Public Services

Might a separate 'GOV.UK Verify/Health' hub solve NHS identity needs?

Neil Merrett Published 02 June 2017

Source argues that a platform built using the principles of Whitehall's identity platform and carrying a similar brand could be preferred direction for ID assurance to access health services


It is understood that a care specific variation of Whitehall's GOV.UK Verify identity assurance platform that uses the technology's standards, while relying on a separate, single identity provider such as the NHS itself, is among options that could be adopted to support access to online UK care services.

A source with knowledge of ongoing talks and planning on how patients will be able to more securely access online health services said that an amended platform, potentially offered under the branding of GOV.UK Verify, was an option to meet the unique identity requirements in UK healthcare.

Theoretically, the NHS service could use a similarly branded, yet separate name such as GOV.UK Verify Health, to implement the common platform and build out a separate service that it oversees itself based on preferred criteria such as the NHS Number.

NHS Digital, which is responsible for national digital and data initiatives across the NHS, has maintained that it is still exploring "a number of strategic options for authentication and identity verification for digital health services". These options include the potential use of solutions such as Patient Online or GOV.UK Verify, which is designed to allow one of several pre-chosen companies to perform a check on a citizen's identity in order to access online services at a level of assurance (LOA) 2 security standard.

With the most recent Government Transformation Strategy having committed to try and expand use of the Verify platform from just around one million users to 25 million people in the next three years, healthcare is one area put forward to build up the user base.

However, critics of Verify continue to argue that the very design of the platform fails to meet a key need of healthcare providers for a system that makes use of unique patient identifiers - in this case the NHS number.

Common identifiers are seen as an important issue for public service delivery, particularly for local authorities, with some councils using health numbers, or a stripped down variation of them, as the basis for a system to identify users.

Any system that can potentially create an identity around the personal NHS number, as well as comply with incoming EU regulations, would be incompatible with the key design features of Verify that attempts to remove the need for a single government database.

It is understood that an option put forward during recent discussions was that a specific new solution built around Verify's principles and technology, while making use of a single ID provider such as the NHS was one option that could make GOV.UK Verify adoptable.

Earlier this year, Government Digital Service (GDS) director general Kevin Cunnington was asked about the development of separate identity assurance solutions for different purposes, such as Verify or HM Revenue and Customs' (HMRC's) planned revamp of the Government Gateway, and if there was any intention for a single ID assurance solution for the public sector.

Cunnington pointed to the possibility of Whitehall one day of bringing these different services and any other expanded ID functions under a shared brand.

"It would be nice if they become a citizen brand called Verify," he said at the time. "But obviously, certifying businesses or verifying a business is different from verifying citizens."

GDS is expected this summer to launch an isolated testing environment to trial linking the GOV.UK Verify platform with the private sector via a connected hub service.

This would have applications for both government and commercial services that could theoretically support individual user identity assurance needs, as well as those of business and agencies that are currently supported by the separate Government Gateway solution.

However, as local authorities and the private sector all look at the potential adoption of Verify, questions continue to be asked about how the platform may be meeting identity needs in the public sector.

In a report released in March looking into the work of the GDS, the National Audit Office (NAO) touched on development of Verify and its potential to reform data sharing and secure access.

"Our review shows that GDS could have done more to understand the existing landscape of department services to support their early work on identity assurance for individuals. For example there was no full analysis of how existing services identified customers or analysis of the way in which customer data is held in existing services or how this might affect the user journey from Verify to completion of the service transaction.

The NAO's findings argued that such research may have given improved understanding of how to meet the identity needs of departments and public sector bodies to improve take up. The report added that major questions remained over the platform's capabilities for wider use in the public sector, such as by NHS bodies.


Post a comment

Comments may be moderated for spam, obscenities or defamation.

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.