A single sign-on system which will save busy clinical staff remembering multiple passwords and user names is being rolled out at Addenbrooke’s Hospital, Cambridge.
Technical manager, David Hughes, explained that clinical and IT support staff were grappling with a total of 31 applications used around the hospital. Staff have an average of eight passwords to remember.
“It’s an impossible system,” he said. “Thirty per cent of helpdesk calls are password related. We have two whole time equivalent staff just re-setting passwords.”
IT managers spent a lot of time looking for possible solutions before finding Imprivata’s OneSign Enterprise Single Sign-on.
“We realised there was something there that we could use,” said Hughes. “We needed something simple from a management point of view; we needed something quickly; we needed something that could scale. We wanted to be in control and support the appliance in-house.”
Programme manager, Dianne Nixon, said staff had been dealing with “a nightmare mix of passwords and rules”. The new system will provide automatic logon and system recognition of who the user is. Cards are read on card readers in computer keyboards that have been replaced as part of the preparation for the National Programme for IT.
Asked how the hospital proposed to deal with the hazards of users losing cards or leaving them in the card reader, Hughes said various ideas had been discussed for making sure users didn’t forget. He said: “The ultimate goal is that it [the smartcard] will allow secure access to the building, rooms and car parks and make it so that people cannot go anywhere without a smartcard.”
Potentially this approach could add another layer of authentication to the system by showing, for example, that someone attempting to use a particular departmental system had been ‘badged’ into the appropriate area of the building before being allowed access.
So far 200 intensive users have been issued with smart cards that give access to six core local applications with a four digit PIN. The system will provide access to both local and national systems eventually.
The aim is to roll out the cards to 1000 users in 2006 but the process has been hampered by problems caused when remote servers hosting the hospital’s patient administration system burnt down just before Christmas. The damage was caused when fire from the Buncefield oil terminal, Hertfordshire, spread to Northgate Information Solutions building nearby. “We’re going to ramp that up when we’ve got over our current problems,” said Hughes.
Though Nixon and Hughes emphasise that the work is clinically driven, in business terms they expect to see a return on the investment in about two years.
Imprivata, who are working with Enline to deliver the system at Addenbrooke’s, says the company’s appliance-based approach works well in organisations where a lot of different applications – whether client server, web-based or terminal services applications – need to be brought together in a single sign on.
This is the kind of mixed profile seen at Addenbrooke’s. Hughes commented: “Previously I would have thought we would have two or three central solutions. My belief is now – for the next five years – we are going to have a real mixture of centrally and locally hosted applications. We’re going to have a reduction from the 31, but still a significant number of locally developed applications.”
Nixon said she thought the number of applications could probably be reduced to about 20.