TL;DR: NHS England’s CIS1 support reduction and planned removal by 28 February 2027 force UK trusts to move to CIS2 while keeping clinicians connected to local and national systems, according to Imprivata. The real issue is not just migration speed, but whether identity controls can preserve secure, low-friction access across shared devices and mixed legacy environments.
NHIMG editorial — based on content published by Imprivata: CIS1 to CIS2 migration and secure access for UK healthcare
By the numbers:
- On 1 March 2026, CIS1 will no longer have an SLA and will be supported on a 'reasonable endeavours' basis.
- By 28 February 2027, CIS1 Authentication will be removed from operational service.
- In 2016, Imprivata reduced Spine smartcard insertions from 10–20+ times per shift to just once.
Questions worth separating out
A: They should treat the migration as an identity governance programme, not a one-time technical swap.
Q: Why do shared clinical devices complicate high assurance authentication?
A: Shared devices break the assumption that one user owns one endpoint for long periods.
Q: What breaks when healthcare access is split between local and national identities?
A: The organisation inherits duplicate lifecycle work, inconsistent assurance levels, and harder auditability.
Practitioner guidance
- Map all CIS1-dependent access paths Build a complete inventory of clinical workflows, applications, and national services that still rely on CIS1 authentication, including shared devices and break-glass use cases.
- Align local and national identity lifecycle processes Ensure provisioning, access review, and offboarding are coordinated across hospital systems and national services so clinicians do not carry parallel identities longer than necessary.
- Test high assurance authentication on ward realities Validate authentication methods on shared workstations, thin clients, mobile devices, and follow-me sessions before enforcing CIS2 requirements.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- The migration sequence for CIS1 to CIS2 across legacy and modern healthcare access paths.
- The practical differences between smartcard-based access, virtual smartcards, and OpenID Connect-based access.
- Clinical workflow examples showing how high assurance authentication can work on shared devices without blocking care.
- The specific access considerations Imprivata raises for trusts planning phased migration while maintaining NHS Spine access.
👉 Read Imprivata's guidance on CIS1 to CIS2 migration for clinical access →
CIS1 to CIS2 migration: what it means for clinical access teams?
Explore further
CIS1 retirement is a lifecycle governance event, not a simple authentication upgrade. The support reduction and eventual removal force trusts to prove that identity governance can carry clinicians through a staged migration while preserving access continuity. That is a lifecycle and assurance problem at the same time, because the old access path is being withdrawn before every clinical workflow has a stable replacement. Practitioners should treat CIS1 sunset as a governance deadline, not a technology refresh.
A few things that frame the scale:
- The average estimated time to remediate a leaked secret is 27 days, despite 75% of organisations expressing strong confidence in their secrets management capabilities, according to The State of Secrets in AppSec.
- Fragmented control is also common: organisations maintain an average of 6 distinct secrets manager instances, which undermines centralised governance, according to The State of Secrets in AppSec.
A question worth separating out:
Q: Who is accountable for securing CIS2 access during the transition period?
A: Accountability sits with the healthcare organisation’s identity, infrastructure, and clinical application owners together, because the risk spans authentication, workflow design, and service continuity. CIS2 readiness is only real when the access path is secure, usable, and governable across the full clinical estate.
👉 Read our full editorial: CIS1 to CIS2 migration exposes clinical identity access gaps