Social care leaders urged to consider options for managing identity and authentication online for service users and providers
Local authority social care departments need to be making plans now about how they will identify and authenticate users and providers of online social care services.
The advice comes from Identity and authentication, one of ten briefings being developed jointly by Socitm, the Local Government Association (LGA) and the Association of Directors of Adult Social Services (ADASS) for social care leaders grappling with the growing need to engage with - and serve – an increasingly online user base.
For many social care-related services, councils need to ‘authenticate’ the person receiving them, or in other words, be confident of the identity of that person, and that they are entitled to receive the service requested where it is needs or means tested.
Equally, those professionals involved in delivering or requesting social care services need to be able to trust that people presenting as colleagues or delivery partners, are who they say they are, and are entitled to have access to information about service users.
This affects services like delivery of direct payments or services; the sharing of personal and confidential information; or access to information held by one organistion that affects an individual’s entitlement or eligibility to receive services from another (eg when a person is in receipt of a state pension or other benefits).
In an analogue world, such authentication can be managed by having individuals attend in person and present documentary evidence of identity (eg passport or driving licence) and entitlement (eg utility bill proving residency or letter from DWP proving benefits status).
Digital systems bring with them the potential to remove the huge cost, inefficiencies, inconvenience, and in some cases, life-threatening human errors associated with such identity and authentication arrangements.
However, the challenge is to come up with digital identity and authentication method where the chances of information loss, confidentiality compromise, or identity fraud are low enough for people to trust the system. To illustrate this point about acceptable risk, the briefing makes an analogy with air travel: while passengers can never be 100% certain that they will arrive, if they have sufficient confidence in the system, they will make the trip.
With identity and authentication in the digital world still at an early stage of development, the briefing goes on to provide information tailored for social care leaders on current developments and the actions they need to taking now. There are four main sections:
Basic concepts describes principles of identity assurance that underpin public service thinking, like user control, data quality and governance, and explains risks, levels of assurance and authentication models. It also introduces the concept of attribute exchange, that enables people to prove online, through exchange of information about them held by third parties, that they have certain ‘attributes’. An attribute like being registered disabled, or in receipt of specific benefits, may entitle them to get other services, from other provides, like a blue badge for disabled persons’ parking.
Important stakeholders provides information about key organisations in the identity and authentication space including Open Identity Exchange and the Privacy and Consumer Advisory Group. It also describes GOV.UK Verify, a new service to enable people to prove who they are online, developed by the Government Digital Service and currently being rolled out for services like filing tax returns and sharing driving licence information.
Local government practicedescribes in detail the prototype scheme being developed by Warwickshire County Council to enable people to apply or renew online their blue badge. This replaces in a single online transaction a labour-intensive, back-office paper trail that delays receipt of the badge. The step-by-step analysis of the process, set out in the briefing, illustrates the attractiveness of the solution, that makes it a benchmark for all approaches to identity and authentication. National adoption of such a system would create annual savings of £12m.
Options for local solutions discusses prospects for different approaches to identity and authentication that might become available to adult social care in the next two to five years. A national solution based on GOV UK Verify requires local government to have access to it, and this is currently only in the early stages of consideration. NHS England is looking for a solution that might be the basis of a national blueprint for use by NHS agencies, councils and other service providers, but this is also only at the early stages of investigation. Councils’ existing customer accounts, with strengthened identity and authentication functions or web accessible transaction facilities based on existing adult social care systems may provide local alternatives for the immediate future.
Whatever options are considered, the briefing says that this is the time to make plans. Social care leaders should be:
- Considering producing a five-year plan for identity and authentication relevant for online social care facilities
- Building the business case as part of a move to transform delivery of social care services
- Looking out for national solutions emerging from the Warwickshire County Council ‘attribute exchange’ prototype on blue badge applications
- investigating the potential for authentication from existing or planned corporate customer accounts in place of being planned by the council
Identity and authenticationcan be downloaded free of charge from https://www.socitm.net/research-improvement/engaging-citizens-online
Martin Ferguson (firstname.lastname@example.org)
Director of Policy and Research - 01604 709456
Vicky Sargent (email@example.com)
Socitm Press Office - 07726 601139