Access to the NHS Spine for viewing, sending or updating information is controlled using smartcards and PINs. These smartcards have specific coding on them to allow the user the correct level of access according to their job role.

This is called RBAC – Role Based Access Control, and is managed by your local Registration Authority (RA) .  In order to obtain a smartcard, your RA will ensure that you are who you say you are and register you for a card.  The system will then make sure you are entitled to have access to the SCR.

The user registration process associates the user with one or more roles. For example, a GP may have a ‘GP Surgery’ role and a ‘GP Out of Hours’ role that gives them different levels of access.  If the user has more than one role, at authentication time they must select the role that they are currently operating in from the drop down menu.

Each particular role is associated with specific activities which allow the user to perform tasks relevant to their role.  Without the associations, users are denied access to those business functions.  In the context of the systems that allow you to access the Summary Care Record, the main activities allow the user to:

• Update the SCR by editing the demographic information;
• Retrieve information from the SCR
• Create a Legitimate Relationship

It is the responsibility of the Registration Authority to ensure that the activities available to each user are appropriate to their working position.