From: NHSD
Assessment date: 17 February 2022
Reassessment Date: 4 August 2022
Stage: alpha
Result: met after reassessment
Service provider: NHS Digital
Service description
To access a range of national systems, NHS Staff and Health Care Professionals (HCPs) are mandated to have a strongly verified identity created by an agreed standards-based process on the national authentication service platform Care Identity Service (CIS) / CIS2. There are approximately 12k to 14k new verified identities created on CIS each month by a number of different mechanisms.
NHS Digital are responsible for the creation of these identities. Given the size and scale of the NHS delegation of responsibility for the creation of identities has been given to a Registration Authority (RA) which is a formally recognised role in an NHS Organisation. The RA can currently register an identity either face to face or over a video conference capability. The video conference capability was introduced temporarily via the COPI notice to support the response to the pandemic. It’s been helpful however as a sub-optimal solution that’s subject to quality of cameras and screenshots and photos of artefacts being submitted.
Apply for Care ID is a new product to provide NHS staff with a means to prove their identity online without the need to visit a Registration Authority. This is to replace the current emergency policy and is to be aimed at staff who are remote to the location of an RA organisation thereby saving time that could be spent on clinical activities. This will also support new use cases where HCPs will be required to access NHS systems but where there is no RA infrastructure and funding in place to support RA based registration. For example, dentistry, optometry and some care settings.
Service users
This service is for:
- the person sponsoring a team member to gain access to national NHS Systems
- the onboarded team member
- the ID Checker
- the Registration Authority who is the recipient of the information provided by this service.
The NHSD business process of Identity Verification exists to protect patients’ data and for them to have trust in NHS’s management of that data. Therefore, two other indirect users must be considered in the design of the system:
- the patient or cared for client using NHS services
- the NHS operations required to protect the data and subject to statutory and regulatory compliance.
Report contents
- Understand users and their needs
- Solve a whole problem for users
- Provide a joined-up experience across all channels
- Make the service simple to use
- Make sure everyone can use the service
- Have a multidisciplinary team
- Use agile ways of working
- Iterate and improve frequently
- Create a secure service which protects users’ privacy
- Define what success looks like and publish performance data
- Choose the right tools and technology
- Make new source code open
- Use and contribute to open standards, common components and patterns
- Operate a reliable service
1. Understand users and their needs
Decision
The service did not meet point 1 of the Standard.
What the team has done well
The panel was impressed that:
- the team clearly articulated the problems the solution aims to address, focusing on reliably and securely validating identification remotely in a way that reduces any chance of fraud, reduces time and frustration for people getting their identity verified and ensures records are not duplicated
- the team is working in the open with an honest and transparent assessment of the gaps that exist due to team turnover
- the team’s user researcher now in post demonstrated a strong understanding of priorities, hypothetical user personas, user needs, constraints, risks, assumptions and gaps
- the team has clear plans and ambitions for user testing going forward
What the team needs to explore
Before their reassessment, the team needs to:
- conduct primary research with staff users to understand their pain points and needs and validate these as captured so far by proxy from Registration Authorities (RAs)
- test the proposed solution with key user groups, including RAs and staff
- demonstrate how the proposed solution has been validated and iterated based on feedback from users to ensure it works in context and does not solely rely on prior user testing of components in a different context
- demonstrate the proposed solution meets key identified user needs through testing
Reassessment
Decision
The service met point 1 of the Standard.
What the team has done well
The panel was impressed that:
- the team has carried out research with a large number of participants
- the team has started in person user research with applicant users
- the team are well engaged with RA staff users and are running a pilot with them and gathering feedback in person
What the team needs to explore
Before their next assessment, the team needs to:
- carry out more research in context, for example in users’ workplaces, education settings and homes
- consider and involve users with different access needs in the design and testing of the solution
- demonstrate clear understanding of potential barriers to the service and how these have been mitigated and supported
- demonstrate how the service fits into wider user journeys and where there are opportunities to minimise the number of times a user must provide the same information, such as during hiring contract HR processes
2. Solve a whole problem for users
Decision
The service did not meet point 2 of the Standard.
What the team has done well
The panel was impressed that:
- the team is engaged with a range of interlinked workstreams across the Care Identity programme and the wider organisation, including legal, information governance and comms, to ensure the work being done is visible and aligned
- the team has utilised the knowledge and expertise of RAs to understand the current user journey and pain points where there has been a deficit of user research
What the team needs to explore
Before their next assessment, the team needs to:
- test the end-to-end process for the solution with real users, learn and iterate
- get the new service designer to carry out a full review of service design work done to date, consider where the gaps are, how this solution fits into the wider journey and solves the user’s whole problem
Reassessment
Decision
The service met point 2 of the Standard.
