About ten days ago we received confirmation of the cancellation of the NHS Digital Staff Passport programme. The news were received with sadness and concern by many teams, local and central, dozens of colleagues who had been working for approximately 5 years on this initiative.
There were calls to reflect on the learnings, and signals that the work with the regions would be redirected, helping the few Trusts that adopted the DSP model regroup and reformulate plans. Colleagues from the Identity and Access Management area –who have been very close to these efforts since its inception– are naturally concerned, if not also affected by the long years of work now apparently lost. But among these same teams I noticed immediately a new accord emerging: that the end of the DSP programme is actually a new beginning, a new opportunity for this innovative kind of solution.
I concur with that sentiment, and want to add my perspective.
Behind the fancy name of “Digital Passport” what we had was the implementation of the advanced but now widely understood concepts and technologies of Decentralised Credentials and Digital Wallets. Regrettably, these very valid concepts and the DSP in the whole, were blurred by some the peculiar positioning of the solution. This happened right at the beginning of the design process.
The Digital Staff Passport was positioned as an “authentication” mechanism, this, arising from the conventional conflation of “Identification” and “Authorisation”, and the popular image of a “Passport”. This diluted the real nature of the solution and its perspectives.
In reality, the DSP consisted of a “digital wallet,” a technology which enables the user to carry “digital credentials” as she or he moves between roles and locations. The “digital credentials” –to be clear– are professional, work, educational and health services-related certifications, required for work but crucially not for staff authentication. In fact, such a solution still needs a complement of user authentication. This was not well understood by some teams, so not enough effort was put in the articulation of the DSP with the rest of the NHS authentication services.
On the other hand, the business objectives were clear: enable and accelerate staff onboarding especially for Trusts and facilitate staff movements between NHS organisations. A doctor or nurse –generally personnel requiring specific credentials to work as clinicians– would then have a way to transport those documents avoiding the constant and repeated verification checks when moving between roles, locations or contracts. The DSP was simply a very capable enabler of resource sharing, worker movement and staff onboarding! And nothing else. A great solution.
The discovery processes and the Alpha and Beta testing phases went well, despite the conceptual confusion, but there was always uncertainty as to when (in the onboarding process) should the DSP be issued and by whom. Different teams had different takes on this matter. Should it be used generally across the NHS worker categories? Should it be instead used only for staff requiring work permits and clinical services related credentials? What should be the scope of adoption?
Not only that: What institution or authority should be the issuer of the credentials, and of the digital wallet? Here is where the confusion left its mark: if the DSP was conceived as a unitary “tool” or “credential” per se, even as similar to a “passport”, the field was open to erroneous conclusions either restricting the DSP use cases, or reducing its scope or missing completely the basic notion of “decentralised credentials” (Verifiable Credentials Data Model).
In reality, the Decentralised Credentials model and the Digital Wallet technology are universal and applicable to all user journeys, albeit with different sets of credentials/documents and with different benefits. Nevertheless, if we had understood the generality of the approach, we would have also worked more consistently on the integration of the solution, while keeping it simple and decentralised!
While local teams wanted to single out some aspects of the DSP, central teams –perhaps confused by the apparent overlap with existing authentication services– wanted to emphasise the “national” character of the strategy. While architecture teams wanted to develop it on the the principles of “decentralised verifiable credentials” model, delivery teams were focused traditional ways of implementation following the usual “central database” paradigm.
For multiple reasons, the DSP slowed down in a state of limited adoption and uncertain objectives. Even if the business benefits were crystal-clear! The work around the DSP was trapped in a debate between “centralisation” and “decentralisation” precisely negating the essence of the proposed solution. As the core benefit of decentralised credentialling was lost from sight and some teams proposed alternative centralised technologies. As the general character of the model was obscured by a narrow scope, the potential benefits were also lost: the DSP original design appeared just as one more complex over-centralised “system”, one of those we are accustomed to see in the NHS technology “landscape”.
I believe that the cancellation of the program was justified even if the immediate justifications merit discussion: the reality is that progress had slowed down, as well as adoption, while projected costs seemed disproportionate to the objectives. The worse aspect was, though, that the nature of the solution was not clear anymore.
Now, aside of reflecting on the problems, the IAM and Workforce teams can re-focus and rethink the DSP solution. Its innovative aspects can be resurfaced and positioned at local and regional level. The “central database” model can be safely abandoned. Instead, a great opportunity is here: to foster and adopt the Distributed Credentials model directly in a collaboration between Government Departments, Public Services, Health Providers, Universities, Regulatory and Professional organisations, International Organisations, that is, issuers and verifiers of credentials, following a truly decentralised model of implementation.
A crucial point will be the clean separation of the Identity Verification (and credentialling) aspect of the user journey from the Authentication, the Authorisation and the Permission aspects. Then, and only then will it be visible that the DSP vision is implementable with existing, standard technologies which are already operating in the majority of the participating institutions (that is, technologies able to provision digital wallets and issue verifiable credentials).
So, then, this is not the end of the DSP –a visionary proposal, a trailblazing initiative which was supported by so many teams in NHSE. It is indeed a new and better beginning, completely consistent with the UK Government drive towards consolidation and decentralisation, the focus on front-line and community-centric health services, and the reduction of complexity and technology silos in the central infrastructure. I can see already local and regional teams looking into flexible, diverse options for the implementation of this model.
For sure, it will not be done under the name of the “Digital Staff Passport” but under the proper names: “Digital Wallets” and “Decentralised Verifiable Credentials”.