Unlocking Access to Healthcare: An Overview of NHS Login

In the rapidly evolving landscape of healthcare services, digital solutions have become indispensable. The NHS has embarked on a digital transformation journey, making healthcare more accessible and efficient through technology. One crucial aspect of this transformation is NHS Login, a secure and user-friendly way for patients to access healthcare websites and apps. In this insights post, we’ll take a deep dive into NHS Login to understand how it works and what developers need to know.

What is NHS Login?

NHS Login is a secure identity verification and authentication system provided by the NHS in England. It allows users to access health and care-related websites and applications with ease while ensuring the privacy and security of their personal and medical information.

NHS Login is designed to simplify the user experience while meeting strict security and data protection standards. It offers different levels of verification and authentication, allowing developers to tailor the user experience to the specific needs of their healthcare service.


The Technical Underpinnings: OpenID Connect (OIDC)

At the heart of NHS Login is the OpenID Connect (OIDC) protocol. OIDC is an open standard that enables single sign-on (SSO) and user authentication. It’s widely used for securing access to web applications and APIs. NHS Login leverages OIDC to ensure secure user authentication and authorization.

OIDC provides a standardised way for NHS Login to issue JSON Web Tokens (JWTs) that contain user information and claims. These tokens are essential for verifying the user’s identity and authorisation to access certain resources.

User Journeys in NHS Login

NHS Login offers three primary user verification levels, each with its own capabilities:

1. Low-Level Verification (P0)

Users provide their email address and phone number to register for a service. They can log in using an email address and password, with or without a one-time password (OTP).

In this level, users can perform actions like booking appointments, recording non-medical data, or inquiring about non-prescription medication. While this level doesn’t allow access to medical records, it still offers valuable functionality for healthcare services.

2. Medium-Level Verification (P5)

Users must first complete a low-level verification journey.
User-verified email and phone number, date of birth, NHS number, first name, last name, verified postcode area code, and GP surgery code are checked with their NHS Personal Demographics Service (PDS) record.

Medium-level verification offers more capabilities, including recording non-medical data, submitting online consultations to their GP, and contacting their GP or receiving notifications via email or SMS. However, users still cannot access medical records.

3. High-Level Verification (P9)

To achieve high-level verification, users must complete both low and medium-level verification journeys.

Claims include fully authenticated user ID, user-verified email and phone number, NHS number, date of birth, first name, last name, and GP surgery code (ODS code).

High-level verification is necessary when users need to access medical records or when personal, confidential, or sensitive information is being communicated. Users at this level can access detailed medical records, view NHS numbers, order repeat prescriptions, manage/view appointments, and more.


Eligibility and Integration

Before diving into NHS Login integration, it’s crucial to ensure your service is eligible and aligns with the requirements:

  • Your service must serve patients registered at a GP practice in England or receiving NHS services in England.
  • It should be patient-facing and offer a health or social care benefit.
  • Your service should be commissioned or sponsored by an NHS organisation or local authority, and it must be free to patients at the point of delivery.

Eligibility criteria are critical to ensuring that NHS Login is used for the right purposes and maintains the high standards of data security and privacy required in healthcare services.


Integration Process

Integrating with NHS Login is a structured process that involves the following steps:

Access Integration Toolkit: Obtain the NHS Login integration toolkit, which provides comprehensive guidance on the integration process.

Download Integration Plan: NHS Login offers an integration plan that you can use to track the actions needed for your integration project.

Document Library: Access the document library containing examples of documents you’ll need to complete during the integration process.

Review Integration Requirements: Familiarise yourself with the integration requirements and guidelines provided in the toolkit. This includes understanding the technical specifications, security standards, and user experience expectations for integrating with NHS Login.

Prepare Your Service: Ensure that your website or app is prepared for integration with NHS Login. Make any necessary adjustments to meet the specified standards and security requirements.

Client Registration: Register your service with NHS Login to initiate the integration process.

Authentication Flow: Understand the OIDC authentication flow that NHS Login uses, including how to obtain and validate ID Tokens.

User Journeys: Explore the different user verification levels in NHS Login and understand what actions are allowed at each level.

Eligibility Check: Ensure that your service aligns with the eligibility criteria for NHS Login integration.

Application Review: Submit your application for NHS Login integration, which will be reviewed by NHS Login to ensure it meets the criteria.


The Power of Digital Onboarding

NHS Login utilises the NHS Digital Onboarding Service (DOS) for the application process. Digital onboarding streamlines the submission of information required for the integration decision. It’s a user-friendly way to get your application in the hands of the NHS Login team.


Application Review and Beyond

Once you’ve submitted your application, NHS Login will review it to ensure it meets the eligibility criteria and technical requirements. You can expect an Application Review Call to discuss your product and integration process in more detail. This call provides an opportunity to clarify any questions and understand the next steps.

After the call, NHS Login will present your application to the NHS Login Partner Integration Board, which will decide whether to approve, reject, or defer your application based on your product’s alignment with NHS Login requirements.



NHS Login is a robust and secure identity verification and authentication system that empowers healthcare services in the digital age. Understanding the technical aspects of NHS Login, including OIDC, user journeys, and the integration process, is vital for developers looking to leverage this powerful tool.

By aligning your service with NHS Login and meeting its stringent criteria, you can provide patients with secure and convenient access to healthcare resources, supporting the mission of the NHS to make healthcare accessible and efficient for all.

Ready to accelerate your technology project?

Chat to our team of experts and let's see how we can help you.