Authentication and digital access controls ensure only appropriate people have access to sensitive data relating to patient care.
Authentication methods and systems
|Biometrics||E.g. fingerprint technology, face ID and voice recognition.|
|NHS login||NHS Digital are developing a single system for verifying the identity of those patients requesting access to digital health records and services|
|Multi-factor or two-factor authentication (MFA/2FA) –||Involves demonstration of: knowledge (something you know), possession (something you have), and inherence (something you are). Such methods provide additional protection compared with a username/password system.|
Standard authentication method. The National Cyber Security Centre (NCSC) now recommend organisations do not force regular password expiry because that may create vulnerabilities and do little to reduce the risk of password exploitation. Read more: NCSC password guidance.
Top tip: NCSC recommend that a strong and memorable password is created by choosing three random words, e.g. ‘planeyellowbread’.
|Role-based access control (RBAC)||RBAC within the pharmacy can control what a pharmacy team member can do and what they can see.|
|Smartcards||Provide security measures to protect patient data.|
Further information and related resources
Read more at:
- Identity Authentication Standard for digital health services (NHS Digital guidance)
If you have queries on this webpage or you require more information please contact email@example.com.
Return to the IT section: NHS IT systems
Return to the IT section: Authentication.
Return to the section: Data security and information governance
Return to the section: Data Security and Protection Toolkit