Introduction

Ashford and St Peter’s Hospitals NHS Foundation Trust (ASPH) is a local Registration Authority (RA) authorised to carry out on behalf of the NHS the registration of individuals and issuance of NHS Smartcards.

The local RA ensures that individuals providing healthcare services to the NHS directly, or indirectly, have access to NHS Spine connected applications and information in accordance with their role. It is the Trusts’ responsibility to ensure that the requirements of RAs are met and maintained, to adhere to the NHS Confidentiality Code of Practice and the NHS Care Records Guarantee.

From April 2008, NHS Employment Check Standards became a requirement in the NHS as part of the annual health check. Similarly, robust identity checks were also enforced using the same identity management standards carried out by an NHS Registration Authority (RA) to verify an individual’s identity before allowing access to Spine connected applications. Combining these two parallel activities into a single Integrated Identity Management (IIM) process has proven to deliver significant benefits through HR/RA Process Integration and the move to Position Based Access Control (PBAC).

Integrated Identity Management significantly improves access control to Spine connected applications containing person identifiable information through revised business processes and the introduction of new software applications.

Based on the significant benefits and improved governance, ASPH has implemented the integrated PBAC through the Electronic Staff Record (ESR) interface alongside Care Identity Service (CIS).

Failure to adhere to this Policy, for Smartcard users and administrators, constitutes a breach of employment Terms and Conditions and could result in disciplinary action or removal of Smartcard access.

 

Policy Details

Download: PDF version
Compiled by: Nicki Rayment, Head of Digital Programme Delivery
Ratified by: Information Governance Steering Group
Date Ratified: July 2021
Date Issued: January 2022
Review Date: July 2024
Target Audience: All staff
Contact name: Nicki Rayment, Head of Digital Programme Delivery

 

See also:

  • Information Governance Standard Operating Procedure No.4 - User Access Management
  • Registration Authority Standard Operating Procedure No.1 - Access Control Position Management
  • Registration Authority Standard Operating Procedure No.2 - Annual Review of Spine Positions
  • Registration Authority Standard Operating Procedure No.3 - Child Organisation Process
  • Incident Reporting and Management Policy