All members of staff at Liverpool Women’s NHS Foundation Trust will soon be able to use their hospital entry cards as single sign-on smartcards to all hospital IT applications.
Working with identity and access management specialists, Imprivata, the trust wanted to stop their IT helpdesk being called up on a daily basis to reset passwords for staff.
Liverpool’s IM&T director, Dr Zafar Chaudry, told E-Health Insider: “We began looking at single sign on eight months ago due to an urgent need where our IT helpdesk was receiving calls on a daily basis, half of which were because people couldn’t remember their password for a particular application they needed.”
The trust wanted a solution that would work with ten key applications which had individual passwords. These included the Meditech hospital information system, the intranet, the Badger hospital information system, IDEAS reproductive medicine information system and ViewPoint obstetrics information system.
Dr Chaudry said: “Imprivata had experience of doing this, and the solution meant that we wouldn’t have to spend time writing code for each application. We could just set users up with a smartcard reader terminal and once they have entered each password into each application, this is then encrypted, and the user can log in with just one password for open access to all applications.”
The system was piloted initially by 25 users and once it proved to be a success, phased implementation began. Currently 200 users are using single sign-on, and over the next few weeks, all 1,000 users will be able to use the technology
Each PC is equipped with a smartcard reader which will authenticate the identity of the user and ask them for their password. If a PC is left unused for over 15 minutes, it will automatically log the user off.
“The system is of great use to clinical staff because now they can use their proximity card on any machine and log on just the once to view trust applications. What we found in the past, is that due to the pressurised environments, clinicians would log on and forget to log out, which was a huge security risk. Now the 15 minutes inactivity period means this risk is significantly reduced,” said Dr Chaudry.
The new system also means that the burden that was being placed on its IT helpdesk by password reset requests has disappeared as staff can change passwords themselves.
This should help to permanently free up one member of the helpdesk team to focus on more valuable, project based activities.
Dr Chaudry said: “Single sign-on really is the way of the future. We were concerned not only at how frustrated staff were becoming with the sheer amount of passwords they had to remember, but also at the fact that they were often resorting to writing passwords down. Imprivata has given us a very easy way of tackling this problem, and as a result we will have happier and more productive staff.
“It was important to us that any approach we took should not be disruptive to end-users. Now our staff particularly like the fact they can perform password resets themselves if they need them.”
As well as this, the trust is now in a better position to be able to audit use of PCs and extract data for reports.
“The technology has a full reporting mechanism which means we can easily keep track of the usage of our PCs and who is doing what, when. This will also make it quicker for us to gather the reports we need from applications,” said Dr Chaudry.
Once implementation is completed, the trust is looking to trial biometric recognition technology in its Accident and Emergency department.
Dr Chaudry said: “We want to make A&E a fingerprint based centre, so that only authorised staff members can work with the systems and direct patients as appropriate. It’s something we currently have in use in our neonotology ward and we hope to extend it into this environment by the end of the year.”
Omar Hussain, president and CEO at Imprivata said: “The problems faced by Liverpool Women’s NHS Foundation Trust are common to most healthcare and medical organisations in the UK. Where hospital employees have access to sensitive patient data through a number of different applications, finding a workable way to manage this effectively through passwords can be problematic. Imprivata OneSign provides a simple and cost-effective approach to solving this problem and is already proving its worth during the early phases of this implementation.”