From: DHSC
Assessment date: 26 May 2022
Stage: Beta
Result: Met
Service provider: NHS Digital
Previous assessment reports
Service description
Care Identity Management (CIM) allows NHS and healthcare staff to be registered for a ‘Care Identity’ – a digital identity that can then be associated with health and care organisations they work for.
The system is used to assign and manage access controls that enable appropriate access to clinical systems and patient information. It is also used to assign authentication tokens that allow healthcare professionals to perform multi-factor authentication to these clinical and patient record systems.
Service users
This service is for:
- Registration Authority Managers
- Registration Authority Agents
- Registration Authority Sponsor
- Registration Authority ID checkers
- Health and Care professionals
Report contents
-
- Understand users and their needs
- Solve a whole problem for users
- Provide a joined-up experience across all channels
- Make the service simple to use
- Make sure everyone can use the service
- Have a multidisciplinary team
- Use agile ways of working
- Iterate and improve frequently
- Create a secure service which protects users’ privacy
- Define what success looks like and publish performance data
- Choose the right tools and technology
- Make new source code open
- Use and contribute to open standards, common components and patterns
- Operate a reliable service
1. Understand users and their needs
Decision
The service met point 1 of the Standard.
What the team has done well
The panel was impressed that:
- the team has a way to track and action changes as there is a continuous user feedback process
- the team showed examples of where they had observed user behaviour and designed an innovative solution to help, rather than just asking users what they would like. For example the ability to edit uploaded user photos, and combining search filters with the search results on one page
What the team needs to explore
Before their next assessment, the team needs to:
- arrange in-person user research to observe the service being used, if the team is comfortable to do so. It is our experience that some hospital trusts are now open to in-person user research if their Covid regulations are followed. The team will learn a lot about context of use by doing in person visits
- create a plan for user research in public beta, even if it is high level at this point. This should include preferred methods, user types and expected timings. We recommend the team consider how they will recruit front line staff, it is very likely a recruitment agency and budget for incentives will be needed
- create a plan for and start recruiting types of users who will naturally have been excluded from the private beta research. In particular, less engaged staff members and those who are concerned about the change. The roadshows are good to communicate to users but it will also be beneficial to speak to these users one on one
2. Solve a whole problem for users
The service met point 2 of the Standard.
What the team has done well
The panel was impressed that:
- the team has launched one whole user journey which is being used by a high percentage of users in private beta, with phased release of features
- the team has mapped the whole staff onboarding journey and shared knowledge with other teams working on products within this service
- the team has created a route to escalate user feedback that falls outside of the remit of this product
What the team needs to explore
Before their next assessment, the team needs to:
- explore how they can work in the open with other government and NHS teams, for example by open show and tells
- give as much thought to the content design as the interaction design. Having the time of a content designer to produce content on the website and on the transactional service will mean more than considering tone of voice. They will base content on user needs and make sure content is understood by all users. They will also get involved with usability testing content, using techniques that specifically test form and web content
3. Provide a joined-up experience across all channels
The service met point 3 of the Standard.
What the team has done well
The panel was impressed that:
- the team has spent time considering how the introduction of an online service might impact users who continue to opt for the traditional route
- the team has a good level of autonomy and are empowered to make decisions
What the team needs to explore
Before their next assessment, the team needs to:
- ensure that they engage across organisations, with frontline users and at a local level
- reach out to other government organisations for advice and support on identity matching challenges
4. Make the service simple to use
The service met point 4 of the Standard.
What the team has done well
The panel was impressed that:
- the team has used Google analytics to track task completion
- the team has continued to use NHS design patterns and followed best practice
- the team has kept the interface as simple and useful as possible by continuing to build out journeys such as search and the data tables display and functionality by using design iterations based on user research
- the team has communicated to private beta users how things are going to change and added functionality, allowing them to fall back to the existing system where functionality is not yet in the new service
What the team needs to explore
Before their next assessment, the team needs to:
- analyse user behaviour and research findings for the dual running functionality, currently on the view profile screen. The team mentioned having to explain this functionality and so could benefit from spending more time and effort learning how this process can be made more user friendly
- consider any new user needs which are uncovered and ensure these are researched and iterated on throughout the beta phase as new users are identified and start to use the service
5. Make sure everyone can use the service
The service met point 5 of the Standard.
What the team has done well
The panel was impressed that:
- the team has completed an external accessibility audit and has done internal automated accessibility testing.
- the team has actioned many, if not all, of the points raised in the accessibility audit performed by the external agency, Nomensa. This audit used a blend of methods including users and some elements of automation.
- the team is sharing new design patterns and research with the wider design community and with the NHS Design System team
What the team needs to explore
Before their next assessment, the team needs to:
- do more user research with people with a variety of accessibility needs to better understand challenges of working in this type of role in the NHS and to test accessibility of the service. If these users don’t exist within the current user base then recruit users with similar jobs, for example by contacting NHS staff disability networks
- ensure the accessibility work done based on the audit, is validated with appropriate users wherever possible
- carry out user research with assistive technology users and users with accessibility needs. There was a plan in alpha, but the team could consider testing with more external participants if potential users of the service are not forthcoming
6. Have a multidisciplinary team
The service met point 6 of the Standard.
