For action: Next steps to update your NHS Public Key Infrastructure certificate

Current NHS Public Key Infrastructure (PKI) first-generation (G1) certificates are due to expire on 4 June 2024. Communication via the Spine will cease for any IT systems with invalid certificates, which could impact patient care.

Suppliers of healthcare technology must install second-generation (G2) certificates before this date. We recommend you complete these 5 steps as soon as possible and before 31 December 2023.

Please note: the certificates used for local Interoperability Toolkit (ITK) web service end points that send NHS 111 messages that flow direct between systems are not yet ready to be updated. Please do not renew these certificates until you receive further instructions.  

You can contact our team if you have any questions or need further support. 

/by
For action: Next steps to switch on access to online GP records

The updated GP contract requires all practices to provide their patients with online access to new (prospective) health information in their GP records (unless exceptions apply) by 31 October 2023. 

Once you have completed the GP readiness checklist, you will be able to have your clinical IT systems updated to automatically allow your patients access to their new records. 

EMIS practices should complete an opt-in form and select a date. We recommend booking early as slots are limited. 

TPP practices can now update their own systems easily and conveniently by following instructions in this user guide (FutureNHS login required). 

Find out more about switching on access to new GP records. 

/by
Change to Smartcard passcode requirements

We are changing the passcode requirements of NHS smartcards as part of a national update to the Care Identity Service for health and care staff. We are making this change as part of our preparation for rolling out a more advanced smartcard, the series 9.

The minimum security passcode length on all smartcards will change to 6-8 numbers only. We will no longer accept letters as part of your passcode.

Health and care professionals with a smartcard: your current passcode will continue to work. You do not need to change your passcode now.

You will only notice this change when the time comes to choose a new passcode, for example if your smartcard is locked.

The change will take affect from Wednesday 19 July 2023.

For health and care professionals with a smartcard, you will only notice this change when the time comes to change or reset your passcode.

Please ensure that the passcode you use is not easy to guess and contains 6-8 numbers only. Avoid using birthdays.

Remember that your passcode is the safety check that proves it is you using the card. All operations performed using that card are linked to you, so do not share the passcode with anyone.

If you have any queries about this change, please contact your local Registration Authority.

For registration authorities

You need to be aware of the new requirements to passcode in case staff approach you about the change.

If a user tries to set a passcode of fewer than 6 numbers, this will return an error message indicating that the passcode is too short.

Setting a new passcode with letters will also return an error.

Passcodes in Care Identity Management

The Care Identity Management smartcard passcode policy is still 4-8 characters.

This is out of step with the revised Care Identity Service application passcodes, which must be 6-8 numbers.

A future release of Care Identity Management will align the two services. This is expected by the end of September 2023.

/by
Event: Secure Data Environment webinar

Book your place on NHS England’s Secure Data Environment (SDE) webinar on Wednesday 19 July to see the SDE platform in action, understand the application process, the charging model and data availability. We will also update you on the continuous improvements planned for 2023/24, and there will be plenty of time for you to ask questions.

/by
Deprecation of support for IF-DLP Registration and IF-DLP Authentication

In line with plans to migrate all internal NHS England (previously NHS Digital) services to NHS CIS2 Authentication by 30 September 2023, we will reduce the support level for the IF-DLP Registration and IF-DLP Authentication service from Bronze SLA to 'Reasonable Endeavours' on this date.

Subsequently, we will disable IF-DLP Registration and IF-DLP Authentication on 31 January 2024.

Currently the IF-DLP Authentication service provided by NHS CIS2 Authentication is supported to a Bronze SLA. Supported hours are 8am to 6pm, Monday to Friday with 98% target availability.

Note: This change affects the IF-DLP registration and authentication using https://dsp-portal.digital.nhs.uk/ - not the HSCN based Smartcard authentication to DLP (https://dsp-portal.national.ncrs.nhs.uk/). However, the HSCN based access will also be changing due to CIS1 Auth deprecation.

