Introduction

Identity and Access Management (IAM) provides a trusted digital identity service for health and care professionals to authenticate their identity when accessing national clinical information systems. This authentication allows the health and care professional to log on and access those systems securely through a range of access options.

The NHS Care Identity Service makes use of current technologies and Smartcards to allow health and care professionals in England to authenticate their identity when accessing national clinical information systems. This was previously implemented using CIS (Care Identity Service), but this is now replaced by NHS Care Identity Service 2 (CIS2).

NHS CIS2 has a number of main aims:

1. Allow the use of new authentication methods to support user’s workstyles

2. Simplify the effort needed to integrate an application with the authentication service

3. Remove the need for outdated technology like IE11 or Java applets

4. Allow the use of the latest operating systems and browsers

To enable these aims, the CIS2 authentication service (CIA) is providing an OpenID Connect (OIDC) solution. OIDC is an Internet Engineering Task Force (IETF) standard that defines a protocol for applications to request a user authentication from an Identity Provider (IdP) such as NHS CIS2.

Requirements 

Compliance, Assurance and Testing

See the Care Identity Service (CIS2) section on Onboarding Overview of the Digital Care Services Interoperability Standards and Requirements.

Documentation

• NHS Care Identity Service 2 website

• NHS CIS2 Authentication guidance for developers

• OpenID Connect (OIDC) detailed guidance

• NHS Care Identity Service 2 integration toolkit

Roadmap