What the team has done well
The panel was impressed that:
- the team has close contact with the offline portion of the service
- the team members has thought strategically about the necessary roles and had developed well defined and areas of responsibility around them
- the team has thought about how best to group team members, balancing individual needs with those of the group
7. Use agile ways of working
Decision
The service met point 7 of the Standard.
What the team has done well
The panel was impressed that:
- the team use agile ways of working and had the appropriate tools in place to manage their workflow
- the team has a good knowledge management resource in place in the form of a confluence instance
8. Iterate and improve frequently
The service met point 8 of the Standard.
What the team has done well
The panel was impressed that:
- the team has a well defined and regular research-build-test-iterate cycle
- the team is able to demonstrate examples of iterating based on user needs
- the team has avoided prioritising based on solely the quantitative data for the roadmap and has considered the wider needs from user research
9. Create a secure service which protects users’ privacy
The service met point 9 of the Standard.
What the team has done well
The panel was impressed that:
- the team is using OpenID Connect (OIDC) protocol to authenticate users using Care Identity Service 2 (CIS2-CIA) service that has stringent compliance processes. The team is reusing the NHSD cervical screening code base with some modifications that has already been through the compliance process. The modified code has been through the compliance process
- the team use CIM API Gateway which has guardrails to use CIS2-CIA authentication process as well as checks to ensure the user is authorised to perform specific action
- the team has completed 2 sets of penetration testing on the private beta service with no major issues highlighted
- the team has used Cross Site Request Forgery (CSRF) tokens to mitigate against “Man in the Middle” (MITM) attack
- the team has ensured that data exposed to the user is masked based on the role of that user
- the team has ensured that the service is restricted to users with smartcard to create a user or generate the smartcard
- the team has ensured that NHS identity agent will be used to authenticate user access over the internet
- the team has put a geographical restriction in place, allowing traffic from UK sites only
What the team needs to explore
Before their next assessment, the team needs to:
- consider changing the fixed 15 minute timeout to terminate the user session to a lower, more flexible time limit based on the role of the user
- consider automated alerts for unusual user login patterns to spot potential internal fraud
- ensure robust plans are in place to manage any data breach
10. Define what success looks like and publish performance data
Decision
The service met point 10 of the Standard.
What the team has done well
The panel was impressed that:
- the team is using data on a per organisation basis to better understand further areas for research and change
- the team has a pipeline for collecting feedback, data and surveys in place
What the team needs to explore
Before their next assessment, the team needs to:
- explore automating and improving feedback collection. The current manual process is likely to become unviable as the number of uses expands with public beta
11. Choose the right tools and technology
The service met point 11 of the Standard.
What the team has done well
The panel was impressed that:
- the team is starting with a limited set of features and will continuously introduce new features and slowly make CIS1 redundant
- the team has used learnings from alpha and private beta to pivot to serverless architecture
- the team explored cloud providers for the serverless architecture and made an informed decision to use AWS
- the team is using reuse principle for both code, as in cervical screening OIDC authentication, and services, as in integration with CIS-URS and CIS2-CIA
- the team is sharing the CIS1 database, thus removing the need for synchronisation between CIS1 and this new CIM service
- the team is using NHS identity agent to authenticate user access over the internet
What the team needs to explore
Before their next assessment, the team needs to:
- investigate any opportunity to support progressive enhancement. It is noted that the service has a JavaScript constraint due to smartcard authentication, which is not something the team can control
- ensure robust plans are in place to recover the service in an event of any failure including disaster recovery
12. Make new source code open
The service did not meet point 12 of the Standard.
What the team has done well
The panel was impressed that:
- the team has moved source code from an internal hosted instance of git to a private GitHub repository
What the team needs to explore
Before their next assessment, the team needs to:
- identify and make parts of the services that do not directly access sensitive data open source as part of continuous development and improvements
13. Use and contribute to open standards, common components and patterns
Decision
The service met point 13 of the Standard.
What the team has done well
The panel was impressed that:
- the team has attended cross-gov working groups and show and tells and have made contact with other government departments to learn from them
- the team is developing the service using the NHS and GDS design patterns
- the team is designing the service to make use of standards-based Identity Protocols
What the team needs to explore
Before their next assessment, the team needs to:
- join cross gov and NHS design Slack channels to share their work
- contribute new patterns developed for staff facing services to the NHS design system
- consider possible standards for the new external APIs
- make documents for external API’s available in the open
14. Operate a reliable service
The service met point 14 of the Standard.
What the team has done well
The panel was impressed that:
- the team has a number of fully integrated environments for development, testing, pre-production user acceptance testing (UAT) and production
- the team is making use of AWS serverless computing
- the team have ensured that the service is underpinned by AWS architectural pillars; operational excellence, security, reliability, performance efficiency and cost optimization
- the team has made the service have an 11 9's (99.999999999%) reliability
- the team has ensured that the CIS1 service that CIM is dependent on runs over a multi-availability zone infrastructure and has robust database resilience in place
- the team has made it so that the continuous integration continuous deployment pipeline is integrated with Slack to send notifications
- the team has ensured that CIM service logging is seeded into Splunk and a public dashboard has been created in Splunk to support the service team to monitor the service
- the team has made sure that any changes to CIS1 service requires approval from CIM
What the team needs to explore
Before their next assessment, the team needs to:
- consider imposing a limit on feedback length. It is noted that the feedback is managed by the third party and may not directly impact the service, however it may have an indirect impact on the quality of the service provided