On 30 September 2024

  • we will reduce the support level for the IF-DLP Authentication service from Bronze SLA to 'Reasonable Endeavours'
  • operational hours will remain 8am to 6pm, Monday to Friday with no guarantees around service uptime

On 30 September 2025

  • Identity Management using IF-DLP Registration process will no longer be available
  • Authentication will no longer be available via IF-DLP Authentication

If you use the IF-DLP Registration process

If you are a registered IF-DLP user: 

If you register other IF-DLP users: 

If you use IF-DLP Authentication 

If you are a registered IF-DLP user, before 31 January 2024 you will need to: 

If you are responsible for managing the DSCRO / DLP service

You should plan to:

NHS CIS2 Authentication provides a modern, secure authentication platform with securely proven identities and a wide range of authenticators, coupled with the National RBAC data.

It means:

  • users can be enrolled either using a Registration Authority, or via the new Apply for Care Identity service.
  • Registration Authorities can apply organisation based national RBAC roles and assist users with registering authenticators
  • users can securely access services over the internet using authentication options which suit their working environment

Benefits of moving to the full NHS CIS2 Authentication service include:

  • a higher level of security from the current DLP auth service
  • a common identity with other NHS and Health and Social Care applications
  • new features such as modern alternatives to smartcards, and supports access over the internet via devices other than Windows PCs
  • more secure and better optimised for high availability and for the addition of new capabilities wherever demand creates a need

For questions, contact us by email on: nhscareidentityauthentication@nhs.net.

/by
Deprecation notice: IF-DLP Registration and IF-DLP Authentication

We plan to migrate all internal NHS England (previously NHS Digital) services to NHS CIS2 Authentication.

In line with this, IF-DLP Registration and IF-DLP Authentication will be deprecated on 31 January 2024.

Both services will then be retired on 31 March 2024.

On 31 January 2024

  • We will reduce the support level for the IF-DLP Authentication service from Bronze SLA to 'reasonable endeavours'.
  • Operational hours will remain 8am to 6pm, Monday to Friday with no guarantees around service uptime.

On 31 March 2024: 

  • Identity Management using IF-DLP Registration process will no longer be available.
  • Authentication will no longer be available via IF-DLP Authentication.

Benefits of moving to the full NHS CIS2 Authentication service include:

  • a higher level of security from the current DLP auth service
  • a common identity with other NHS and Health and Social Care applications
  • new features such as modern alternatives to smartcards, and supports access over the internet via devices other than Windows PCs
  • more secure and better optimised for high availability and for the addition of new capabilities wherever demand creates a need

Definitions

Deprecation notice

A decision has been taken to deprecate a service. The deprecation notice is issued with a deprecation and retirement date. 

The service remains available for use. However, no new integrations are allowed.

Deprecation date

The service level changes from "Bronze" to "reasonable endeavours". The service remains available for use. No new integrations are allowed.

Retirement date

The retirement date is the date at the end of this period at which the service will be taken out of service. 

The service is no longer available for use after this point.

Note: This change affects the IF-DLP registration and authentication using https://dsp-portal.digital.nhs.uk/ - not the HSCN based Smartcard authentication to DLP (https://dsp-portal.national.ncrs.nhs.uk/). However, the HSCN based access will also be changing due to CIS1 Auth deprecation.

If you use the IF-DLP Registration process

If you are a registered IF-DLP user: 

  • before 31 March 2024 you will need to re-register for a Care Identity profile

If you register other IF-DLP users: 

  • before 31 March 2024 you will need plan if/how you support users to re-register for a Care Identity

If you use IF-DLP Authentication 

If you are a registered IF-DLP user, before 31 March 2024 you will need to: 

  • re-register for a Care Identity profile
  • check that you are able to use one of the authenticators provided by NHS CIS2 Authentication

If you are responsible for managing the DSCRO / DLP service

You should plan to:

  • move the existing smartcard enabled authentication for DLP (https://dsp-portal.national.ncrs.nhs.uk/) to NHS CIS2 Authentication
  • identify all users who are currently registered with IF-DLP Registration and support them in re-registering for a Care Identity profile
  • support users in getting set up with authenticators provided by NHS CIS2 Authentication
  • determine the best way to apply and manage the correct level of authorisation, for example RBAC roles assigned by Registration Authorities

How to re-register for a Care Identity profile

Users can re-register by using either:

NHS CIS2 Authentication provides a modern, secure authentication platform with securely proven identities and a wide range of authenticators, coupled with the National RBAC data.

It means:

  • users can be enrolled either using a Registration Authority or via new Apply for Care Identity service.
  • Registration Authorities can apply organisation based national RBAC roles and assist users with registering authenticators.
  • users can securely access services over the internet using authentication options which suit their working environment.

