NHS smartcards for developers

This page explains what NHS smartcards are, how they work, the end user’s smartcard journey and testing with smartcards in our path to live (PTL) environments.

An NHS smartcard is a plastic card containing an electronic chip and is used along with a PIN. It looks like a ‘chip and PIN’ bank card.

A smartcard is personalised by printing the end user's name, photograph and unique user identification number on it. The end users are typically the healthcare workers working for NHS England.

Smartcards were introduced in 2004 and are one of the ways for healthcare workers to strongly authenticate themselves. Once authenticated they can access the clinical and personal information of a patient via our national services such as PDS and EPS.

The primary purpose of smartcards is to strongly authenticate healthcare workers before they can access patient information. 

They can also be used to:

• sign in to a Windows desktop, for example at an NHS trust

• identify themselves as NHS staff, for example at a pharmacy

A smartcard combined with a PIN helps to protect a patient’s clinical and personal information securely. Smartcards are the most widely used means of access control for patient information.

The suppliers of the healthcare application or an IT support function within an NHS organisation are likely to be responsible for setting up the healthcare worker’s computer. They download the NHS Identity Agent (IA) and the NHS Credential Management Software (CMS) from NHS Digital downloads (only available over HSCN connection). These software components are responsible for initiating the healthcare workers authentication process and interactions with the server-side components.

Once the computer is set up there are 4 stages in a healthcare worker’s smartcard journey.

Applying for a smartcard

Once a healthcare worker is employed by an NHS organisation, they need to provide their proof of identity to get a smartcard. Each NHS organisation has a person who is responsible for handling this, and they are known as the Registration Authority (RA) for that organisation. The RA carries out the identity checks of smartcard users and assigns an appropriate access profile to the healthcare worker.

For further details on the RA function, see Registration Authorities Operations and Process Guidance.

1. The healthcare worker provides their details to the RA.

2. The RA creates the healthcare worker’s profile in the Care Identity Service (CIS) application.

3. The RA assigns the Roles (‘R’) and Business (‘B’) codes to the healthcare worker’s profile.

4. The RA prints and sends the smartcard to the healthcare worker.

5. The healthcare worker calls the RA to confirm the receipt of the smartcard.

6. The RA texts the 6-digit unlock code to the healthcare worker.

Applying for a card reader

The RA completes the form to order a smartcard reader on behalf of the healthcare worker. A typical card reader looks like:

Using a smartcard

1. The healthcare worker signs in to a point-of-care application.

2. The point-of-care application prompts the healthcare worker to authenticate by inserting the smartcard in the reader or a keyboard that supports smartcard authentication and enter their 6-digit PIN.

3. The smartcard reader uses IA and CMS on the healthcare worker’s computer to validate the card and the PIN.

4. After successful authentication, if the healthcare worker has more than one role, the CMS software pops up a window presenting the roles assigned for them to choose from.

If the healthcare worker has only one role this window does not pop up as the CMS software automatically chooses the available role for the healthcare worker.

5. The healthcare worker is now authenticated.

Unlocking a smartcard

NHS Care Identity provides a self service smartcard unlock option in case if the healthcare worker locks it by entering an incorrect PIN. It enables them to unlock their smartcard without having to contact their RA to do this for them. For further details see, self-service smartcard unlock.

There are different types of smartcards and modern alternatives:

• physical smartcard

• virtual smartcard

• modern alternatives

Physical smartcard

A physical smartcard is similar to a ‘chip and PIN’ bank card and is read by a smartcard reader. There are contact and contactless smartcard readers.

Virtual smartcard

A virtual smartcard has a similar function to a physical smartcard. It enables secure authentication using an app on a healthcare worker’s mobile device, to gain access to patient information. It works with the:

• NHS Identity Agent (IA) client

• Care Identity Service (CIS) software

• Card Management Service (CMS) infrastructure 

Modern alternatives

To support modern and mobile ways of working within the NHS, we recently introduced NHS Care Identity Service 2 (NHS CIS2), a new and secure authentication service for healthcare workers. It provides a single integration process for modern alternative authentication mechanisms, including:

• iPad authentication

• Windows 10 tablet authentication

• security key authentication

For further details, see Ways to authenticate using NHS Care Identity Service 2.

As a software developer, you need a smartcard so that you can authenticate yourself to access the test data for testing your application. To get a smartcard, make a smartcard request for a path to live environment.

You can:

• create new users (up to 4 per form)

• amend an existing user

• reissue a smartcard

• use one smartcard per environment

Enter the following information in your form.

Section 1: Your details.

Section 2: Confirm if you want to:

• create a new user

• amend an existing user

• copy an existing smartcard roles

• reissue an expired smartcard.

Section 3: Complete this section only if you wish to copy an existing smartcard or reissue an expired smartcard.

Section 4: Complete this section if you are a new user or need to amend details on your card. 

• You must provide Role (‘R’) codes and Business (‘B’) codes as per the National Role Based Access Control (RBAC) policy. For further details, see National role-based access control (RBAC) for developers.

• You must provide Organisation Data Service (ODS) codes, which are issued by ODS. ODS codes are unique identification codes for organisations that interact with the NHS. If you need to create your own ODS code send an email to the ITOC Support Desk. For further details, see the Organisation Data Service.

Section 5: Provide your address for smartcard delivery

The ITOC support desk issues up to 4 smartcards per application form. If you need more than this, email the ITOC Support Desk.

Our PTL environments are for early software development testing and then for formal integration testing. 

For software development testing, use NHS Digital downloads (only available over Health and Social Care Network (HSCN) connection) to:

• download NHS Identity Agent (IA) and select NHS test environment certificates during the installation
• download and install NHS Credential Management
• download and install the correct drivers for the smartcard reader that you have
• choose the correct Root CA and Sub CA for Integration depending on the environment requested on the smartcard

The diagram below provides an overview of our PTL environments and their integration with NHS CIS2 and Spine environments.

Sandbox testing

Our sandbox environment is open access, so authentication is not required.

For further details, see sandbox testing.

Integration testing

Our integration environment is paired with the NHS CIS2 integration environment, so you can use smartcards for authentication.

For further details, see integration testing with our RESTful APIs.

Go live by integrating with NHS CIS2

The NHS CIS2 integration toolkit explains how to get approval for your product and go live, see NHS Care Identity Service 2 integration toolkit.