Authentication and digital access controls ensure only appropriate people have access to sensitive data relating to patient care. Patients may also provide identity authentication.
List of authentications
These include those below.
|Biometrics||E.g. fingerprint technology, face ID and voice recognition.|
|Digital signatures||Signatures (if required) may be provided digitally by pharmacy teams or by patients e.g. by finger tips onto a mobile device screen – supporting the paperless goals.|
|Identifiers||Some systems may authenticate you at least partially using common identifiers e.g. your Smartcard number of GPhC number if you have one.|
|Login with NHSmail||Some NHSmail systems may provide a ‘login with NHSmail’ option.|
NHS Identity is an authentication system being piloted that provides a small number of health and care professionals in England to prove their identity when accessing national clinical information systems e.g. Summary Care Record (SCR).
Authentication is either via:
NHS Identity will continue to be expanded and other developers such as Patient Medication Record (PMR) system providers or website developers may consider integrating with it in the future.
|NHS login||NHS Digital developed a single system for verifying the identity of those patients requesting access to digital health records and services (used within NHS App for example)|
|Multi-factor or two-factor authentication (MFA/2FA) –||Involves demonstration of: knowledge (something you know), possession (something you have), and inherence (something you are). Such methods provide additional protection compared with a username/password system.|
Standard authentication method. The National Cyber Security Centre (NCSC) now recommend organisations do not force regular password expiry because that may create vulnerabilities and do little to reduce the risk of password exploitation. Read more: NCSC password guidance.
Top tip: NCSC recommend that a strong and memorable password is created by choosing three random words, e.g. ‘planeyellowbread’.
|Role-based access control (RBAC)||RBAC within the pharmacy can control what a pharmacy team member can do and what they can see.|
|Smartcards||Provide security measures to protect patient data.|
Reducing multi login burden
Community Pharmacy IT Group (CP ITG) is in favour of smart authentication options which reduce the burden for health and care staff with logging into so many systems – e.g. NHS-related systems using ‘login with NHSmail’, NHS Identity, biometrics etc.
Password Managers may also be suitable for managing passwords for some systems. National Cyber Security Centre has provided guidance about Password Managers.
Read more at:
- Identity Authentication Standards (NHS Digital guidance)
If you have queries on this webpage or you require more information please contact firstname.lastname@example.org. To share and hear views about digital developments with like-minded pharmacy team members, join the CP Digital email group today.
Return to the IT section: NHS IT systems
Return to the section: Data security and information governance
Return to the section: Data Security and Protection Toolkit