Authentication and digital access controls ensure only appropriate people have access to sensitive data relating to patient care.
Authentication methods and systems
|Biometrics||E.g. fingerprint technology, face ID and voice recognition.|
|NHS login||NHS Digital are developing a single system for verifying the identity of those patients requesting access to digital health records and services|
|Multi-factor or two-factor authentication (MFA/2FA) –||Involves demonstration of: knowledge (something you know), possession (something you have), and inherence (something you are). Such methods provide additional protection compared with a username/password system.|
Standard authentication method. The National Cyber Security Centre (NCSC) now recommend organisations do not force regular password expiry because that may create vulnerabilities and do little to reduce the risk of password exploitation. Read more: NCSC password guidance.
Top tip: NCSC recommend that a strong and memorable password is created by choosing three random words, e.g. ‘planeyellowbread’.
|Role-based access control (RBAC)||RBAC within the pharmacy can control what a pharmacy team member can do and what they can see.|
|Smartcards||Provide security measures to protect patient data.|
Further reading and guidance
- Identity Authentication Standard for digital health services (NHS Digital guidance)