What is a Smartcard and why do I need one

1

• What is a Smartcard and why do I need one?
• A guide for
• Healthcare Professionals

16 February 2005
2
What is a smartcard?..

• A Smartcard is like a Chip and Pin credit or
  debit card which holds your unique ID which when
  connected to the National network, will provide
  secure access to the NPfIT applications assigned
  to you in accordance with your role and access
  requirements.
• The smartcard when inserted into the reader
  device, attached to the organisations IT
  Network, will provide secure access to the NPfIT
  applications which you need in order to perform
  your assigned role.

3
Why do I need a card?..

• In order to comply with Data Protection
  Legislation and National Governance, ALL
  Healthcare Professionals who require access to
  National Programme Systems will need an
  individual and unique smartcard to access the
  systems
• This is required to ensure and maintain security
  of all patient data which is held nationally
• It protects patients data and confidentiality
• It provides appropriate access to the key staff
  who require access to the data to care for
  patients/clients appropriately and effectively
• It maintains a full audit trail of staff
  accessing records and data

4
How do I get a card?..

• All Healthcare Professionals who require access
  to National Programme Applications must apply for
  registration using an RA01 form
• A Registration Authority (RA) Sponsor assigned
  within an organisation by the Executive, will
  undertake 2 activities in the registration
  process
• They will be required to complete an RA01 form
  with you, providing details of your profile and
  assigning you to the organisation/s and Role/s
  along with those business functions you will need
  within the applications to perform your agreed
  role
• A Sponsor may verify your identity, provided they
  can verify you have worked continuously for the
  organisation for the last 2 years HR may be
  asked to verify this in certain cases
• If the sponsor/ HR cannot verify you have worked
  for the organisation for the last 2 years,
  extended proof of your identity as described in
  the RA National/Local policy will be required at
  point of registration with an RA Manager or Agent
• An RA Manager or RA Agent appointed by the
  Organisations Executive, will register users and
  provide the user with a smartcard
• RA Manager or Agent and Sponsor (if identity has
  not been verified), will meet with you face to
  face with the necessary RA01 form
• Proof of ID documents will be required in order
  to register you with your photo ID Smartcard,
  passcodes and provide brief instructions on usage

5
The registration process
6
Registration is a 3-Stage Process
Validate Documents and RA01 Form
1
User is registered in the SUD
2
User is issued with a Smart Card in CMS
3
7
Stage 1 Validation User Registration in the SUD
?
Validate Documents and RA01 Form
1
?
?
8
Stage Two User Registration User Registration
in the SUD
User is registered in the SUD
2
9
CMS Issuing the CardCard Management System
User is issued with a Smart Card in CMS
3
Import Person and Issue Card
1
10
The user login experience
Insert SmartCard into Card Reader
Authentication Confirmed
Set Session Role
Start Relevant User Application
Enter PIN
11
Smartcard Security Users Responsibilities

• Ensure Smart card is kept secure (as you would a
  credit card)
• Do not permit access to other users using your
  smartcard and pin
• Do not log in and allow other users access
• Do not leave Smartcard unattended or left in the
  smart card reader
• Lost or Stolen Smartcards should be reported to
  the Organisations Registration Authority Manager/
  Agent
• Notify Organisations RA Manager/ Agent if you
  have left the organisation, or are changing
  department or role