What the team has done well
The panel was impressed that:
- the team has mapped a detailed user journey for a specific example and used it as a collaboration and problem visualisation tool. They plan to use this approach with each other's RA’s and use the first journey as a baseline to note the differences
- the team has created the service blueprint in a collaborative way with others. The blueprint covers experiences wider than the immediate service boundaries. This allowed the team to expose new problems and silos and influence changes that impact overall experience like NHS email address improvements or scaling up the support
- the team has developed strong collaboration practices with the Care Identity Management (CIM) team and they have attended each other’s’ user research sessions
What the team needs to explore
Before their next assessment, the team needs to:
- create a future view of the end to end service and how different products will work together, such as the digital passport. This will require the different product teams to work together. We recommend exploring ways of working together, beyond regular catch ups between the different product teams
- continue working towards minimising the number of times users have to provide the same information
3. Provide a joined-up experience across all channels
Decision
The service met point 3 of the Standard.
What the team has done well
The panel was impressed that:
- the team is fully engaged with the RAs who are providing feedback and influence into the prioritisation and design process
- the team has a plan in place for service support, using the National Service Desk
- the team is implementing the digital solution for this service in phases, starting with small numbers of users and the existing offline process will remain in place
What the team needs to explore
Before their next assessment, the team needs to:
- consider how data and research collected about the digital service can be used to improve the offline service
4. Make the service simple to use
Decision
The service did not meet point 4 of the Standard.
What the team has done well
The panel was impressed that:
- the team has ensured that designs are in line with the NHS Design System and explanations were given for any deviations, such as the single page view of validating multiple identities so that RAs can compare details across the different submitted images
- the team has considered how to ensure the service is extensible and scalable in future, particularly in how it might link into other aspects of the user journey or related care identity services in future
- the team provided examples of iteration based on feedback and research, including for the service name, content and login features
What the team needs to explore
Before their reassessment, the team needs to:
- evidence consideration of the user journey and how this has been tested and iterated in addition to screen and application testing itself
- demonstrate how application designs have been validated and iterated based on user testing rather than solely relying on prior component tests in other contexts
Reassessment
Decision
The service met point 4 of the Standard.
What the team has done well
The panel was impressed that:
- the team has been observing users using the service. As a result, new improvements have been made like the barriers to complete tasks, simplifying content and language, changing icons
- the team does usability testing every 2 weeks
- the team has started to challenge policy decisions that make the process harder for applicants
What the team needs to explore
Before their next assessment, the team needs to:
- design an immediate support model like a call centre, for app issues when scaling up from the pilot. This is currently managed via email, direct contact with the team or with RA’s
- review accessing the app from the applicant's perspective. Currently the app is designed for completing everything in one go. Pausing and accessing the app again may cause challenges, which is likely to be a common scenario
- review entering the service experience to allow people choice of using digital app or face to face service
- consider how to simplify the user journey so that installation of a separate native application is restricted to only those situations that actually require it, for example, the native application is required for biometric ID document checks using Near Field Communications (NFC) features of a smartphone, however only 30% of users actually completed the journey using NFC, the other checks could be done in a standard mobile web application that does not require installation
- carry on with regular usability testing and include users with access needs, RA staff and applicants, in every round. An accessibility audit might be useful during private beta if it is hard to recruit users from the existing user base for example RA staff
- develop a longer term plan for some of the tougher challenges to simplify the user journey
5. Make sure everyone can use the service
Decision
The service did not meet point 5 of the Standard.
What the team has done well
The panel was impressed that:
- the team has used components validated through user testing of other services rather than ‘reinventing the wheel’
- the team has held design crits, multi-disciplinary workshops and sought design community feedback
What the team needs to explore
Before their reassessment, the team needs to:
- evidence how the designs will meet the needs of different users and any barriers identified to the proposed process and application as well as how these will be mitigated or supported
- test the end-to-end process for the solution with real users, learn and iterate - particularly focusing on the user switching between different browsers, applications and devices
Reassessment
Decision
The service met point 5 of the Standard.
