Library

Browse and search developer information

NHS login: what it is and how it works

We’re introducing an NHS login to make it easier and quicker for people to see their personal health information online.

Anyone can set up a single NHS login (username and password) using their email address and mobile phone.

After a person has set up their NHS login, they’ll need to prove who they are – this is to make sure that no-one else can see their confidential health and care information unless they give permission.

How a person can prove who they are

A person will be able to prove who they are using one of the following three ways:

  • online – using a trusted photo ID document such as a passport or driving licence plus a short video selfie  (so we can compare the face in the video to the face on the photo ID)
  • online – using the details they were given by their doctor’s surgery to book appointments or order repeat prescriptions online
  • in person when they use a health or care service – a health professional who knows them and who has access to their health record can confirm who they are.

If someone doesn’t want to take a video, there are other ways that we can compare their face to their photo ID – for example in person at their doctor’s surgery.

To make it more convenient for some people and to lower the burden on the NHS, we’re also exploring if a person can prove their identity using a trusted photo ID document at high street locations.

People who already use their GP’s online system, can sometimes use those registration details.

Once a person has proved who they are using their photo ID (either online or in person), they should not have to do this again. Even if they use their NHS login for other websites and apps.

Why a person needs to prove who they are

A person needs to prove who they are to keep their NHS login secure.

NHS Digital has published the Identity Verification and Authentication Standard for Digital Health and Care Services on www.digital.nhs.uk. It describes how and why a person should prove who they are before they use a health or care website or app.

It’s based on the government’s Identity Proofing and Verification of an Individual good practice guide. All services that use our authentication and verification platform must meet NHS Digital’s standard.

Giving permission for other people to access someone’s health information

A person can give someone else – such as a carer, friend or family member – permission to manage their care using an NHS login-controlled website or app. This is called delegated access. The person must prove who they are before they’re given delegated access.

Using an NHS number

People don’t need their NHS Number to set up an NHS login, but it could help us to find their health record if they do know it.