IDAP: the way forward for patient apps?

Black Pear have recently been involved in a proof of concept solution for IDAP (Identity Assurance Programme) within the primary care arena. With the future moving towards patients accessing their own medical records and services, it is essential that we ensure data is being shared with the appropriate person only. This is not just a challenge in healthcare: other sectors such as HMRC and DVLA are now well underway with the gov.uk/verify initiative, proving users’ identities online and showing how citizens can access government services.

NHS England identified the opportunity to trial the same approach to access GP records. The prototype has so far taken the form of a collaborative effort between:

• Experian, the Identity Provider, responsible for providing identifier credentials to users and asserting that credentials are recognised by the provider.
• SiteKit, responsible for developing the Mi platform through which patient-facing apps are offered by Liverpool CCG.
• Black Pear, providing the interoperability with GP Systems, allowing:
• the data set returned by Experian to be used to match the patient’s NHS No to their verified ID;
• a secure API to provide access to medical records for the verified citizen;
• GPs to electronically vouch for patients who cannot verify themselves online (e.g. people without a bank account or passport) so that they can still access digital NHS services.

Whilst this is still early days in the healthcare space and has only been proven on test systems, it is not inconceivable that citizens within the next few years, will be able to access all government services, their own medical records and health services using Single Sign On (SSO) methods.