UK telehealth services verify patient identity through one or a combination of: government-ID + selfie matching via a verification provider (Onfido, Veriff, Yoti), payment-card verification, NHS Number or address matching, and credit-bureau-style verification. The right approach depends on category risk, age-verification requirements, and onboarding friction tolerance. This piece walks through the options and what fits where.

Why identity verification matters in regulated telehealth

Identity verification matters across UK telehealth for several reasons. Safeguarding — confirming the patient is who they say they are. Age verification — particularly for categories with age-restricted prescribing. Fraud prevention — protecting against account takeover and prescription diversion. Regulatory expectation — CQC, ICO, and category regulators expect proper identity processes.

Done poorly, identity verification is friction without protection. Done well, it is protection without unnecessary friction. The discipline is calibrating it to category risk.

Government ID + selfie via verification provider

The most common pattern in UK telehealth: patient uploads government ID (passport, driving licence, national ID) and a selfie; a verification provider performs document authentication and biometric matching. Common UK providers: Onfido, Veriff, Yoti. Per-verification costs typically £1-£3.

This is the standard for higher-risk categories: controlled drugs, weight management with GLP-1, mental health, and any category where age verification is critical. For lower-risk categories, the friction may be excessive — payment-card verification with address matching may be sufficient.

Payment-card and address verification

For lower-risk categories — over-the-counter reclassified medicines, certain repeat supply scenarios — payment-card verification plus address matching may be appropriate as the primary identity check. The cost is lower (essentially free as part of standard payment processing) and the friction is minimal.

The risk is that payment-card verification alone does not confirm identity in the way government ID does. It confirms that someone with access to a valid card is making the purchase. For categories where identity-of-recipient matters, this is insufficient on its own.

NHS Number, address, and credit-bureau-style verification

Some UK telehealth services use NHS Number verification (for patients comfortable providing it) or address matching against credit bureau data as supplementary identity checks. These add confidence without the high-friction document-upload step.

These checks are typically supplementary rather than primary. They strengthen confidence in the verification but rarely replace document-based verification for higher-risk categories.

Age verification specifically

Some categories have specific age verification requirements — controlled drugs and certain restricted-supply medicines. Age verification through government ID is the most defensible approach. Self-declared age without ID verification is not sufficient for categories where the regulator expects positive verification.

ICO has issued guidance on age-appropriate design and processing — particularly relevant for telehealth services that might be accessed by under-18s for categories where adult-only supply applies.

How PExpo handles identity verification

PExpo's brand model includes integration with leading UK identity verification providers — Onfido, Veriff, Yoti — configured per brand to match category risk and onboarding flow. The verification step is integrated into the patient pathway rather than bolted on at the back end.

See our integrations page for the verification providers PExpo connects with, and our brand model page for the patient pathway scope.

Key takeaway

Identity verification calibration is category-specific. Government ID + selfie for higher-risk categories (controlled drugs, GLP-1, mental health); payment-card verification with address matching may be sufficient for lower-risk categories.

Done poorly, identity verification is friction without protection. Done well, it is protection without unnecessary friction. The discipline is calibrating it to category risk.

UK telehealth identity verification in 2026 typically combines government-ID + selfie matching via providers like Onfido, Veriff, or Yoti, with supplementary checks (payment-card, address, NHS Number) calibrated to category risk. The right approach protects without unnecessary friction. See our brand model page for the patient pathway scope and our integrations page for the verification providers PExpo connects with.

Frequently asked questions

Is identity verification required for all UK telehealth services?

Identity verification is expected for any prescription service — the regulatory expectation is that prescribers know who they are prescribing to. The form of verification can be calibrated to category risk.

Can I verify identity using NHS login?

NHS login is available for NHS-integrated services. For private telehealth, NHS login integration is less common; most private services use commercial identity verification providers like Onfido, Veriff, or Yoti.

Does PExpo include identity verification in the brand model?

PExpo integrates with leading UK identity verification providers and configures the verification step in the patient pathway. The specific provider and the verification depth are configured per brand based on category risk.