STD043 - Identity Verification and Authentication Standard for Digital Health and Care Services | STD045 - Data Security and Protection Toolkit |
STD062 - NHS Number | |
ID | STD043 |
|---|---|
External ID | DCB3051 |
Version | 0.1 |
Link to standard | |
Standard Type | Data Standard (NHS) |
Status | Draft |
Effective Date |
|
Description
This standard provides a consistent approach to identity across digital health and care services. It describes why and how a person should prove their identity to access digital health and care services. For example: their GP practice, their local hospital, and their social care provider. NHS Digital has worked on this standard in conjunction with many key clinical and privacy stakeholders including NHS England and NHS Improvement, the Care Quality Commission, the Royal College of GPs, the Joint GP IT Committee, and the Privacy and Consumer Advisory Group. The defined standards and principles in this document are to enable co-ordination of effort and to avoid duplication of effort. Elements considered by this standard include: • identity verification • identity authentication • clinical authorisation • typical example transactions. This standard will be updated as and when required. The national Data Coordination Board (DCB) will approve the publication of all versions.
Applicability
Any NHS or non-NHS provider, organisation, company, or authority that provides identity services for individuals accessing online digital health or care services must adhere to this standard.
Requirements
Requirement ID | Requirement Text | Level |
|---|---|---|
STD0043-1 | See full details in the Specification and Implementation Guidance at https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/publications-and-notifications/standards-and-collections/dcb3051-identity-verification-and-authentication-standard-for-digital-health-and-care-services
| MUST |
ID | STD045 |
|---|---|
External ID | DAPB0086 |
Version | 0.1 |
Link to standard | |
Standard Type | Data Standard (NHS) |
Status | Draft |
Effective Date |
|
Description
The Data Security and Protection Toolkit (DSPT) is an online tool that enables organisations to measure their performance against data security and information governance requirements set by the Department of Health and Social Care.
Applicability
The DSPT provides a mechanism for organisations to assess themselves against the NDG 10 data security standards2, through confirming assertions, and providing supporting evidence.
Requirements
Requirement ID | Requirement Text | Level |
|---|---|---|
STD0045-1 | See full details in the Requirements Specification https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/publications-and-notifications/standards-and-collections/dapb0086-data-security-and-protection-toolkit | MUST |
ID | STD062 |
|---|---|
External ID | SCCI0052 |
Version | 0.1 |
Link to standard | |
Standard Type | Guidance |
Status | Draft |
Effective Date | TBC |
Description
This standard provides the specification for use of the NHS Number by NHS bodies and by other organisations providing health and care services in England in partnership with the NHS. It defines how the NHS Number must be used in identifying people receiving health and care services, and in locating and communicating their health and care records and other information pertaining to the planning and provision of their care. The standard sets out how information systems must accept, store, process, display and transmit the NHS Number, and what organisations must do to ensure that they use the NHS Number correctly.
Applicability
This standard applies to all bodies that commission or provide health and care services in England in partnership with the NHS including their relevant system suppliers.
Requirements
Requirement ID | Requirement Text | Level |
|---|---|---|
STD062-1 | MUST be capable of storing the NHS Number as described in the NHS Data Dictionary on patient/service user records. | MUST |
STD062-2 | MAY indicate whether/when the currently stored NHS Number has been verified by checking against the Personal Demographics Service. | MAY |
STD062-3 | MUST allow users to find a patient/service user record using the NHS Number as the only search criterion. | MUST |
STD062-4 | MAY allow users to find a patient/service user record using the NHS Number as part of the search criteria in conjunction with other demographic information | MAY |
STD062-5 | MUST allow users to find a patient/service user record without using the NHS Number as part of the search criteria. | MUST |
STD062-6 | MUST include the NHS Number in any patient identifiable data/service user information sent electronically, with the following exceptions: • The NHS Number is not available at time of transmission. • The use of the NHS Number is in conflict with other requirements, standards, legislation, common law duty of confidentiality or policies. | MUST |
STD062-7 | MUST display the NHS Number on every screen showing patient identifiable data/service user information (if available). The verification status of the NHS Number SHOULD also be displayed if maintained. | MUST |
STD062-8 | MUST include the NHS Number on all hard-copy outputs containing patient identifiable data/service user information (if appropriate and available at time of output). | MUST |
STD062-9 | MUST display and print the NHS Number for people to read in 3 3 4 format (e.g. 123 456 7890). | MUST |
STD062-10 | MUST allow the NHS Number to be input into the appropriate data input field on the screen as 10 digits with or without spaces. | MUST |
STD062-11 | MUST validate (both format and check-digit) the NHS Number when input. | MUST |
STD062-12 | MUST be capable of reporting where the same NHS Number (verified or not) is recorded on more than one patient/service user record. | MUST |
STD062-13 | SHOULD be capable of reporting all patient/service user records without an NHS Number recorded. | SHOULD |
STD062-14 | When a system user uses the NHS Number to retrieve an electronic record other demographic information supplied MUST be used to confirm the patient’s/service user’s identity and that the record retrieved belongs to that patient/service user | MUST |
STD062-15 | When supplied, the NHS Number SHOULD be used instead of demographic data as the patient/service user identifier. | SHOULD |
STD062-16 | Data quality processes SHOULD be in place to resolve electronic patient/service user records where the same NHS Number (verified or not) is recorded on more than one record. | SHOULD |
STD062-17 | Organisations MUST ensure all staff are trained in the correct use of information management technology systems, human behaviours and business processes required to support this Standard. | MUST |
STD062-18 | At the start of each new episode of care or contact, or at the earliest opportunity the patient’s/service user’s demographic data, including NHS Number SHOULD be confirmed with the patient/service user or his/her parent or carer or other organisations working with the patient/service user. | SHOULD |
STD062-19 | The patient’s/service user’s NHS Number SHOULD be determined at the beginning of (or prior to) the episode of care, where possible and practical. | SHOULD |
STD062-20 | The parent or guardian MUST be given written confirmation of the NHS Number of a newborn child following allocation via the statutory notification of birth (through NHS Number for Babies Service (NN4B)) or the Personal Demographics Service (PDS). | MUST |
STD062-21 | The patient’s/service user’s NHS Number SHOULD always be included as part of all communications, correspondence and filing systems involving patient/service user identifiable data/service user information. Additional patient/service user demographic information MUST also be included with the NHS Number. | SHOULD |
STD062-22 | Organisations MUST promote the importance and use of the NHS Number to all staff. | MUST |
STD062-23 | Organisations MUST have processes in place to support patients/service users to know their NHS Numbers and to supply it to them when requested. | MUST |