Read more about CIS2 Authentication.

For questions, contact us by email on: nhscareidentityauthentication@nhs.net.

/by
Money-saving deal gives NHS staff access to latest digital tools

All NHS staff in England will have access to the latest digital tools as part of ongoing efforts to increase efficiency and boost productivity in the health service.

A deal negotiated by NHS England will mean all NHS workers, including doctors, nurses, clinicians and support staff, can benefit from the full suite of Microsoft 365 workplace productivity apps, making collaboration easier and maximising time for care.

In the past, each local organisation would be responsible for purchasing their own licences for software. By using a single national contract, the NHS is taking advantage of its collective purchasing power to save millions of pounds, as well as ensuring organisations are all working on the same systems.

The new five-year agreement, which has been awarded to Bytes, includes access to Microsoft products and will also provide the opportunity to introduce further innovative tools from other suppliers in the future.

Since the first national deal in March 2020 made the Microsoft Teams app available to all NHS staff, users have saved more than 17 million hours of time by using it for virtual meetings, where meeting in person is not necessary.

John Quinn, Chief Information Officer at NHS England, said:

“This new five-year agreement will mean we can create a platform for innovation so that NHS workers always have the latest digital tools to help them focus on frontline care.

“We’ve seen huge benefits following our original agreement with Microsoft in 2020, whether using Microsoft Teams to make it quicker and easier to arrange meetings or other digital tools that mean more time can be spent supporting patients.

“As the NHS turns 75, this deal is part of a long history of the health service adapting to make use of the latest and greatest innovations available to deliver more productive and joined up services for patients, and gives us a strong platform to build on for the future.

“This is a further great example of the NHS using our collective buying power to secure market-leading products at a reduced cost for taxpayers, and our contract with Bytes means we can also explore opportunities to introduce new innovative technology over the coming years.”

The five-year agreement will mean NHS organisations can benefit from a comprehensive suite of Microsoft security solutions. This includes capabilities around threat protection, data governance and compliance that will strengthen the cyber resilience of the NHS.

Clare Barclay, Chief Executive Officer, Microsoft UK, said:

“As the NHS marks its 75th anniversary, Microsoft is delighted to provide technology that will enable clinicians and support staff to focus on what matters most – caring for patients.

“This agreement will ensure that NHS organisations can deliver efficiency, reform ways of working through collaboration tools and build resilience through a modern, secure cloud-based infrastructure.”

Jack Watson, Managing Director, Bytes, said:

“Bytes are delighted to strengthen our longstanding relationship with the NHS by accelerating their secure adoption of Microsoft cloud services that provide a platform for future innovation in healthcare. This five-year contract highlights the breadth and depth of skills Bytes bring in managing, advising, and supporting the NHS to utilise secure cloud platforms, analytics, and apps.

“This award reflects our remarkable heritage in connecting people with technology. It is fitting, and a great privilege, to be selected as the partner of choice on the 75th anniversary of the NHS. We are committed to putting customer service and patient outcomes at the forefront of our daily activity.”

/by
Schools encouraged to participate in NHS survey on smoking, drinking and drug use

The Smoking, Drinking and Drug Use in Young People in England survey provides an invaluable snapshot of prevalence, trends and attitudes amongst students aged 11 to 16.  

The results will provide vital information to better understand behaviour and to develop policies, plan new initiatives and monitor their impact. 

Students in participating schools will complete the survey questionnaire anonymously under exam conditions. This year for the first time, the survey will be open to all mainstream secondary schools and entirely online, so students will be able to complete it securely on a school computer, laptop or tablet.  This will halve the time needed and improve accessibility, making it easier for schools and for students.  

Since its inaugural publication in 1982, the survey is now published every two years and has been an important source of information for government departments, local authorities, charities and academic institutions. It plays an essential role in informing health and education policy, for instance in 2015, the survey data was used to help make the case for the legislation which banned adults smoking in cars when children are present.  

The 2023 report will be published by NHS England next year and is accredited with National Statistics status, while the survey itself will be carried out by Ipsos. 

It will include information on the percentage of students who have ever smoked, drunk alcohol or taken drugs and is analysed by demographics including age, gender, ethnicity and geography. 

