More than 800,000 smartcard users log in to the NHS Spine every day. Whether they are nurses and doctors on the front line or administration teams working remotely, thousands of healthcare professionals use their smartcard to access critical systems and share data.
Yet, with lots of temporary staff moving between departments, more people working from home on their own devices and a focus on service wide collaboration, it can be difficult to manage the registration and distribution of theses smartcards.
Organisations can choose whether they offer their staff a physical or virtual smartcard for authentication and identity management. Physical smartcards are traditionally how employees log in to the NHS Spine. However, virtual smartcards offer the same access but with enhanced efficiency and security.
What is a Virtual Smartcard?
A virtual smartcard is a digital alternative to the physical smartcard. Having a virtual smartcard allows the user to enrol, log in and manage their authentication themselves without relying on their on-site Registration Authority (RA).
Similarities between physical and virtual smartcards
Same credentials, same access
Both a physical and virtual smartcard will store the digital credentials of the user, allowing them to access the software they need every day. A virtual smartcard will provide exactly the same access, using the same NHS identity as a physical card.
Multiple users can operate on one device
Both types of cards can allow for multiple people to use the same device to log in to the NHS Spine. So, although the smartcard identity is unique to the individual, the physical device needed to view patient information can be shared.
Keeps patient data safe
No matter the type of smartcard being used the data is encrypted, and the software will always be designed with anti-hammering technology. In other words, a user cannot force their way into the system through successive failed login attempts.
Differences between physical and virtual smartcards
Security and auditability
Virtual smartcards take the existing security measures of a physical card and enhances them. As we have briefly mentioned, both a physical and virtual smartcard use strong encryption and authorisation processes.
However, during times of peak workload or complications with logging in, exasperated physical smartcard users may come to rely on unsafe workarounds. Perhaps they turn to sharing their physical smartcard or leaving them in the card reader on a shared desktop.
This not only increases the risk of losing the card, but also makes auditing care delivery, tracking access and monitoring the cause of a potential security breach impossible because you can’t accurately evidence who was using the card at that time.
A virtual smartcard removes these workarounds by eliminating the physical card. This means the only person able to authenticate their digital log in is themselves. A virtual card may have further security processes such as two-factor authentication functionalities or even biometrics (such as a fingerprint scan) for password-less access.
Efficiency of practice
Virtual smartcards are quicker to use and manage compared to a physical card because the user doesn’t require any additional and expensive hardware (like a smartcard reader) or a visit to their Registration Authority (RA) to authenticate their access.
Health professionals can lose significant amounts of time travelling on-site to have a physical smartcard printed for them or unlocked. Time that could be spent caring for patients. And if these complications happen on a nightshift or during a home-visit, that clinician then needs to wait until the RA or IT teams are next available – which could be hours away - visiting them on-site, to resolve the issue.
Instead, a virtual smartcard allows the user to instantly self-serve their password resets and security questions - or utilise biometrics to authenticate their log in - saving them time so they can focus on what’s important: patient care.
Physical smartcards can be inconvenient to use and require the user to carry their card on them at all times. As well as this, card readers can be faulty and visiting the Registration Authority team takes time that many clinicians simply don’t have.
A virtual smartcard avoids all this by putting the user in control of their network access. The user can add multiple devices themselves (or ask their RA to do it for them) so no matter where they need to log in, they can always have a registered device associated to their smartcard.
Physical smartcards can also be easily misplaced or forgotten, only being noticed when the user goes to log in and learns they don’t have their card. Having a virtual smartcard means the user’s method of authentication is entirely digital and stored in the cloud, so it’s impossible to lose.
Printing and distribution
Printing physical smartcards requires specialist printers and costly resources. Any employee working remotely would also need a physical smartcard reader to plug into their desktop to access the network.
Registration Authorities need to be able to print hundreds of these physical smartcards for new, existing, substantive, and temporary staff members (all of which would need to travel to collect the card in person). And managing this demand can become particularly difficult when staff rotate between sites as organisations prioritise collaborative care across services.
A virtual smartcard removes the need to print wasteful plastic cards that can get lost or damaged, as any user can register themselves from anywhere at any time. Registration Authorities can work remotely and are also better able to manage the distribution of virtual smartcards, as they can easily see exactly how many licences are available and who should or shouldn’t have access.
Advanced Virtual Smartcard is our cloud-based authentication and identity management solution, the digital alternative for the NHS physical smartcard. It provides access using the same NHS identity as a physical card, but with enhanced security and flexibility.