Getty Images

NHS Digital brings in biometric login functionality

Two new libraries released to allow developers in the NHS to include functionality to digital services

NHS Digital has released new biometric login functionality that can be added to mobile offerings across the healthcare system.

Two pieces of open source code have been released to allow patients to access the NHS App through face or fingerprint recognition technology.

The aim is to allow developers working on digital services in the NHS to include the functionality in their Android and iOS-based products and services, said NHS Digital.

Work on finding ways to introduce logins without the need to enter passwords has been ongoing at NHS Digital in recent months and a biometric login trial followed previous feedback from users.

“We received great feedback from login users as it sped up the process considerably for them, and we wanted others to benefit from the work,” said Chris Fleming, delivery director at NHS Digital.

A previous blogpost from the organisation said multifactor authentication was becoming a real barrier for the public to use the app to fulfill their healthcare needs.

Finding alternative login methods became a priority, and NHS Digital sought to design an open and reusable standard that would allow other services to integrate. Another key consideration was that the organisation would not come into contact with or store users’ biometric information, which would be handled by the mobile devices.

The Fast-Identity Online (FIDO) universal authentication framework (UAF) protocol, based on public key cryptography, was selected.

Under the FIDO protocol, three operations take place – registration, authentication and deregistration. The private key is stored on the user’s device and is only accessible when they enter their fingerprint or use facial recognition. It is then used to sign requests sent to the FIDO server, which authenticates the user and allows them to sign in without a password.

Read more about the NHS

Earlier this year, NHSX chief executive Matthew Gould said he did not want the NHS App to be “all-singing and all-dancing” as was previously intended.

“We will keep the app thin and let others use the platform that we have created to come up with brilliant features on top,” said Gould in a first blog post since his new job was confirmed in April.

“We will expose the APIs [application programming interfaces], so other people can develop their own apps to meet their own user needs – apps that can plug in, safely let people access their own data and deliver a different user journey.”

Read more on Healthcare and NHS IT