Information Governance SIG. Phil Stradling Citizen Identity Lead NHS England

Transcription

1 Information Governance SIG Phil Stradling Citizen Identity Lead NHS England

2 Key points 1. New IG guidance from NHS England for patient access to records 2. New citizen identity programme within NHS England Goals: 1. Enable citizen access to records across care settings 2. Enable local procurement of identity parts via G-Cloud 3. Local implementation led by Liverpool & Southampton 3. New concept of Attribute Exchange Goals: 1. Enable citizens to share verified attributes from trusted sources 2. Initiative led by Warwickshire County Council 3. GDS/OIX working group

3 Current model for face to face verification by Practice Step 1: Evidence system Patient is verified via documents/vouching practice matches to NHS no Face to face verification Matching to NHS no NHS No Step 2: User ID/ Password to patient to register online practice issues new user ID/password Citizen registration Create account Map ID to NHS no Account Step 3: Sign-on Online access Auth Get NHS no EHR Patient signs-on to web site practice does authentication, linking, access API

4 Online verification using Identity Assurance model (IDAP) for record access Certified companies acting as identity providers Step 1: Patient is verified online Identity provider sets up account Step 2: Patient signs-on to web site Matching service must match demographics to NHS no Account created to map ID to NHS no Access to record Auth Account management Experian Digidentity Others Online verification Token request/response Federation Hub Token request/response Attribute query for NHS no ref Web site Matching service Practice Map ID to NHS no API EHR 1. IDAP = Identity Assurance Programme within Government Digital Service 2. Federation hub brokers requests for authentication from service providers 3. Certified companies do not have patient NHS numbers 4. Federation hub does not hold personal data 5. Identity providers share matching data set of name, DOB, gender & address with service providers 6. Different sectors are likely to operate sector hubs, e.g. financial, retail, health

5 Face to face verification that is trusted across care settings Step 1: Patient is verified face to face notifies CCG CCG sends to citizen to register for online access Step 2: Liverpool Patient registers for Liverpool services Patient choice on identity provider and device Face 2 face verification Matching service Notice of verification/matching Trust Trust Trust NHS No/ID mapping Federation Hub Commissioning Body (CCG) Citizen registration Multifactor auth Apple Facebook Microsoft 1. Any provider could be trusted/certified to do face 2 face verification 2. Provider matches demographics to NHS no (or CCG could do this, PDS certified) 3. Notice sent to CCG to set up account, invitation sent to citizen by CCG 4. Patient registers with an identity they know 5. Elevation in trust using OTP/device based authentication

6 Connectivity with PHRs What was agreed with IIGOP and Dame Fiona Vouching service Consent PHR map API Liverpool API PHR App Apps Apps Commissioning body Hampshire 1. A provider can exchange data with a PHR subject to consent of patient 2. A commissioner can commission services based on PHRs 3. A professional can use an app to update both an EHR and PHR Vouching service PHR map API Commissioning body So: 1. A in Liverpool can vouch for a patient and ask for consent for PHR connectivity 2. A patient may use a connected PHR in Liverpool 3. Use the same app & PHR for continuity of access to UHS in Southampton Statutory Internet

7 End goal - Access to multiple apps and care settings Choice of apps Choice of identity providers API Access across care settings App/ Web App/ site App/ Web site Web site Experian API Hub Apple API NHS No/ID mapping Commissioning body Multi-factor auth 1. Citizen clicks sign-on to app/web site 2. Hub brokers authentication by IdP and MFA where needed 3. Hub retrieves NHS No from mapping service and issues access token to app 4. App presents access token to APIs for read/write of patient data 5. Hub can issue access tokens for multiple care settings 6. Use of new standards for interoperability, e.g. OpenID Connect,FIDO and OAuth, for access from phones/tablets 7. Integration with SAML based identity providers

8 Overview of face to face and online verification working together NHS no can be mapped to: 1. Experian ID: E Apple ID: A Online verification Experian Digidentity Face 2 face verification Matching service Notice of verification/matching NHS No/ID mapping Citizen registration Others Commissioning body Federation Hub Multi-factor auth Apple Facebook Microsoft 1. A patient could register multiple identities with the NHS, e.g. their Experian and Apple IDs 2. Options for implementation - start with one option, and add other later etc 3. s or specialists can make a start with what works for them

9 Annexes GDS sign-on Delegation model Regional implementation options by CCGs

10 Access to tax record at HMRC Option to signon using Verify

11 Click No button as user is already verified (15 minute process with Experian)

12 Click Experian as selected company

13 Enter user ID and password

14 Enter OTP sent over phone

15 Access to tax record (in about 1 minute)

16 Delegation of Verification Vouching process for verification is delegated to providers, e.g. Matching process for matching patient demographics to NHS no is delegated to s (or PDS) Same model as Spine delegation of Registration Authority function Vouching service Matching service RA Current Spine Model for Professionals Commissioning body RA Commissioning body Spine

17 Access across care settings Step 1 Providers agree to trust commissioning body Liverpool Logical Model Hub CCG Hub Commissioning body Trust relationships Trust relationships Spine Hampshire Hub 1. A provider decides to trust a central service, e.g. Spine, Hub 2. Central service can be a hierarchy of regional services 3. A provider can trust both regional and national services Trust relationships CCG