Overview of NHS Email Login Functions and Benefits

Your medical information will only be shared with you and you alone thanks to NHS email login. It may take some time to finish this NHS mail login procedure (apologies). While the process can take several hours, it typically just takes 30 minutes. You will also be able to access our Healthcare Marketplace, examine your medical information, purchase repeat medicines, and acquire your myGP TICKet when you are done with the procedure.

Please be aware that the NHS mail Guide verifies your information, and nothing is stored on our servers without your express permission.

What it does?

Users who have an NHS email login account can visit NHS website or app using their NHS login credentials.

Who will be the user?

When a person is directed from your service to NHS login via the NHS login button, their identity is confirmed, and if they are a new user, their ID is verified. They are then delivered back to your service with the information you asked.

The user must give permission for your service to share this data. NHS login will send a user back to you with the necessary code if they decline to allow their data to be shared with your service, letting you know why they did so. You must think about how you will respond to the user. As part of your integration process, you can agree on the response.

A detailed information on levels of authentication and verification are necessary to determine the duties they can carry out in your service.

To set up their NHS email login account and register a device, users must authenticate. To access their personal or health information, they must provide identification.

Regulations for NHS email login

Your service must cater to customers who are enrolled at a GP practice in England or who are getting NHS services there in order to be eligible for NHS Email login.

  • Your offering must be patient-centered and provide a benefit for health or social care
  • Your offering must be free at the time of birth and be ordered, contracted, or sponsored by an NHS organization

Sponsored services can only be accessed through NHS login if they are new ventures with no existing clientele or a Local Authority-commissioned supplier.

Age Limitation

You must establish any age-related restrictions. Based on the risk assessment of your product, this will be taken into account.

Age restrictions for services requiring low or medium level verification are not enforced by NHS login. To pass the stringent degree of verification and receive access to their personal or medical information, users must be older than 11 years old.

How NHS login button works?

Understanding how the NHS Email login button functions inside your service is crucial. It is always required to be upfront and visible, and it is accessible in a range of various formats.

The button must follow our button specifications. If present, it must have the same visibility as any other login mechanism and cannot be customized.

What Authentication level you must choose?

The level of verification and authentication necessary for your service must be requested. You must choose the combination required to access your website or application. The term “vectors of trust” refers to this set of necessary authentication and verification.

Authentication level

Currently, we support three different kinds of authentication.

Username and password for email

A password and the user’s email address are required. To the mobile number associated with the user’s NHS Email login, a One Time Password (OTP) will be sent. To sign in, they must enter this security code.

Registered Handset

The user has a device that has been linked to their NHS login in their possession. The association may be formed using a saved browser or a One Time Password (OTP) SMS message. Users can log in as a result of this without having to submit a security code.

Data biometrics

The user has a device that has been linked to their NHS login in their possession. By employing an asymmetric key and cryptographic proof of key possession, such as a FIDO-compliant device, the device is delivered or used. Users of the app are now able to log in using biometric information like fingerprint or face recognition.

Different Layers of Verification

Three layers of user identity verification are now available.

Basic verification

Both the user’s cell phone number and email address have been confirmed as being theirs. They haven’t revealed their identity or given any other personal information.

Intermediate level of verification

The user’s extra information, which was verified to match a record on the NHS Personal Demographics Service, was provided (PDS).

This details could consist of:

  • Date of birth
  • NHS number
  • Name
  • Postcode

Users may be able to receive notifications or contact their doctor with medium level verification. Access to personal or health records is not made available.

Advanced Verification

To access medical records or personal data, the user must provide identification. A user must have successfully completed an online or offline identity verification process, where a physical comparison between a photo ID and the user has been made, in order to be verified to the highest level.

A user can apply any of the followings to do so:

Rapid ID verification

The establishment of the user’s NHS login can be expedited if they have already signed up for their GP online services. This will only function if the mobile phone number they use to access the NHS is the same one that is registered with their GP office. Users can proceed more quickly and without having their IDs confirmed again.

Photo ID and a Face Scan

The user will be required to take a picture of their ID and allow their device’s camera to automatically scan their face. Their face will then be matched with their photo ID using the scan.

These kinds of photo IDs are recognized:

  • Passport
  • UK driving license (full or provisional)
  • Biometric Residence Permit (BRP), UK Residence Card, or EEA Biometric Residence Card (BRC)
  • European driving license (full)
  • European national identity card

A photo ID and Video

The user has the option to record a brief video of their face instead of using the face scan. They will be asked to repeat four digits that will be displayed to them beforehand at random. These will be validated by our ID verification staff, and the process could take up to 24 hours.

User Data available for service

You must choose the information about the individual you want to get back. You submit a Scope that asks for user details. When an authentication request is submitted, requested details are made accessible as Claim values. Certain scopes you ask for are reliant on the vectors of trust, which are the culmination of the authentication type and verification level you ask for.

User Consent for Personal Data

Users have the option to give you their consent to share the personal data they enter into NHS login. As a result, you must choose what data you require from users in order to support them when they use your service. Additionally, you ought to have a system in place to accommodate a user experience in which the user declines to provide you access to the personal data they supply upon NHS login. You shouldn’t enquire for more details than you require.

Contact Details

Email addresses and cell phone numbers stored in NHS login are not currently connected to contact information in PDS or GP clinical systems. This allows users to protect access to their NHS login using any email address and mobile phone number they desire. Additionally, a single mobile phone number may be used for many NHS logins.

A feature that will let users update their contact information in PDS using their NHS login is currently being developed.