The NHS Registration Authorityis a function to ensure a framework of compliance to a set of roles and responsibilities delegated through a programme board from the Department of Health, delivered by NHS Digital on behalf of NHS England to the wider NHS and approved third-parties. Find out about Registration Authority governance.
The overarching concept for the Registration Authority is Public Key Infrastructure (PKI).
The security model for the production of a digital identityassures the actual identity of the end-user by the review of real-world evidence, in accordance to NHS Employers standards,in a face-to-face meeting with a local Registration Authority,which is following national policies and processes.
The token containing the digital identityis intended to be provided in a suitable vehicle (currently in the form of a chip and pinsmartcard) which contains certificates to authenticate and signtransactions made by the holder of that token to meet the required standards as determined by legislation and regulations, such as:
- Computer Misuse Act 1990
- e-Communications Act 2000
- Electronic Signature Regulations 2002
- NHS Care Record Guarantee
- Data Protection Act 2018 / GDPR
Every NHS organisation and authorised third party is required to establish a Registration Authority service to maintain the processes in accordance with the nationally established framework of policy, procedure and technical deployment.
The responsibilities for the organisation are outlined in the National Registration Authority Policy.
This Registration Authority function is formally devolved to the Executive of the NHS Organisations or approved third parties, who must establish the Registration Authority having an accountable officer (executive lead) and the appointment of aRegistration Authoritymanager.
The Registration Authority manager is a key member to ensure the governance and security of information accessed via NHS systems using smartcards, as part of the Care identity Service (CIS).
Local Registration Authority services must have a documented policy identifying their processes.
All end-users must agree and are bound by the terms and conditions of issue and use of any token or device issued that contains the digital certificates providing their digital identity.
Last edited: 1 March 2019 2:02 pm