weerapat1003 - Fotolia

Lack of trust for banks causes NHS rethink over government online identity scheme

NHS trials of the Verify ID assurance system found patients concerned over using banks to allow access to medical data

NHS patients have reacted with suspicion to plans for banks to potentially vet their access to medical records through the government's new online identity system. The health service has instead drafted a plan to give people access after a passport check by their GP.

The fears emerged when NHS IT experts asked patients to test the new Gov.uk Verify system and say what they thought about using it to access medical information, NHS identity chief Anthony Wilson told a conference in London yesterday (8 October 2015).

NHS IT experts, being cautious over care of people's personal information, asked patients what they thought of Verify before they integrated the ID service into NHS systems. But when patients in the test learned it might involve banks and other organisations assuring their identities before they could access services, they said they trusted the NHS more.

"Why would I use my bank to access health information?" was what patients said in early trials, Wilson told the Identity Summit conference. "People said I don't trust my bank, I don't trust the Post Office, I trust the NHS," he said.

The health service responded with a plan to become an identity provider in its own right. A number of private sector organisations are already contracted to run the Verify scheme.

"We are doing some user research to get in tune with what the feeling is out there. People wouldn't naturally associate banking with healthcare. That's the initial indication from user research,” said Wilson. Instead, with the NHS itself acting as the identity provider, patients would set up their login details via their GP.

"[Patients would] go into a GP, provide their passports and documents, and prove who they are. Doctors and GPs can add them onto the system and link them into the NHS," said Wilson, who is identity product owner for the Health and Social Care Information Centre (HSCIC).

Government identity system

Verify is the new system being developed by the Government Digital Service (GDS) to allow citizens to prove they are who they say they are when accessing public services online. The scheme uses third-parties such as credit reference agency Experian, Barclays Bank or PayPal to act as ID providers and confirm a user’s identity before they are allowed to log in.

Verify identity providers check people's identities by looking them up with credit reference agencies, or by checking their recent payment records with utilities and banks.

HSCIC said last November it would adopt the Verify identity system under its 2020 modernisation strategy, to give both patients and doctors better access to medical records.

Wilson said the strategy foresees multiple, disparate healthcare systems in a decentralised NHS, all revolving around a patient's digital identity.

"This is going to be pretty challenging because we want [patients] to load their health information straight to doctors, but we need to do that in a way that considers privacy and consent and trust, and that information cannot be used in any underhand means,” he said.

“So we have linked up to one part of the government's Verify service because we've got millions and millions of patients. We don't want to be seen as holding all that information in one place."

If the NHS were in future to become a Verify ID provider, it would join nine others currently appointed, which are all private companies bar the Post Office, and include Barclays, PayPal and US telecoms giant Verizon.

David Rennie, head of industry engagement for Verify at GDS, told the conference: "We are doing a limited pilot with the NHS. It's a very different context, using a digital identity in central government, to using it with a health practitioner. So we need to understand what user needs are in that context."

The government expects nearly 700,000 people to be using its Gov.uk Verify identity assurance service to log in to digital public services by November 2015. The Cabinet Office is also talking to banks, insurers and retailers in an attempt to establish Verify identity assurance as a national scheme beyond just government services. 

Updated:  19 November 2015

Following the publication of this article, HSCIC contacted us and asked to clarify some points from the presentation referenced above. They said:

“HSCIC is working on a number of different initiatives to ensure that in the future patients can have safe and secure access to online NHS services, which are flexible and responsive to individual needs

“We are currently considering several ideas and have asked some patients about their views on different ways people might be willing to confirm their identity. We have not asked them for their views about any particular product or service. We have also asked them about how they wish to engage with the NHS electronically, although this is very early stage work with a very small group.

“While we have no firm plans in place and are currently developing ideas, it is envisaged that Verify could be part of a range of secure identification options open to patients. We are working closely and collaboratively with NHS England and the Cabinet Office on this project, and hope to have firmer plans to share in early 2016.”

Read more about Gov.uk Verify

Problems surfaced when the first users tried to use Gov.uk Verify to prove their identities

The Cabinet Office is talking to banks, insurers and retailers to establish Gov.uk Verify identity assurance as a national scheme

HMRC has denied that problems faced by the public attempting to claim marriage tax breaks are caused by the Gov.uk Verify schem

Read more on Healthcare and NHS IT

Join the conversation

5 comments

Send me notifications when other members comment.

Please create a username to comment.

Good news that someone from the IT department has found something to fill the spare time that GP Surgeries have; I imagine they'll be thrilled with to hear this.

This highlights the dangers of taking observations and comments from a user research lab too literally. In the context of accessing NHS records it's a simple step to place trust in your GP to provide you access and a leap for your bank to do this. That doesn't make it the right thing to do.
Cancel
Scary that someone in a position of influence would think this in private, much less announce it in public. I suspect more people would trust the Post Office with their healthcare than would trust the NHS with IT.
Cancel
This is basically an ID card by stealth, you'll need to register with a government approved ID service to prove who you are & to force uptake you wont be able to access the NHS without it.
Cancel
What this says is that different groups trust different organisations. It may also suggest that the way you ask the question determines the answer. I personally am happy with the Government Gateway for my dealings with HMRC but would not necessarily wish it to be my gateway to the NHS, it requires me to remember too much. I would certainly not, however, trust my NHS ID for any financial transactions - it is far too fragile and leaky. I would, in any case, like a choice of multiple providers so that when (not if) one of them fouls up and my identity is compromised, I do not starve.
Cancel
This is bonkers. Why would people think that the Verify providers would get access to their Health records just because they had done the initial verification? If you follow that logic they would also get access to all of the other govt info, such as tax, pensions etc.

Haven't GPs got enough to do already?
Cancel

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close