Text/HTML

Smartcards and ID badges

Smartcards

Smartcard

What is a Smartcard?

NHS Smartcards are similar to chip and PIN bank cards and enable healthcare professionals to access clinical and personal information appropriate to their role.

A user's Smartcard is printed with their name, photograph and unique user identity number (UUID)

On initial registration for a Smartcard, Registration Authorities are required to ask applicants for identification which satisfies the government recommended standard 'e-Gif Level 3', providing at least three forms of ID (photo and non-photo), including proof of address.

Individuals are granted access to patient information based on their work and level of involvement in patient care.

This means that for example, a doctor's receptionist may only see the information needed to process an appointment, not the full clinical record. Each time someone accesses a patient's or staff record, it will be recorded and patients can formally request to see this information.

Staff will also continue to be bound by professional codes of conduct, local regulations, the Data Protection Act and the NHS Code of Confidentiality.

A Smartcard used in conjunction with a passcode, known only to the Smartcard holder, gives secure and auditable access to national and local Spine enabled health record systems, such as SystmOne TPP, Electronic Staff Record (ESR) and the NHS e-Referral Service.

 

Introduction

Organisations that need to access patient information within the NHS Care Identity Service and other National Programmes set up Registration Authorities to manage this process.

The Registration Authority is responsible for verifying the identity of health care professionals and workers who wish to register to use these services.

Once authorised, individuals are issued a Smartcard by the Registration Authority. 

Individuals use their Smartcard and their Smartcard Passcode each time they log on.

All DCHS staff are issued with a Smartcard in order to access Electronic Staff Record (ESR), TPP SytmOne and any other Smartcard enabled applications used by DCHS.

Who are the Registration Authority Team

The Registration Authority is a small team of two staff who are.

Ian Millington - Registration Authority Manager

Working hours: Mon-Fri 0830-1630

Rebecca Ness - Registration Authority Agent

Working hours: Mon-Thu 0830-1630

 

ID badges

ID Badge

Here's what to do if you need a new ID badge for the reasons listed below.......

  • Change of job title - please provide the job title on your current ID badge, your new job title and DCHS Team & Site you are based.
  • Change of name - please provide your previous name, new name, job title and DCHS Team & Site you are based.
  • Broken ID badge - please provide your name, job title and DCHS Team & Site where you are based.
  • Lost ID badge - please firstly complete a DATIX incident report, then provide your name, job title and DCHS Team & Site where you are based.

If you need a new ID badge for any of the reasons above please email your details by clicking here

If you want to update the photo on your current ID badge please follow the New Starter guidelines below.

New Starters

All new starters are issued with an ID badge on Trust Induction. However if you have had an Induction waiver or not able to attend Induction for any other reason and require an ID badge please follow the steps below.....

  • Ask your Line Manager to take a passport style photo of you on their work smartphone.
  • The Line Manager then needs to provide a written statement confirming that the photo is a true likeness of you.
  • The Line Manager needs to add your name, job title and DCHS Team & Base of where the ID badge needs sending to.

Once the above steps are completed your Line Manager needs to email the Registration Authority by clicking here

Smartcard usage Terms and Conditions

Here are the latest National Smartcard Terms and Conditions that all staff MUST adhere to.

All staff will, at some point, have been prompted to read and accept these terms and conditions during first use of ther smartcard.


As a registered Smartcard holder you will;

1.  agree that you will keep your Smartcard / Authorised Device private and secure and that you will not permit anybody else to use it or to establish any session with the NHS Care Records Service applications. You will not share your Passcode with any other user. You will not write your Passcode down, nor use any kind of electronic storage (media or otherwise) to store it, for example by using a programmable function key on a keyboard. You will take all reasonable steps to ensure that you always leave your workstation secure when you are not using it by removing your Smartcard / locking your Authorised Device. If you lose your Smartcard / Authorised Device or if you suspect that it has been stolen or used by a third party, you will report this to your local Registration Authority as soon as possible;

2.  understand and accept that your personal data will be used as described in the "Notice to Smartcard / Authorised Device users on the use of your personal data" above. Furthermore, you agree to provide any additional information and documentation required by the Registration Authority to verify your identity. Each user must have their identity assured and verified to the relevant standard applicable at the time of registration5. This requirement may be refreshed from time to time;

3.  confirm that the information which you provide in the process of your application is accurate. You agree to notify your local Registration Authority immediately of any changes to this information;

4.  understand and accept that the Smartcard / Authorised Devices issued to you is the property of the NHS and you agree to use it only in the normal course of your employment or contract arrangement;

5.  agree that you will check the operation of your Smartcard / Authorised Device promptly after you receive it. This will ensure that you have been granted the correct access profiles. You also agree to notify your local Registration Authority promptly if you become aware of any problem with your Smartcard / Authorised Device or your access profiles;

6.  agree that you will only access the NHS Care Records Service application by using a Smartcard or Authorised Device. You agree that you will only use your Smartcard / Authorised Device, the NHS Care Records Service applications and all patient data in accordance with The NHS Confidentiality Code of Practice (www.dh.gov.uk) and (where applicable) in accordance with your contract of employment or contract of provision for service (whichever is appropriate) and with any instructions relating to the NHS Care Records Service applications which are notified to you;

7.  agree not to maliciously alter, neutralise, circumvent, tamper with or manipulate your Smartcard / Authorised Device, NHS Care Records Service applications components or any access profiles given to you;

8.  agree not to deliberately corrupt, invalidate, deface, damage or otherwise misuse any NHS Care Records Service applications or information stored by them. This includes, but is not limited to, the introduction of computer viruses or other malicious software that may cause disruption to the services or breaches in confidentiality;

9.  understand and accept that your Smartcard / Authorised Device may be revoked, or your access profiles changed at any time without notice if you breach this Agreement; if you breach any guidance or instructions notified to you for the use of the NHS Care Records Service applications or if such revocation or change is necessary as a security precaution. You also understand and accept that if you breach this Agreement this may be brought to the attention of your employer (or governing body in relation to independent contractors) who may then take appropriate action (including disciplinary proceedings and/or criminal prosecution);

10.  understand and accept that the Registration Authority’s sole responsibility is for the administration of access profiles and the issue of Smartcard / Authorised Device for the NHS Care Records Service applications. The Registration Authority is not responsible for the availability of the NHS Care Records Service applications or applications which use NHS Care Records Service authentication or the accuracy of any patient data;

11.  understand and accept that you, or your employer, shall notify your local Registration Authority at any time should either wish to terminate this Agreement and to have your Smartcard / Authorised Device revoked e.g. on cessation of your employment or contractual arrangement with health care organisations or other relevant change in your job role;

12.  understand and accept that NHS Digital may unilaterally change the terms of this Agreement6 from time to time, and unless otherwise stated these will be effective from publication; and

13.  understand and accept that these terms and conditions form a binding Agreement between yourself and those organisations who have sponsored your role(s). You also understand and accept that this Agreement is governed by English law and that the English courts shall settle any dispute under this Agreement.