Digital signatures

Clinicians sign many documents and records, paper and electronic, during their working day. Their signature is unique and legally significant. Where the legality of the signature has a direct impact on patient care and clinical reputation, NHS England offers a technical solution that system suppliers can deploy as part of their wider offering.

Currently, the only supported use case is the signing of prescriptions within the Electronic Prescription Service. To request use of the signature service outside of the Electronic Prescription Service, email [email protected]

In the past, NHS England has offered smartcards as a convenient means of authenticating to the Spine and clinical applications. With the migration of system applications to CIS2 Authentication and expansion into new care settings, health and care professionals can log into clinical systems in a variety of ways. As the role of the clinician evolves, smartcards are no longer the most convenient authenticator for some care settings and scenarios.

Technology that makes use of biometrics, like facial recognition, is increasingly important in reducing the login burden for health and care professionals.

In a CIS2 Authentication and NHS.net Connect authenticated world, health and care professionals will be able to log in with an authenticator that suits their way of working.

Legacy system suppliers often have their own method of creating an electronic signature. NHS England supports and maintains a limited set of tools for generating signatures.  

A signature is generated when the system can uniquely identify that the health and care professional, who has logged into the application, is the same as the one requesting the signature. To do this, a re-authentication takes place. This is vital to meeting non-repudiation requirements for EPS, where the clinician takes responsibility for the signing of the medication and confirms the prescription content is correct.

A prescribing system supplier uses Signing Gateway API and appropriate backend services in the Digital Signature Service to generate the signature.  

The Signing Gateway API in the Digital Signature Service operates as a logical gateway for the prescribing system supplier. As such, the API is designed to enable prescribing applications to utilise new authenticators and a reauthentication flow without additional and ongoing bespoke development.  

For example, health and care professionals who have logged into the prescribing application using Windows Hello will need to reauthenticate only using their face. Health and care professionals who have logged into the prescribing application with their physical smartcard will need to reauthenticate by entering their passcode on NHS Credential Management for signing.  

The above behaviour is possible because the prescribing application shares an authentication token with NHS England by virtue of the Signing Gateway API. For those using a smartcard, the key material required to uniquely link the prescribing clinician to the prescription is present on the smartcard itself. For other non-smartcard CIS2 authenticators, the key material is accessible via a Remote Signing backend. 

To get started with the Digital Signature Service, please see the documentation in our API catalogue.