The survey will also deliver updated insights into the increasing use of e-cigarettes, or ‘vaping’, amongst young people. This follows findings from the 2021 survey which saw a 3% increase in e-cigarette use, from 6% in 2018 up to 9% in 2021.  

As part of the research, secondary schools from across the country are being asked to facilitate the short survey between September and December 2023. State, independent and private secondary schools are all invited to register their interest in participating.  

Schools will receive a lesson plan designed to fit in with the PSHE (personal, social, health and economic) curriculum and the survey can be run as part of a PSHE lesson. Participating schools will also receive a bespoke report showing how their school’s survey results compare to the national results. The new online format will also allow the survey to be undertaken on a voluntary basis by schools annually. 

Gary Childs, Assistant Director, Data and Analytics at NHS England said: “The insight about behaviours and attitudes that this survey offers is essential to the formation of effective health and education policy. 

“Without the participation of schools, we would not be able to provide this crucial insight and therefore we are extremely grateful to all the schools and students who take up this opportunity.” 

Sam Clemens, Research Director at Ipsos said: “We are really pleased to be launching this survey digitally for the first time, and are looking forward to working closely with NHS England, schools and students across the country to deliver another hugely insightful data gathering project.  

“The scale of the survey allows us to accurately understand the nuances in trends between age groups and demographics, which is why we encourage as many schools as possible to participate. In addition to helping wider policy, this information will allow schools to provide bespoke and targeted support to their students.” 

The new digital version of the Smoking, Drinking and Drugs Survey has been piloted with a small group of volunteer schools.  

Aimee Stevens, Head of CLASS – Culture, Life and Societies Studies (PSHE) at Penrice Academy in Cornwall, said: “Being involved in this year’s pilot scheme for the survey has been incredibly valuable to us. It has helped us understand how these issues affect our students and how we can incorporate the data into our pastoral offer as well as PSHE lessons. 

“It is important that students have the opportunity to reflect on their own experiences and that we gather perspectives from across the country. The topics are very relevant points of interest to our pupils and the survey is a fantastic opportunity for us to engage in informed discussions on the issues of smoking, drinking and drug use.” 

Schools can register their interest to participate or find out more information about the survey by emailing SDDsurvey@ipsos.com

/by
Event: Supporting ICBs to adopt the Register with a GP surgery service – July 2023

Colleagues working in integrated care boards are invited to join a webinar on 11 July from midday to 1pm to hear about the benefits of the Register with a GP surgery service for both GP practices and patients.

You’ll learn more about how you can support the delivery plan for recovering access to primary care by encouraging uptake in your area, and get a demonstration of our new dashboard which tracks service uptake on both practice and regional levels.

Register to attend.

/by
Naming conventions in Care Identity Service

We've clarified how we're naming some applications and services and this article explains these changes.

Summary

  • Care Identity Service (CIS) is now used as the name for the whole service covering access to patient data.
  • The smartcard and profile management system known as Care Identity Service will now be known specifically as the Care Identity Service application.
  • We've stopped using the name Identity and Access Management.
  • The Care Identity Service application is being replaced by Care Identity Management and this name has not changed.
  • CIS2 only refers to CIS2 Authentication. CIS2 is not an alternative name for Care Identity Management.
  • Apply for Care ID is not changing.

Explaining each name

Access to patient data using smartcards and other authenticators is grouped under one overarching name: Care Identity Service. This is printed on smartcards and people understand what it means, so we've decide to keep this name.

We do know Care Identity Service is the name of the legacy system that Registration Authorities use to manage access to patient data. We will now be referring to that system as the Care Identity Service application.

We have decided to move away from the name Identity and Access Management. Where you see that name, you should take it to be referring to Care Identity Service.

Apply for Care ID is not changing.

CIS1 v CIS2

We understand that CIS1 and CIS2 have become confusing terms. From now on, we will only use these terms to describe two specific parts of Care Identity Service:

  • CIS1 Authentication - this legacy authentication service is being replaced by CIS2 Authentication
  • CIS2 Authentication - the new secure authentication service used to access patient data with smartcards, security keys, Windows Hello for Business, iPads and Microsoft Authenticator

CIS1 is not the name of the legacy system being replaced by Care Identity Management. That system is now only known as the Care Identity Service application.

CIS2 had been used in some cases as another name for Care Identity Management. CIS2 will now only refer to CIS2 Authentication and not Care Identity Management.

/by