Authentication and access management specialist Imprivata has signed up 11 trusts to use its new NHS OneSign, providing single sign on for all trust applications, after joining forces with Connecting for Health’s smartcard provider, Gemalto and smartcard software developer Intercede.
Imprivata has added its single sign-on technology to CfH’s existing smartcard technology and spent six months working with the two companies to ensure that the additional technology would operate as specified by NHS Connecting for Health.
The system, which is runs on PKID (Public Key Infrastructure) certificate basis, means users have to enter their PIN alongside their smart-card for access to Choose and Book and other CfH applications.
Imprivata’s vice-president for EMEA operations, Wayne Parslow, told E-Health Insider: “We have been working with the NHS since late 2005 when we first implemented in Addenbrooke’s Hospital in Cambridge. Here we noticed that clinicians really didn’t see any value in smartcards, if anything they were an encumbrance of limited value. They were experiencing so many different log-ins for different applications, and the smart card was only used at the Choose and Book stage.
“Speaking to the clinicians, we noticed that the only way to get value from the smartcards was to make it a single log on for any user and for every application, so we approached Gemalto and Intercede and began working on a solution that would allow complete log-on access to any computer in two seconds with maximum security.”
The new solution enables trusts to use smartcards as authentication and single sign-on format for all applications on the trust’s servers.
The cards, which are allocated to staff with authorisation rights already set, require the user to log onto the PC just once and then provide them with unrestricted access to any application their access rights permit. Trusts can configure the cards to lock PC use if they are left in the PC unused after a certain period of time.
Parslow added: “This saves trusts a huge amount of time and they no longer have to worry about being locked out so often. At Addenbrooke’s they were concerned that the amount of times they were being locked out at one stage was the equivalent of an extra patient they could see every session.
“Now trusts can get a detailed audit trail for each user and the trusts can also save on IT helpdesk costs with calls relating to password problems. The user sets their own password and can set a reminder question unique to them to be reminded at a later time, should they forget. When the smartcard is removed, the system is locked and so the next user needs to log on themselves.”
Another of the trusts involved, Nottingham University Hospitals NHS Trust, has begun to see these benefits already in a pilot of the OneSign smartcard appliance.
The trust’s head of technical support and delivery, Ben Halliday, told EHI: “In our trust, users can get eight different sets of passwords to remember for different applications. Now, we are able to show users that they can sign on to their own individual applications with just one single log on, which has helped us immensely with our user password help service. 60 – 80% of calls our helpdesk are password-related calls, this would help free that time up so much. We are definitely looking to roll it out trust-wide."
Halliday added: “We have configured our cards so that they meet the [former] NHS Information Authority’s set of ten questions for secure password reminders and are now looking at how to implement the card in the different types of working and the different types of communities in the hospital. I hope it is well-received as it could help make computerised work in the trust so much easier.”
Gemalto’s UK managing director, Howard Berg, said: “The shake-up of application delivery that is taking place in the NHS requires a fundamental change in how doctors, nurses and consultants access patient data and applications securely. By adapting the security framework of the Connecting for Health project to provide coverage of local applications, we can help to deliver increased value for hospitals and NHS trusts, as well as to individual users.”
The single sign-on solution is also now in place at the Royal Free Hampstead NHS Trust and Lewisham PCT, both in London. Imprivata says it is now working with a further 40-50 trusts, who are evaluating the product, and the system is in use at the British Medical Association.
Imprivata’s chief executive officer, Omar Hussain, said: “Password problems have traditionally been difficult to solve, due to both the cost of implementation and the fact that local applications vary across the NHS. By integrating NPfIT smart card support, we can provide greater value for the card and far faster access to applications for users while also maintaining the necessary levels of security that these organisations require for all their staff.”
The company are now looking at introducing their Physical Logical application which will track the locations the user is in when they use their smartcard to get into certain clinical areas and when they log onto a machine anywhere in the hospital.
Pilots are also under way of a system called Clinical Context which will allow the doctors to work with patient records anywhere with multiple applications open and have the information they were working at their last login, presented to them when they next log onto the patient record elsewhere.