Image source: Mark Say
The team working on NHS Login is aiming to make it easy to use for a wider range of people and to broaden its capabilities.
It has also soft launched the use of passkeys as an alternative to passwords for the mechanism for logging into NHS websites and apps.
Melissa Ruscoe, NHS England’s delivery director for the programme, outlined the developments at the Think Digital Identity for Government conference this week.
She highlighted six areas for development, one being to improve ways that users can prove their identities, which can involve enhanced automation.
“It’s about accessibility, making sure our journey is simple and easy for everybody to use,” she said. “Nobody wants to do their identity, it seems a barrier, so we need to continue to improve the journey, from registration to verification and authentication.
“That could be as simple as looking at our messaging and content, but also in working with new digital partners on how to improve those journeys.”
There is also scope to develop new APIs that could enable health and social care providers to create an NHS Login account for patients who do not yet have one, she said.
Authentication alternatives
Another ambition is to develop alternative methods of authentication. A significant, albeit low profile, development has taken place with the team making it possible to use a passkey as an alternative to a password in the log-in process.
This involves providing a private digital credential adhering to FIDO Alliance standards held on the user’s device that can be matched with a public key for the relevant service to provide access. The concept is now being promoted by Google, Apple and Microsoft with the aim of saving people from having to create multiple passwords and re-use them for different systems.
Jim Small, head of identity at Hippo Digital, which is working with NHS England on the programme, said this has been available on NHS Login for a few months as part of a learning process on its capabilities.
Ruscoe pointed to other plans including enhancing offline identity verifications to online access, evolving the infrastructure, scale and security controls of NHS Login, and developing a federation of proxy relationships.
“One of the biggest, most complex areas where we are working is in proxy,” she said. “This is the ability to nominate or for another individual to let somebody care for them in a digital arena.
“There are two kinds of relationships there, proxy or delegated access. Technically they can be simple, but not for the NHS.
“Everybody at the moment has varying ways to prove this. There is no standard out there of how we validate that relationship between two individuals, what evidence we need, and to what level do we validate it; and the NHS will be the forerunner on that and define those standards.”
Cross-government
There will also be an effort to develop cross-government opportunities in line with what users want.
Ruscoe added that all of the efforts will need to find the right balance between usability and security.
She also provided figures indicating that so far 45.3 million NHS Login accounts had been creating, with 32.7 million identities verified to a high level and 3.5 million to medium, and 1.3 billion log-ins to integrated services such as the NHS App. Availability of the service had been at 99.99%.
