Authentication and Access
ID | S54 |
|---|---|
Version | 2.0.0 |
Type | Interoperability Standard |
Status | Effective |
Effective Date | Mar 31, 2023 |
Framework(s) |
Introduction
Identity and Access Management (IAM) provides a trusted digital identity service for health and care professionals to authenticate their identity when accessing national clinical information systems. This authentication allows the health and care professional to log on and access those systems securely through a range of access options.
The NHS Care Identity Service makes use of current technologies and Smartcards to allow health and care professionals in England to authenticate their identity when accessing national clinical information systems. This was previously implemented using CIS (Care Identity Service), but this is now replaced by NHS Care Identity Service 2 (CIS2).
NHS CIS2 has a number of main aims:
Allow the use of new authentication methods to support user’s workstyles
Simplify the effort needed to integrate an application with the authentication service
Remove the need for outdated technology like IE11 or Java applets
Allow the use of the latest operating systems and browsers
To enable these aims, the CIS2 authentication service (CIA) is providing an OpenID Connect (OIDC) solution. OIDC is an Internet Engineering Task Force (IETF) standard that defines a protocol for applications to request a user authentication from an Identity Provider (IdP) such as NHS CIS2.
Requirements
ID | Requirement | Level |
|---|---|---|
AA01 | Implement and maintain the latest specification version of NHS Care Identity Service 2 (NHS CIS2) for the authentication of Health or Care Professionals accessing NHS systems and national services | must |
Compliance, Assurance and Testing
See the Care Identity Service (CIS2) section on Onboarding Overview of the Digital Care Services Interoperability Standards and Requirements.
Documentation
NHS Care Identity Service 2 website