What the team has done well
The panel was impressed that:
- the team has tested the service with users with a wide range of accessibility needs. They have included this in their existing sample, rather than doing a separate accessibility testing phase
- the team works closely with pilot participants providing high level of support service and gathering feedback
What the team needs to explore
Before their next assessment, the team needs to:
- carry out more usability testing with users' actual devices, covering a wide variety of non-standard configuration
- continue testing with accessibility sample
- demonstrate consideration and an approach to any barriers in the service and access needs
- share any new design patterns back with the community
6. Have a multidisciplinary team
Decision
The service met point 6 of the Standard.
What the team has done well
The panel was impressed that:
- the team is multidisciplinary and covers the range of roles required to develop and progress this service
- the team engage widely across the Care Identity programme, reporting on and communicating about the work they do
- the team has built good relationships with legal, comms and other areas of the organisation, whose support is vital to the successful delivery of the service
What the team needs to explore
Before their next assessment, the team needs to:
- onboard the new service designer and ensure they carry out a full review of the service design work done to date
- ensure that team roles are sustainable. Consider and plan for how those roles could be filled by permanent staff if there are contractors covering team roles
- make sure there are robust handover plans in place for where there is turnover in the team, so that knowledge and expertise are not lost
7. Use agile ways of working
Decision
The service met point 7 of the Standard.
What the team has done well
The panel was impressed that:
- the team has embedded agile ways of working, with a range of agile ceremonies to reflect, learn and plan in a 2 week sprint cycle, as well as being engaged with the various different assurance and gateway boards and processes
- the team were open and transparent with the panel about the amount of user research and testing undertaken and where there were gaps
- the team has fortnightly show and tells which are attended by the Identity Management director, senior product owners, suppliers, RAs and range of other stakeholders from inside and outside the organisation
- the team provides the SRO with a monthly highlight report and meet with the SRO’s team every two weeks
What the team needs to explore
Before their next assessment, the team needs to:
- give the SRO a full end-to-end demo of the service
- keep working in an agile way
8. Iterate and improve frequently
Decision
The service did not meet point 8 of the Standard.
What the team has done well
The panel was impressed that:
- the team has demonstrated a strong understanding of priorities, proto user personas, user needs, constraints, risks, assumptions and gaps, which have been developed using RA subject matter expertise and feedback
- the team, as it currently stands, will remain in place for the next phase of delivery, retaining project knowledge and expertise, as well as onboarding a new service designer
What the team needs to explore
Before their reassessment, the team needs to:
- test the end-to-end process for the solution with real users, learn and iterate
Reassessment
Decision
The service met point 8 of the Standard.
What the team has done well
The panel was impressed that:
- the team has established a clear process for iteration demonstrated by examples on improving passports picture and scanning functionalities
- the team collaborates with others to prioritise work based on pain points significance. Their decisions are transparent and captured on Wiki
- the team uses both qualitative and quantitative data to assess the impact changes
- the team is working on to put in place more comprehensive tracking
- the team has deployed a mixture of prototypes types like wireframes or clickable prototypes, depending on what's is tested
- the team has started thinking about future for automating and simplifying processes like integration with HM passport profile application programming interface (API)
What the team needs to explore
Before their next assessment, the team needs to:
- continue with setting up the tracking dashboard setting to be able to provide evidence on key conversions in the app like percentage of people scanning biometric in passport or percentage of people submitting IDs via the app
- consider how to track journeys across different touch points beyond the scanning application itself
- create a plan for scaling up beyond 3 months. Consider using quarterly objects and key results (OKRs) and combining design, technical and UR objectives in one plan
- involve the design and UR members of the team with the cross-government and NHS design community. This can be achieved by regularly attending NHSD design meetups and by actively discussing design challenges and use of design system in NHS service manual and Government Digital Slack channels
- have a plan in place for how user feedback, both qualitative and quantitative, is collected and used to improve the service
9. Create a secure service which protects users’ privacy
Decision
The service met point 9 of the Standard.
What the team has done well
The panel was impressed that:
- the team has considered the threats and the potential of misuse and fraud within the service
- the team has conducted a Data Protection Impact Assessment (DPIA)
- the team is working with security specialists to review the security of the service
- the team demonstrated good knowledge in protecting user data. The team have identified when and where data is being captured and how the data is being audited
- the service deploys in segregated environments and using cloud security best practices
- the service has undergone a penetration test. The team are introducing further changes to include static analysis in their pipeline
- the team has a strong emphasis on security when designing this service. The team decided to use the newer Amazon Web Services (AWS) Web Application Firewall (WAF) version 2 which is only compatible with AWS Application Programming Interface (API) Gateway version 1. This required effort from the team to deliver a more secure service. The team plans to use the newer API Gateway service when compatibility with AWS WAF v2 is available by AWS
10. Define what success looks like and publish performance data
Decision
The service met point 10 of the Standard.
