Authentication (IT)

Authentication (IT)

Authentication and digital access controls ensure only appropriate people have access to sensitive data relating to patient care.

Authentication methods and systems

Authentication methods/systems Notes
Biometrics E.g. fingerprint technology, face ID and voice recognition.
NHS login NHS Digital are developing a single system for verifying the identity of those patients requesting access to digital health records and services
Multi-factor or two-factor authentication (MFA/2FA) – Involves demonstration of: knowledge (something you know), possession (something you have), and inherence (something you are). Such methods provide additional protection compared with a username/password system.

Standard authentication method. The National Cyber Security Centre (NCSC) now recommend organisations do not force regular password expiry because that may create vulnerabilities and do little to reduce the risk of password exploitation. Read more: NCSC password guidance.

Top tip: NCSC recommend that a strong and memorable password is created by choosing three random words, e.g. ‘planeyellowbread’.

Role-based access control (RBAC) RBAC within the pharmacy can control what a pharmacy team member can do and what they can see.
Smartcards Provide security measures to protect patient data.

Further information and related resources

Read more at:

If you have queries on this webpage or you require more information please contact



Return to the IT section: NHS IT systems

Return to the IT section: Authentication.

Return to the section: Data security and information governance

Return to the section: Data Security and Protection Toolkit

Return to the Pharmacy IT hub

Latest Contract & IT news

View more Contract & IT news >