthcare functions are seen as possible areas for expansion.
However, it remains uncertain whether GOV.UK Verify will best meet the needs of health and social care authorities for secure access to their services as it would be unable to support a unique identification number that is understood to be a preferred component of any solution.
The need for a system that can potentially create an identity around the personal NHS number, as well as comply with incoming EU regulations, may be incompatible with the key design features of Verify that attempts to remove the need for a single government database.
It is understood that this difference in needs between healthcare providers wishing to have a system built on unique patient identifiers and GDS' privacy aims, may have delayed efforts to detail a clear plan for ID assurance in the NHS.
Critics of Verify have argued that common identifiers were an important issue for public service delivery, particularly for local authorities, with some councils using health numbers, or a stripped down variation of them, as the basis for a system to identify users.
The lack of a central unique identifier that can be held and used to pool together information on an individual is a central part of why Verify was designed, partly as an indirect response to concerns around previous government ambitions to implement a national identity card.
Part of Whitehall's strategy to build common platforms that can be used by different departments, GOV.UK Verify aims to allow users to select one of several pre-chosen companies to perform a check on their identity in order to access online services at a level of assurance (LOA) 2 security standard. This equates to a level of assurance for identity services that would stand up in a civil court.
In a report released late last month into the work of the Government Digital Service (GDS), the National Audit Office (NAO) touched on development of Verify and its potential to reform data sharing and secure access.
“Our review shows that GDS could have done more to understand the existing landscape of department services to support their early work on identity assurance for individuals. For example there was no full analysis of how existing services identified customers or analysis of the way in which customer data is held in existing services or how this might affect the user journey from Verify to completion of the service transaction.
The NAO’s findings argued that such research may have given improved understanding of how to meet the identity needs of departments and public sector bodies to improve take up. The report added that major questions remained over the platform’s capabilities for wider use in the public sector, such as by NHS bodies.
“It is not yet clear whether Verify will be able to overcome the limitations that have prevented its widespread adoption across government, or whether attempts to expand in other ways will be successful in encouraging departments to adopt it,” said the NAO. “Take-up and cost projections remain optimistic and there will always be many services that do not use the current Verify service (for example, medical services with higher assurance requirements or businesses using tax services)."