What the team has done well
The panel was impressed that:
- the team have carried out an analysis of the cost of the current process vs the new online service and have identified when the new service will start providing return on investment as part of the benefits case,
- the team has a number of different metrics for service performance and are measuring this using a recently developed dashboard
- the team has saved time and resource by reusing elements of Adobe Analytics from another service
- the team has ensured that the National Service Desk will capture bugs and issues with the service which will be communicated back to the team to improve the service
What the team needs to explore
Before their next assessment, the team needs to:
- provide a way for users to directly feedback their experience of the service, for example through a feedback form
11. Choose the right tools and technology
Decision
The service did not meet point 11 of the Standard.
What the team has done well
The panel was impressed that:
- the team has designed a cloud native serverless architecture to use the benefits of cloud deployments. This decision will improve component resilience and reduce service operating costs
- the team has avoided ‘lock in’ by designing an extensible solution with 3rd party providers
- the team is using Infrastructure as Code (IaC) to manage their environments and can repeatedly deploy environments
- the team is using a Software as a Service (SaaS) platform to provide the document upload and identity verification. Building a custom solution would not have been cost-effective or as secure
- the team is using tooling to enhance the security of the service and quality such as SonarQubz
- the team has invested time to assess Pally and other accessibility tooling such as screen readers. Accessibility testing is automated in the pipeline to verify quality quickly
- the team has relationships with other service teams such as Care Identity Service 2 (CIS2) and have ensured browser compatibility covers the NHS assured platform and shown understanding with NHS services.
What the team needs to explore
Before their reassessment, the team needs to:
- allow users who have issues using services with Javascript or have Javascript disabled. The team must build services for all users and cannot depend on client-side Javascript. Read why we use progressive enhancement here
Reassessment
Decision
The service met point 11 of the Standard.
What the team has done well
The panel was impressed that:
- the team has worked around the limitations for progressive enhancement of the service, resulting from the use of a serverless Single Page Application (SPA) architecture, which is a historical technology choice inherited from NHS login
- the team has ensured the service now works for all applicants without requiring JavaScript to be enabled
- the team has used the third party Paycasso identity verification mobile application to automate many parts of the process for validating an identity document, presenting a significant improvement versus the current remote identity check process via video link
- the team has used the no JavaScript route through the service which re-uses the business logic for the SPA route despite the UI forms being separately maintained for both routes
What the team needs to explore
Before their next assessment, the team needs to:
- consider fully implementing progressive enhancement for the application invitation aspect of the service, by replacing the current SPA with a traditional server-side web application, so that additional functionality can be layered on top for example, postcode lookup or validation
- explore further options for automating the identity verification checks, to reduce the burden on manual checking
- progress with plans to enhance the identity checks such that documents can be checked against third party APIs, for example, checking passport numbers with HMO passport office
- plan for extended testing of the identity verification mobile application, for example, with non-standard smartphone configurations
- ensure all new source code is open and reusable and publish it under appropriate licences
12. Make new source code open
Decision
The service met point 12 of the Standard.
What the team has done well
The panel was impressed that:
- the team is using Github.com to manage their code
- the team articulated the concern that open sourcing this service could risk the wider NHS security and patient confidentiality
What the team needs to explore
Before their next assessment, the team needs to:
- identify components that can be separated from sensitive code, so the service can be open sourced in part
13. Use and contribute to open standards, common components and patterns
Decision
The service met point 13 of the Standard.
What the team has done well
The panel was impressed that:
- the team is using the NHS Design System to provide a common experience across NHS services
- the service is reusing wider NHS Digital cloud monitoring tools and patterns to support the service
- the service uses NHS CIS2 and OpenID Connect for user authentication.
- the team has delivered a RESTful API for their service separating frontend and backend components.
14. Operate a reliable service
Decision
The service met point 14 of the Standard.
What the team has done well
The panel was impressed that:
- the team is using a cloud native architecture to deliver the service. The management of the infrastructure is the responsibility of the cloud provider
- the team showed their Splunk service dashboard and the monitoring in place
- the service team shared their service management plans including when the platforms they depend upon are down. They have established relationships with all of their providers