NHS CIS2 authentication iPad app

Information about NHS CIS2 authentication iPad app.

iPads are great portable devices with screens large enough to be able to view and manage clinical information easily.

The NHS CIS2 iPad App enables users of iPads to authenticate securely into national clinical information systems using face and fingerprint biometrics.

It is a great option in environments that require ultimate mobility without the need for a smartcard or reader.

NHS CIS2 iPad app icon next to an iPad showing the NHS CIS2 authentication screen

Convenient

Uses fingerprint biometrics - no need to carry around a separate authentication device that can be lost
Enables secure authentication to national clinical information systems - without the need for a smartcard and reader

Choosing the NHS CIS2 iPad App

Users tend to find authenticating with the NHS CIS2 iPad App works well when they:

have access an iPad
work on a single iPad device
are very mobile (working in ambulances/helicopters)

Secure

NHS England security standards require iPad security to meet the following criteria:

one device per person
if any fingerprint is changed, the authentication binding is invalidated and requires the device to be re-registered with the user
The NHS CIS2 iPad App can be used on iPads with iPadOS v14+

Reliable

NHS CIS2 Authentication is a platinum service, supported 24 hours a day, 7 days a week.

See our latest availability statistics.

Case Study

Paramedics at London Ambulance Service

The organisation and service

London Ambulance Service are the busiest emergency ambulance service in the UK serving one of the world’s most dynamic and diverse cities. They provide emergency and urgent healthcare that is free to patients at the time they receive it.

They have more than 8,000 people who work or volunteer for them and they are the only NHS provider trust to serve the whole of London and the nine million people who live in, work in or visit the city.

As part of wanting to improve the quality of the service they provide, they wanted their paramedics to be able to access NCRS without the restriction of having to use a desktop connected to a HSCN.

Moving to NHS CIS2 Authentication

To start using NHS CIS2 Authentication, Paramedics at the London Ambulance Service needed to register their iPad devices with their local RA. Each user was supported by their local RA who helped to register the iPad to the user's Care Identity profile.

The NHS CIS2 app was provisioned to the iPads by the Mobile Device Management (MDM) team within local IT support.

The experience

Paramedics are benefitting from using the NHS CIS2 iPad App to authenticate into NCRS - without the need for Smartcards, readers or a HSCN connection.

They can now access the patient's National Care Record on-route and at the scene.

The rollout of iPads across the Trust has become the cornerstone of our digital transformation, allowing our clinical staff to electronically complete patient records, and also access clinical information supporting more efficient patient care.

Stuart Crichton, Chief Clinical Information Officer, London Ambulance Service

Considerations for organisations providing IT Support

No additional software is needed as it uses open standards - just procure, register and use
No certificate renewals required

Procurement

Trusts and organisations are responsible for procuring their own iPad devices.

The NHS CIS2 iPad App is free, available on the Apple Business store and installable by local mobile device management (MDM) teams.

Registering devices to users

Each user must have their own iPad device.

To enable the NHS CIS2 iPad App for use, users need to request and complete an Authenticator Registration from a Registration Authority (RA).

Network Configuration

NHS CIS2 Authentication is primarily an Internet Only service, therefore, some configuration may be required to enable access:

out to NHS CIS2 Authentication
in from NHS CIS2 Authentication

Out to NHS CIS2 Authentication

Both end users and applications need to be allowed to send requests out to https://am.nhsidentity.spineservices.nhs.uk/.

This domain is on randomly allocated IP address and is subject to change.

In from NHS CIS2 Authentication

Whenever the user's NHS CIS2 Authentication session is destroyed (e.g. on expiration), NHS CIS2 Authentication can send Back-Channel Logout requests to the application.

These requests come from a small number of fixed IP ranges.

The application, therefore, may require that its hosting network allows requests from NHS CIS2 Authentication to be routed through firewalls to the application.

If the application is installed within trust networks, it is recommended that these are isolated on web servers and not directly exposed on critical internal servers.

Get access

To request access to the CIS2 iPad app for your organisation, please complete this form.

Support

You can get support by going to the NHS Digital Customer Portal or emailing [email protected].

Our vision is evolving as we learn

There are lots of features we are working on and considering for the future.

We'd love to hear what you think.

To suggest, comment or vote on these features, visit our feedback portal or contact us by emailing [email protected]).

Last edited: 16 May 2024 1:34 pm