One of the most-used digital identity services in the UK
NHS login is an ongoing, large-scale transformational solution providing access to a broad range of digital healthcare services for the public in England. In April 2017, Hippo was selected by NHS Digital to deliver their next-generation login solution based on the Hippo user-centred approach, domain expertise in authentication/identity verification, public sector data and policy expertise and cross-organisational experience across the health/care ecosystem.
Problem
In 2017 the NHS did not have a secure, scalable way for patients in England to access the 80+ digital services offered across NHS functions. This became a clear priority in order to enable an increasingly digitally-enabled population and as a tool to drive efficiencies in NHS service provision. This culminated in ministerial commitment in April 2018 to deliver a single login solution within five months.
NHS Digital’s (NHSD) vision was that NHS login would provide a single, simple, trusted way for around 50 million patients to access multiple digital services across health and social care.
However, a previous discovery/alpha phase led by an internal NHSD team had focused on a regional approach to accessing online services. This resulted in multiple challenges and ambiguities including issues with scope, applicability of identity verification standards and alignment with central-government initiatives that resulted in a failed GDS service assessment.
NHS Digital therefore needed to revisit the discovery phase and refocus the programme to ensure that key ministerial commitments were met. This required:
- Providing more focus on client outcomes
- A scaled agile delivery, user-centred design (UCD) and a ‘show-through-doing’ approach to delivery
- Instilling clarity around deliverables
- Ensuring identity verification and authentication domain expertise
Solution
Hippo was appointed to provide leadership to support the upskilling of the NHSD internal teams, in order to revisit discovery, and refocus the programme, ensuring key ministerial commitments were met.
Having worked previously with large-scale agile teams in mature service delivery organisations, Hippo provided robust programme oversight, ensuring delivery was underpinned by multidisciplinary teams working in a scalable squad-based model, including:
- Programme Leadership provides a governance wrap for the project.
- A leadership team made up of Product, Design and Delivery owners, working across all squads to provide decision making and alignment support.
- Flexible squad model allowing the deployment of whole or blended/rainbow teams working to agile delivery frameworks; enabling effective management of feature delivery and stakeholder communications.
- A pool of key skills working across multiple squads to cover, for example, research as a holistic activity across squads, or service management to enable monitoring and readiness.
The short timeline created by the ministerial commitment created additional need for Hippo to plan the project with our usual rigour, including:
- Planning and managing dependencies: RAID log creation at inception to assign owners and understand actions/mitigations from the start; highlighting internal and inter-team dependencies and mitigations through an agreed service blueprint.
- Continuous delivery approach with appropriate governance/assurance levels, cross-boundaries: promotion of a one-team mindset to create focus on achieving next milestones; embedding of key governance representatives/decision makers in the multidisciplinary team; teams working in the same physical locations and inclusion of a wide range of cross-boundary stakeholders enabling the onboarding of partner organisations.
- Minimum Viable Product (MVP) to service: Creation of technical/user prototypes to open standards, enabling testing of end-to-end iteration and fast scaling to go-live. We have deployed thousands of new versions since the MVP, adding multiple additional features.
- Working with sensitive data/managing associated risks: Leveraging previous Hippo experience to ensure that policy/legal frameworks were in place, appropriate standards and processes agreed and teams had the embedded skills, processes and training required to execute
- Navigating policy/legal context: As Identity policy and standards experts we negotiated a strategic approach with key stakeholders, creating a new standard DCB3051, an adaptive solution reflecting NHS services with varying risk levels, and aligned to GPG44/45.
In addition, we led the planning of effective data management strategies towards the end of alpha based on a clear political mandate for capture/storage of sensitive data, and worked closely with NCSC and NHSD IG/Cyber teams on a cyber risk assessment of a new public cloud solution.
In a separate contract with NHSD, operating since 2018, Hippo manages the Cyber Security Operations Centre (CSOC), supporting the engineering and content activities associated with onboarding and BAU lifecycle management of systems, services and customers as part of its protective monitoring service.
“Hippo have played a fundamental part in the creation, development and continuous evolution of the NHS login service. Hippo’s strong focus and aptitude in designing for and meeting the needs of our users has enabled the NHS to deliver a single simple login for all, which underpins the NHS’ strategic objectives to protect the NHS front line through the increased adoption of digital services and to enable individuals to be empowered to manage their health and care”
Melissa Ruscoe, Programme Head, NHS login
Outcome
NHS login is now one of the UK’s most-used digital identity services and is NHSD’s first cloud-based identity service.
To-date, Hippo’s work has spanned discovery to live phases of NHS login and broader programme support. We continue to work on the programme, continuously improving and widening the array of services offered. Crucially, we delivered the ministerially defined commitment to launch in September 2018, being given just 5 months to develop the process. All committed programme milestones, tracked features/outcomes, have been delivered by Hippo on time and within budget.
Since launch, the service has moved from an MVP to a feature-rich platform, giving access to 80+ digital services (and counting), including connections to digital services in the private sector.
The service achieved a green Gate 5 IPA review and passed GDS service assessment first time at discovery, alpha and beta.
During the pandemic, NHS login was key to the government response, being used within the Shielded Vulnerable People service, Lateral Flow Test Reporting service, Test & Trace, and Covid Certifications, on which Hippo was simultaneously working, enabling us to coordinate across these projects being delivered in different legal entities. Hippo delivered value early and iteratively, ensuring ministerial commitments were met before the launch of the NHS App.
