Getting or recovering access to patient data using a smartcard or other authentication device.
Page contentsAn NHS smartcard is an authenticator token containing a chip with electronic certificates issued to it alongside a passcode. It looks like a 'chip and PIN' bank card.
If you have one of these cards, you have a Care Identity profile. You use it to access clinical and personal data. Your smartcard will include your name, photograph and UUID (Unique User Identification) number.
A smartcard contains a pair of digital certificates, stored for security and authentication purposes and bound to the user's identity. These certificates need to be renewed at least every 3 years.
Each NHS organisation has a team or person who is responsible for registering new users, known as a Registration Authority (RA). The Registration Authority undertakes checks, verifies the identity of smartcard users and assigns the appropriate access permissions to the healthcare worker.
If your role means you may need access to clinical and personal data, a Care Identity profile will be created for you and you'll receive a smartcard or other authenticator. You shouldn't have to do anything to prepare for this, but you will need to have your identity verified. You may need to attend a face-to-face identity check or use the Apply for Care ID service.
How you log in and access patient information can differ by organisation. In general you will:
It's important that a colleague takes you through the steps you need to follow to get started with your smartcard because guidance will not apply to every unique system.
By using a smartcard you are accepting these terms and conditions.
You may need to contact your Registration Authority if you are having issues with your smartcard.
If your smartcard is locked you can use the self-service application to unlock it. You do not need to register to use the application, but you must have an email address associated with your Care Identity profile so you can receive a security code.
If you do not have an email address on your profile, you'll need to take your card to someone who can unlock it. Your Registration Authority (smartcard team) may be able to change your email address, or can help you find someone to do a face-to-face unlock.
If you know your passcode and your smartcard is not locked, you can change your passcode in Care Identity Management. Read instructions on how to do this.
If you've forgotten your passcode and it has become locked, use the self-service unlock application. This will allow you to choose a new passcode. You must have an email address associated with your Care Identity profile to use the application.
If you know your passcode, want to change it, but do not have a valid email address associated with your profile, you'll need to contact your Registration Authority who will change it for you. You must be with them in person so that you can choose the new passcode yourself.
Smartcard certificates are valid for 3 years. If your certificates are going to expire in the next 90 days you will get a smartcard expiry alert each time you log in, until you renew them.
If your certificates have already expired, you will need to contact your Registration Authority. A Registration Authority manager or agent can renew your certificates in Care Identity Management, but you must be with them in person.
You can use Care Identity Management to change your email address and phone number in the service.
Log in to Care Identity Management and select 'View your profile' from the home page. You can then use the 'Change' links on the right of the screen to change your contact details. See this process with screenshots.
You'll need to contact your Registration Authority if you've changed your name. They will update your user profile and issue you a new smartcard in your new name. You may need to provide proof of your change of name.
Access permissions assigned to your Care Identity profile allow you to use the healthcare applications you need for your job. Your Registration Authority manages access and you'll need to talk to them if you need new or different permissions.
You must contact your local Registration Authority immediately. They will cancel your card and replace it.
Smartcards can have limitations as they require a Health and Social Care Network connection.
We are responding to this by offering alternative authentication options over the internet, while continuing to keep patient data secure. If your organisation uses these other authenticators, find out more about how to authenticate with:
If you already have an iPad, you can also register it on your own Care Identity profile to use as an authenticator.
If you move to a different healthcare organisation, your smartcard moves with you. Your old access will be removed but your new organisation will apply new access to your existing smartcard.
If you are leaving healthcare, return your smartcard to your line manager.
Last edited: 15 July 2024 3:01 pm