NHS Login: Finding the right identity journey for users

Two thirds of the UK now have an NHS Login, which enables people to access a range of health and care websites and apps with one set of log in details.

Covid was a key driver for the NHS Login, as it opened doors for people to socialise again after the lockdowns – the service saw 250,000 identity verification requests in just one day during the pandemic.

“We now have 45.3 million users with an NHS login account. And that’s not just a simple account, that’s an account that’s been confirmed,” explained Melissa Ruscoe, programme head at NHS Login.

“We have verified 32.7 million identities through the different journeys within Login. We have 1.3 billion authentications. In December 2021, we had 10.7 million authentications in one single day. To put some of these figures into context, and how we innovated, adapted, changed, scaled, delivered, back in March 2019 … I’d have said we had 13,000 accounts and verified 6.5 identities, so that gives you a flavour of how far we come.”

NHS Login: More than identity

Ruscoe was speaking at the Think Digital Identity for Government event in London this week (pictured). She joined representatives from consultancy Hippo to discuss government and private sector perspectives on the delivery of user identity solutions.

She maintained that NHS Login was about more than identity – the goal is one simple, single way to log on. “It’s about a consistent way to access digital health and care services. It isn’t just identity, it’s making that safe, secure match to your NHS records. We’re about adaptive and flexible approaches. We don’t want everybody to have to go through the burden of verifying their identity. It’s about the need of the service. So, for some services, it’s about simple authentication. For others, we have to be that higher level of verification if they’re accessing their record, getting repeat prescriptions, whatever it may be.”

The service now has 100 connected services with integrations with the likes of Boots, Co-op and sister programme, the NHS app. The future, Ruscoe said, involved improving the registration, verification and authentication journeys for users. It also includes developing new APIs that can be used by GPs, in social care, secondary care or clinicians to ensure a safe match to the user’s NHS record.

It is also tackling the complex issue of using a proxy. This is where someone can nominate someone else in the identity process – either a proxy or delegated access. However, Ruscoe said that currently in the NHS, there is currently no one way or standard to validate the relationship between two individuals.

However, she said the NHS will “be the forerunner on that and to find those standards, so we can deliver that care. That’s about bringing more people, including more people, and the use of digital tools.”

Developing passkey technology

NHS Login worked with Hippo on the delivery of the service, and they continue to partner on its development roadmap. It is now working on new passkey-based biometric authentication for NHS Login, enabling users to adopt a passwordless authentication journey if they wish. One goal is to alleviate the 2.7 million password reset requests that NHS Login received in the last six months.

“We always remember that making it simple for users to gain access to any health and social care service is an objective that we have to meet,” said Jonny Stuart, principal consultant – product manager at Hippo.

“Currently we only have the NHS app that allows a user to login via biometrics, but this will open the door for the 99 other (NHS Login) partners, like Superdrug and Co-op. They don’t have to do the development work now; this is something that we’ve created for our partners.”

“NHS Login will pioneer the adoption of passkeys among the public sector.”