Is a Standard ‘NHS Online Account’ Feasible? John Webb, Liverpool CCG Digital Care PM Phil Stradling, NHSE Citizen Identity Lead Digital In Action – 24-May-16
Vis ision for Cit itiz izen Id Identit ity • A citizen can verify their identity once and use their choice of digital identity to access services across care settings and the public sector in a safe and secure manner (federated identity) What we’re testing with local health economies: 1. Enabling CCGs to drive digital relationships with patients and carers using a verified identity 2. Options for identity verification: a) GOV.UK Verify, and b) Local Verification 3. Matching a verified individual to their NHS number 4. Citizen controlled sharing of identity attributes 2
Healt lthy Liv iverpool Programme Digital Care • Interoperability • Scale up Assistive Tech • PHR to support • Information gathering • Data sharing & Consents • Self-care • Joint decision-making • Online interactions
In Init itial l Hub Model Liverpool app portfolio GP Local platform Practice Patient (Microsoft Azure) Hospital Referral Message bus APIs GP Practice Encryption Patient Pain EMIS Keys Management app Microsoft APIs Referrals PHR Other Apps Email Invites Clinician Professional Registration Portal
GOV.UK Verif ify • New way to prove who you are online • Choice of 8 certified companies to verify your identity. • Aim is an account that can be used across all Government services - including local government. • Over 500k verified IDs so far • Pipeline of services • 10 live: Tax/Pension/Driving License • 50 more on roadmap • For more info see www.gov.uk/verify A short video 5
Local Verification HSCIC CCG GP practice Citizen API Registration Registration PID and Vouching form App details NHS No + Registration NHS Online Evidence App account GP system of ID Set up social identity and phone Citizen 6
Revis ised Hub Model GOV.UK Verify Local platform Azure Azure Active Verify Liverpool app portfolio GP Accounts Service Bus Directory B2C Patient Practice Federation Referrals Evidence Vouching app broker HSCIC of ID Email Invites Online Consents accounts Pain Registration Management app 2-Factor Keys Authentication Social identity providers Other Apps Hospital (e.g. Google) APIs GP Practice Patient Liverpool Health Login Multi-factor App EMIS authentication Microsoft service Clinician APIs Professional (using phone) Portal PHR
The case for a standard NHS Onlin line Account 1. Citizen has control of their NHS Online Account • Only created with citizen’s consent • Citizen can ‘opt - out’ and delete their account 2. Minimal disclosure as an account consists of two data elements: • NHS no • Selected digital identity 3. Enables flexibility for local NHS bodies • Use of NHS no to create new local accounts • Use of NHS no to access existing records • Open market for app developers to innovate 4. Deployment options • HSCIC hosts the NHS Online Account with open APIs for access • CCGs host local instances of NHS Online Account, with HSCIC hosting a locator service 8
Current Sit ituation 1. Liverpool is about to trial Verify & Local Verification 2. Ongoing risk mitigation work to address masquerading and safeguarding issues – across HSCIC, GDS, NHS 3. Starting to engage other NHS localities as early adopters 9
Support for Oth ther Locali litie ies • Available support: • GDS on-boarding team and process • SE CSU team and guidance on use of Citizen Identity • Liverpool docs, e.g. privacy impact assessment • Re-usable components • HSCIC Matching service • NHS Online account service • Integration with PDS for matching demographics to NHS No. • Microsoft: • Federation broker and support for open standards • Interface with Verify • Liverpool CCG • Vouching components • Trust framework policy/scripts 10
Q&A • Questions • Follow-ups 11
Architecture for r enabling oth ther loc localities Locality B GDS hub Certified Locality A identity Patient provider Verification + SAML GOV.UK Verify Patient Authentication Sign-in Access Patient facing app Federation OIDC Patient facing app broker HSCIC PDS Matching service REST Email PID NHS no NHS Online account • Cohort Professional External Services identification • Sign-post to Social NHS Two-Factor digital pathway Identity Authentication Invite Providers patients OIDC = OpenID Connect, a standard based on OAuth
Recommend
More recommend
