NHS Login Integration

Need help with NHS Login Integration?

Whether you're developing a new digital health product or extending an existing solution with NHS Login integration, 6B brings the technical expertise, healthcare insight, and experience needed to accelerate delivery.

Rebecca

Business Development

Get In Touch

Or call Rebecca on 0113 350 1290

Discover more Interoperability and Integration services

NHS API Integration Primary Care EHR Integration Secondary Care EPR Integration

As experienced NHS Login integration partners, we help you navigate the process efficiently, ensuring your product meets NHS technical, clinical, and security standards.

Understanding NHS Login

NHS Login is a secure authentication service that allows patients and users to access approved digital health applications using a single set of credentials. It provides verified identity assurance using NHS-managed services, enabling access to health records, appointment booking systems, messaging, and more – all through a standard, trusted login process.

NHS Login is part of NHS England’s broader digital identity infrastructure and is increasingly required for patient-facing applications. Integration ensures your solution aligns with national priorities for data privacy, security, and interoperability.

Our NHS Login Integration Process

6B guides you through each of the four NHS Login integration stages, providing expert consultancy, development, documentation, and stakeholder support.

Stage One: Apply

We begin by helping your organisation determine NHS Login eligibility and whether it’s the right fit for your product. We support you with consultation and documentation during the application phase, ensuring your submission to the NHS Login Partner Integration Board is clear, complete, and well-positioned for approval.

Stage Two: Discovery

Once your application is approved, we support your team through the discovery process. This includes defining your required Vectors of Trust (the level of identity verification), assisting with the Kick-Off Call checklist, and building a proof of concept in the NHS Login sandpit environment. We help you identify and test the appropriate levels of authentication and identity verification for your application and users.

Stage Three: Integrate

With the discovery work complete, we move into technical development. 6B’s team supports the transition from proof of concept to production-ready code, aligned with NHS technical and assurance standards. We assist with creating and submitting required documentation, including:

Integration Environment Request Form
Supplier Conformance Assessment List (SCAL)
Connection Agreement and GDPR appendices
Service Discovery Form
Roll Out Plan
Request for Change (RFC) if IM1 integration is involved

We also liaise with NHS England and the NHS National Service Desk throughout this phase to ensure all conformance and governance requirements are met.

Stage Four: Go Live

We manage the transition from the integration test environment to live production. This includes completing the Production Environment Request Form, running controlled pilots, and validating your product’s readiness for live user access. Post-launch, we support periodic review of SCAL and Connection Agreements, help with change requests, and provide technical support for ongoing incident and service management.

Benefits of NHS Login Integration

Integrating with NHS Login ensures secure, scalable access for your users through a trusted, national identity service. It enhances the user experience by reducing friction, providing one set of credentials across services, and simplifying onboarding for patients.

From a governance and compliance perspective, NHS Login helps demonstrate alignment with NHS England’s data protection, privacy, and access control policies. It reduces the need to manage sensitive identity information within your application and enables you to build user trust from day one.

For digital health vendors, NHS Login integration is a powerful signal of credibility and interoperability – improving market access, increasing user adoption, and supporting long-term sustainability within the NHS ecosystem.

Why Choose 6B for NHS Login Integration?

We’ve guided multiple organisations through the full NHS Login journey – from early-stage startups to NHS-facing platforms. Our team knows the process, the documentation, and how to work with NHS England to move projects forward efficiently.

From application and discovery through to development and go live, we provide technical, regulatory, and strategic support. We manage documentation, stakeholder engagement, and implementation so you can focus on building your product.

Our team are experts in Vectors of Trust, OAuth 2.0, OpenID Connect, and NHS authentication architecture. We design integrations that are secure, scalable, and aligned with NHS infrastructure.

We also integrate with other NHS services such as Spine 2, CIS2, NHSmail, MESH, and leading EHRs including EMIS, SystmOne, and Cerner – helping ensure your product is interoperable and future-ready.

After go live, we stay with you to support change management, compliance reviews, and continuous improvement. We help you respond to NHS policy changes, manage updates, and keep your NHS Login integration running smoothly.

NHS Login Integration FAQs

How long does NHS Login integration typically take from application to go live?

The full NHS Login integration process typically spans 3 to 4 months, though timelines vary depending on your product’s complexity and your team’s availability. At 6B, we’ve helped organisations move from application to go-live in as little as 6 weeks by streamlining documentation, managing communication with NHS England, and accelerating technical delivery through reusable components. Planning early for SCAL, connection agreements, and assurance requirements helps ensure a smoother path to production.

What is the NHS Login Sandpit environment and why is it important?

The NHS Login Sandpit is a non-production environment that mirrors the real integration setup, allowing you to build a proof of concept and test your login flows using pre-configured test accounts. It’s a mandatory part of the Discovery phase and helps demonstrate your app’s readiness for NHS Login integration before moving into formal assurance and production testing. At 6B, we help you set up and validate the sandpit flow, including successful login, data sharing consent journeys, and fallback states for no-consent scenarios.

What data can I access through NHS Login once a user authenticates?

Data returned via NHS Login depends on the scopes and claims you request, which are tightly controlled and linked to your Vector of Trust (VoT). With the appropriate VoT and approvals, you can request user attributes such as NHS number, date of birth, GP surgery ODS code, and linkage keys for GP system access. NHS Login also supports identity step-up journeys—from basic to high-level verification (P0 to P9)—unlocking deeper access such as GP record data (via IM1). 6B helps ensure your scope requests are technically and ethically aligned to your service.

Can NHS Login be used as a one-time identity verification tool?

No. NHS Login is not designed as a one-off identity check. It is intended to support ongoing, secure access to digital health services. NHS England specifically discourages use cases where NHS Login is used solely to retrieve a linkage key or NHS number without continued sign-in or engagement. Our team at 6B helps you build a compliant and value-driven integration that supports repeat usage and aligns with NHS strategic goals around patient engagement and continuity of care.

How does NHS Login handle age restrictions and user eligibility?

NHS Login supports users aged 11 and over for medium (P5) and high (P9) verification levels. If your digital health product has its own age-based restrictions (e.g., 16+), you are responsible for enforcing them in your service logic. Additionally, only users registered with a GP in England or receiving NHS services in England are eligible to use NHS Login. At 6B, we help you configure eligibility filters and age validation mechanisms that comply with these requirements and minimise integration risk.

What happens if a user declines to share their NHS Login data with my app?

If a user refuses consent during the NHS Login flow, they are redirected back to your app without any identity token or claims, and you must present a “no-consent error screen”. The NHS requires this screen to include tailored messaging based on your service type. 6B supports you in designing compliant fallback experiences—such as guest access flows or alternative login options—that respect user consent while keeping them engaged.

Can NHS Login be integrated alongside other login methods like Google or Apple?

Yes, NHS Login can coexist with other authentication providers such as Google, Apple, or custom email/password logins. However, you must ensure equal visibility of the NHS Login button and comply with its design and placement guidelines. NHS England mandates specific button variants based on your branding and logo usage. 6B ensures your multi-auth implementation is both technically sound and design-compliant, with seamless switching and identity mapping between login types if needed.

What ongoing responsibilities do I have after NHS Login integration is complete?

Post-launch, you must maintain compliance with your SCAL and Connection Agreement, including annual reviews, clinical safety updates, and communication of any product changes. NHS England may amend integration requirements over time, and you are expected to review placement of the NHS Login button, report incidents via the NHS Service Bridge, and manage user support issues. 6B continues to support your organisation after go-live with change management, compliance updates, and live service support.