Smartcards and authenticators

Most of the information on this page covers smartcards, which is still a common way to authenticate - but it is not the only way.

Find out more about how to authenticate with other devices, including your smartphone.

If your role means you may need access to clinical and personal data, a Care Identity profile will be created for you and you'll receive a smartcard or other authenticator. 

You should not have to do anything to prepare for this, but you will need to have your identity verified. You may need to attend a face-to-face identity check, or you could be invited to use the Apply for Care ID service.

Find out more about identity document requirements.

How you log in and access patient information can differ by organisation. In general you will:

• place your smartcard in the reader attached to the PC or laptop that has access to the Spine portal
• enter your passcode
• access the services you need

It's important that a colleague takes you through the steps you need to follow to get started with your smartcard because guidance will not apply to every unique system.

Make sure you:

• never share your passcode with anyone else
• never allow anyone else to use your smartcard
• never leave your smartcard unattended
• always remove your smartcard from the reader when you've finished using it

By using a smartcard you are accepting these terms and conditions.

Find out how to:

• unlock your own smartcard
• renew your smartcard if it has expired
• change or reset your passcode

For any other issues with your smartcard, contact your Registration Authority or smartcard team (usually part of your HR team or IT department).

If your smartcard is locked you can use the self-service application to unlock it. You do not need to register to use the application, but you must have an email address or mobile number associated with your Care Identity profile so you can receive a security code. Alternatively, you can use your device's camera to unlock your smartcard through comparisons to your smartcard photo.

If you do not have an email address or mobile number on your profile, or a camera on your device, you'll need to take your smartcard to someone who can unlock it. Your Registration Authority or smartcard team will be able to add an email address or mobile number, or they can help you find someone to do a face-to-face unlock. Find your Registration Authority.

If you know your passcode and your smartcard is not locked, you can change your passcode in Care Identity Management. Read instructions on how to do this.

If you've forgotten your passcode and it has become locked, use the self-service unlock application. This will allow you to choose a new passcode. You must have an email address associated with your Care Identity profile to use the application.

If you know your passcode, want to change it, but do not have a valid email address associated with your profile, you'll need to contact your Registration Authority or smartcard team who will change it for you. You must be with them in person so that you can choose the new passcode yourself.

Smartcard certificates are valid for 3 years. If your certificates are going to expire in the next 90 days you will get a smartcard expiry alert each time you log in, until you renew them.

Read how to renew your smartcard certificates before they expire.

If your certificates have already expired, you'll need to contact your Registration Authority or smartcard team. They can renew your certificates in Care Identity Management, but you must be with them in person.

Update your contact details

You can use Care Identity Management to change your email address and phone number in the service.

Log in to Care Identity Management and select 'View your profile' from the home page. You can then use the 'Change' links on the right of the screen to change your contact details. See this process with screenshots.

Change your name

You'll need to contact your Registration Authority or smartcard team if you've changed your name. They will update your user profile and issue you a new smartcard in your new name. You may need to provide proof of your change of name.

Change your access permissions

Access permissions assigned to your Care Identity profile allow you to use the healthcare applications you need for your job. Your Registration Authority or smartcard team manages access and you'll need to talk to them if you need new or different permissions.

You must contact your Registration Authority or smartcard team immediately, usually in your HR or IT department. They will cancel your smartcard and replace it.

Smartcards are not the only way to authenticate. You can now register the following alternative authenticators on your own Care Identity profile, without needing to visit your Registration Authority or smartcard team:

• Microsoft Authenticator
• NHS.net Connect (formerly NHSmail)
• passkey
• iPad
• Windows Hello
• security key, including YubiKey

Please note you'll need at least 1 authenticator - which can be a smartcard - already registered before you can self-register your own non-smartcard authenticator.

If you move to a different healthcare organisation, your smartcard moves with you. Your old access will be removed but your new organisation will apply new access to your existing smartcard.

If you are leaving healthcare, return your smartcard to your line manager.